|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Burleson, Lee (IA) (Lee.Burleson
IA.NGB.ARMY.MIL)Date: Wed Mar 14 2001 - 11:11:16 CST
Brian -
I had the same question recently. Here are a couple URLs that helped me
out:
http://www.securitywizards.com/papers/probes.html
and, of course: (at http://www.sans.org)
http://www.sans.org/newlook/resources/policies/item7.pdf
http://www.sans.org/newlook/publications/incident_handling.htm
- Lee
> -----Original Message-----
> From: Scottsberg, Brian [mailto:brian.scottsbergCOUNTRYCOMPANIES.COM]
> Sent: Tuesday, March 13, 2001 12:32 PM
> To: FOCUS-IDSSECURITYFOCUS.COM
> Subject: Intruder Detection Procedures
>
>
> Greetings,
> I was wondering if anyone out there would know where I could find some
> information on standard pre-written/partially written procedures for
> handling an intruder on various plattforms, after the attacker has
> intruded/hacked whatever. For instance I am trying to
> outline a series of
> steps to ensure that there has in fact been in intruder when
> an intrusion is
> in question. Then list a series of corrective steps(procedures) to be
> completed to contain the attack, correct any damage (Backups
> possibly), and
> prevent the same or a similar intrusion from occuring again.
> Of course, I
> am only looking for general procedures to get me started.
> Thanks in advance for any help!
>
> Brian Scottberg
> IS Security Intern
> Country Companies
> 1711 G.E Road
> Bloomington IL, 61702
> (309) 821-6263
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]