Hacked! - My boss is PO'd!

chort · 06-27-2008, 10:26 PM

Quote:

Originally Posted by xadrith

Quote:

Originally Posted by drokmed

Sure he can. For example, he can have the CentOS box have a cron job to initiate a tunnel to his home box. There are lots of ways.

That's pretty devious, and clever... I just glimpsed over some info about cron today in an O'Rielly book.

There are plenty of legitimate uses for reverse-ssh tunnels too. The last company I worked for used them for remote support in "dark" data centers. Our customers would never allow us to log into their systems directly, but they were fine with having our boxes "call home" to open a tunnel to our support server. Then we just logged into the support server and did ssh -p <port number> localhost and viola, we're logged into the customer's system.

Learning how to use ssh port-forwarding is one of the more useful things you can do if you deal with a lot of sealed-off networks.

alan_ri · 06-28-2008, 04:17 AM

Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.

OlRoy · 06-28-2008, 06:55 AM

Quote:

Originally Posted by alan_ri

Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.

I'm certainly no expert, but when I was just starting out, I listened to people who knew more, and had much more experience than me. I still do that. I don't understand your reaction at all. I suggest you learn to admit your mistakes rather than to dig yourself in a deeper hole.

stress_junkie · 06-28-2008, 07:14 AM

Quote:

Originally Posted by jiml8

The boss needs to hire a consultant who is expert with the OS involved for a few days.

This consultant can clean up the network, eliminate any possible backdoors, and make sure security is properly in place and configured. The consultant can also provide some training to OP in order to ensure that OP has the tools to maintain the network going forward.

If this is a business situation, and the network is compromised, the boss had better be willing to spend the money.

I completely agree. This is the kind of situation where a network expert could really help get things ship shape in the quickest time.

stress_junkie · 06-28-2008, 07:16 AM

Quote:

Originally Posted by OlRoy

I'm certainly no expert, but when I was just starting out, I listened to people who knew more, and had much more experience than me. I still do that.

I've been in this business since 1985 and I still listen more than I talk.

unixfool · 06-28-2008, 08:52 AM

Quote:

Originally Posted by chort

There are plenty of legitimate uses for reverse-ssh tunnels too. The last company I worked for used them for remote support in "dark" data centers. Our customers would never allow us to log into their systems directly, but they were fine with having our boxes "call home" to open a tunnel to our support server. Then we just logged into the support server and did ssh -p <port number> localhost and viola, we're logged into the customer's system.

Learning how to use ssh port-forwarding is one of the more useful things you can do if you deal with a lot of sealed-off networks.

That's a good example of using the tool without abusing it. Sadly, in the case of the OP, the ex-employee could've set any system in the company to "call home" to a system that he has control of. This is yet another reason why corporations usually frown upon tunneling unless it is for business needs.

jiml8 · 06-28-2008, 09:53 AM

Quote:

Originally Posted by alan_ri

Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.

When you can't address the legitimate arguments that have been made, change the subject.

Right?

pinniped · 07-01-2008, 01:59 AM

"It all depends on how Michelle's boss feels. If he is comfortable with just replacing the firewall, and changing everyone's passwords, then she is in good shape."

I have to disagree with that one - the boss obviously knows nothing about computers and needs advice from people who know what they're doing. Doing what makes the boss (who is no expert) feel happy is a great way to lose your job in a few weeks when the things that made the boss happy really didn't address the real issues.

There is nothing extreme about wiping the WinDuhs machines and reinstalling everything; this is the only sensible way of ensuring the machines are reasonably secured. Of course if you really know what you are doing you can avoid a wipe and instead take several days per computer to weed out the bad stuff ... but then again, no one who knows what they're doing would waste their time like that.