Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Day 27 - Validation via Vulnerability Scanning - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Day 27 - Validation via Vulnerability Scanning

The second day in our "recovery" phase: A system isn't exactly "safe" after the malware is removed. What you actually need to figure out is how the system got compromissed in the first place, and how to prevent a future compromisse. As already pointed out, just removing the malware will just get you back to getting exploited again.

What software and what tricks do you use to:

  • make sure the vulnerability was remidiated?
  • acertain some level of confidence that the malware didn't leave behind any backdoors?
  • Nessus, a popular vulnerability scanner, has recently changed licenses. Did this affect you (or not)? Are there any alternatives?
  • How do you continually monitor systems as new vulnerabilities and patches are released all the time.
     

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

 Johannes

3535 Posts
ISC Handler
Subscribe Oct 31st 2008
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!