Recovering from a UNIX System Compromise (continued)...


Recover from the intrusion
   1. Install a clean version of your operating system
   2. Disable unnecessary services
   3. Install all vendor security patches
   4. Consult CERT Advisories, summaries, and vendor-initiated bulletins
   5. Caution use of data from backups
   6. Change passwords

Improve the security of your system and network
   1. Review security using the UNIX configuration guidelines document
   2. Review the security tools document
   3. Install security tools
   4. Enable maximal logging
   5. Configure firewalls to defend networks

Reconnect to the Internet