One more level of defense I would recommend is a firewall. Hardware firewalls such as the ones found in DSL / cable routers are good for filtering incoming traffic, but for security purposes a software firewall such as ZoneAlarm installed on your computer will work more effectively. Using personal firewall software (See Top Picks) will not only block unauthorized incoming traffic, but will also stop unauthorized outbound traffic. This is helpful so that if you do open a malicious email attachment or something not detected by your antivirus software and a worm or Trojan tries to establish a connection it will be blocked and hopefully you will be notified. Many offer additional security features you may find useful as well.
That should about cover you in terms of securing yourself against future hacker intrusions. But, in case the unthinkable happens again there are steps you should take to prepare to handle it better. First, turn on auditing where you can. By monitoring and logging access to files or failed logon attempts you can maintain a record which may help you determine when you were hacked or what files may have been tampered with. See Plan Ahead to Catch an Intruder for more information on security auditing and logs.
You should also backup your important or critical data regularly. This makes good sense for more reasons than I can name. You never know when your hard drive could just die or you may even accidentally wipe out a directory. You should set up a schedule to backup regularly that works for you- daily, weekly or whatever. You should also maintain more than one backup if possible. In other words, if you are backing up weekly keep two or three weeks worth of backups before you copy over or dispose of the oldest one. That way if you happen to lose one or it is corrupt for some reason you still have another backup to fall back on.
One final tool you may want to employ to catch future intrusions or intrusion attempts is an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS). There are different ways of performing intrusion detection or prevention and I don’t have the space here to go into detail. The bottom line is that these tools are designed to detect when suspicious behavior is occurring on your network and respond in some way- alerting you or blocking the alleged attack or some other response.
If you want to ensure file integrity you can install a program like Tripwire. Tripwire monitors files and compares them against a known good version to ensure the integrity of the file. It can provide you with logs detailing what changes were made, when they were made and by who. Using a program like Tripwire will quickly alert you if a malicious intruder tries to modify any of your system files or data and will allow you to quickly recover from any damage that is done.
That’s all there is to it. It is unfortunate that you were hacked, but following the standard phases of incident response you were able to recover and get your system fully operational in a reasonable timeframe. So, quit wishing for an overdose of gamma radiation to hit you so you can morph into a raging green creature and exact your revenge on the perpetrators. Instead, focus on getting the right tools installed and configured to protect your system and prepare to detect and recover from your next intrusion even quicker.
