Menu
blog.headdesk.me
blog.headdesk.me

Why the hack?

Posted on 2018/01/12

Why attacking and hacking

– proof of concept
– causes service interruption
– utilize compromised systems to attack other targets
– steal compute power
– build zombie network
– ransome
– attention seeking
– personal reasons

How does it happen

– Webhack exploiting vulnerable apps or scripts
– SQL injection
– Overflow boundaries
– Brutish password hack
– Social hacking
– Affected by compromised neighbors particularly in muti-tenant environments
– Internal rogue

What to do when a system is being attacked or hacked?

Contain the incident: Immediately confine the affected systems and stop the attack

– Isolate hacked system by putting it in isolated environment
– Disable related outbound or inbound traffic
– Capture forensics and terminate malicious processes

Assess the damage

– Identify affected data, servers, and users
– Notify affected users

Recover service and data

– Run full scan and quarantine infected files
– Backup data
– Redeploy server from clean sources
– Restore data assuming they are clean

Protect the systems

– Change admin passwords and use strong passwords
– Install AV, WAF, CDN, DDOS, IDS and IPS systems
– Update detection signatures or databases
– OS hardening and patching
– Identify weakest link and pen-tests
– Review and tighten directory and file permissions, disable exec permission
– Change IP
– Deploy disaster recovery systems

Resume service and monitor

– Increase log levels
– Deploy monitoring and alerting tools
– System integrity checks

facebookShare on Facebook
TwitterTweet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Full text search

Recent Posts

  • Dumping AWS Organization tree
  • Free is the most expensive
  • Terraform conditional resource and blocks
  • Upgrade Ubuntu 16.04 to latest release
  • Inspect and control network traffic on AWS
  • aws (8)
  • coffee (1)
  • headfi (1)
  • linux (7)
  • others (55)
  • security (2)
  • tech (36)
  • wordpress (2)

apache aws awscli azure backup cloud coffee coreos distributed filesystem docker ec2 EL8 elasticcache etckeeper featured heartbleed kernel linux mail meltdown mysql php pine python rdp rds Redhat Red Hat RHEL RHEL7 rpm Ryzen snapshot spectre SSL systemd tech terraform ubuntu ubuntu upgrade vector vpn wordpress xtreemfs yum

©2022 blog.headdesk.me | Powered by SuperbThemes & WordPress