Disaster recovery for home networks

Assume for a moment that you discover that one of the computers on your home network has been rooted. And assume that you have evidence that it's been compromised for some time, without your knowledge; and that it appears to have been sending encrypted data to someone during that time.

Your security measures have failed in this instance. What is your recovery strategy? What steps do you take to develop more effective security measures in the future?

(I'm interested in what the local sysadmins have to say about this... )

 

Hi Gullible,

1) If data has been already sent, it's lost. I don't see anything to recover.
Depending of what kind of data has been transferred, you may take measures to minimize the impact of abusing this data.
2) It needs to be investigated how your network has been compromised, find the vulnerabilities. Review your security concept.

optional:
(3) If you deal with important data and you have the budget, hire a specialist for penetration testing.

 

Okay, first off I want to make it clear that disaster has not (yet) befallen me.

Umm what? I don't think I'm understanding you correctly. Data can be sent without being destroyed locally. Actually I doubt most attackers would destroy data if they could help it, since that might alert the victim.

In any case, this is what backups are for...

Goes without saying.

This is (part of) what I'm getting at. Analysis and disaster recovery are integral parts of a security plan.

That's well beyond the scope of most home network stuff, I would think.

 

That's what you said and i was referring to. If your (sensitiv) data has been already sent, the damage is done. That's what i meant considering your data as "lost". Or did you mean just any encrypted data at all ? I didn't mean that all your data is lost physically. If you have backups, there's no need for a "recovery strategy".

 

Ah, yeah. I mean sending an encrypted stream of data to someone - using SSL, or some other encrypted protocol.

 

I'd like to point out is if one has a modicum of computer knowledge from being an average participating member of Wilders. I consider members here as a whole the most intelligent security wise of almost any other security forum. The only other I can think that rates is DSLreports forum.

If the above is the case. I suggest 1st & foremost the cause of this breach is either physical access & or social engineering.