Disaster recovery for home networks

Discussion in 'other security issues & news' started by Gullible Jones, Dec 22, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Assume for a moment that you discover that one of the computers on your home network has been rooted. And assume that you have evidence that it's been compromised for some time, without your knowledge; and that it appears to have been sending encrypted data to someone during that time.

    Your security measures have failed in this instance. What is your recovery strategy? What steps do you take to develop more effective security measures in the future?

    (I'm interested in what the local sysadmins have to say about this... :) )
     
  2. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Hi Gullible,

    1) If data has been already sent, it's lost. I don't see anything to recover.
    Depending of what kind of data has been transferred, you may take measures to minimize the impact of abusing this data.
    2) It needs to be investigated how your network has been compromised, find the vulnerabilities. Review your security concept.

    optional:
    (3) If you deal with important data and you have the budget, hire a specialist for penetration testing.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Okay, first off I want to make it clear that disaster has not (yet) befallen me. :)

    Umm what? I don't think I'm understanding you correctly. Data can be sent without being destroyed locally. Actually I doubt most attackers would destroy data if they could help it, since that might alert the victim.

    In any case, this is what backups are for...

    Goes without saying.

    This is (part of) what I'm getting at. Analysis and disaster recovery are integral parts of a security plan.

    That's well beyond the scope of most home network stuff, I would think.
     
  4. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    That's what you said and i was referring to. If your (sensitiv) data has been already sent, the damage is done. That's what i meant considering your data as "lost". Or did you mean just any encrypted data at all ? I didn't mean that all your data is lost physically. If you have backups, there's no need for a "recovery strategy".
     
    Last edited: Dec 27, 2013
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Ah, yeah. I mean sending an encrypted stream of data to someone - using SSL, or some other encrypted protocol.
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    I'd like to point out is if one has a modicum of computer knowledge from being an average participating member of Wilders. I consider members here as a whole the most intelligent security wise of almost any other security forum. The only other I can think that rates is DSLreports forum.

    If the above is the case. I suggest 1st & foremost the cause of this breach is either physical access & or social engineering.
     
Loading...
Thread Status:
Not open for further replies.