Translations:Tech:Compromised Handling/11/en

Once someone is aware that is a server has been compromised, their ability to handle the situation will be limited by their access. Operations should be notified immediately. In extreme cases, if the user discovering the possible compromise has root access on the server but is not operations, they may be able to handle parts of the plan below, but if they're unsure, crowd control is the best method by means of either shutting the server down, disallowing port 22 or shutting down SSH - Operations have back doors in, others do not.