Your workstation has been hacked! Now what?

Your workstation has been hacked! Now what?

This tip originally appeared on SearchEnterpriseDesktop.com, a sister site of SearchCIO-Midmarket.com.

If you have to support end users in your organization, you're probably familiar with frantic claims like "I

    Requires Free Membership to View

    Login

    Download CIODecisions Ezine FREE with your registration.

    Get essential editorial insights that senior IT executives need to run IT operations effectively and efficiently. Check out past issues then register to get the latest issue.

    Scot Petersen, Editorial Director, SearchCIO-Midmarket

    By submitting your registration information to SearchCIO-MidMarket.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCIO-MidMarket.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

think I've been hacked!" whenever a computer fails. While some situations require immediate action, others are simple cases of user overreaction. To help you identify and troubleshoot when a user has truly been hacked, check out the following scenario. We'll present an end-user's problem followed by diagnoses and possible courses of action to take from three Windows security experts.

The user's problem

"I'm an IT administrator with a little over 500 end users running Windows 2000 and XP. One of our users is experiencing a problem: Her Internet connection drops suddenly for no apparent reason. When she restarts her computer, everything works fine for awhile, but then the connection drops again. The funny thing is, she's noticed that her AOL Instant Messenger service still works even when she can't access her e-mail. We've already run Netstat and noticed that more unknown open connections are being used to certain ports. This particular user has a laptop and works from home frequently, so we're not sure all updates have been installed. Has her computer been hacked?"

The experts' take

Stage one: Diagnosis
Given the information in the scenario, has this person been hacked or not? Click here to find out.

Stage two: Immediate actions
What steps should you take within the first 24 hours after a workstation has been hacked to prevent further damage? Click here to find out.

Stage three: Recovery
After the first critical 24-hour window passes, what should you do to start getting Windows back on track? Click here to find out.

Stage four: Preventative measures
How can you avoid being hacked in the future? Click here to find out.

About the experts

Lawrence Abrams: CTO of a New York-based ISP, and owner/creator of BleepingComputer.com, a website devoted to teaching basic computer concepts focusing on the removal of malware.

Kevin Beaver: CISSP, Principle Logic LLC, author of Hacking For Dummies, co-author of Hacking Wireless Networks For Dummies.

Tony Bradley: CISSP-ISSAP, MCSE2k, MCSA, A+, editor of the About.com Guide for Internet/Network Security and creator of the Essential Computer Security.


This was first published in April 2005

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top