CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - Best Practices for Recovery from the Malicious Erasure of Files

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 19 Jan 2012 15:53:58 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Best Practices for Recovery from the Malicious Erasure of Files

Original release date: January 19, 2012 at 3:43 pm
Last revised: January 19, 2012 at 3:43 pm


Cyber criminals can damage their victim's computer systems and data by
changing or deleting files, wiping hard drives, or erasing backups to
hide some or all of their malicious activity and tradecraft. By
wiping, or "zeroing out," the hard disk drives, which overwrites good
data with zeroes or other characters, the criminals effectively erase
or alter all existing data, greatly impeding restoration. This sort of
criminal activity makes it difficult to determine whether criminals
merely accessed the network, stole information, or altered network
access and configurations files, Completing network restoration
efforts and business damage assessments may be also hampered.

The FBI and DHS encourages businesses and individuals to employ
mitigation strategies and best practices such as:
  * Implement a data back-up and recovery plan to maintain copies of
    sensitive or proprietary data in a separate and secure location.
    Backup copies of sensitive data should not be readily accessible
    from local networks.
  * Regularly mirror and maintain an image of critical system files.
  * Encrypt and secure sensitive information.
  * Use strong passwords, implement a schedule for changing passwords
    frequently, and do not reuse passwords for multiple accounts.
  * Enable network monitoring and logging where feasible.
  * Be aware of social engineering tactics aimed at obtaining
    sensitive information.
  * Securely eliminate sensitive files and data from hard drives when
    no longer needed or required.

The US-CERT web page at www.us-cert.gov hosts a wide range of tips,
best practices, and threat information for business and home users.

Relevant Url(s):
<http://www.us-cert.gov/>

====
This entry is available at
http://www.us-cert.gov/current/index.html#best_practices_for_recovery_from

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTxiC3T/GkGVXE7GMAQKznAf+LS2BvhICVi5RnQVBClbXNcOnU2OK8tv+
DkmHuzss7Pp4R+SIKX7rUGlKs/eAj/v/uclLhbpONe+xN0cdya640C/AhucWf6P1
TevkJYfP9/tCr3IcgoBR13T/MfobExbiCQ4ISrsQEwmtckEHsYziXu2XoAGblDqw
jBjRqGhRBCiprMk+mcKXqaUObMwVQiHDLW94vP58t6KIYtCjhHrZwVw1NJ5UcIGs
EasaimuEC9A4K6k3Lx08DoLFwhs1ZolIMAIryI6xND//1r/nIxX96MvoPrJxACeG
d10mbM8lmiOz6AbrihUeIzp7glHZDjuOlsl5jgxHiEMVINahA5FLwA==
=UtB2
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: