What to do when you have been hacked

It is important to understand that UNIX by its nature is an open system. So when you want to close down the holes of security you are making it less open. This is not as easy as it might sound. If you find one hole and close it, there are many more that can be found. It is a never ending task. A good rule is that:

SECURITY= 1/Convenience

The more secure the system, the more miserable YOU are.

Here are 7 rules to live by as an admin.

1. Don't put files on your system that are likely to be interesting to hackers or nosey employees. Trade secrets, personnel files, payroll data, election results, etc. must be handled carefully if they are on-line.

2. Plug holes that hackers can use to gain access to your system. Read bulletins form your vendor, the security mailing lists and USENET newsgroups.

3. Don't provide places for hackers to build nests on your system. Hackers often break into one system and then use it as a base of operations to get into other systems. World-writable anonymous ftp directories, group accounts and accounts with poorly chosen passwords all encourage nesting.

4. Set basic traps on systems that are connected to the INTERNET. (e.g. tripwire, crack, cops, etc.)

5. MONITOR reports made by security tools. They don't help if you don't read.

6. Teach YOURSELF about UNIX system security. You can hire an expert to secure your system, but you might find the cure was worse than the illness.

7. Prowl around looking for unusual activity. Investigate ANYTHING that seems unusual. (e.g. odd log messages, changes in account activity, files that seem odd, etc.)