Protecting Your Internal Systems from a Compromised Host

The concept for this paper came from a recent incident when one of our customer machines was compromised. It is designed to cover some additional aspects of systems security and design, which I believe have been ignored to some extent in the Security Essentials material and most systems admin courses. At some stage you must concede that a system will be compromised and as such being located in a trusted or semi-trusted position on the network an effort must be made to minimize the impact and also identify the problem as soon as possible. The content of this paper has been kept brief and covered areas that have not really been emphasized enough and fall victim to lazy system management. A number of other areas like systems resource monitoring, systems file access and protection, and user management issues are generally well covered in standard system administration courses and guides and are not mentioned in the paper.