Menu
blog.headdesk.me
blog.headdesk.me

Why the hack?

Posted on 2018/01/12

Why attacking and hacking

– proof of concept
– causes service interruption
– utilize compromised systems to attack other targets
– steal compute power
– build zombie network
– ransome
– attention seeking
– personal reasons

How does it happen

– Webhack exploiting vulnerable apps or scripts
– SQL injection
– Overflow boundaries
– Brutish password hack
– Social hacking
– Affected by compromised neighbors particularly in muti-tenant environments
– Internal rogue

What to do when a system is being attacked or hacked?

Contain the incident: Immediately confine the affected systems and stop the attack

– Isolate hacked system by putting it in isolated environment
– Disable related outbound or inbound traffic
– Capture forensics and terminate malicious processes

Assess the damage

– Identify affected data, servers, and users
– Notify affected users

Recover service and data

– Run full scan and quarantine infected files
– Backup data
– Redeploy server from clean sources
– Restore data assuming they are clean

Protect the systems

– Change admin passwords and use strong passwords
– Install AV, WAF, CDN, DDOS, IDS and IPS systems
– Update detection signatures or databases
– OS hardening and patching
– Identify weakest link and pen-tests
– Review and tighten directory and file permissions, disable exec permission
– Change IP
– Deploy disaster recovery systems

Resume service and monitor

– Increase log levels
– Deploy monitoring and alerting tools
– System integrity checks

Loading

facebookShare on Facebook
TwitterTweet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Full text search

Recent Posts

  • Upgrade RockyLinux 8 to 9
  • Terraform and segregated permissions
  • LVM Compression and Deduplication
  • Edit gpg encrypted file with vim
  • Lelit Elizabeth PL92T Pressure Tuning
  • aws (8)
  • coffee (1)
  • headfi (1)
  • linux (6)
  • others (59)
  • security (2)
  • tech (36)
  • wordpress (2)

Loading

apache apigateway aws awscli azure backup cloud coffee docker ec2 EL8 ElasticBeanstalk enpass espresso featured kernel lelit linux lvm meltdown MFA nat gateway nginx php proliant python rdp Redhat RHEL rpm Ryzen s2s scp serverless site-to-site smartarray snapshot spectre tech terraform transit gateway ubuntu ubuntu upgrade vpn wordpress

©2023 blog.headdesk.me | Powered by SuperbThemes & WordPress