Security Basics mailing list archives
RE: Incident Response
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Fri, 8 Jun 2007 09:54:42 +1000
I'd suggest using a basic framework to structure your investigation: On a basic level, might go something like this. 1. Confirm that you have an incident 2. Gather data and decide whether to contain the 'attack' 3. recovery and analysis 4. Review/report/lessons learned etc recommend And all the way through thoroughly document what is happening/has happened. Some people would suggest that incident handling includes a prep phase-ie be prepared for attacks/incidents-servers go down so have backups or failovers in place. As you're doing an exercise this prep will be more likely part of your recommendations. The Honeynet project images are a great tool to learn with. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of esecuritydude () gmail com Sent: Friday, June 08, 2007 12:21 AM To: security-basics () securityfocus com Subject: Incident Response Hi List, I'm currently doing a uni assignment where I have to investigate an intrusion into a *nix file server and describe: a) What I would do for the current incident b) What I would recommend for the future. Does anyone have any classic real life examples of this? and where could I find a good/standard incident response procedure? Thanks in Advance, Miguel
Current thread:
- Incident Response esecuritydude (Jun 07)
- Re: Incident Response Neil (Jun 07)
- RE: Incident Response Murda Mcloud (Jun 07)
- <Possible follow-ups>
- Re: Re: Incident Response sam . d101 (Jun 12)