- Verify ISO signatures/checksums before writing boot media.
- Store recovery media in controlled locations with access logging.
- Rebuild media regularly to include current security fixes.
¶ Incident Handling Hygiene
- Treat compromised hosts as untrusted; mount disks read-only first.
- Collect forensic artifacts before changing system state.
- Avoid reusing rescue-shell credentials across incidents.
- Isolate troubleshooting hosts on dedicated admin networks.
- Disable unnecessary services during live recovery sessions.
- Use secure remote channels (VPN/SSH keys) for remote support.