- Systems that have been infected by a worm or attacked by an intruder should be disconnected from the network immediately.
- Find out how the attack happened. Although some worms trumpet their existence, others, as well as cracker intrusions, will require some detective work.
- Remove worm files and Trojans from infected systems using updated anti-virus programs or by removing unknown files. For more peace of mind, wipe the system and reinstall the operating system.
- Apply all necessary patches and implement workarounds. Consider disabling at-risk applications and services.
- Find out where attacks originated, and notify administrators there of possible breaches. Legal action should be the last resort.
- Dont attempt to strike back with honeypots and the like, although passive tools that hinder worms and attackers are good options.
Best Practices - 5
Modernizing Authentication — What It Takes to Transform Secure Access