Share this Page URL

Chapter 21. Network Security > Specific Configuration Steps for Windows XP - Pg. 736

Network Security 736 Make a library of CD-ROMs, repair disks, startup disks, utility disks, backup CDs, ZIP disks, tapes, manuals, and notebooks that record your configurations and observations. Keep them together in one place and locked up if possible. Prepare an Incident Plan A system crash or intrusion is a highly stressful event. A written plan of action made now will help you keep a clear head when things go wrong. The actual event probably won't go as you imagined, but at least you'll have some good first steps to follow while you get your wits about you. If you know a break-in has been successful, you must take immediate action. First, disconnect your network from the Internet. Then find out what happened. Unless you have an exact understanding of what happened and can fix the problem, you should clean out your system entirely. This means that you should reformat your hard drive, install Windows and all applications from CDs or pristine disks, and make a clean start. Then you can look at recent backups to see whether you have any you know aren't compromised, restore them, and then go on. But most off all, have a plan. The following are some steps to include in your incident plan: 1. 2. Write down exactly how to properly shut down computers and servers. Make a list of people to notify, including company officials, your computer support staff, your ISP, an incident response team, your therapist, and anyone else who will be involved in dealing with the aftermath. Check to see whether you are eligible for assistance from one of the many FIRST response teams around the world. FIRST (the Forum of Incident Response and Security Teams) can tell you which agencies might best be able to help you in the event of a security 3.