By Joshua Weinberger  |  Posted 2004-03-15 Print this article Print


Step 4

Responding to security breaches involves not only stopping attacks but also learning from the experience to prevent future attacks.

The technical steps required to respond to any attack are essentially the same, no matter what the business or what the purpose of the attacked system.

  • Stop It: An infected system needs to be taken off the Internet immediately to prevent further spread.

  • Learn From It: Before you clean up an infected system, find out how it was compromised. Log files are a big help in detecting what happened. System snapshot tools also can be extremely useful.

  • Remove It: After youve figured out how a system was compromised, you need to remove worms or exploit programs and possibly even wipe the system clean. Some worms can be removed by deleting a single file, but others infect a large number of files on a system. Look to the Web sites of security vendors and organizations such as The SANS Institute for detailed information on removing worms or security holes.

  • Fix It: Patches must be applied or workarounds implemented to prevent future attacks.

  • React to It: The toughest part is dealing with the internal management and external agencies involved. Draft a written policy on how intrusions will be handled and who should be notified after one takes place.

    Next Page: Step 5: Vigilance

    Assistant Editor
    After being on staff at The New Yorker for five years, Josh later traveled the world, hitting all seven continents in a single year. At Yale University, he majored in American Studies, English, and Theatre Studies.


    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel