- Details
- Written by Jon Moore
In this article I am examining the /var/log/auth.log file for any indication of what/what/when my server may have been compromised.
{jcomments on}
Read more: Forensics File Analysis 1: auth.log
- Details
- Written by Jon Moore
Recently I had opportunity to work on a security problem. One firewall cluster member had failed and needed to be rebuilt. While typically not an issue, an additional challenge was that the software in use was so old, it was no longer available. In the end, it was absolutely necessary to use this old software as an entire environment was built with it. Eventually we were able to find a copy of the software and major disaster was averted, but it made me wonder if maybe, just maybe, are we doing them a DISservice by providing it?
This software has documented vulnerabilities, and because it is so old and no longer supported, these vulnerabilities will NOT be patched or fixed.
Read more: Legacy Software, when is it TOO old?
- Details
- Written by Jon Moore
Now that I have finally managed to get my old HDD mounted, it is time to actually start getting my data off, keeping what I want for analysis, formatting the drive, and getting just my data back on.
What's worth keeping? What isn't needed? I tried looking into a few things, but there was very little to really go on. So how do I gather the files I need for analysis, while being able to otherwise keep my data, and reformat the drive?
Read more: Data Recovery, Part 2
- Details
- Written by Jon Moore
At this point I have managed to get the old HDD mounted and working on my test server and I got all the data off. Now I need to reformat the drive to ensure nothing is left, and get just my data back on so I can use it for my dedicated internal server, and once again have access to my data. Here's how I went about doing so.
- Details
- Written by Jon Moore
My webserver didn't start out as a dedicated webserver. It started off as a bit pf a home server to which we can back some stuff up against. Silly me then went and added webserver capabilities to this. In retrospect that was a rather dumb idea... But you learn from your mistakes, and I certainly have with this.
But now that the hard drive has been pulled (and the server rebuilt), how do I get my data off? In a perfect world with unlimited resources, this is a non-issue. But what to do with only existing resources? A bootable Linux CD/DVD is the first thing to come to mind, but it wound up being less simple than I imagined...
Read more: Step 1: Data Recovery
Page 5 of 6
- You are here:
-
Home
- Network Security