What to Do If You Get Hacked

Getting hacked is one of an administrator's biggest fears, and an important one to face up to consciously and with clear intent. If you're hacked, it's imperative that you take swift action to limit further damage and to preserve the evidence, which can potentially be used to press charges against the perpetrators. If your system is compromised there are several things you should do:

  • Immediately remove the system from the network.
  • Take a disk image of the server immediately after it was hacked.
  • Check with your software and hardware vendors to determine what vulnerability was exploited and how to prevent it from happening again.
  • Check log files for evidence.
  • Change passwords for any affected systems; social engineering attacks (as popularized by the Iloveyou virus) are startlingly common, and effective.
  • Document what you've learned and develop an incident response plan. Make this for both internal and external servers.

Consider using intrusion detection software such as Tripwire or Intrusion's SecureNet Pro that can give you notice of attacks.

Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net