How can crucial data be recovered after Windows 2000 workstations are hacked? That's what one SearchWindowsSecurity.com reader asked site expert Kevin Beaver. Get Kevin's advice on how to clean your systems, save your data and prevent ongoing intrusions.
To check if your Windows systems are clean, you should first run a vulnerability assessment, such as GFI LANguard Network Security Scanner or QualysGuard Enterprise), or try an antivirus scanner, spyware cleaning utility or rootkit removal tool.
That said, the only definitive way to ensure your operating systems are clean is to wipe and reinstall them. The data is not likely infected; it's integrity and confidentiality may have been compromised, but data files usually don't harbor malware, etc. If your data is located in specific folders (i.e. Documents and Settings or My Documents), you could save that data off the workstation before cleaning the drives and reinstalling. If you choose this route, make sure you have reliable backups. I'd recommend creating an image of the drives using a utility like Acronis True Image in case you need to go back.
To prevent ongoing intrusions, you must not only have a solid firewall, but also use host-based protection. I'm talking about antivirus, antispyware and personal firewall software such as BlackICE. Check out the various system hardening checklists by Roberta Bragg on SearchWindowsSecurity.com as well.
Following all of these steps and keeping up with current patches can keep you pretty secure from a technical perspective. You then have to deal with people, policies and procedures -- the more difficult aspect of Windows security, but not impossible. Learn from the intrusion, get upper management support, improve your security policies and procedures, and work on locking things down moving forward.
About the author: Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on SearchWindowsSecurity.com. He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Ask Kevin a question about Windows security threats today.
More information from SearchWindowsSecurity.com
This was first published in April 2005