What to Do If Your System Is Compromised

The paper “Steps for Recovering from a UNIX Root Compromise,” available from CERT at http://www.cert.org/tech_tips/; RFC 2196, “Site Security Handbook”; and the SANS publication “Computer Security Incident Handling: Step by Step” discuss procedures to follow in the event of a successful security breach. These documents present more formal procedures that a business, government office, or university might follow. The procedures assume some amount of spare storage space for taking snapshots of the system, assume available staff to analyze and diagnose the security problem, and discuss situations in which the victim site might want to initiate formal legal action.

Regardless of how an anomaly is investigated, ...

Get Linux Firewalls, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.