North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Incident response (was Re: whois ) (fwd)
If I'm researching an intrusion incident the things that are important to me are: 1) The organization I'm contacting can at least confirm that they have records that are useful in tracking down the hacker. 2) There is someone there who can look at their records since if I'm tracking down a hacker, it has often been a case that the source I've tracked things to has also been hacked. 3) The organization contacted takes the incident serious and will at least make sure they preserve any evidence/logs/records/etc that may be of use in further tracking of the culprit. 4) I can get enough information, even if its a yes or no, to determine if its worth filing a police report. Forwarded message: > On Tue, 24 Oct 2000 [email protected] wrote: > > :Umm... would you be satisfied with a "We've referred it to the appropriate > :people" response? > : > :At least here, and probably many other universities, we're stuck not being > :able to say much more than that due to student confidentiality rules... > :Yes, we take action. No, we usually can't say what we did. > > A general incident response capability would be usefull, but unfortunately > this requires more cooperation than most companies are willing to give. > > Would it be worthwhile to include security incident handling policies > and procedures in peering agreements? i.e a peering agreement also > includes a testable disaster recovery plan, and a security incident > response plan. > > It is fairly obvious by now that a peering agreement is more than simply > an agreement on a router configuration. > > I'm wondering if anyone would consider something like this a little more > robust than the centralized CIRTs and industry associations, as it would > be relative to local policy, and the participants have a direct existing > relationship with each other. This, as opposed to dependance on a neutral > co-ordinating centre which may be dealing with other problems. > > > -- > batz > Reluctant Ninja > Defective Technologies > > > -- Richard Shetron [email protected] [email protected] NO UCE What is the Meaning of Life? There is no meaning, It's just a consequence of complex carbon based chemistry; don't worry about it The Super 76, "Free Aspirin and Tender Sympathy", Las Vegas Strip.