SANS put out a good article last week on signs that you’ve had your network or data compromised:
- Your logging server hasn’t logged any events or you haven’t received alerts in the last 12 hours
- Your FTP server/user hard drives etc. are suddenly out of disk space or maybe logs increase in size more than your normal variation
- Your competition’s products looks just like yours, but have a prettier color scheme
- Your customers start receiving spam on email addresses they used only to sign up for your service
- You get machine acts “funny” report from users (i.e. windows closing by themselves, browser homepage changed, etc.)
- Someone needs help connecting to the company’s wireless access point, you don’t have a wireless access point
- Complaints that software (payment processing software, web browser, etc) keeps crashing
- Complaints from user(s) that passwords/logins aren’t working
- Computer systems running unusually slow
- Visitors to your website complain that they get redirected to another site or one that just doesn’t “look” right
Another one we’ve seen – spikes in CPU usage, usually from dictionary attacks or DoS attacks.
October is Cyber Security Awareness month, so hopefully other organizations will be publishing other useful tips and information.
http://isc.sans.org/diary.html?storyid=5095&rss
0 Responses to “10 Sign of Compromise……..”