Ok, thats right. I only angry about the crackers (yes, an important difference!). But you know, it is nearly imposible to make a system invulnerable - or better: I believe it.
Depends on how dumb or wise someone setups a box: - no uneccessary services - neccessary services run as unser and not as root, if impossible your a wrapper or better chroot them - whisely choose the daemons you run - no weak passwords - update your system to up2date files - run ids (file and network ids) software and often parse the logfiles - write your own scripts to parse logfiles with important notes only and often parse them - get proven root-kit-detection-scripts - if you have more than one server let all servers take a specific role (e.g.: db-server, dhcp-server&firewall, webserver, corporate syslog-server) - if you got a bigger network build two firewalls with one in front of the internet and one in front of your network connected to each other (minimal system with own kernel and no network services activated), build in the first one a dmz and a honeypod that logs all activity - subscribe to different security mailinglists and follow the threads - don't overprotect a system so it's a challenge for some persons (there are enough weak servers on the net, so most kiddies search the more vulnerable ones) - some experience is needed as well, but much can be read on the net or you get help of more familliar persons on the net Most intrusions come from: - weak passwords - old service-daemons - unsecure services - unsatisfied employees - the own network - careless operation with data/data-security To get behind an intrusion: - leave system as is and don't change any data, otherwise no later forensic investigation will be possible - backup the system and run a forensic analysis on a trusted machine (you get data-patterns on the net and useful free software for that purpose as well) - unplug system from network - exchange system agains honeypod and log activities With the last thing you can find what's going on and trace the intruders back to their origin. Philippe