Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Response Updated 03/20/2015

Published byWilfrid Lawson Modified over 9 years ago

Similar presentations

Presentation on theme: "Incident Response Updated 03/20/2015"— Presentation transcript:

1 Incident Response Updated 03/20/2015

2 Topics Definition of Terms Purpose Incident Response Flow Chart
Tips to mitigate future incidents

3 Definition of Terms Incident Security Incident Incident Response
A security breach or attack Security Incident A change in the everyday operations of your network, service, or website, indicating that a security policy may have been violated or a security safeguard may have failed Incident Response An organized approach to addressing and managing the aftermath of a security breach or attack

4 Purpose Provide systematic methods that website administrators should follow when responding to a security incident The incident response that will be outlined here may be interchangeable depending on the process that will work best for your agency and the nature of the attack that you will face.

5 Incident Response Flow Chart

6 Incident Response Flow Chart

7 Incident Response Flow Chart
Upon confirmation, communicate the breach to other people who are part of your incident response team and your hosting provider to make them aware of the situation Gain an idea of the nature of the attack. Identify the type and severity Determine the intent of the attack

8 Incident Response Flow Chart
Common signs that your website has been compromised Your website has been defaced Your website redirects to another site Your browser may indicate that your site may be compromised Your web logs has unexplained big spikes in network traffic

9 Incident Response Flow Chart
Upon confirmation, communicate the breach to other people who are part of your incident response team and your hosting provider to make them aware of the situation Gain an idea of the nature of the attack. Identify the type and severity Determine the intent of the attack

10 Incident Response Flow Chart

11 Incident Response Flow Chart
Begin containing the damage and minimizing the risk Record your actions thoroughly as this may be used for documenting the incident Compare the cost of taking the compromised site offline against the risk of continuing operations or keeping systems online with limited connectivity

12 Incident Response Flow Chart
Require an immediate change of password for all site users and accounts – CMS, DBS, FTPs, hosting control panel Identify compromised data Review and examine logs Check for permission changes or elevated user permissions Check for new accounts, new URLs, new pages, new files and directories Check databases for suspicious content and values

13 Incident Response Flow Chart
Identify compromised data Look for unauthorized process or applications that are currently running Compare your site to a clean backup copy Use version control, if available

14 Incident Response Flow Chart
Depends on the extent of the security breach Restore existing system? Completely rebuild it?

15 Incident Response Flow Chart
Recovery steps for sites that have clean and updated backup Restore clean backups Install any software/system upgrades, updates, or patches Asses installed applications and consider deleting those not in use Change the passwords one more time for all accounts Implement measures to prevent future access then bring your site back online Monitor for any signs of recurrence

16 Incident Response Flow Chart
Recovery steps for sites that have clean but outdated backup Make a complete backup of your site, as reference. Mark it as “infected” Restore the clean backup Assess installed applications and consider deleting those that are not in use Upgrade all applications Identify the files that you'd like to copy from the infected copy and remove all traces of malicious code identified

17 Incident Response Flow Chart
Recovery steps for sites that have clean but outdated backup Upload the clean content to your clean copy Verify that file permissions are appropriate Change the passwords one more time for all accounts Implement measures to prevent future access Bring your site back online Monitor for nay signs of weakness or recurrence

18 Incident Response Flow Chart
Recovery steps for sites that have no backup available Make two full backups of your site. Mark each backup as “infected” Clean the site's content on one of the backups by removing all traces of the incident Verify that all file permissions are appropriate Clean up hacker-modified records in your databases. Perform a sanity check to make sure it looks clean

19 Incident Response Flow Chart
Recovery steps for sites that have no backup available Correct vulnerabilities that have been found in your applications Change the passwords one more time. At this point, one infected backup copy should only contain clean data Assess installed applications and consider deleting those not in use Upgrade all applications Implement measures to prevent future access Monitor for signs of recurrence

20 Incident Response Flow Chart
Analyze the incident and how and why it took place Assess the damage and make recommendations for better future response for preventing a recurrence of the attack

21 Incident Response Flow Chart
Consider whether you need to notify and report the incident to other staff

22 Tips to mitigate future incidents

23 Tips to mitigate future incidents
Enforce the use of strong passwords to all users who have access to your site Passwords should be unique and should not be reused throughout the web Routinely check that all systems are up to date and have the latest patches installed Understand the security practices of all applications before you install them on your site A security vulnerability in one application can compromise the safety or your entire site

24 Tips to mitigate future incidents
Make regular, automated backups of your site Be aware of where backups are maintained, who can access them, and procedures for data restoration and system recovery Maintain also an offline copy of your backup Keep all devices that you use to log in to your site secure. Keep your operating system and web browsers up to date Routinely monitor and analyze site traffic and activity logs

25 End

Download ppt "Incident Response Updated 03/20/2015"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Data Transfer Data Import Data Export Database Backup and Restore Uninstalling and re-installing LIMS.

Data Transfer Data Import Data Export Database Backup and Restore Uninstalling and re-installing LIMS.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
General Awareness Training

General Awareness Training
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

Similar presentations

Ads by Google