Document Actions
Intrusion
last modified
2007-07-27 11:28
Unauthorized host access. It can involve compromise of information, use of the host for storage of pirated software or media files, or use of the host for reconnaissance and further attacks.
Please browse to Guidance on Incident Handling and Security Tools for additional recommendations.
- Remove the host from RUNet immediately.
- Review the procedures for Compromise of Confidential or Sensitive Data.
- Check for signs of intrusion.
- Windows Intruder Detection Checklist
- The Intruder Detection Checklist targets UNIX systems
- The Fundamental Computer Investigation Guide For Windows introduces basic forensic techniques for Windows hosts.
- Be aware of any notification requirements for regulatory compliance.
- Determine whether any confidential or sensitive data was compromised and respond accordingly.
- Follow the Steps for Recovering from a UNIX or NT System Compromise. A short summary of the recommendations includes the following:
- reformat the hard drive(s)
- re-install the operating system from known good media
- install anti-virus software
- install current operating system and application patches
- harden the operating system