What to do after a break-in

The steps you will need to take after a break-in vary depending on what has happened:

In the worst case scenarios, the best solution is to wipe the drive and install from a backup: one that was done before the security incident.

It should go without saying that it is important to have an intelligent backup program in place, and to ensure that the backups are not kept with the computer!

It is also important to recognise that security logs are an adjunct to finding the culprit, and certainly do not provide proof of a crime: logs can be easily edited or faked, identd can be spoofed as can computer hostnames.

Prev | Home | Next