After an exploit: mitigation and remediation
As we all know, prevention, detection and response are our three main lines of defence against threats, with a good administrator putting most focus on prevention. As the old adage goes, "an ounce of prevention is worth a pound of cure" - a 1:16 ratio for the metrically inclined - but there's always going to be the odd occasion where prevention fails, either through a lack of time or a mistake in one's security procedure. In this article we describe a few hardening and alerting methods for Unix servers that help block vectors for various attacks, including two web-based application attacks and the brute-forcing of SSH passwords.
[ Read more ]