Runbook: CDN/Hosting Compromise
Security SpecialistOperations & StrategyDevops
Stub runbook. Customize with your CDN and hosting provider details.
Quick Reference
| Field | Value |
|---|---|
| Typical Severity | P1 |
| Primary Responder | Infrastructure SME |
| Last Updated | [Date] |
| Owner | [Name] |
Identification
Symptoms
- Malicious files being served
- File hashes don't match expected
- Unauthorized access in provider logs
Confirm Compromise
- Compare served files to known good source
- Check CDN/hosting access logs
Immediate Actions
- Purge CDN cache
- Take down site or redirect to maintenance page
- Rotate all access credentials
- Review access logs for unauthorized activity
Mitigation
- Redeploy from verified source (git, not existing infra)
- Verify deployment matches expected
- Enable additional access controls
- Set up file integrity monitoring
Prevention
- Limit hosting/CDN admin access
- Enable 2FA on all accounts
- Use subresource integrity (SRI)
- Implement Content Security Policy (CSP)
- Regular access audits