Reacting to a suspected attack

That being said, most system administrators (and, worse, their superiors) don't know to, or don't care to, spend the time to secure their workstations until it is too late. Then they get to spend even more time cleaning up from a securty breach and then spend the time to secure it.

CERT/CC maintains a web site site with a vast array of information, including documents such as these:

• Steps for Recovering from a UNIX or NT System Compromise

• Unix Security checklist
• Overview of CERT advisories
• Overview of vulnerabilities & fixes
• Finding Site Contacts
• List of Security Tools
• CERT Coordination Center FAQ

• Unix System Security Checklist
• AUSCERT UNIX Computer Security Checklist
• Security Administrator's Tool for Analyzing Networks (SATAN)