1

I work at a University in the Information Systems Department and recently one of the web server was hacked. the hacker deleted certain databases and few websites were down.

In lieu to such events what are the SOPs or best practices to be adopted by CERT team to ensure future mitigations?

Hassan
  • 11
  • 1
  • possible duplicate of [Server Infection: post-cleanup best practices](http://security.stackexchange.com/questions/56375/server-infection-post-cleanup-best-practices) – Eric G Apr 20 '15 at 14:59

1 Answers1

0

From what I understand you already have in place policies/procedures and all that stuff.

My advice is to take a look on Time Based Security (was written in 1999, but still gold).

The main formula for Time Based Security:

Pt>Dt+Rt

If the amount of protection time (Pt) you offer is greater than the sum of the detection time (Dt) and reaction time (Rt), then your systems can be considered secure.

Based on that, try to improve your defence :),

Over the years, I realise, not only good firewalls or IDS can help me for a good security. An analytical thinking also help a lot, you just need to step back and look at what happen and try to see what you can improve. From my opinion a BIG percentage of the security problems are in procedures/policies and not on your firewalls/IDS.

https://www.hackinparis.com/slides/hip2k12/Winn-Keynote.pdf

Sacx
  • 684
  • 5
  • 12