Respond to an Attack


What should you do if you detect an attack? You should take a number of steps to respond effectively to an attack:

  • Stop further damage Disconnect affected computers, or stop affected applications.

  • Preserve evidence For the purpose of identifying the attacker and determining the full extent of the damage, back up system logs and application logs, and impound and analyze affected computers.

  • Assess the damage This involves asking relevant questions. Which computers or applications have been affected by the attack? What has the attacker done?

  • Identify the root cause To prevent the attack from happening again, you need to answer the following questions: How has the attacker launched the attack? What vulnerability needs to be fixed to prevent future attacks?

  • Fix the problem If you have successfully identified the vulnerability, take measures to ensure that the same attack cannot be successfully repeated. For example, if there is a security patch available to fix the problem, install the patch on all computers—and require all new computers to install the patch.

  • Test the fix If you made a fix to your application, use the techniques described in Chapter 9 to test your application before deploying the fix. There’s nothing worse than deploying a fix where the application is more vulnerable or buggy than before the fix was applied.

  • Restore applications and systems to a known good state This might mean losing data. However, you need to avoid reinstating infected computers or applications that could revive the attack. In addition, you must avoid reinstating computers where the data on the computer is corrupted.

  • Redeploy If when fixing the problem you make a fix to your application, you’ll need to redeploy the application. In the case of Web applications, this might be a simple matter of redeploying the application to the Web server.

  • Monitor Look out for the same attack, and continue to monitor for other forms of attack as described earlier.

Prepare for a Response

First and foremost, you should avoid relying on a response strategy as a means of improving your application after release. You should make every effort to secure your application fully by means of security-oriented design, testing, and trial (beta) releases before the application ships. Security issues that crop up after release can be damaging to your customers, damaging to your reputation, and costly to fix. However, despite your best efforts to ship a secure product, you should prepare (in advance) for the worst. As the saying goes, “Hope for the best, but prepare for the worst.”

The time to prepare for a response to an attack is before your application ships, and well before the first security issue is reported. You should formulate a response plan that addresses the following issues:

  • User notification How will users be notified that there is a problem? The nature of your application and how it’s delivered to your users influences what type of notification mechanism you put in place. If your application is a Web application, you could post a response on the Web page displayed by the application. If your application is a Windows Forms application, you might opt to use e- mail (in addition to posting information on your company’s Web site) to notify your registered users of the issue.

  • Deployment How will security (or critical) fixes be deployed to your customers? You should design your response deployment mechanism before your application ships. For example, if feasible and appropriate for your application, you might want to design an automatic update feature whereby your application routinely checks for updates and automatically installs them. This is an example of where planning ahead and preparing for a response before your application ships allows you to design features that can help improve overall customer satisfaction and save deployment costs in the long run.




Security for Microsoft Visual Basic  .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net