Recovering Services After a Security Incident
Once the incident has been controlled and countermeasures are in place against that type of attack, you should begin looking at the restoration of normal operations. Services that have been closed down will be reopened, network connections that have been rerouted will be restored, and systems that have been compromised will be rebuilt and brought online. Of course, it might not be prudent to return to normal operations all at once. For example, if you have terminated all external access to your network as a countermeasure to an attack in progress, turning on every service at once might not be the best course of action.
If all services that have been shut down are brought online at once, it might ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
