This is Part 1 of this page. It's the introduction to guidelines for responding to a compromised Windows 2000 system. The guidelines will follow in the near future. The contents of this page may change as the guidelines section is being developed. If you have any comments, please forward them to email@example.com.
Overview & Audience
Ideally you are reading this document because you would like to protect your Windows servers from attack. The section of the document called Proactive Measures is for you. Before skipping to Proactive Measures a quick reading of section 2 will provide you with some insight on the difficulties that you can face responding to a hacked system.
On the other hand you, if are trying to deal with an active incident the next section titled Reactive Measures is a good place to get oriented if you do not have a lot of experience in this area.
This document is not a comprehensive presentation on the problem area. It attempts to provide basic guidelines and directs the reader to other material for in depth study. The scope of the document is limited to Windows 2000 servers and Microsoft's Internet Information Server (IIS).
I need help with a system that is hacked
When system is hacked number of concerns immediately come to mind:
In order to answer these questions it is necessary to have a good technical understanding of the operating system, the applications running on the server, the integrity requirements of the data and the nature of the business. In this document, we are assuming that you have a good technical background in Windows system administration. If you don't and your system is hacked our best recommendation is to engage someone that does have the experience.
I want to make my systems more secure
Strengthening the security of a windows system requires us to work along several lines of attack.
CNS security services
Security is an important concern for CNS. In this section we identify the various initiatives that we undertake to secure the University systems.
I am interested in how other administrators have responded to system hacks
Experience is the best teacher. Ideally we would like to learn from other people's experience. This section consists of incident reports prepared by various system administrators on campus.
All contents copyright © University of Toronto 2000-2003
This Site is maintained by the Computer Security Administration Group
Comments & Questions