Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
SECURITY CHECK Protecting Your System and Yourself Source:
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Trojan Horse Program Presented by : Lori Agrawal.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lecture 11 Reliability and Security in IT infrastructure.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Incident Response Updated 03/20/2015
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
APA of Isfahan University of Technology In the name of God.
Legal Audits for E-Commerce Copyright (c) 2000 Montana Law Review Montana Law Review Winter, Mont. L. Rev. 77 by Richard C. Bulman, Jr., Esq. and.
Protecting ICT Systems
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Hacker Zombie Computer Reflectors Target.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Introduction to Computer Ethics
Cyber Security Anchorage School District – 7 th grade Internet Safety.
Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
ETHICS, POLICY & SECURITY ISSUES
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Any criminal action perpetrated primarily through the use of a computer.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Botnets A collection of compromised machines
Network Security Basics: Malware and Attacks
Overview of Data Communications Security Concepts
Instructor Materials Chapter 7 Network Security
Botnets A collection of compromised machines
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.
Anatomy of a Common Cyber Attack
Presentation transcript:

Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House

If you’ve been listening at all… You’ll have understood by now that the best time to clean up…

If you’ve been listening at all… You’ll have understood by now that the best time to clean up… …is BEFORE an attack.

Points to Consider  Is the attack ongoing?  If so, should you stop it, or do you need to allow it to continue, in order to backtrack it to its source, or allow law enforcement to do so?  If it must be allowed to continue, can critical information be safeguarded without alerting the attacker?

Points to Consider  Is the attack destroying resources, or is there a significant risk that it will do so?  Is the attack exposing confidential information?  Is the attack exposing you to liability for facilitating further attacks against others?  Is the attack preventing your company from performing its core business?  Is the attack harming employee morale or public relations?

If the attack is a PERSON:  Have you removed access? Changed locks and passwords, and informed security guards?  Do you need to retrieve company property such as a laptop computer?  Do you need to inform any third parties, like cancelling a company credit card, or informing customers that the person no longer represents your company?

If the attack is a DoS:  Can you characterize the Denial of Service traffic load in some way which distinguishes it from your normal operational traffic?  If so, convey that information to your up- stream ISPs, and ask them to propagate it to their up-stream ISPs, while coordinating with law enforcement if feasible.  Think about what statement or incident or action or person might have incited the attack, and how to avoid doing so again.

If the attack is a VIRUS or WORM:  Find out how to identify infected machines.  Find out how to stop propagation or reinfection from the outside or from pockets within your organization.  Determine to what degree hosts need to be sterilized.  Download and install a fixed version of the vulnerable software.  Evaluate whether a more secure piece of software might be in order.

If the attack is a TROJAN HORSE  Educate your staff immediately. Let them know what it looks like, that they should be actively looking for it, and that the consequences of spreading it are very serious.  Identify affected machines.  Determine the method of sterilization.

If the attack is against SUPPORT INFRASTRUCTURE  Identify the affected resource (power, communications, cooling, transportation)  Minimize draw by shutting down less-needed equipment (lights, non-critical processes and machines, gradually increase temperature to ambient)  Identify backup hardware and bring it into effect.

If the attack is against a HOST  Identify the scope of the attack; has the attacker gained root? Do they have access to the entire file-system?  Are there special privileges accorded this host by others, which might be made more vulnerable thereby?  Can the system be isolated, or must it remain on-line?  What method is the attacker using to communicate with the host?

All of these problems can be responded to more quickly and effectively if you’ve…

Considered them and made a contingency plan, and…

All of these problems can be responded to more quickly and effectively if you’ve… Considered them and made a contingency plan, and… Prepared any resources like data backups or spare equipment which you’ll need.

Bill Woodcock

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.