| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Forensics
|
|
Incident Response Team
|
|
Nailing the Intruder This paper is an attempt to link the various aspects of evidence relating to computer crime, the sources of such evidence and some tips on how to identify systems compromised and cull out evidence from the same.
By Vinay Narayan Disley, 02/19/2004
|
|
Investigating an Internal Case of Internet Abuse I was recently required to investigate an incident of Internet abuse that led to the discovery that one of our own administrators was a security risk. Though this investigation was triggered by an incidence of "Internet abuse", the tools used and lessons learned are relevant for many types of security incident that require an internal investigation to discover the offender. This essay describes the detection, investigation and various tools used to collect the evidence. Lessons learned from the investigation are included, as well as some useful resources for security investigators s o they can be more prepared when they deal with internal computer security incidents.
By Mal Wright, 02/19/2004
|
|
Information Security: Handling Compromises As the Information Systems Security Manager (ISSM) for an organization within DoD, I am responsible for ensuring the overall security stance of our network. This includes physical security and network security. Part of maintaining our security stance is ensuring that information considered sensitive to national security does not reside on the unsecured network.
By Craig L. Bowser, 02/19/2004
|
|
Incident Response Tools For Unix, Part One: System Tools The best tools that can be utilized in response to the intrusion threat are not ones that will be discussed in detail in this series. The tools that will be covered are discussed in the context of triage after an intrusion has happened. Intrusions are generally preventable. Using techniques such as keeping systems up-to-date by patching vulnerabilities, configuring a system with the minimum required services, using operating systems that are designed with security in mind, and using kernel patches that harden the system go a long way toward making sure you never have to use the tools discussed in this series.
By Holt Sorenson, 02/19/2004
|
|
From Events to Incidents In all computer incident handling situation, some form of computer forensic is required in order to support the eradication, recovery and applying the lesson learned. As more data on computer forensic becomes available, many have come to realize that the resource cost involved in incident handling situation is fairly significant. In addition, staffing an incident handling team with the proper skills required to effectively carry out incident handling is quite challenge.
By Charles Pham, 02/19/2004
|
|
Forgetting to Lock the Back Door: A Break-in Analysis on a Red Hat Linux 6.2 Machine This document is intended to highlight the steps taken in ascertaining the level of damage done in a network break-in (or hack attack) on our system, and the steps taken in rectifying the damage. Using the crisis case I encountered in a small company, I will demonstrate how to gather the evidence, secure the network, and provide suggestions for amendments to the existing system to minimize the chances of a repeat break in.
By Gary Belshaw, 02/19/2004
|
|
Deterring Cyber Attacks In the past, many companies chose not to share information on cyber attacks with authorities or with watchdog groups for fear that negative publicity would decrease consumer and investor confidence and lead to potential profit losses.
By Christy Bilardo, 02/19/2004
|
|
Corporate Incident Handling Guidelines Incidents are an unfortunate fact of life in any systems environment. They can be extremely visible and disruptive (eg: widespread virus outbreaks) or entirely unnoticed but extremely damaging (eg: loss of confidential growth plans). There is a vast amount of information available to help you deal with most types, but if you have done no preparation you will struggle to find it when you need it at short notice.
By David Theunissen, 02/19/2004
|
|
Computer Incident Response Team No company's security policy should be considered complete until procedures are put into place that allow for the handling and recovery from even the most devastating of incidents. One possible solution is the inclusion a computer Incident Response Team (CIRT) within the company's incident response procedures.
By Michelle Borodkin, 02/19/2004
|
|
Combating Computer Crime According to the Nevada State Attorney Generals Office, the average bank robbery nets $2,500, the average bank fraud nets $25,000, the average computer crime nets $500,000, and the average theft of technology nets $1.9 million. While these numbers are staggering, high tech crime investigations and prosecutions are still not common endeavors, particularly with local law enforcement agencies.
By Jason Upchurch, 02/19/2004
|
|
Page: 1234 5 6 |
