When an intruder, worm, virus, or automated attack persists in targeting a computer system, having specific controls in place and a plan of action for responding to the attack or computer incident can greatly reduce the resultant costs to an organization. The implementation of a Computer Incident Response Team, whether it's formed with internal or external resources, is one safeguard that can have a large return on investment during a crisis situation.This book serves as a guide to anyone contemplating or being tasked with forming a Computer Incident Response Team. The creation of such a team is not a trivial matter and there are many issues that must be addressed up front to help ensure a smooth implementation. This book will try to identify most of these issues to help with the creation process. Once the team is formed and operational, this guide will continue to serve as a resource while the team evolves to respond to the ever changing types of vulnerabilities.**Foreword by Steve Romig, Manager, Network Security Group, Ohio State University.**
Sprache
Verlagsort
Verlagsgruppe
Zielgruppe
Für höhere Schule und Studium
Maße
Breite: 235 mm
Dicke: 19 mm
Gewicht
ISBN-13
978-0-201-76175-7 (9780201761757)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Julie Lucas is currently the director of security operations for a Fortune 500 financial services company. In this role, she has a direct impact on the daily operations and security monitoring of the company's backbone. Prior to her current role, she served as the general manager for security solutions for Enterasys Networks. As the general manager, she was directly responsible for the company's security solutions, including both products and services.
Julie was an officer in the United States Navy from 1988 to 2000. While on active duty, she became the Naval Computer Incident Response Team (NAVCIRT) officer in 1996. From 1996 through 2000, she helped to develop the NAVCIRT into a world class incident response team, which was responsible for detecting and responding to attacks on Navy and Marine Corps systems worldwide.
Julie has briefed multiple audiences over the years on a variety of computer security-related topics, including presentations at SANS conferences, RSA 2001, ComNet 2002, and the Business Week CIO Summit. She is also a Certified Information Systems Security Professional (CISSP).
0201761750AB06112003
Foreword.
Preface.
1. Welcome to the Information Age.
A Brief History.
CERT.
More Teams.
FIRST.
What Does This Mean to My Organization?
Examples of Incident Response Teams.
Some Statistics.
Summary.
2. What's Your Mission?
Focus and Scope.
Know Who You're Protecting: Defining Your Constituency.
Defining Response.
Working with Law Enforcement.
InfraGard.
Operational Strategy.
Defining an Incident.
Tracking an Incident.
Counting Incidents.
Services Offered.
The Importance of Credibility.
Summary.
3. The Terminology Piece.
What Is a Computer Incident?
Operational Versus Security Incidents.
Determining the Categories to Be Used.
An Incident Taxonomy.
Common Vulnerability and Exposure (CVE) Project.
Summary.
4. Computer Attacks.
Consequences of Computer Attacks.
Computer Intrusion, Unauthorized Access, or Compromise.
Denial-of-Service Attacks.
Port Scans or Probes.
Attack Vectors.
The Human Factor.
TCP/IP Design Limitations.
Coding Oversight.
Malicious Logic.
The Computer Virus.
Virus Types.
Important Steps to Remain Virus-Free.
Other Forms of Malicious Logic.
Virus Hoaxes and Urban Legends.
Summary.
5. Forming the Puzzle.
Putting the Team Together.
Coverage Options.
Determining the Best Coverage.
Team Roles.
Team Skills.
Promotions and Growth.
Interviewing Candidates.
Facilities.
Products and Tools.
Penetration Testing Tools.
Intrusion Detection Systems.
Network Monitors and Protocol Analyzers.
Forensics Tools.
Other Tools.
Funding the Team.
Marketing Campaign.
Risk Assessment.
Business Case.
Placement of the Team.
Worst-Case Scenarios.
Training.
Certifications.
Constituency Training.
Marketing the Team.
Dealing with the Media.
Summary.
6. Teamwork.
External Team Members.
Internal Teamwork.
Selecting Team Members.
Retention and Cohesiveness.
Summary.
7. Selecting the Products and Tools.
Training as a Tool.
Sound Security Practices.
The Tools of the Trade.
Using the Tools.
Summary.
8. The Puzzle in Action.
The Life Cycle of an Incident.
Step One: Preparation (Preparing for Compromise).
Step Two: Incident Identification.
Step Three: Notification.
Step Four: Incident Analysis.
Step Five: Remediation.
Step Six: System Restoration.
Step Seven: Lessons Learned.
Sample Incidents.
Incident Reporting.
Feedback.
Tracking Incidents.
Keeping Current.
Writing Computer Security Advisories.
Summary.
9. What Did That Incident Cost?
Statistics and Cases.
CSI/FBI Survey Results.
Some Example Cases.
Forms of Economic Impact.
Costs Associated with Time Frames.
Tangible Versus Intangible Costs.
An Incident Cost Model.
Summary.
10. The Legal Eagles.
Working with the Legal Community.
The Need for Legal Assistance.
Establishing Contacts.
Laws Pertaining to Computer Crime.
NeededNCase Law.
Reporting Computer Crime.
Summary.
11. Computer Forensics: An Evolving Discipline.
The World of Forensics.
What Is Forensics?
The Forensics Investigation.
Overview and Importance of Computer Forensics.
Computer Forensics Challenges.
Computer Evidence.
Methodologies.
Education.
Summary.
12. Conclusions.
Appendix A: Sample Incident Report Form.
Appendix B: Federal Code Related to Cyber Crime.
18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices.
18 U.S.C. 1030. Fraud and Related Activity in Connection with Computers: As amended October 11, 1996.
18 U.S.C. 1362. Communication Lines, Stations, or Systems.
Appendix C: Sample Frequently Asked Questions.
Appendix D: Domain Name Extensions Used for Internet Addresses.
Appendix E: Well-Known Port Numbers.
Glossary.
Bibliography.
Index.
