Menu
blog.headdesk.me
blog.headdesk.me

Why the hack?

Posted on 2018/01/12

Why attacking and hacking

– proof of concept
– causes service interruption
– utilize compromised systems to attack other targets
– steal compute power
– build zombie network
– ransome
– attention seeking
– personal reasons

How does it happen

– Webhack exploiting vulnerable apps or scripts
– SQL injection
– Overflow boundaries
– Brutish password hack
– Social hacking
– Affected by compromised neighbors particularly in muti-tenant environments
– Internal rogue

What to do when a system is being attacked or hacked?

Contain the incident: Immediately confine the affected systems and stop the attack

– Isolate hacked system by putting it in isolated environment
– Disable related outbound or inbound traffic
– Capture forensics and terminate malicious processes

Assess the damage

– Identify affected data, servers, and users
– Notify affected users

Recover service and data

– Run full scan and quarantine infected files
– Backup data
– Redeploy server from clean sources
– Restore data assuming they are clean

Protect the systems

– Change admin passwords and use strong passwords
– Install AV, WAF, CDN, DDOS, IDS and IPS systems
– Update detection signatures or databases
– OS hardening and patching
– Identify weakest link and pen-tests
– Review and tighten directory and file permissions, disable exec permission
– Change IP
– Deploy disaster recovery systems

Resume service and monitor

– Increase log levels
– Deploy monitoring and alerting tools
– System integrity checks

facebookShare on Facebook
TwitterTweet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Full text search

Recent Posts

  • Terraform and segregated permissions
  • LVM Compression and Deduplication
  • Edit gpg encrypted file with vim
  • Lelit Elizabeth PL92T Pressure Tuning
  • jq transformation
  • aws (8)
  • coffee (1)
  • headfi (1)
  • linux (6)
  • others (58)
  • security (2)
  • tech (36)
  • wordpress (2)

apache aws awscli azure backup clearlinux cloud coffee docker DOCP ec2 EL8 epyc espresso featured gpg jenkins kernel lelit linux lvm meltdown memory MFA mikrotik php python rdp Redhat RHEL roasting rpm Ryzen site-to-site snapshot spectre tech terraform tuning ubuntu ubuntu upgrade vim vpn wordpress xdotool

©2023 blog.headdesk.me | Powered by SuperbThemes & WordPress