427 Botnet fm qxd

Throughout the process, you should document what actions were taken,
the dates and times, and who was involved.This information is useful for
reviewing the process of repairing vulnerabilities that were exploited, and may
be required if third-party security professionals or law enforcement become
involved. Documentation will aid security professionals in reviewing the
before and- after of the systems as repairs were made, and may become evi-
dence of what occurred.
T
IP
The dates and times appearing in log files are important in deter-
mining when events occurred during an attack. As such, it is impor-
tant that your servers and other devices on the network have their
time synchronized. Services are available to synchronize the system
clocks of servers and workstations on your network, and the Network
Time Protocol can be used to synchronize them.
While the confidentiality agreements discussed earlier may have seemed
like overkill when thinking of discussing another organization, you will feel
some security that they exist when it comes to your network being attacked.
It is important to determine whether information will be shared with other
security professionals through membership organizations or other groups.The
information may assist in making repairs to systems, and prevent others from
experiencing similar attacks.
The Role of Intelligence 
Sources in Aggregating 
Enough Information to Make Law
Enforcement Involvement Practical
The decision to involve law enforcement can be a difficult one, especially as it
may involve the incident becoming public knowledge. In addition, anyone
involved in responding to the attack or working with law enforcement may
be required to testify at a later date.These issues may dissuade members of

Download 6,98 Mb.

Do'stlaringiz bilan baham: