access to any (that's ANY!) system, then you need to take a few
precautions to help recover from a network compromise. The following
are steps that we've learned in the open lab:
- Know the MAC
address for the default gateway (have it written down) - Know the
hostname(s) and IP address(es) for your servers, especially your DNS and
directory servers - if you're done with a dangerous tool, delete
it and the source code - scan your systems, inside and out, before
and after active analysis - log and record as much as possible, no
matter how silly it seems
Some of those are forensic
measures but those first two are valuable bits of information if you're
suddenly trying to figure out why the Google page suddenly reads "All
your lookups are belong to us!"
No comments:
Post a Comment