[GLLUG] meeting idea?
Thomas Hruska
thruska at cubiclesoft.com
Tue Aug 22 19:17:24 EDT 2006
Jim Fick wrote:
> Would it be better to just disconnect the LAN/Internet connection and
> leave the system running? That way you don't lose what might be in
> memory.
>
> James A. Fick, Jr
It really depends on how good you are at recovery scenarios. However, a
lot of people don't have a plan or can't formulate one and start
executing it in five minutes. Some backdoor might also be programmed to
start overwriting random files if it can't connect to a remote host for
some set amount of time...causing damage to files and data if you don't
start doing things right away. Most systems have critical data that has
to be gotten off the drive and people have this preference that their
data remain intact. If the computer is off, no program can be running
that could destroy data. Weigh your risks between losing data and
discovering every last detail of the malware. Once you have a detailed
plan laid out (on paper) for the compromised computer, it becomes a lot
easier to get up and running again.
Turning off the computer is also a good step to warding off panic. The
initial response to being hacked is to panic. That's the worst mental
state any computer administrator can have and will result in data loss.
With the computer off, you can take your time, calm down, and start
thinking logically about the recovery process.
--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197
Safe C++ Design Principles (First Edition)
Learn how to write memory leak-free, secure,
portable, and user-friendly software.
Learn more and view a sample chapter:
http://www.CubicleSoft.com/SafeCPPDesign/
More information about the linux-user
mailing list