Let’s assume you have the usual “defense-in-depth” security architecture in place. Anti-virus software, perimeter firewalls, machines properly hardened, non-admin users, etc.
Let’s also say you have a serious malware outbreak today. Wait, make that tonight. Your sysadmins call you at night and tell you several thousand clients and servers are infected with something that sneaked past the AV software. What do you do? Do you have a procedure?
These things happen. You might have the best security architecture, follow best practices, have top consultants evaluate your risk periodically, the whole thing. But when push comes to shove, does everyone know what to do? Do they have the tools to do it?
This is a simple checklist. It probably isn’t very complete. But it’s wise to at least think about these questions before lightning strikes. In no particular order:
- - Do you have alternative malware cleaning tools?
- Do you have malware-cleaning tools that can run from a bootable CD?
- Do you have admin-level access to all involved machines?
- Can you reach machines in remote locations?
- Do you know the current admin passwords?
- Are there people available with physical access to the machines in remote locations?
- If you have to re-install / re-image some boxes, do you have the relevant installation media?
- Do you have the phone numbers of the important vendor’s support service? Is it 24×7x365?
- Do your operators know how to react? (yes, I know you have a Incident Response document somewhere, but have people actually read it?)
- Do you have access to someone that can take drastic decisions if needed?
Or would all this make life too easy for us? ;)
0 Responses to “Malware outbreak in the real world”
Leave a Reply