nanog mailing list archives

Incident response (was Re: whois )

From: batz <batsy () vapour net>
Date: Tue, 24 Oct 2000 05:53:04 -0400 (EDT)


On Tue, 24 Oct 2000 Valdis.Kletnieks () vt edu wrote:

:Umm... would you be satisfied with a "We've referred it to the appropriate
:people" response?
:
:At least here, and probably many other universities, we're stuck not being
:able to say much more than that due to student confidentiality rules...
:Yes, we take action.  No, we usually can't say what we did.

A general incident response capability would be usefull, but unfortunately
this requires more cooperation than most companies are willing to give. 

Would it be worthwhile to include security incident handling policies
and procedures in peering agreements? i.e a peering agreement also 
includes a testable disaster recovery plan, and a security incident
response plan. 

It is fairly obvious by now that a peering agreement is more than simply 
an agreement on a router configuration. 

I'm wondering if anyone would consider something like this a little more
robust than the centralized CIRTs and industry associations, as it would
be relative to local policy, and the participants have a direct existing
relationship with each other. This, as opposed to dependance on a neutral
co-ordinating centre which may be dealing with other problems. 


--
batz
Reluctant Ninja
Defective Technologies

Current thread:

Re: What TO DO and what NOT TO DO [Re: DOS Attacks - Almost Caught One!] Quark Physics (Oct 23)
- Re: What TO DO and what NOT TO DO [Re: DOS Attacks - Almost CaughtOne!] Marshall Eubanks (Oct 24)
  - Re: whois bmanning (Oct 24)
    - Re: whois Marshall Eubanks (Oct 24)
    - Re: whois Valdis . Kletnieks (Oct 24)
    - RE: whois Brett L. Hawn (Oct 24)
    - Re: whois Marshall Eubanks (Oct 24)
    - Incident response (was Re: whois ) batz (Oct 24)
    - Re: whois Quark Physics (Oct 24)
    - Re: whois bmanning (Oct 24)
    - Re: whois Quark Physics (Oct 24)