427 Botnet fm qxd

Summary
The intelligence you gather about a threat like botnets is vital to your ability
to prevent or recover from an attack. Although botnets have been around for
years, the incidents involving this method of attack have increased.
Information gathered from sources like vendor sites, membership organiza-
tions, public sites, mailing lists, and other sources will better enable your orga-
nization to combat threats and improve security.
Using the resources available on the Internet will provide you with a wide
variety of tools. As we saw earlier in this chapter, disassemblers will take apart
malicious software to review how it works, and may provide information on
who is communicating with a botnet. In addition, log files and other samples
created by devices on your network will indicate botnet attacks, and provide
important information on how the attack occurred.
Membership organizations are another important resource, and allow you
to discuss situations with other professionals. Membership organizations pro-
vide privileged information to those who have met specific criteria to join,
and protect members through confidentiality agreements to ensure that what’s
said to the group stays with the group.These groups will also provide alerts to
threats, and information that may not be readily available elsewhere.
If an attack occurs on your site, you should seriously consider the involve-
ment of law enforcement. By having an investigation performed, the both-
erder or hackers involved in an attack may be apprehended, and subsequent
attacks may be prevented. If a decision is made to involve the police, it is
important that evidence be preserved so a case can be made against the
attacker. While the involvement of law enforcement was limited in previous
years, most law enforcement agencies now have specialists or entire units that
deal in investigating computer-related crimes and electronic fraud.

Download 6,98 Mb.

Do'stlaringiz bilan baham: