Firewall Wizards mailing list archives
Re: Intrusion Response
From: "Dominick Glavach" <glavach () ctc com>
Date: Tue, 21 Sep 1999 08:52:57 -0400
David: Here are some useful steps to build an effect Incident Responce team. 0. Incident Responce is a team sport. 1. Identify an Incident Responce team. The members should include a member of Upper level management, HR Manager (for Internal incidents), technical staff, security engineers and the lead IS security 2. Develop an Incident Responce procedure. Outline the steps of your Incident responce. For example. 1. Verification (Is this really a compromise?) 2. CIRT deployment (who, how many, remember to keep a written log of all actions) 3. Regain control of the compromise (network isolation, shutdown) ... Your last step should be the Incident wrap-up meeting with your CIRT. Go over the Incident and improve your process and then I write up a Incident Report. 3. User awareness. Inform people who to contact. 4. Contact your local law agencies (local police, FBI, etc). Get to know them in the event you need their support. 5. Work through a couple of dry-runs with your CIRT. This should get you started. -- ----------------------------------------------------------------------- Dominick Glavach, IS Security/System Engineer glavach () ctc com Concurrent Technologies Corporation 814/269-2469 PGP fingerprint: F1 EB F3 DE 69 93 80 BF 00 14 77 E9 8B 61 A8 73 PGP Public Key : ftp.ctc.com/pub/PGP-keys/glavach.asc -----------------------------------------------------------------------
Current thread:
- Intrusion Response David Lang (Sep 18)
- Message not available
- Re: Intrusion Response Dominick Glavach (Sep 21)
- Message not available