[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <03dd01c43da3$4c5ccbd0$c71121c2@exchange.sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (Dave Howe)
Subject: I Got Hacked. Now What Do I Do?
Troels Bay wrote:
> Now one can't trust somewhat 50% of all Microsoft Computers.
you trusted that many before? :)
Honestly though, it isn't a total writeoff.
Your data may well have been compromised - so you need to run a validation
exercise after copying to a clean system but before even starting a
webserver (or anything that could execute binaries in your dataset) -
*Validate and sanity check database-data - particularly any user/access
lists, and change passwords on any admin accounts.
*Validate and sanity check static html pages
* Recompile or upload from trusted sources any binaries - they can't be
trusted - and validate / sanity check any scripts
* Ideally, if you have a DEV system that wasn't compromised (many
organizations do) upload known-clean copies - just be sure you didn't
backport any scripts or html pages from the "live" server, nonsensical
though that might sound.
I am not going to say getting back to a 100% trustworthy system is going
to be possible in a short term, but you should be able to have 99%
confidence in your datasets and site pages within a week. Isn't going to
be cheap (in man hours, but that translates to money in various ways)
either.
For the future, consider a bit of diversity and a decent (DMZing)
firewall; if your boxes don't *have* exposed ports other than 80, they can
only be compromised by an attack on that port, not (say) 445.
Diversity doesn't mean dumping Windows if you are wed to the platform (ie,
have an existing large investment in it) - but consider Apache and PHP
rather than IIS and VBScript; they run just fine on windows, will scale
with the company (so you can upgrade to non-windows hardware in the future
if you need to) and are more common than IIS anyhow.
A decent firewall doesn't have to be expensive - for entry level, you can
use a legacy PC with three network cards (inside, outside, DMZ) and a
floppy (no hard) drive, then boot the fw with a LEAF linux such as
Bering - from write protected floppy disks (and get VPN support and a DNS
server thrown in for free :)
Powered by blists - more mailing lists