Recovering data after an attack

If you've been hacked, crucial company data has probably been compromised. Kevin Beaver explains how you can clean your systems, recover data and prevent ongoing intrusions.

How can crucial data be recovered after Windows 2000 workstations are hacked? That's what one SearchWindowsSecurity.com

reader asked site expert Kevin Beaver. Get Kevin's advice on how to clean your systems, save your data and prevent ongoing intrusions.


To check if your Windows systems are clean, you should first run a vulnerability assessment, such as GFI LANguard Network Security Scanner or QualysGuard Enterprise), or try an antivirus scanner, spyware cleaning utility or rootkit removal tool.

That said, the only definitive way to ensure your operating systems are clean is to wipe and reinstall them. The data is not likely infected; it's integrity and confidentiality may have been compromised, but data files usually don't harbor malware, etc. If your data is located in specific folders (i.e. Documents and Settings or My Documents), you could save that data off the workstation before cleaning the drives and reinstalling. If you choose this route, make sure you have reliable backups. I'd recommend creating an image of the drives using a utility like Acronis True Image in case you need to go back.

To prevent ongoing intrusions, you must not only have a solid firewall, but also use host-based protection. I'm talking about antivirus, antispyware and personal firewall software such as BlackICE. Check out the various system hardening checklists by Roberta Bragg on SearchWindowsSecurity.com as well.

Following all of these steps and keeping up with current patches can keep you pretty secure from a technical perspective. You then have to deal with people, policies and procedures -- the more difficult aspect of Windows security, but not impossible. Learn from the intrusion, get upper management support, improve your security policies and procedures, and work on locking things down moving forward.


About the author: Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on SearchWindowsSecurity.com. He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Ask Kevin a question about Windows security threats today.

More information from SearchWindowsSecurity.com

  • Windows Security Clinic: You've been hacked! Now what?
  • Book Excerpt: Designing security for a backup and recovery strategy
  • Book Excerpt: Designing a strategy for the encryption and decryption of files and folders


  • This was first published in April 2005

    Dig deeper on Network intrusion detection and prevention and malware removal

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close