![]() | ![]() |
business: containment
technical: clean-up technical: cybersecurity
Corporate Clean-Upby Brent Kirkpatrick (Date Published: 03/31/2017.)
In the worst case, each computer has to be cleaned up by re-installing a newly secured OS.
Sometimes the network has to be modified to improve network defenses, in order to secure the newly installed OSes on the servers. So, the network infrastructure (including: gateways, routers, and access points) should be improved, first, to block the transmissions of worms in the infection stage. After that, the servers can be cleaned-up.
A particular vulnerability is the DNS server, which needs to be prioritized for repair, since it is heavily targeted. After the infrastructure is secured, the DNS server can be re-installed, patched, and returned to service. Installing the latest version of DNS is necessary, which today is DNSSEC.
Today, it is often necessary to update an OS directly after its installation, in order for it to remain secure. Most computers, servers and workstations, are hacked the first time they are connected to the Internet. This is, in part, because the latest security patches come in the update stream, not in the installation kit.
There are two main considerations for security updates:
|