22.5 Summary


In this chapter, we looked at the procedures that you should follow in the event that you suffer a break-in.

The most important thing to do is to have an objective and a plan of action. Do you want to get your computer operational as fast as possible, or do you want to collect evidence for prosecution ? Do you hope that you are lucky? Do you want the attacker to go away and leave you alone? It's best to have answers to these questions formulated before you suffer an attack, rather than try to come up with answers while you are under pressure.

More important than confronting the intruder is figuring out how to clean up after the fact. How did the intruder get in? Find out. Document. Close the hole. If you don't, you're sure to have more intruders in the future.

Finally, if you can do it, report the intrusion and share your documentation with others. We know that attackers work together: they exchange tips, techniques, and tools. Defending against these well-networked attackers will take an equally effective network of security professionals.



Practical UNIX and Internet Security
Practical Unix & Internet Security, 3rd Edition
ISBN: 0596003234
EAN: 2147483647
Year: 2003
Pages: 265

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net