| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Forensics
|
|
Incident Response Team
|
|
Calling the CyberCops: Law Enforcement and Incident Handling It's now 3:00 AM and you're sitting at a console in your computer room at the office, staring at a new directory named "ADMROCKS." You've been hacked. Your personal data space has been violated. Some nameless script kiddie has made a mockery of your well-laid security plans. What are you going to do about it?
By Robert G. Ferrell , 03/24/2004
|
|
Appropriate Response: More Questions Than Answers So, just how far should security administrators go to protect their systems? What is an appropriate response to a detected security incident? Ask ten security professionals that question and you will most likely get ten different answers. Ask them more specific questions - such as, how do you handle active intrusions? Denial of service attacks? Probes? - and eventually you will be able to piece together their response set, a collection of reactions tailored to particular attacks or threats.
By Chris Loomis, 03/24/2004
|
|
Tracking Down the Phantom Host Most information systems security professionals are familiar with the procedures for identifying malicious traffic among their routine data, and many of the same professionals are familiar with the forensic procedures required once you have identified a compromised host. But on more than one occasion, I have been asked how to locate a problem host when you are not sure where it is physically located.
By John Payton , 03/24/2004
|
|
Starting from Scratch: Formatting and Reinstalling after a Security Incident Missing files, corrupt data, sluggish performance, programs not working - any of these things could indicate a breach in network security. Once the breach has been identified and mitigated, the painful process of rebuilding and recovery begins. There is a point you reach in the recovery process, after you have done a little digging, put a finger on what might have gone wrong, where you come to the proverbial "fork in the road". Every security professional or systems administrator has faced the decision at some point in his or her career: is it better to try to repair the damage, or just reinstall the system and start from scratch?
By Matthew Tanase, 03/24/2004
|
|
Developing an Effective Incident Cost Analysis Mechanism When it comes to calculating damages from computer security incidents, some in the media will tell you that it is impossible to come up with a value. At the same time, others will tell you that the Melissa Virus caused $80 million in damages to US businesses. Who is right? Can these damages be calculated, and if so, how?
By David A. Dittrich, 03/24/2004
|
|
An Introduction to Incident Handling Incident handling is a generalized term that refers to the response by a person or organization to an attack. An organized and careful reaction to an incident can mean the difference between complete recovery and total disaster. This paper will provide a logical approach to handling two common forms of attack - virus outbreak and system compromise. The method that this article will propose includes the following sequence of steps that should be followed in the case of all types of attack.
By Chad Cook, 03/22/2004
|
|
NT/2K Incident Response Tools The tools presented in this paper are broken down three sections: Communications tools, tools for collecting volatile information, and tools for collecting non-volatile information. Each section will provide greater detail as to the type of information collected.
By H. Carvey, 03/20/2004
|
|
State of the Practice of Computer Security Incident Response Teams (CSIRTs) Although CSIRTs have been in existence since 1988, the development of CSIRTs and the incident response field is still in its infancy. It has not yet become a standardized field of practice but it is rapidly moving to a more standardized discipline. Many organizations are looking to formalize their incident response methodologies, processes, and organizational structures.
By Georgia Killcrece, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek, 03/03/2004
|
|
Dealing with External Computer Security Incidents Dealing with computer security incidents is extremely difficult. There are many ways that incidents can occur and many types of impact they can have on an organization. There are no complete solutions, and the partial solutions that exist are expensive and resource intensive. However, the alternative-not dealing with security incidents-is yet more expensive, and using weak methods for dealing with incidents may only compound the damage that incidents cause. What is required is a long-term commitment to develop the capability to deal with security incidents, not just make short-term fixes of selected problems.
By Unknown, 03/03/2004
|
|
A Common Language for Computer Security Incidents The Common Language Project was not an effort to develop a comprehensive dictionary of terms used in the field of computer security. Instead, our intention was to develop a minimum set of 'high-level' terms, along with a structure indicating their relationship (a taxonomy), which can be used to classify and understand computer security incident and vulnerability information. We hope these 'high-level' terms and their structure will gain wide acceptance, be useful, and most importantly, enable the exchange and comparison of computer security incident information. We anticipate, however, that individuals and organizations will continue to use their own terms, which may be more specific both in meaning and use. We designed the common language to enable these 'lower-level' terms to be classified within the common language structure.
By John D. Howard, Thomas A. Longstaff, 03/03/2004
|
|
Page: 12 3 456 |
