78 lines
3.4 KiB
Plaintext
78 lines
3.4 KiB
Plaintext
From secprog-return-492-jm=jmason.org@securityfocus.com Fri Sep 6 11:36:01 2002
|
|
Return-Path: <secprog-return-492-yyyy=example.com@securityfocus.com>
|
|
Delivered-To: yyyy@localhost.example.com
|
|
Received: from localhost (jalapeno [127.0.0.1])
|
|
by jmason.org (Postfix) with ESMTP id E66B916F18
|
|
for <jm@localhost>; Fri, 6 Sep 2002 11:35:06 +0100 (IST)
|
|
Received: from jalapeno [127.0.0.1]
|
|
by localhost with IMAP (fetchmail-5.9.0)
|
|
for jm@localhost (single-drop); Fri, 06 Sep 2002 11:35:06 +0100 (IST)
|
|
Received: from webnote.net (mail.webnote.net [193.120.211.219]) by
|
|
dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g869rVC29298 for
|
|
<jm@jmason.org>; Fri, 6 Sep 2002 10:53:31 +0100
|
|
Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com
|
|
[66.38.151.27]) by webnote.net (8.9.3/8.9.3) with ESMTP id XAA18901 for
|
|
<jm@jmason.org>; Thu, 5 Sep 2002 23:06:36 +0100
|
|
Received: from lists.securityfocus.com (lists.securityfocus.com
|
|
[66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id
|
|
868A2A33C1; Thu, 5 Sep 2002 14:19:21 -0600 (MDT)
|
|
Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm
|
|
Precedence: bulk
|
|
List-Id: <secprog.list-id.securityfocus.com>
|
|
List-Post: <mailto:secprog@securityfocus.com>
|
|
List-Help: <mailto:secprog-help@securityfocus.com>
|
|
List-Unsubscribe: <mailto:secprog-unsubscribe@securityfocus.com>
|
|
List-Subscribe: <mailto:secprog-subscribe@securityfocus.com>
|
|
Delivered-To: mailing list secprog@securityfocus.com
|
|
Delivered-To: moderator for secprog@securityfocus.com
|
|
Received: (qmail 24062 invoked from network); 5 Sep 2002 19:24:13 -0000
|
|
Message-Id: <3D77A587.405@wirex.com>
|
|
Date: Thu, 05 Sep 2002 11:42:15 -0700
|
|
From: Crispin Cowan <crispin@wirex.com>
|
|
Organization: WireX Communications, Inc.
|
|
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020827
|
|
X-Accept-Language: en-us, en
|
|
MIME-Version: 1.0
|
|
To: scottm@crystal.ncc.cc.nm.us
|
|
Cc: Ben Mord <bmord@icon-nicholson.com>,
|
|
"Webappsec Securityfocus.Com" <webappsec@securityfocus.com>,
|
|
SECPROG Securityfocus <SECPROG@securityfocus.com>
|
|
Subject: Re: FW: use of base image / delta image for automated recovery
|
|
from attacks
|
|
References: <NAEOJLMPJMJDFPLHIOJOOEGMDBAA.bmord@icon-nicholson.com>
|
|
<3D7793B5.8344A1B5@crystal.ncc.cc.nm.us>
|
|
Content-Type: text/plain; charset=us-ascii; format=flowed
|
|
Content-Transfer-Encoding: 7bit
|
|
X-Spam-Status: No, hits=-10.9 required=7.0
|
|
tests=EMAIL_ATTRIBUTION,KNOWN_MAILING_LIST,NOSPAM_INC,
|
|
OUTLOOK_FW_MSG,REFERENCES,SIGNATURE_SHORT_DENSE,
|
|
SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MOZILLA_UA,
|
|
X_ACCEPT_LANG
|
|
version=2.50-cvs
|
|
X-Spam-Level:
|
|
|
|
Scott MacKenzie wrote:
|
|
|
|
>There is a software package that is used (or was up through w2k)
|
|
>on MicroSloth for this purpose. Ghost, or some such. One essentially
|
|
>"takes a picture" of the machine's proper config, and then upon
|
|
>schedule or demand replaces the machine's current config with the
|
|
>proper picture. It essentially over-writes the entire disk drive.
|
|
>Especially good for student access machines at libraries, etc.
|
|
>
|
|
And it is pretty common practice in some environments with public
|
|
workstations to just wipe and re-install Windows machines on a weekly
|
|
(or even daily) basis. It's easier than trying to maintain Windows.
|
|
|
|
Crispin
|
|
|
|
--
|
|
Crispin Cowan, Ph.D.
|
|
Chief Scientist, WireX http://wirex.com/~crispin/
|
|
Security Hardened Linux Distribution: http://immunix.org
|
|
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
|
|
|
|
|
|
|
|
|