Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.

Published byKarin Newton Modified over 9 years ago

Similar presentations

Presentation on theme: "Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House."— Presentation transcript:

1 Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House

2 If you’ve been listening at all… You’ll have understood by now that the best time to clean up…

3 If you’ve been listening at all… You’ll have understood by now that the best time to clean up… …is BEFORE an attack.

4 Points to Consider  Is the attack ongoing?  If so, should you stop it, or do you need to allow it to continue, in order to backtrack it to its source, or allow law enforcement to do so?  If it must be allowed to continue, can critical information be safeguarded without alerting the attacker?

5 Points to Consider  Is the attack destroying resources, or is there a significant risk that it will do so?  Is the attack exposing confidential information?  Is the attack exposing you to liability for facilitating further attacks against others?  Is the attack preventing your company from performing its core business?  Is the attack harming employee morale or public relations?

6 If the attack is a PERSON:  Have you removed access? Changed locks and passwords, and informed security guards?  Do you need to retrieve company property such as a laptop computer?  Do you need to inform any third parties, like cancelling a company credit card, or informing customers that the person no longer represents your company?

7 If the attack is a DoS:  Can you characterize the Denial of Service traffic load in some way which distinguishes it from your normal operational traffic?  If so, convey that information to your up- stream ISPs, and ask them to propagate it to their up-stream ISPs, while coordinating with law enforcement if feasible.  Think about what statement or incident or action or person might have incited the attack, and how to avoid doing so again.

8 If the attack is a VIRUS or WORM:  Find out how to identify infected machines.  Find out how to stop propagation or reinfection from the outside or from pockets within your organization.  Determine to what degree hosts need to be sterilized.  Download and install a fixed version of the vulnerable software.  Evaluate whether a more secure piece of software might be in order.

9 If the attack is a TROJAN HORSE  Educate your staff immediately. Let them know what it looks like, that they should be actively looking for it, and that the consequences of spreading it are very serious.  Identify affected machines.  Determine the method of sterilization.

10 If the attack is against SUPPORT INFRASTRUCTURE  Identify the affected resource (power, communications, cooling, transportation)  Minimize draw by shutting down less-needed equipment (lights, non-critical processes and machines, gradually increase temperature to ambient)  Identify backup hardware and bring it into effect.

11 If the attack is against a HOST  Identify the scope of the attack; has the attacker gained root? Do they have access to the entire file-system?  Are there special privileges accorded this host by others, which might be made more vulnerable thereby?  Can the system be isolated, or must it remain on-line?  What method is the attacker using to communicate with the host?

12 All of these problems can be responded to more quickly and effectively if you’ve…

13 Considered them and made a contingency plan, and…

14 All of these problems can be responded to more quickly and effectively if you’ve… Considered them and made a contingency plan, and… Prepared any resources like data backups or spare equipment which you’ll need.

15 Bill Woodcock woody@pch.net

Download ppt "Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House."

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Network security policy: best practices

Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google