Internet.com ISP-Planet

 


Sections

 • Best of the Lists
 • Business
 • CLEC-Planet
 • Equipment
 • Executive
   Perspectives
 • Fixed Wireless
 • Investor
 • Marketing
 • Market Research
 • News
 • Notable Quotes
 • Politics
 • Profiles
 • Resources
 • Technology
 • Value-Added
   Services
 • Webhosting
Also ...
 • About Us
 • Authors
 • Letters
  • Site Map
 • Technology Jobs


 
ISP Glossary
Find an ISP Term
 
Search ISP-Planet


Search internet.com
 
internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

internet.commerce
Be a Commerce Partner
ISP Webhosting

Best of the ISP-Lists

Hacked!

Members of the ISP-Security discussion list offer advice as to how to handle a network intrusion. Solutions vary, but a full-scale network security review is always in order.

[February 13, 2001]
Email a colleague

On the ISP-Security list in January, IU observed,

"One of my systems was cracked by 'Prime Suspectz'. So far all I can tell is that he deleted my logs and defaced one of my sites. Any advice on how to deal with this?"

SS suggested a relatively speedy cleanup:

"Take your system offline, and back up all logs, for obvious reasons. Run Trojan detection software on your system. Check for changes in your directory structure and weed out any new pieces of software. Do an audit on your server and check for any vulnerability that might have allowed the break-in. Check for weak passwords, and change all admin passwords. And if you don't have a security mechanism in place, implement one."

A number of respondents recommended far more drastic measures:

[BL noted] "It's foolish to assume that you can find all the possible back doors a hacker may have inserted into your system. It takes very little effort to outwit most Trojan detection software, or to compromise an executable program. The only foolproof solution for ensuring system security after you've been hacked is to wipe the system, reformat the drives, and install a fresh copy of the OS."

[DN advised] "Unplug the machine, make a backup so you can look at it later for evidence, then totally wipe out the machine and rebuild it from scratch." [MCC added] "Make an image of the drives, call the FBI and report it, then reload from scratch. Make sure none of your other systems' passwords are the same."

[DVH warned] "If you want hard evidence, replace the drives; don't just make an image. Copies are debatable." AK noted that tracking down your system's vulnerabilities is the most important part of the answer: "Remember: until you analyze your security policy and its weaknesses, they can hack again."

[Editor's note] Prime Suspectz may have screwed up the New Mexico vote, among other things.

—End

Related articles:
  [Jan. 29, 2000] To Catch a Hacker
  [Aug. 12, 1999] Hack, or Harmless Intrusion?


 

Feedback

Advertising inquiry? Click here!

ISP-Planet's RSS feed

#