Category list

- page 97

Summary

One of the worst fears of any security organization is that a security incident will occur that they will have to address. Unfortunately, the reality is that sooner or later it is going to happen. Planning for incident response is a necessary function to ensure that your organization is prepared to deal with any incident that may present itself. The incident response flow can help you determine what to do in the event of an incident. The first thing you need to do is to develop a computer incident response team (CIRT) to deal with any incident that may arise.

Next, you should plan for incident response and begin getting prepared to deal with incidents before they occur. Once you have discovered an incident, you need to observe the situation to determine exactly what is going on before deciding what the best method of handling the incident is. During incident handling, you should notify all the affected personnel of what is occurring as well as establish a method for the CIRT to communicate while they contain the incident. After you have properly contained the incident, you should gather the necessary information required for you to report the incident to the relevant groups and organizations, including law enforcement. The last step is to recover from the incident by patching and repairing any systems that were compromised as well as closing/fixing whatever means were used to exploit the system. Remember, you cannot prevent all incidents. It is never going to happen. You have to be prepared to handle those incidents that you cannot prevent to allow your organization to become fully operational again in the most rapid and reliable fashion possible.

Index

Numbers

3DES, 103, 141 “142

802.1x

security, 244, 266 “267

wireless mode, 258

WPA and, 266

802.1x port-based authentication

Cisco Secure ACS server configuration, 308 “310

drawbacks of, 310

enabling switch authentication, 304 “305

IAS server and Windows domain configuration, 305 “308

IOS-based switches, 304

network device roles, 302 “303

overview, 302

switch configuration for RADIUS server, 305

Index

A

AAA (authentication, authorization, and accounting). See also 802.1x port-based authentication

accounting on Cisco Secure PIX Firewall, 301 “302

accounting on IOS-based equipment, 300 “301

authentication on Cisco Secure PIX Firewall, 292 “295

authentication on IOS-based equipment, 282

authorization on Cisco Secure PIX Firewall, 297 “300

authorization on IOS-based equipment, 295 “296

firewalls and, 48

mechanisms used for, 9, 281

acceptable-use policy (AUP)

communicating to users, 392

content filtering as support to, 207

overview, 35

access control lists. See ACLs (access control lists)

access points (APs). See WAPs (wireless access points)

accounting. See also AAA (authentication, authorization, and accounting)

Cisco Secure PIX Firewall, 301 “302

IOS-based equipment, 300 “301

accounting (asset management), 335

ACK ( acknowledgement ), 409

acknowledgement (ACK), 409

ACLs (access control lists)

compared with segmentation of network, 373

implementing, 4, 10 “12

for traffic filtering, 182 “187

ActiveX applets, 212

administrative assistants, 484

administrators

individual roles and responsibilities, 507 “508

reviewing security practices of, 398

training/ educating , 28

as user type, 25

AES (Advanced Encryption Standard), 142, 266

AH (Authentication Header), 136 “140

alarms

analyzing, 88

false positives vs. true positives, 75

ALE (Annualized Loss Expectancy), 493, 495

alerts

Cisco IDS, 99 “102

Kiwi Syslog, 323 “328

PureSecure, 98 “99

WhatsUp Gold, 316

ALO (Annualized Rate of Occurrence), 493

analog/ISDN policy, 30

Annualized Loss Expectancy (ALE), 493

Annualized Rate of Occurrence (ALO), 493

anomaly detection, 77

antivirus policy. See also viruses

overview, 30

application proxies, 10, 40 “41

applications

patches/updates, 472

removing unnecessary, 50

testing in change management process, 441

updating in change management process, 442 “443

APs (access points). See WAPs (wireless access points)

archiving data, 328 “329

ARP poisoning , 380

assets, assigning value to, 490 “491

attachments, e-mail, 236 “237

audit, vulnerability assessment, risk assessment policy, 31

Audit/Vulnerability Assessment/Penetration Testing Group, 508

auditing

components of, 399

configuration management and, 331 “332

external audit, 422 “425

internal audits , 400

methods , 400

port scanning with Nmap, 406 “410

tools and documentation for, 400 “406

vulnerability assessment with Nessus, 410 “422

auditors

financial auditors, 521

as potential champions , 484

AUP (acceptable-use policy)

communicating to users, 392

content filtering as support to, 207

overview, 35

authentication. See also AAA (authentication, authorization, and accounting)

Cisco Secure PIX Firewall, 292 “295

firewalls and, 48

IKE and, 146 “150

on IOS-based equipment, 282

NTP and, 62

port-based. See 802.1x port-based authentication

VPNs and, 121 “123

Authentication Header (AH), 136 “140

authentication servers

802.1x networks, 303

RADIUS/TACAS, 249 “250, 266

authorization

Cisco Secure PIX Firewall, 297 “300

firewalls and, 48

IOS-based equipment, 295 “296

types of, 296

VPNs and, 121 “123

auto-negotiation , VTP, 199

Flylib.com

Category list

Similar pages

- page 97

Summary

Index

Numbers

Index

A