Chapter 18. Responding to an Attack

Previous page
Table of content
Next page
   

Despite all security systems in place, and regardless of the precautions taken, the fact is that most networks will be attacked . There are simply too many people who launch attacks against networks and too many security holes to be able to say with any assurance that a network is not vulnerable to attacks. In fact, it is extremely foolish to think that a network is invulnerable.

When an attack does occur, an organization should have four goals:

  1. Detect the problem.

  2. Isolate the problem.

  3. Stop the problem.

  4. Report the problem.

A fifth goal, which is not always possible, should be to prosecute the person who caused the problem. Too many organizations end the process after the problem has been stopped . It is important to let appropriate organizations know, and to prosecute when possible. Too often an attacker is not properly prosecuted because an organization is worried about the bad press, or losing face with customers. A tough stance against attackers is necessary to send the message that launching an attack against a network is not acceptable behavior, just as entering the offices of a company and stealing information is not acceptable. This message can only be sent if organizations are willing to prosecute when they can. [1]

[1] Many attacks are launched from countries where the law enforcement agencies are unco- operative with law enforcement agencies from other countries . In those cases, prosecution is not an option.

The key word when creating a plan to meet each one of these goals is speed . The faster an attacker is detected , isolated, stopped, and reported , the less damage will be done to the network. Not only that, but, if an organization acts quickly, it is less likely that an attacker will be able to cover his or her tracks, making it easier to document the attack.

A well-documented response procedure will be part of a good security plan. Every employee of an organization should know who is responsible for dealing with an attack, and how an organization responds to attacks. Response is particularly important, because an attack has to be contained as soon as possible. That means that a security incident should be escalated properly, and not handed off to the wrong person or group . An efficient and organized response makes it easier to meet the response goals.

   

Previous page
Table of content
Next page
The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska
BUY ON AMAZON
WebLogic: The Definitive Guide
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Building Web Applications with UML (2nd Edition)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Ruby Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy