Has a system you are responsible for been compromised? How would you know? What should you do?
Almost all IT professionals at some time in their career have faced these questions.
Information Assurance (IA) offers guidance for checking your systems for signs of compromise, or simply suspicious activity.
Start by checking system and software logs for the following components to be sure they are running as expected and have no unexpected configuration changes:
- Antivirus and malware detection software
- Network activity
- Changes to the operating system or files and directories
- Unexpected changes, including to protections like firewalls
Be sure to check your antivirus and malware detection software logs for any alerts to possible problems after they have run.
Checking Systems for Signs of Compromise covers these points and more to help you know when you could be facing a potential IT security incident. If you are, or just need help with checking a system, ITS Information Assurance (IA) is there to help! Contact IA through the ITS Service Center.
Sensitive U-M data? If a system contains sensitive U-M data and you suspect it has been compromised in any way, report it immediately to IA at security@umich.edu.