|
|
|
|
|
|
by mboelen
3617 days ago
|
|
|
Step 1:
Try to get in contact with the person and see if he/she is willing to help you share details on entering your systems. Thank this person and see if you can provide a reward. Step 2:
Next step is setting up new systems, and start from scratch. Install the systems, start with basic system hardening and up-to-date software packages. Use https://github.com/CISOfy/lynis to validate your configuration. Do not have any interaction or data exchange with the old (compromised) systems. Step 3:
Save all running systems to learn from the event. See if you can find the main cause why this happened. Step 4:
Learn about security, hire someone on your team with security knowledge. Step 5:
Do regular (technical) audits. |
|
|
This should be:
"Thank this person and provide a reward"
Looking at all the other steps you'll have to go through to remedy the situation, this is the least of your costs. (Provided they cooperate and are not malicious)