Hacker News new | ask | show | jobs
by _asciiker_ 4426 days ago
While I agree in principle that when owned one should start from scratch, my advice would be to learn something. Often I am asked to analyse attacks and I now have a collection of about 15 malware scripts that not only show me the intent but they are also useful (and remarkably well coded) for my daily admin tasks.

So, fresh start but at least get something out of it!
1 comments
midas007 4426 days ago
"and the 'sploit can be mitigated before bringing it online to the outside world"

You should read more carefully.

Also, keeping people waiting without an ETA for a down service because you're learning isn't going to result in happy customers.

Furthermore, whomever is running these boxes needs to deploy NIDS and HIDS and properly secure their boxes, because clearly they don't understand what an attack surface is.

link
tptacek 4425 days ago
Yes, whatever your security problem is, I'm sure some NIDS will clear it right up.
link
midas007 4425 days ago
What a flippant, uncivilized, unconstructive comment.

Defense in-depth, every little bit helps.

link
tptacek 4425 days ago
Disagree, both in spirit and to the letter; for starters, I'm pretty sure there's still validity in a very long blog post I wrote about NIDS back in 1998:

http://insecure.org/stf/secnet_ids/secnet_ids.html

People running SAAS apps probably shouldn't waste much time with NIDS.

link
fyrabanks 4425 days ago
I'd assume s/he would isolate that machine for post-mortem and spin up a new service on a different box, unless we're talking poverty IT.
link