top | item 36293431

(no title)

DethNinja | 2 years ago

This is a pretty good guide.

I also recommend manually reading/checking the the BIOS EEPROM and re-installing the OS from scratch at least every 6 months. This should mostly eliminate most of the advanced threats.

You can setup an ansible script to re-install everything so it can automated.

discuss

effie|2 years ago

How does re-installing the OS from scratch every 6 months "eliminate most of the advanced threats"? The malware has up to 6 months to do its work. OS re-install may delete the malware, but the next visit to bad link may re-install the malware as well.

DethNinja|2 years ago

It is just a precaution measure, some of the malware like DDOS Bots might persist more than 6 months.

Honestly, an immutable OS would be more ideal but it isn’t very realistic. If you are adventurous, it would also be possible to setup a system where host image gets rebuild every night and persistent data gets pulled from a git repo.