Simon Edwards sent in an article on what to do when your box gets hacked. "You've installed the latest firewall, patched every workstation with the new security updates and located every unauthorised wireless LAN in the building - but you've still been hacked. Do you call the police, fire your systems administrator, reinstall and pretend nothing happened?. . .
Simon Edwards sent in an article on what to do when your box gets hacked. "You've installed the latest firewall, patched every workstation with the new security updates and located every unauthorised wireless LAN in the building - but you've still been hacked. Do you call the police, fire your systems administrator, reinstall and pretend nothing happened? Or take down your Web and e-mail servers (and, therefore, business) for a prolonged period of examination? What does your emergency response plan say? You've got one, right?

This article is about tracking down the person or persons who have successfully attacked one or more of your computer systems. We will not be explaining how to secure your Web servers but rather how to prepare for the eventuality that they fall under someone else's control.

You need to be prepared for an attack so that when someone breaks into your essential systems you can respond as quickly and rationally as possible. Panicking can result in lost forensic evidence or, even worse, lost business. You can't leave your compromised Web host visible (and risible) on the Internet but you shouldn't blindly restore a backup and assume that the hacker won't repeat his actions either. There's been a problem and your job is to fix it as fast as possible and ensure it never happens again. After that you can choose whether or not to track down the perpetrator. But before you kick off a major police investigation there are some serious issues to consider.

The link for this article located at transceiver.co.uk is no longer available.