| |
| |
| |
An Introduction to Incident Response | |
| |
| |
What Is Incident Response? | |
| |
| |
The Rationale for Incident Response | |
| |
| |
Overview of Incident Response | |
| |
| |
Summary | |
| |
| |
| |
Risk Analysis | |
| |
| |
About Risk Analysis | |
| |
| |
Types of Security-Related Risks | |
| |
| |
Obtaining Data About Security-Related Incidents | |
| |
| |
The Importance of Risk Analysis in Incident Response | |
| |
| |
Summary | |
| |
| |
| |
A Methodology for Incident Response | |
| |
| |
Rationale for Using an Incident Response Methodology | |
| |
| |
A Six-Stage Methodology for Incident Response | |
| |
| |
Caveats | |
| |
| |
Summary | |
| |
| |
| |
Forming and Managing an Incident Response Team | |
| |
| |
What Is an Incident Response Team? | |
| |
| |
Why Form an Incident Response Team? | |
| |
| |
Issues in Forming a Response Team | |
| |
| |
About Managing an Incident Response Effort | |
| |
| |
Summary | |
| |
| |
| |
Organizing for Incident Response | |
| |
| |
Virtual Teams--Ensuring Availability | |
| |
| |
Training the Team | |
| |
| |
Testing the Team | |
| |
| |
Barriers to Success | |
| |
| |
External Coordination | |
| |
| |
Managing Incidents | |
| |
| |
Summary | |
| |
| |
| |
Tracing Network Attacks | |
| |
| |
What Does Tracing Network Attacks Mean? | |
| |
| |
Putting Attack Tracing in Context | |
| |
| |
Tracing Methods | |
| |
| |
Next Steps | |
| |
| |
Constructing an "Attack Path" | |
| |
| |
Final Caveats | |
| |
| |
Summary | |
| |
| |
| |
Legal Issues | |
| |
| |
U.S. Computer Crime Statutes | |
| |
| |
International Statutes | |
| |
| |
Search, Seizure, and Monitoring | |
| |
| |
Policies | |
| |
| |
Liability | |
| |
| |
To Prosecute or Not? | |
| |
| |
Conclusion | |
| |
| |
| |
Forensics I | |
| |
| |
Guiding Principles | |
| |
| |
Forensics Hardware | |
| |
| |
Forensics Software | |
| |
| |
Acquiring Evidence | |
| |
| |
Examination of the Evidence | |
| |
| |
Conclusions | |
| |
| |
| |
Forensics II | |
| |
| |
Covert Searches | |
| |
| |
Advanced Searches | |
| |
| |
Encryption | |
| |
| |
Home Use Systems | |
| |
| |
UNIX and Server Forensics | |
| |
| |
Conclusions | |
| |
| |
| |
Responding to Insider Attacks | |
| |
| |
Types of Insiders | |
| |
| |
Types of Attacks | |
| |
| |
Preparing for Insider Attacks | |
| |
| |
Detecting Insider Attacks | |
| |
| |
Responding to Insider Attacks | |
| |
| |
Special Considerations | |
| |
| |
Special Situations | |
| |
| |
Legal Issues | |
| |
| |
Conclusion | |
| |
| |
| |
The Human Side of Incident Response | |
| |
| |
Integration of the Social Sciences into Incident Response | |
| |
| |
| |
Cybercrime Profiling | |
| |
| |
| |
Insider Attacks | |
| |
| |
| |
Incident Victims | |
| |
| |
| |
Human Side of Incident Response | |
| |
| |
Summary | |
| |
| |
| |
Traps and Deceptive Measures | |
| |
| |
About Traps and Deceptive Measures | |
| |
| |
Advantages and Limitations of Traps and Deceptive Measures | |
| |
| |
Focus: Honeypots | |
| |
| |
Integrating Traps and Deceptive Measures into Incident Response | |
| |
| |
Summary | |
| |
| |
| |
Future Directions in Incident Response | |
| |
| |
Technical Advances | |
| |
| |
Social Advances | |
| |
| |
The Progress of the Profession | |
| |
| |
The Nature of Incidents | |
| |
| |
Conclusion | |
| |
| |
| |
RFC-2196 | |
| |
| |
Site Security Handbook | |
| |
| |
| |
Incident Response and Reporting Checklist | |