The best defense is a good plan
The best response to a computer attack starts with being prepared.
- Organize a team of internal experts who can respond when needed and grant incident command authority; in other words, decide in advance who can pull the plug when they deem it necessary'and have an alternate chain of authority in place. Fast response is essential.
- Define incident categories specific to your situation. NASA's Incident Response Center has defined different levels of threats ranging from an authorized user misusing the system, to a compromised high-level password and possible criminal activity.
- Develop standard procedures to deal with each kind of threat, including which ones should involve law enforcement.
- Rehearse. That means run a few drills.
As part of an incident response plan, make room in the team's job description for some time to become familiar with the essential hacker tools. It's far too late to begin when an attack occurs. The good news is that the same skills are useful when recovering from any network failure, even one caused by a software glitch.
Don't turn up your nose at freeware. A lot of it was created by universities, government agencies or related groups such as Lawrence Berkeley National Lab and the Department of Energy.
Shareware, which you buy when you decide to use it, is insurance you don't even have to pay for until or unless you need it.
When an attack occurs, it's too late to download and learn how to use these programs, so get them now and, in the case of shareware, pay for it if you ever use it.