|
|
Emergency
Response
 If
you are concerned that your systems have been compromised, follow these steps:
-
Don't panic (like the guy in the
picture). Most intrusions are the result of inexperienced hackers using tools
they barely understand. Stopping them is often quite easy.
-
Document everything: Keep a detailed
record of everything you do.
-
Don't turn off the
affected machines. It is actually better to leave the affected
computer running until you have had time to gather information.
-
Isolate the affected computers/devices. If possible, leave the
machine running and disconnect it from the network. The hacker may have
installed programs into memory that will disappear upon shut down.
-
Preserve evidence. Gather any log
files, access lists, or any other evidence that might contain information
about the intrusion.
-
Call the Anitian response team. We can
usually be on-site within 24 hours to analyze the system. If it is during normal business hours, call the
Anitian office at 503-644-5656. If it is after hours you email
emergency@anitian.com and one of
our engineers will be paged.
-
Don't make rash changes to your network.
One of the most common mistakes people make is overreact to an incident. This
could exacerbate the problem or worse, help obfuscate the hacker's intentions.
Be patient. Anitian can help you get back up and running. If necessary,
we can also help you develop a response procedure if you get hacked again.
|
|
|
