Tracking the hackers

    Date10 Jul 2002
    CategoryHacks/Cracks
    3391
    Posted ByAnthony Pell
    Simon Edwards sent in an article on what to do when your box gets hacked. "You've installed the latest firewall, patched every workstation with the new security updates and located every unauthorised wireless LAN in the building - but you've still been hacked. Do you call the police, fire your systems administrator, reinstall and pretend nothing happened?. . . Simon Edwards sent in an article on what to do when your box gets hacked. "You've installed the latest firewall, patched every workstation with the new security updates and located every unauthorised wireless LAN in the building - but you've still been hacked. Do you call the police, fire your systems administrator, reinstall and pretend nothing happened? Or take down your Web and e-mail servers (and, therefore, business) for a prolonged period of examination? What does your emergency response plan say? You've got one, right?

    This article is about tracking down the person or persons who have successfully attacked one or more of your computer systems. We will not be explaining how to secure your Web servers but rather how to prepare for the eventuality that they fall under someone else's control.

    You need to be prepared for an attack so that when someone breaks into your essential systems you can respond as quickly and rationally as possible. Panicking can result in lost forensic evidence or, even worse, lost business. You can't leave your compromised Web host visible (and risible) on the Internet but you shouldn't blindly restore a backup and assume that the hacker won't repeat his actions either. There's been a problem and your job is to fix it as fast as possible and ensure it never happens again. After that you can choose whether or not to track down the perpetrator. But before you kick off a major police investigation there are some serious issues to consider.

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":71.43,"resources":[]},{"id":"75","title":"HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.