Access "On The Radar"
This article is part of the April 2005 issue of Spotlight on the incident response hot seat
A simple Web page defacement shows the value of a thorough incident response plan. Getting hacked is a visceral experience akin to taking a two-by-four to the head. At least, that's how I felt recently after learning via defacement mirror Zone-H that one of my Web pages had been tagged with digital graffiti. Sure enough, our investigation found that the defaced server was running an unpatched PHP bulletin board. The hacker used a PHP exploit to leave a short, tame note marking his territory. While this was a relatively minor incident, it underscored the importance of having a prepared, intelligent incident response plan. The adage is true: No one appreciates a policy until crunch time. The IR plan dictated our immediate response, investigation and restoration process. With three-ring binder in hand, we went to work. This was a fairly important server, so we had to secure and isolate it from the rest of the network. We put a rule on the perimeter firewall to drop all traffic between the server and the outside world, and then we shut down the switch port, ... Access >>>
Premium Content for Free.
Secure Reads: The Executive Guide to Information Security
Read a review of the book, The Executive Guide to Information Security: Threats, Challenges, and Solutions.
Security information management review: Security Threat Manager 3.0
A review of Security Threat Manager 3.0
Hot Pick: Sentryware's HIVE 3.0
Evolving risk dashboards will tell how secure you are and when something's wrong.
Rights of Passage
Our tests found that most endpoint security products will enforce policy and network access. Their differences are in the details.
- Secure Reads: The Executive Guide to Information Security
Intrusion Prevention: Top Layer's Attack Mitigator IPS 5500
Attack Mitigator IPS 5500
Antivirus: Kaspersky Anti-Virus Business Optimal 5.0
Kaspersky Anti-Virus Business Optimal 5.0
Recent Releases: Security product briefs, April 2005
Learn about the information security products released in April 2005.
Ready For Takeoff
Cutting costs was the only way to keep United Airlines flying high. Rich Perez's answer was to rebuild the network.
ChoicePoint's Rich Baich faced the perfect storm: a huge security breach, intense media attention and a shareholder revolt. What he needed was an incident response plan to get him out of the hot seat.
- Intrusion Prevention: Top Layer's Attack Mitigator IPS 5500
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...