My brother on what to do after you get hacked

April 6, 2006 By

My brother is an IT guy and writes for ComputerWorld. He gives a list of what to do after your servers get hacked.

Filed Under: 1
  • Anona

    #1 Look at your computer for the last time.

    #2 Get a Mac.

    #3 There’s no step #3.

  • Anona

    #1 Look at your computer for the last time.

    #2 Get a Mac.

    #3 There’s no step #3.

  • Anona

    #1 Look at your computer for the last time.

    #2 Get a Mac.

    #3 There’s no step #3.

  • Pingback: Computerworld Blogs

  • http://acidzebra.blogspot.com/ Michiel

    My guess is for 99% of the admins out there step 11: ‘blow the operating system away, reinstall from scratch, and focus on preemptive security. ‘ would be the only step. Time pressure, stretched budgets, it’d be lovely to have the time to go on a forensics safari but I sure don’t.

  • http://acidzebra.blogspot.com/ Michiel

    My guess is for 99% of the admins out there step 11: ‘blow the operating system away, reinstall from scratch, and focus on preemptive security. ‘ would be the only step. Time pressure, stretched budgets, it’d be lovely to have the time to go on a forensics safari but I sure don’t.

  • http://acidzebra.blogspot.com Michiel

    My guess is for 99% of the admins out there step 11: ‘blow the operating system away, reinstall from scratch, and focus on preemptive security. ‘ would be the only step. Time pressure, stretched budgets, it’d be lovely to have the time to go on a forensics safari but I sure don’t.

  • http://blog.zemote.com/ Jeff O’Hara

    Ok, patch your systems daily and run IDS’s and you will not get hacked, I really hate it when an admin says “We have to test the patches first”, Well that’s the vendor’s job wether it be MS, Redhat, etc…

    If you do get hacked,
    1. don’t blow it away, remove the box from the network,
    2create a snapshot of the system (for legal reasons.)
    3. blow away and reinstall, or better yet, pull the drives and install new drives and rebuild the system.

  • http://blog.zemote.com/ Jeff O’Hara

    Ok, patch your systems daily and run IDS’s and you will not get hacked, I really hate it when an admin says “We have to test the patches first”, Well that’s the vendor’s job wether it be MS, Redhat, etc…

    If you do get hacked,
    1. don’t blow it away, remove the box from the network,
    2create a snapshot of the system (for legal reasons.)
    3. blow away and reinstall, or better yet, pull the drives and install new drives and rebuild the system.

  • http://blog.zemote.com Jeff O’Hara

    Ok, patch your systems daily and run IDS’s and you will not get hacked, I really hate it when an admin says “We have to test the patches first”, Well that’s the vendor’s job wether it be MS, Redhat, etc…

    If you do get hacked,
    1. don’t blow it away, remove the box from the network,
    2create a snapshot of the system (for legal reasons.)
    3. blow away and reinstall, or better yet, pull the drives and install new drives and rebuild the system.

  • J. Random Poster

    Simple: dump your windows infrastructure, and go with a securable system instead. If you have windows apps you can’t get rid of, run them under VMWare on Linux, BSD, Solaris, or (coming soon), Mac OS X. They’ll still get pwn3d, but you can trivially restart them from a pristine image.

  • J. Random Poster

    Simple: dump your windows infrastructure, and go with a securable system instead. If you have windows apps you can’t get rid of, run them under VMWare on Linux, BSD, Solaris, or (coming soon), Mac OS X. They’ll still get pwn3d, but you can trivially restart them from a pristine image.

  • J. Random Poster

    Simple: dump your windows infrastructure, and go with a securable system instead. If you have windows apps you can’t get rid of, run them under VMWare on Linux, BSD, Solaris, or (coming soon), Mac OS X. They’ll still get pwn3d, but you can trivially restart them from a pristine image.

  • Pingback: Pig Pen - Web Standards Compliant Web Design Blog » Blog Archive » 11 Things To Do After A Hack

  • Chris

    Definitely agree patching is a necessity, but so is change management. You cant have people making arbitrary changes without documentation.

    In response to the above post, IDS are reactive…they do not prevent anything….they are not designed to. It is the vendors job to test that patch to make sure it doesnt cause issues with the OS. It is the administrators job to test the patch to make sure it doesnt interfere with other applications / modifications made since it was a fresh OS. Just throwing on the latest patch blindly is going to cause more problems that it will fix. You have to test patches, no matter the source.

    –C

  • Chris

    Definitely agree patching is a necessity, but so is change management. You cant have people making arbitrary changes without documentation.

    In response to the above post, IDS are reactive…they do not prevent anything….they are not designed to. It is the vendors job to test that patch to make sure it doesnt cause issues with the OS. It is the administrators job to test the patch to make sure it doesnt interfere with other applications / modifications made since it was a fresh OS. Just throwing on the latest patch blindly is going to cause more problems that it will fix. You have to test patches, no matter the source.

    –C

  • Chris

    Definitely agree patching is a necessity, but so is change management. You cant have people making arbitrary changes without documentation.

    In response to the above post, IDS are reactive…they do not prevent anything….they are not designed to. It is the vendors job to test that patch to make sure it doesnt cause issues with the OS. It is the administrators job to test the patch to make sure it doesnt interfere with other applications / modifications made since it was a fresh OS. Just throwing on the latest patch blindly is going to cause more problems that it will fix. You have to test patches, no matter the source.

    –C

  • Pingback: Forever Geek

  • http://i5bala.blogspot.com/ Balakumar Muthu

    Quite interesting steps… thanks for points us their!!


    Balakumar Muthu

  • http://i5bala.blogspot.com/ Balakumar Muthu

    Quite interesting steps… thanks for points us their!!


    Balakumar Muthu

  • http://i5bala.blogspot.com Balakumar Muthu

    Quite interesting steps… thanks for points us their!!


    Balakumar Muthu