UNT Machine Compromise Remediation Checklist

 

The following check list will assist with remediating a windows machine which has been compromised due to unauthorized access (hack), malicious code (virus/worm/trojan), or other types of vulnerabilities in which the integrity of the machine is questionable.  Some items on this list can also be used to proactively assist with prevention of unauthorized use, access or infection of a computer.

 

 

¨    Change passwords for each system that has been logged into from the infected machine (EUID Passwords, Netware, GroupWise, personal accounts, etc.)

¨    Update current image

q       Patch all software (OS and other applications)

q       Update McAfee .dat files and virus engines

q       Install MBSA (Microsoft Baseline Security Analyzer)

q       Install Windows Update

q       Disable services that are not needed (IIS, MS SQL, etc.)  Some desktop applications have these types of services installed as part of other programs.

¨    Re-image machine or re-install all software using the updated image

¨    Lower access of workstation users with administrator privileges to that of a “power user” or “user”

¨    Limit access privileges of lab computer users to that of a “user”

¨    Restrict the number of admin accounts on the machine to only those which are absolutely necessary

¨    Use strong passwords and, where possible, strongly encourage the use of strong passwords to your users.  Include all of the following in password composition to ensure that passwords will be at a low risk for compromise:

o        UPPER and lowercase characters

o        Numbers

o        Symbols and special characters

o        Use a minimum of 8 characters

o        Do not use single or multiple combinations of any word that can be found in any dictionary, including foreign language dictionaries

o        Do not use numerical (digit) substitutions for characters (e.g. h3lp, adm1n, etc.)

o        Do not use passwords that someone could easily guess that refer to something about you (e.g. your name, favorite sports teams, telephone number, birthdate, etc.)

o        To help remember a password, try using the first letter of each word in a phrase, mixed with the password composition hints above

o        Inform your users to never give out (share) the value of their passwords with anyone, including system administrators

¨    Eliminate accounts with null passwords

¨    Disable the guest account

¨    Manually run a virus scan

¨    Run MBSA and correct any risks identified by MBSA

¨    Run Windows Update as a precaution to ensure that new patch releases have not been overlooked

¨    Turn off workstations at the end of the workday.