Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
In this network age, unsafe factors are everywhere. Once the network or a computer is badly destroyed, the system administrator needs to take action against the attack. In the following article, let's look at some common choices and assumptions and consider why these are not necessarily the best actions to take when dealing with an attacked system.
1. You cannot maintain health by patching up a compromised system; patches can only clear holes. And once a hacker enters your system, you should assume that he or she has made sure that there are other ways to get it back in. For example, establish an account, etc.
2. You cannot purify your compromised system by removing the back door. You must not guarantee that you have found all the back doors that an attacker can access. The truth is, you can't find more back doors just to show that you don't know where to look, or the system has been ruined so badly that what you see is not what it is.
3. You cannot "cleanse" the system by using a number of vulnerability cleanup procedures. Let's assume that your system was hit by a shockwave. Many vendors (both domestic and international) have released their vulnerability cleanup procedures. After the cleanup tool runs, can you believe a system that was hit by a shockwave? I can't. Because if the system is susceptible to shock waves, it can also suffer from other forms of attack. Can you guarantee that some other attack will not target your system?
4. You cannot secure a system that has been compromised by using a virus-scanning program. A system that is completely compromised is not trustworthy and will not tell you the truth. Even virus scanners rely on the system to "meet in good faith" at some level, meaning that the system lies to the virus scanner. If you want to ask if a particular file exists, an attacker may need only one tool to tell you some false information. If you can guarantee that the only factor that damages the system is a specific virus or worm, and you know that this virus or worm has no backdoor associated with it, and the vulnerabilities exploited by this malicious code cannot be exploited remotely, you can use a virus scanner to clean your system. For example, most e-mail worms rely on a user to open an attachment. In this particular case, the only source of infection on the system is the mail attachment that contains the worm. However, if the vulnerability exploited by the worm can be remotely controlled without user action, and you cannot guarantee that the worm is the only factor that exploits this vulnerability, it is entirely possible for other malicious code to exploit the possibility of the same vulnerability. In this case, you can't just patch the system and it's all right.
5. Reinstalling the operating system on existing systems does not guarantee the security of the system. Attackers will still use some of the scheduled tools to cheat the installer. If this is the case, the installer may not really be able to clear infected or damaged files. In addition, it is possible for an attacker to place a backdoor in a non operating system part.
6. You cannot trust any data from a damaged system by copying, pasting, etc. Once an attacker enters a system, all data on it can be tampered with. What is the result of copying data from a compromised system to a clean system? In the best case scenario, you will get potentially untrusted data. In the worst case scenario, you may have copied a back door hidden in the data. You mean scary?
7. You cannot trust the event record on the compromised system. Once an attacker has completely entered a system, it is fairly straightforward for him to modify the event record to cover up the footprint of his attack. If you rely on an event record to tell you what the attacker did to your system, you might be in the right order, because you might be reading something that hackers need you to read.
8. You may also not be able to trust the latest backup. Can you point out when the initial attack occurred? As mentioned earlier, the event record is not believed. Without this knowledge, your latest backup is useless. It may be said that all you do is a backup that includes all the vulnerabilities currently on the system, can you trust any backup? This is especially true when you are on the Internet, because you cannot be sure that the system used to recover does not include the "NET Silver Bandit" spy program.
9. Perhaps we can say that the only correct way to keep the system healthy is to destroy the original system and reconstruct it. It may be said that to create a new world, first of all, to break an old world. If you have a system that is completely damaged, the only security you can implement is to rebuild and install the system.
Is there any other option? Our answer is yes, it is to prevent the system from being attacked at first. There are many articles on this, you can find a lot of information on the Internet, for example, through the general user to find information on the Internet, the correct setting of the browser to prevent automatic download, timely installation of download patches (however, how do you know when the "timely"? Can you install patches in time for all the applications and tools you use?), Modify the Super User password, install a firewall, and so on, and so on, I do not enumerate. But we have to say that there is no absolute security network and systems! This article originates from http://www.516c.cn reprint, please specify the source!