[unisog] Re: OpenSSL worm in the wild
tep at SDSC.EDU
Thu Sep 19 16:44:03 GMT 2002
This begs the "meta question": What is your policy for dealing with
infected/compromised machines? Do you have a (written or other)
policy that describes when machines will be "cleaned" and when they
must undergo a scrub and rebuild?
In general, we always rebuild from scratch except in cases of very
minor virus infections on laptops and some Windows desktops. Servers,
no matter what OS, and all UNIX/Linux always get rebuilt. It's a
great opportunity for a disk (or OS) upgrade :-) I guess we can get
away with that only because (other than laptops and *some* PC
desktops) we don't support users using local storage; our users expect
to have most (or all) of their data live on file servers.
I know it would be much harder to do this if every machine had lots of
local user data.
Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center
More information about the unisog