technical: clean-up

technical: cybersecurity

Corporate Clean-Up

by Brent Kirkpatrick

(Date Published: 03/31/2017.)

After a breach, cleaning-up a corporate network takes focused effort.

If your company gets hacked, you can clean it up with dedicated attention to the operating systems and networks. Each computer can be cleaned-up, one at a time, starting with the infrastructure computers:

• gateways,
• routers,
• access points,
• DNS server(s),
• mail servers,
• backup servers, and
• web servers.

In the worst case, each computer has to be cleaned up by re-installing a newly secured OS.

Sometimes the network has to be modified to improve network defenses, in order to secure the newly installed OSes on the servers. So, the network infrastructure (including: gateways, routers, and access points) should be improved, first, to block the transmissions of worms in the infection stage. After that, the servers can be cleaned-up.

A particular vulnerability is the DNS server, which needs to be prioritized for repair, since it is heavily targeted. After the infrastructure is secured, the DNS server can be re-installed, patched, and returned to service. Installing the latest version of DNS is necessary, which today is DNSSEC.

Today, it is often necessary to update an OS directly after its installation, in order for it to remain secure. Most computers, servers and workstations, are hacked the first time they are connected to the Internet. This is, in part, because the latest security patches come in the update stream, not in the installation kit.

There are two main considerations for security updates:

• It is often possible to secure an OS without updates, by using infrastructure defenses.
• The updates must be securely downloaded from an authorized, secure server, or they might be Trojan-updates.

Intrepid Net Computing provides a customized clean-up service with on-site help and training for your IT staff.