See your link here
Got hacked? 11 things to do next
- IT TOPICS:Management, Networking, Security, Software
Before I start in on things to do after you get hacked, I recommend a read of a previous article I did on logging what goes on in your network.
If you don't do what needs to be before an attack, many of the steps detailed in 11 things to do after a hack on SearchWindowsSecurity.com will be nigh impossible. Without proper logging and good security techniques, it's difficult at best to detect a hack and harder yet to respond to it.
After all, if you can't tell that you've been hacked in the first place, how can you respond to it?
Anyhow, presuming that you've done all you can do in a dilligent, well planned manner to prevent attacks and to record what goes on in your systems in order to spot attacks, once an attack happens and is discovered, I think that Step 3: "Take some initial steps to notify stakeholders and other important people" is particularly important.
The worst thing you can do if an attack, or any network issue, is found is to try to hide it. Your bosses will appreciate knowing about problems (or if they don't perhaps you don't want them for bosses) and should look to you for solutions versus trying to lay blame.
The other important step is to preserve any forensic data. Once an attack is found, backup ALL your logs (preferably in such a way that you can prove that the logs were kept as you found them) and any other applicable data. If you do have your day in court, being able to prove that your data is accurate and valid will be very important.
At any rate, all of the steps are academic if you don't do everything in your power to protect your network and keep track of what goes on in your network and on your systems.
Related News and Opinion:
Reply
Print
Email this
Digg this
