This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:
1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business
The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.
You also may want to consider engaging a third-party that specializes in security forensics.
This series will cover 3 important items:
1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach
Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»