Re: [foxboro] Our AW51 (Solaris) Got a Virus/Worm
- From: wim.verberckt.wv@xxxxxxxxxxxxxxx
- To: foxboro@xxxxxxxxxxxxx
- Date: Fri, 21 Nov 2003 08:25:54 +0100
Tripwire is a utility that creates an image of a file system. The image is later
compared with the current file system to determine what has changed on the file
system. This provides a way of determining which data has been modified.
See also www.sun.com/software/security/tripwire
Regards,
Wim Verberckt
Bayer Antwerpen
foxboro-bounce@fr
eelists.org To: foxboro@xxxxxxxxxxxxx
cc:
21/11/2003 04:39 Subject: Re: [foxboro] Our AW51
(Solaris) Got a Virus/Worm
Please respond to
foxboro
What's Tripwire ?
Regards
Ajay Tathgir
Reliance Industries Limited
Mumbai - India
"Corey R Clingo"
<clingoc@basf-cor To: foxboro@xxxxxxxxxxxxx
p.com> cc: (bcc: Ajay
Tathgir/PFY/PG/RIL)
Sent by: Subject: Re: [foxboro] Our AW51
(Solaris) Got a Virus/Worm
foxboro-bounce@fr
eelists.org
19-11-2003 09:07
PM
Please respond to
foxboro
Older, unpatched Solaris versions are Swiss cheese, as far as security
goes. I'm not surprised your AW51 got cracked. The worms/rootkits for
Unix are not a plentiful as for Windoze, but they are out there.
From my own experience. Foxboro, like many other control system vendors,
has not cared much about security in the past. The Art Arruda (I think he
authored it) "securing your system" document, and Foxboro's general
recommendation to use firewalls, was about the extent of it. I seem to
recall a comment from an Invensys person at a session at the last
international user group meeting to the effect that system security was the
users' responsibility (which is true to a large extent, but the system
vendor still bears some responsibility as well).
Recently, however, because of recent geopolitical events and almost weekly
patches from Microsoft, the issue has become too large and public for
Invensys to ignore. They now have a recommended patch list for Windoze
boxes on the CSC web site, and they appear to be current through
mid-October. I haven't seen anything for Solaris yet (another omen,
perhaps?).
Having said that, you are never going to see the latest OS vendor patches
from Invensys, either on Day 0 CDs or on the web site. They have to test
those patches just like any other responsible vendor of IT. But it appears
that now Invensys is going to have to devote more resources to that task --
or switch to a more inherently secure OS (and that ain't gonna happen).
And even if you don't use the box for control, it still can be a problem.
The Trojaned box could be used to launch attacks against other systems. So
security in layers is still advisable. Patch the machine to the extent you
can. AND use firewalls. AND look at the system and firewall logs
regularly. AND scan it periodically with something like Tripwire to find
any modified binaries. AND enforce good passwords. AND...AND...AND...it
never ends. :)
Corey Clingo
BASF Corp.
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts: