You are the security administrator for a small company. You have a single server that is used as your Web server and e-commerce server. It is in your office, separate and distinct from all other systems. You have two Internet connections: one dedicated for use by the Web server and the other for shared use by the office network. You just completed a forensic investigation of an intrusion against the Web server that caused significant damage to the hosted data files. The intruder gained administrative-level access and made numerous configuration and setting changes throughout the system. You even found several sets of hacker tools hidden in various places in the system. You need to get the Web server back online quickly since you are losing sales every hour the server remains offline. You format the hard drives, reinstall the operating system and applications, manually reconfigure the system, and then restore verified versions of your data files from backup tapes that were created before the intruder broke in. What additional activity is essential to completing the restoration process?
- Applying any new hot fixes.
- Patching the exploited vulnerability.
- Performing a system-wide backup.
- Reapplying the company security template.