We were recently hacked and I am looking for a security firm that can come in and make sure there are no bugaboos are going to come along for the ride when I bring the code and db over to the new servers. It's a Windows system that uses some custom VB6 com objects, a few Third Party apps, asp scripting and a sql server 2000 db.
Does it make sense to have the db checked out too? I know rootkits hide in the os but couldn't someone also hide nasties in a legitimate looking tho seldom used system stored procedure?
The answer to your question is yes stored procedures can indeed hold "nasties"
There are a number of security firms that have expertise in this area, but none will come cheap. In the NYC area I have used Iconsinc.com in the past. It is best to choose a vendor in your area. It is wise to determine the actual goal you are seeking. Is it a criminal case? Or is it just the operational restore of the machine? Either or decide first and then work on the best security firm to suit your needs.
I'm in Kansas. The FBI is now determining whether a criminal case should be opened or not and if so if it is here or where our servers are located. The servers have been locked down, known or obvious exploits closed up (a problem with sql injection), code hardened, etc.
I'm hoping to find a competent firm to simply investigate the code and db to insure that no nasties are hiding when I move it to the new digs. The firm we hired to come in and plug up the holes hasn't given us any information about what problems they found nor have they indicated how detailed was their investigation. But they did feel that the condition required that the FBI be called. Pretty cruddy if you ask me. But c'est la vie in the comnputer biz. You think you're hiring competent and professional and, in this case, we got fairly competent and extremely paranoid and unprofessional.
I'm not looking for full penetration testing or network vulnerability testing. It's basically a glorified virus scan/rootkit scan and if needed a removal procedure. I'm not sure if there are beefy firms in Kansas which is odd since we are the beef capital of the world.