What should I do if I suspect that our system is compromised?

[entrycoupling]

What should I do if I suspect that our system is compromised? What do you think is the best security perimeter to protect a network?

 

[DelJo63]

For the Gateway Router ( connected to the ISP modem)

• user defined admin COMPLEX password
• disallow UPnP
• disallow remote admin
• enable SPI (Statefull Packet Inspection)

For your systems (pc+mac+linux), set the network type to public, WHICH WILL DISABLE FILE SHARING.
In each system firewall, disable UPnP also

 

[Gracelyn Ellis]

If you have a network security provider contact them at once if not gather as much information as quickly as possible. Confirm which systems were compromised, determine the IP addresses that were used in the attack, and identify the type of attack, such as unauthorized remote access, a virus, or a malware page tacked onto your website. Use the administration tools available in your routers and firewalls, such as traffic logs and syslog messages.

 

[entrycoupling]

Thank you for the responses. But what about active directory linux? Is this a reliable security measure as well?

 

[DelJo63]

This has the same concerns and issues as the MS Active Directory. When malconfigured, they both can be compromised.
Typically, the issues are in accessing private data that should not be accessible outside the organization.