www.syngress.com/solutions

Intelligence
Resources
Solutions in this chapter:
■
Identifying the Information an
Enterprise/University Should Try to Gather
■
Places/Organizations Where Public
Information Can Be Found
■
Membership Organizations and How to
Qualify
■
Confidentiality Agreements
■
What to Do with the Information When You
Get It
■
The Role of Intelligence Sources in
Aggregating Enough Information to Make
Law Enforcement Involvement Practical
Chapter 11
391
Summary
Solutions Fast Track
Frequently Asked Questions
427_Botnet_11.qxd 1/9/07 9:56 AM Page 391

Introduction
Intelligence
is information about a threat or enemy. Generally, when people dis-
cuss intelligence gathering, they are referring to information that’s been col-
lected about a human threat or enemy. Since the birth of the computer age
and cyberspace, intelligence has extended to include information about elec-
tronic threats such as botnets. If you’re reading this book, you’re already aware
of the value of intelligence.The more information you’ve acquired about a
threat, the better able your organization will be to combat it.
Fortunately, over the last number of years, there has been a growing
increase in the number of intelligence resources available on the Internet.
Rather than floundering to determine what to look for on a system, or how
to protect yourself, numerous organizations on the Internet have done much
of your work for you. Using these resources, you can determine what to
check on your systems, be informed of new threats, and identify existing bots
that may be affecting your network.
In reviewing information available through various groups, you should
consider joining membership organizations that limit information to profes-
sionals who meet certain criteria.These may be people who are involved in
security for a certain type of organization, or meet specific standards required
in the membership.These organizations will allow access to privileged infor-
mation that cannot be discussed with third parties, and allow you to discuss
topics with other security professionals.
Such information is vital to repairing and improving security, and may be
necessary in situations where your network becomes the victim of a botnet
attack. As we’ll discuss, during such attacks, you’ll need to determine whether
it will remain an internal matter, or if it is necessary to inform the public and
involve law enforcement. While this is never an easy decision, it is always
important to understand the ramifications of not responding to an attack in
this way.

Download 6,98 Mb.

Do'stlaringiz bilan baham: