Hackers entered my customer's Windows 2003 dedicated server. I now have McAfee Total Protection for Small Business Advanced installed. It detects some malware and Trojans, but usually only successfully deletes half of what it finds. For the others, I usually get a message that quarantine failed. The hacking occurred some months ago, and I have a feeling that something is still happening on my customer's server without my knowledge.
Should I reformat the server and reinstall to be sure that no traces are left? After the new installation, what do I have to do to better protect the server? Is there any real-time software that will show me whether or not someone is trying to hack into the server?
Be sure your McAfee Total Protection For Small Business is up-to-date, as some bugs have been recently fixed. But as recently as a couple of weeks ago, several reported problems remain with the software -- sometimes causing crashes, slowdowns, hangs, inability to update, etc. -- and some long-time customers are not happy with the new release and say it's not prime-time ready.
In addition, reliance on one product for bug scanning probably doesn't cut it. Even the best software only provides one level of scanning, and more than one layer is recommended.
Although I hate to say it, reformatting is probably your best course of action if you can do it without unduly inconveniencing the customer. And if I were you, I'd move to the Symantec product and add another level of spyware scanning.
As far as real-time intrusion detection, there are a lot of products that may fit your bill. Traditionally intrusion detection systems (IDS) have been a bear to implement and manage, but some products have entered the marketplace that are easier to install and use. Timberline Technologies provides a good list of IDS products. I like the PGP products, BlackICE Defender, the NetIQ product, and Strata Guard.
Based upon your requirements, get product demos and research the Web for user reports on issues and problems. And good luck!
Dig Deeper on Cybersecurity risk assessment and management
Related Q&A from Russell Dean Vines
While some SMBs are not securing their mobile broadband, there is good reason to do so, even if a customer has only a small amount of data to protect. Continue Reading
A smurf attack can slow down a network to the point of shutting it down completely. Learn how to understand a full-scale smurf attack and how to ... Continue Reading
Streaming video and audio sites are frequently visited on both home computers and work computers. Learn about streaming video security risks and what... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.