BTW, the general rule in the industry is that once bad guys have gotten on to your server, you should never trust it again. i.e. wipe it and start fresh.
So true, just had a crazy story where someone had all his server resources being eaten up, it was a no-brainer checking the PID’s and seeing what the culprit was, turnd out he had some kind of breach long time ago and had some securtiy consultant supposley take care of it,
and as we say the rest is history…
@chaim-hirsch i can may monthly for the number. But i din’t understand why they take money for every incoming minuts?
if i have 100 persons, calling every day 10 minuts, i have to pay 100 dollars a month !!!
In the end we couldn’t setup VLANs as the switches weren’t managed, nor were they supporting 802.1q standard which allows VLAN tagging. (We couldn’t do port based VLAN because of the physical infrastructure.)
Subnets aren’t very usefull as they don’t prvide any security…
So we stayed with Mac filtering on the LAN and some basic firewall rules, which would prevent dirty stuff even in case someone has managed to get access to the network.