hacked afterthought, tools

  • Thread starter Thread starter hackedupon
  • Start date Start date
H

hackedupon

Hello,

If a system gets hacked and you go over the various data.

is any tools out there that will tell you what
information they got???

it was the only system that had a lot of viruses.

Recently discovered it was compromised....

Is there anyway to find what network data was transmitted?

thank you,

"hackedupon"
 
Not really. If you had auditing of object access enabled and then audited
folders/files you might have an idea who accessed data and when but it is not
practical to audit everything as it will decrease computer performance and generate
thousands and thousands of events in the security log. Security logs can also be
erased or modified by a hacker. Encryption of data and removal and securing of all
private keys that can decrypt a file would be one way to insure confidentiality of
data. In your situation you pretty much have to assume the worst. --- Steve

http://securityadmin.info/faq.asp#hackerstoc -- link from Karl's FAQ may be helpful.
http://www.microsoft.com/technet/community/columns/secmgmt/default.mspx -- from
Microsoft
http://www.microsoft.com/technet/security/guidance/secmod144.mspx -- auditing
procedures.
 
Hello,

If a system gets hacked and you go over the various data.

is any tools out there that will tell you what
information they got???

it was the only system that had a lot of viruses.
Click to expand...

That's not an indication of being hacked.
Recently discovered it was compromised....

Is there anyway to find what network data was transmitted?
Click to expand...

Sure. You look at your intrusion detection system logs, your network
sniffer logs, the server's auditing logs and so on. All of which need
to be in place *before* anything happens.

Jeff
 
Back
Top