I l @ ve RuBoard |
A system that has been compromised is likely to be attacked again. Monitoring the restored systems will help verify that the improvements deter future attacks and can assist in the gathering of information about the attacker if he returns. The monitoring should include the services that were compromised, the processes that were used to compromise the system originally, and the connections for other systems that were compromised. The restored system should be placed at the highest level of monitoring for a period of time after the attack to help restore confidence in the system. |
I l @ ve RuBoard |