Incident Response: A Strategic Guide to Handling System and Network Security Bre

E. Eugene Schultz, Russell Shumway

  • 出版商: New Riders
  • 出版日期: 2001-11-08
  • 定價: $1,400
  • 售價: 2.1$299
  • 語言: 英文
  • 頁數: 408
  • 裝訂: Paperback
  • ISBN: 1578702569
  • ISBN-13: 9781578702565
  • 相關分類: 資訊安全
  • 立即出貨(限量)



This book teaches readers what they need to know to not only set up an incident response effort, but also how to improve existing incident response efforts. The book provides a comprehensive approach to incident response, covering everything necessary to deal with all phases of incident response effectively ¿ spanning from pre-incident conditions and considerations to the end of an incident.

Although technical considerations, (e.g. the particular binaries in Unix and Linux and dynamically linked libraries in Windows NT and Windows 2000) that need to be inspected in case they are corrupted, the types of logging data available in major operating systems and how to interpret it to obtain information about incidents, how network attacks can be detected on the basis of information contained in packets, and so on ¿ the major focus of this book is on managerial and procedural matters. Incident Response advances the notion that without effective management, incident response cannot succeed.

Table of Contents

1. An Introduction to Incident Response.

What Is Incident Response? The Rationale for Incident Response. Overview of Incident Response.

2. Risk Analysis.

About Risk Analysis. Types of Security-Related Risks. Obtaining Data About Security-Related Incidents. The Importance of Risk Analysis in Incident Response.

3. A Methodology for Incident Response.

Rationale for Using an Incident Response Methodology. A Six-Stage Methodology for Incident Response. Caveats.

4. Forming and Managing an Incident Response Team.

What Is an Incident Response Team? Why Form an Incident Response Team? Issues in Forming a Response Team. About Managing an Incident Response Effort.

5. Organizing for Incident Response.

Virtual Teams-Ensuring Availability. Training the Team. Testing the Team. Barriers to Success. External Coordination. Managing Incidents.

6. Tracing Network Attacks.

What Does Tracing Network Attacks Mean? Putting Attack Tracing in Context. Tracing Methods. Next Steps. Constructing an “Attack Path” . Final Caveats.

7. Legal Issues.

U.S. Computer Crime Statutes. International Statutes. Search, Seizure, and Monitoring. Policies. Liability. To Prosecute or Not?

8. Forensics I.

Guiding Principles. Forensics Hardware. Forensics Software. Acquiring Evidence. Examination of the Evidence.

9. Forensics II.

Covert Searches. Advanced Searches. Encryption. Home Use Systems. UNIX and Server Forensics.

10. Responding to Insider Attacks.

Types of Insiders. Types of Attacks. Preparing for Insider Attacks. Detecting Insider Attacks. Responding to Insider Attacks. Special Considerations. Special Situations. Legal Issues.

11. The Human Side of Incident Response.

Integration of the Social Sciences into Incident Response. Part I: Cybercrime Profiling. Part II: Insider Attacks. Part III: Incident Victims. Part IV: Human Side of Incident Response.

12. Traps and Deceptive Measures.

About Traps and Deceptive Measures. Advantages and Limitations of Traps and Deceptive Measures. Focus: Honeypots. Integrating Traps and Deceptive Measures into Incident Response.

13. Future Directions in Incident Response.

Technical Advances. Social Advances. The Progress of the Profession. The Nature of Incidents.

Appendix A. RFC-2196.

Site Security Handbook.

Appendix B. Incident Response and Reporting Checklist.


本書教讀者如何建立和改善事件應變工作。該書提供了一種全面的應變方法,涵蓋了處理事件應變的所有階段,從事前條件和考慮事項到事件結束。儘管技術考慮因素(例如Unix和Linux中的特定二進制文件,以及Windows NT和Windows 2000中的動態連接庫)需要檢查是否損壞,主要關注點是管理和程序問題。《事件應變》提出了一個觀點,即沒有有效的管理,事件應變無法成功。

1. 事件應變簡介
2. 風險分析
3. 事件應變方法論
4. 組建和管理事件應變團隊
5. 事件應變組織
6. 追蹤網絡攻擊
7. 法律問題
8. 鑑識學 I
9. 鑑識學 II
10. 應對內部人員攻擊
11. 事件應變的人性面
12. 陷阱和欺騙措施
13. 事件應變的未來方向