No Stone Unturned, Part Three
This is the third installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering “the Way” of incident response. As we left off last time, Eliot had just begun compiling a list of tools that would be helpful in incident investigation when he was interrupted by a call from Dave, a sys admin with a branch office on the West Coast. Dave had asked for Eliot's assistance with an apparent incident. Now, having begun an... 2002-04-30 http://www.securityfocus.com/infocus/1574 No Stone Unturned, Part Two This is the second installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering “the Way” of incident response. 2002-03-27 http://www.securityfocus.com/infocus/1561 Going to the Source: Reporting Security Incidents to ISPs Once a security incident has been detected, one of the most effective ways to prevent a recurrence of the attack is to notify the source ISP. However, this is not always as straightforward as it may seem. This article will offer a brief overview of the dos and don'ts, so that security administrators can file effective incident reports. 2002-03-12 http://www.securityfocus.com/infocus/1555 No Stone Unturned: Part One No Stone Unturned is a five-part fictional series about a system administrator named Eliot who progresses through several stages on his way toward developing and implementing an incident response policy. The intention is to present this process as a work of fiction based closely on real events. 2002-02-27 http://www.securityfocus.com/infocus/1550 Episode Fifteen: End Game This is the fifteenth and final episode in SecurityFocus's popular series, "Chasing the Wind". In the last episode, Baseball Cap, spotted by federal agents, had taken flight. Several hundred miles above the Earth's surface, a killer satellite closed in on its target, a United States Intelligence satellite. Ian, the aspiring hacker, was confronted by two OSI agents. Jake continued to investigate Merv's computer for clues to Merv's incarceration. And Douglas wrestled with a weighty moral dilemma. 2002-02-12 http://www.securityfocus.com/infocus/1545 The Devil You Know: Responding to Interface-based Insider Attacks It is estimated that up to eighty-five percent of intrusions are perpetrated by insiders. This article will examine how response teams can detect and investigate interface-based insider attacks. It is also hoped that the article will provide the basis of incident response policies for responding to and investigating insider attacks that exploit interface-based vulnerabilities. 2002-02-06 http://www.securityfocus.com/infocus/1543 Episode Fourteen: A Bird in the Hand This is the fourteenth episode in SecurityFocus's popular Chasing the Wind series. As we left off last time, Jake was puzzled that one of the boxes on his network seemed to have been used to compromise a major project, Baseball Cap was on the run, and Douglas considered a unique application of the Bellatrix supercomputer. Meanwhile, as Ian started to suspect that someone might be onto him, OSI agents started to put the pieces together in their investigation. 2002-01-16 http://www.securityfocus.com/infocus/1536 Episode Thirteen: Cabbages and Kings Jake sat at the incarcerated Merv's terminal and scratched his head. The military security people had told him that this box was sending bursts of (presumed) classified data to an undisclosed location in another country. Okay, except that this segment of the network had no physical attachment to the secured net. In fact, the segment into which this box was plugged wasn't even on his network map. That was a little disturbing, but not entirely surprising , since the data telecomm documentatio... 2001-12-27 http://www.securityfocus.com/infocus/1529 Incident Management with Law Enforcement Working with law enforcement may be the most interesting and challenging part of the computer security professional's job. This article will offer an overview of dealing with law enforcement agencies in security incident handling. It will offer some suggestions that will help to make private sector involvement with the cyber-police satisfactory and effective for both sides. 2001-12-12 http://www.securityfocus.com/infocus/1523 Appropriate Response: More Questions Than Answers One of the issues that the Security community must wrestle with is how to respond to detected incidents. The discussion has been contentious - with two major camps emerging from the crowd - the first can be considered Defenders, the second can be considered Digilantes, or digital vigilantes. This article will take a look at both camps, including the appropriateness of each form of incident response. 2001-11-28 http://www.securityfocus.com/infocus/1516 |
|
Privacy Statement |