North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Advice requested
- From: K K
- Date: Tue May 29 19:56:41 2007
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UdUZaDGRmRmkhMDycgp0buCR/2MeVPmQwvTU1cflweIbWrOzxAifh4zdlYddoOXO951vUZM7yRJbcWjhBaoG6/ZDGVfTruOBRaw3strfTMrmBQ2unuW/m1X7honvnlO23of/azZotfLGQFIz/3b1IS5M0XRua3e7KzZ4zNfJ+K4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Png7kO410JNb/O8NFFdhg/9FYJdLM+Gd0uffJFKEYEKt9NG5Cf9fSOMLw/+8JPqa4XJSDHs9ZLsZHe9UlPaMkXVsWqVNRqKgelD6zMMxZ+oW8RyoSzZU5Y7JkjNJDQA11jzj5QHACbRmWMZHOhee1bspgb+XP0Yxl7OFtyEINGY=
On 5/29/07, Pete Ehlke <[email protected]> wrote:
On Tue, 2007-05-29 at 08:21 -0700, Matthew Black wrote:
What would you do if a major US computer security firm attempted to
hack your site's servers and networks? Would you tell the company or
let their experts figure it out?
Personally, I would treat it like any other attack. You do have
policy and procedures for responding to intrusions and intrusion
attempts?
convene your CERT, preserve logs, document the time and other costs,
contact the law enforcement, your lawyers, and their ISP.
Personally, I would try to find out who at my site- potentially
including S-OX, PCI, other auditors, and the Board- contracted for
them to do it.
Even if this were a contracted penetration test, you can't go wrong by
treating it as if this were an actual hostile attack.
If I were conducting a "pen test" and the target had managed to get an
FBI case started and convinced ISP to terminate connectivity due to
AUP violations, I would have to give them straight A's for their
response :)
Kevin
|