Definition of Incident Handling
Incident handling is the way of reacting to an incident/intrusion after the fact, or having a plan of how to handle an incident before it happens to speed up reaction time.
|
|
Incident Handling
|
|
COmputer Security Incident Handling Guide
This publication seeks to assist organizations in mitigating the risks from information security incidents by providing practical guidance on responding to incidents effectively and efficiently. Agencies are encouraged to tailor the recommended guidelines and solutions to meet their specific security or business requirements. This guide replaces NIST Special Publication 800-3, Establishing a Computer Security Incident Response Capability (CSIRC). This document presents general incident response guidelines that are independent of particular hardware platforms, operating systems, and applications. Specifically, it includes guidance on establishing an effective incident response program, but the primary focus of the document is detecting, analyzing, prioritizing, and handling incidents.
Read the Article
|
Documentation is to Incident Response as an Air Tank is to Scuba Diving
That IP address you just traced may result in a search warrant, an arrest, and court action. Can your documentation justify these actions, and is it ready for scrutiny? Even routine vulnerability scans and bot incidents can have unexpected results. Getting it done right the first time saves effort in the long run, preserves requisite credibility, and can save face, possibly even your job. IP addresses, MAC addresses, room numbers, switch ports, service ports, usernames, real names, LAN administrator ( LAN admin) names, hostnames, domain names, time of offense, time of login, connection types, case ID's, checklists, e-mail addresses, phone numbers, DHCP connections, wireless connections, and dialup connections can form a complex and changing web of interrelated information. How do you keep track of all of this information? This paper attempts to answer that question.
Read the Article
|
Combat training for the new era of malicious code
Organizations should now be examining the adequacy of their existing security platforms in the face of new, profit-driven attacks. This whitepaper will provide further detail on new evolving threats using malicious code - an area where many firms have unprecedented levels of exposure and risk.
Read the Article
|
Practice Your Incident Response Using 12 Scenarios
On a Saturday afternoon, external users start having problems accessing the organization's public Web sites. Over the next hour, the problem worsens to the point where nearly every attempt to access any of the organization's public Web sites fails. Meanwhile, a member of the organization's networking staff responds to automatically generated alerts from the Internet border router and determines that much of the organization's Internet bandwidth is being consumed by an unusually large volume of UDP packets to and from both of the organization's public DNS servers.
Read the Article
|
What to Do in Case of a Security Incident
Organizations involved in collecting, processing, storing, or transmitting sensitive information need to understand what to do when a compromise is detected or reported. This whitepaper will explain the concepts associated with forensic incident response and describe many of the various actions that can be taken during a security incident. In addition, this whitepaper will outline the benefits of preparing for an incident as well as the potential ramifications for not being prepared.
Read the Article
|
Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics
This paper describes the examination of the use of five different live CDs in the six-step incident handling process and the subsequent forensic examination of the machines. A brief synopsis of the six step incident handling process to provide the background for the testing conducted.
Read the Article
|
How to Trace a hacker
Sometimes, it's just not enough to simply know that there's a Trojan or Virus onboard. Sometimes you need to know exactly why that file is onboard, how it got there - but most importantly, who put it there. By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against. But how can you do this? Read on...
Read the Article
|
Tracking a Computer Hacker
A bulletin on the steps taken to track a hacker, by the Assistant US Attorney Computer and Telecommunications Coordinator Daniel A. Morris.
Read the Article
|
Exploiting BlackICE When a Security Product has a Security Flaw
This paper covers a very detailed description of the exploitation of a security flaw in the Protocol Analysis Module (PAM) of Internet Security Systems (ISS) software products from the initial phase (reconnaissance, scanning) to the end (incident handling).
Read the Article
|
Thoughts about Cross-View based Rootkit Detection
Cross-view based detectors, like Rootkit Revealer, compare a "low level" system view with a "high level" view. Let's focus here on hidden files detection on Windows systems. How to obtain a low level view of the file system? Of course by reading a raw disk sectors and parsing them according to NTFS layout.
Read the Article
|
|
|
Page: 1 2 3 4 5 6
Members currently browsing this category:
|
|
