Product SiteDocumentation Site

4.4.3. Re-secure Environment Plan

The Re-secure Environment Plan is designed to ensure the attacker has not left back doors or other malicious software on covered hosts. Even if the intruder has been blocked from re-entry through the original unauthorized access point, it is possible for an intruder to leave alternate re-entry points using certain files on the file system. Verification of each file is a time-consuming process. Therefore simply rebuilding hosts is often a faster and more reliable alternative. This possibility is one of the reasons for a robust configuration management policy.
Secure Environment Sign off
Sign offTaskDescription
Secure EnvironmentEnsure the tasks below have been completed successfully.
Secure Environment
CompleteTaskDescription
Host RebuildsRebuild any hosts that have been compromised or are suspected of compromise. Work with the incident coordinator and task coordinator to develop a strategic order for rebuilding if necessary.