RE: OK, I've been hacked, now what?

[kevin.sheldrake () baedsl co uk]

> -----Original Message-----
> From: Chris Tobkin [SMTP:tobkin () tobkin com]
> Sent: 10 May 1999 17:05
> To:   firewall-wizards () nfr net
> Subject:      RE: OK, I've been hacked, now what?            
>
> Again, you assume that this is a mailicious hacking.  I don't
find any new
> financial expense being made after someone breaks into a system
and just
> changes the homepage and leaves a link to the old default page.

I'm new to this list so forgive me if this has already been
stated.

After an attack has been discovered, the victim (company) must
investigate
the damage to the liberated system.  This could involve manually
checking
all files in all directories for alteration.  Following this, the
system should
then be checked in order to detect any external copying of files
(this could
involve the system logs or a network traffic monitor.)

These two activities are expensive.  It is naive to assume that
because the
hacker knows that (s)he is not malicious that the victim will
also.  It would
be careless of the victim to ever assume that a hacker is not
malicious.

Kev

Kevin Sheldrake
CCIS Prototypes and Demonstrations
British Aerospace Defence Systems
[+44 | 0] 1202 408035, kevin.sheldrake () baedsl co uk
>