| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Forensics
|
|
Incident Response Team
|
|
A 'Bag of Tricks' Approach to Proactive Security Security does not begin with the detection of a compromised server or other form of detected intrusion. Where then, does security begin? This paper explores this question. Simply stated this paper focuses on common sense. However, practically stated, the goal of this paper is to explore the tools, practices and procedures available to System Administrators prior to a security incident that will serve to negate the incident or significantly improve our recovery and forensic positions.
By Mitch Saba, 04/30/2004
|
|
Suspicious Unix Log File Entries and Reporting Considerations In my Kickstart paper I covered basic Unix log files with a configuration file that gathered everything. I would like to expand on that and now cover messages found in those log files that would cause concern and require further investigation. My selection to continue on this subject lies in my inability to find comprehensive information that provides direction to administrators, particularly those in federal government, on what messages in log files could require critical attention and reporting.
By Cathy Gresham, 04/27/2004
|
|
Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project This practical has two objectives: guide users of BlackICE to report incidents to their ISPs (using ClearICE Report Utility) and show users the importance of submitting firewall logs to the dshield.org project. Since the installation of BlackICE does not require much work on a single workstation, I will assume that it's already installed and start from the incident itself, passing through the BlackICE's alert, blocking the intruder to avoid his activities and working with ClearICE to create an useful report to the attacker's ISP to help them track the malicious user.
By Victor Arnaud, 04/14/2004
|
|
No Stone Unturned, Part Six This is an additional installment to the No Stone Unturned series, which was written to help clarify to NT/2K admins the steps they can take to determine the nature and purpose of suspicious files found on their systems. In Part Five of the series, our heroic system administrator found an unusual file on a compromised system. In this bonus installment, he attempts to determine the nature and purpose of that file.
By H. Carvey, 04/05/2004
|
|
No Stone Unturned, Part Five This is the fifth and final installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "The Way" of incident response. As we left off last time, Eliot had started putting together a toolkit to help with incident response and analysis. He had had an opportunity to give the kit a quick test and had been satisfied with the results, but the toolkit was not quite finished.
By H. Carvey, 04/05/2004
|
|
No Stone Unturned, Part Four This is the fourth installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "the Way" of incident response. As we left off last time, Eliot had managed to resolve a nagging minor incident, one which illustrated the need to have specific incident response procedures in place.
By H. Carvey, 04/05/2004
|
|
No Stone Unturned, Part Three This is the third installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "the Way" of incident response. As we left off last time, Eliot had just begun compiling a list of tools that would be helpful in incident investigation when he was interrupted by a call from Dave, a sys admin with a branch office on the West Coast. Dave had asked for Eliot's assistance with an apparent incident. Now, having begun an investigation, Eliot was baffled and had asked Dave for some clarifying information.
By H. Carvey, 04/05/2004
|
|
No Stone Unturned, Part Two A lone figure sat in front of a computer monitor, silhouetted in its cold, blue glow. The dark, cave-like room hummed with the life of high-powered computer systems and their electrical lifeblood. The figure sat, seeming unmoving for minutes on end. The stillness was occasionally broken with movement as the figure raised a steaming cup to his lips and sipped.
By H. Carvey, 04/05/2004
|
|
No Stone Unturned: Part One Eliot sat before the glow of his screen. It was early Monday morning, too early for most people to be in the office and still quiet enough for him to indulge in the ritual that burned away the pleasant and comforting fog of the weekend...strong coffee, e-mail, and a little Web surfing. Subscribing to several lists and having a bookmarked list of pertinent sites kept him in the loop on developments in the computing industry that might impact his day-to-day life. Add to that a liberal dose of humor, such as the UserFriendly Web site, and he'd developed a routine that he followed every Monday morning before the other employees of the telecomm company he worked for began trickling in and logging on to the network. After all, in any given week, it was this time that offered the only single, contiguous period of quiet.
By H. Carvey , 04/05/2004
|
|
The Devil You Know: Responding to Interface-based Insider Attacks Carl made a mistake. In his repetitious data entry job he entered employee information every workday. He always was careful to input the correct job requisition number in the user screen's JRN field. "Without a correct JRN entered, the new employee input won't process," his supervisor told him the first day. This time instead of "34896KN" his fingers danced the wrong way with an input of "34896KL." The input processed. Carl was able to go into the EMP_DATA file and correct it. The procedure was a bit of a pain, but he learned a valuable lesson his employer never meant for him to know. He realized he could set up bogus new employees on the payroll using a dummy JRN. By entering the wrong input he won the jackpot - his employer lost big time.
By Ronald L. Mendell , 04/05/2004
|
|
Page: 1 23456 |
