Finding and analyzing trojans under unix
This paper will try to give a brief introduction to methods of analyzing executables under unix to recapitulate the operations they are intended to perform on a system. These methods can be applied to the investigation of captured trojans and other malicious software, and they are also useful when you want to analyze pre-compiled software to ensure that it can be considered as trusted.
Read the Article
|
Is your risk management plan as good as it gets?
Not all security incidents can be prevented, nor is it cost-effective to try. Each control should be evaluated on its own merits prior to implementation. Issues to consider: direct costs, training, decreased system performance and public perception. To help security managers implement recommendations is the just-released incident response guide by the National Institute of Standards and Technology (NIST) that emphasizes being prepared for various security breaches.
Read the Article
|
CodeRed II: Incident Handling Process and Procedures
The 6-step method for incident handling is to prepare, detect, contain, eradicate, recover, and lessons learned. This paper uses the CodeRed II virus as a template to generate questions to help you better prepare for the next virus outbreak. We will use lessons learned in each of the steps to better prepare for future virus infections.
Read the Article
|
Collection and Dissemination of Computer and Internet Security Related Information
Ongoing advances in technology and the growth of the Internet are introducing not only an increase in the number of vulnerabilities being found, but also an increase in the complexity of system administration, incident handling and forensic analysis work. There have been progressive changes in intruder techniques, increased difficulty of detecting an attack, increased amounts of damage, and an increased difficulty in catching the attackers.
Read the Article
|
Combating Computer Crime
According to the Nevada State Attorney Generals Office, the average bank robbery nets $2,500, the average bank fraud nets $25,000, the average computer crime nets $500,000, and the average theft of technology nets $1.9 million. While these numbers are staggering, high tech crime investigations and prosecutions are still not common endeavors, particularly with local law enforcement agencies.
Read the Article
|
Computer Incident Response Team
No company's security policy should be considered complete until procedures are put into place that allow for the handling and recovery from even the most devastating of incidents. One possible solution is the inclusion a computer Incident Response Team (CIRT) within the company's incident response procedures.
Read the Article
|
Corporate Incident Handling Guidelines
Incidents are an unfortunate fact of life in any systems environment. They can be extremely visible and disruptive (eg: widespread virus outbreaks) or entirely unnoticed but extremely damaging (eg: loss of confidential growth plans). There is a vast amount of information available to help you deal with most types, but if you have done no preparation you will struggle to find it when you need it at short notice.
Read the Article
|
Deterring Cyber Attacks
In the past, many companies chose not to share information on cyber attacks with authorities or with watchdog groups for fear that negative publicity would decrease consumer and investor confidence and lead to potential profit losses.
Read the Article
|
Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine
This document is intended to highlight the steps taken in ascertaining the level of damage done in a network break-in (or hack attack) on our system, and the steps taken in rectifying the damage. Using the crisis case I encountered in a small company, I will demonstrate how to gather the evidence, secure the network, and provide suggestions for amendments to the existing system to minimize the chances of a repeat break in.
Read the Article
|
From Events to Incidents
In all computer incident handling situation, some form of computer forensic is required in order to support the eradication, recovery and applying the lesson learned. As more data on computer forensic becomes available, many have come to realize that the resource cost involved in incident handling situation is fairly significant. In addition, staffing an incident handling team with the proper skills required to effectively carry out incident handling is quite challenge.
Read the Article
|
