Foreword | p. xiii |
Preface | p. xvii |
Welcome to the Information Age | p. 1 |
A Brief History | p. 2 |
CERT | p. 3 |
More Teams | p. 5 |
First | p. 5 |
What Does This Mean to My Organization? | p. 7 |
Examples of Incident Response Teams | p. 7 |
Some Statistics | p. 8 |
Summary | p. 11 |
What's Your Mission? | p. 13 |
Focus and Scope | p. 13 |
Know Who You're Protecting: Defining Your Constituency | p. 14 |
Defining Response | p. 15 |
Working with Law Enforcement | p. 17 |
InfraGard | p. 19 |
Operational Strategy | p. 20 |
Defining an Incident | p. 21 |
Tracking an Incident | p. 21 |
Counting Incidents | p. 23 |
Services Offered | p. 24 |
The Importance of Credibility | p. 27 |
Summary | p. 28 |
The Terminology Piece | p. 29 |
What Is a Computer Incident? | p. 29 |
Operational Versus Security Incidents | p. 39 |
Determining the Categories to Be Used | p. 40 |
An Incident Taxonomy | p. 42 |
Common Vulnerability and Exposure (CVE) Project | p. 50 |
Summary | p. 52 |
Computer Attacks | p. 55 |
Consequences of Computer Attacks | p. 57 |
Computer Intrusion, Unauthorized Access, or Compromise | p. 57 |
Denial-of-Service Attacks | p. 59 |
Port Scans or Probes | p. 59 |
Attack Vectors | p. 60 |
The Human Factor | p. 60 |
TCP/IP Design Limitations | p. 65 |
Coding Oversight | p. 66 |
Malicious Logic | p. 68 |
The Computer Virus | p. 68 |
Virus Types | p. 70 |
Important Steps to Remain Virus-Free | p. 72 |
Other Forms of Malicious Logic | p. 72 |
Virus Hoaxes and Urban Legends | p. 74 |
Summary | p. 76 |
Forming the Puzzle | p. 79 |
Putting the Team Together | p. 80 |
Coverage Options | p. 80 |
Determining the Best Coverage | p. 84 |
Team Roles | p. 85 |
Team Skills | p. 88 |
Promotions and Growth | p. 95 |
Interviewing Candidates | p. 96 |
Facilities | p. 97 |
Products and Tools | p. 99 |
Penetration Testing Tools | p. 99 |
Intrusion Detection Systems | p. 101 |
Network Monitors and Protocol Analyzers | p. 103 |
Forensics Tools | p. 103 |
Other Tools | p. 105 |
Funding the Team | p. 106 |
Marketing Campaign | p. 107 |
Risk Assessment | p. 108 |
Business Case | p. 109 |
Placement of the Team | p. 109 |
Worst-Case Scenarios | p. 110 |
Training | p. 110 |
Certifications | p. 112 |
Constituency Training | p. 116 |
Marketing the Team | p. 116 |
Dealing with the Media | p. 118 |
Summary | p. 120 |
Teamwork | p. 121 |
External Team Members | p. 122 |
Internal Teamwork | p. 125 |
Selecting Team Members | p. 125 |
Retention and Cohesiveness | p. 126 |
Summary | p. 128 |
Selecting the Products and Tools | p. 129 |
Training as a Tool | p. 129 |
Sound Security Practices | p. 131 |
The Tools of the Trade | p. 138 |
Using the Tools | p. 141 |
Summary | p. 142 |
The Puzzle in Action | p. 143 |
The Life Cycle of an Incident | p. 144 |
Preparation (Preparing for Compromise) | p. 146 |
Incident Identification | p. 153 |
Notification | p. 156 |
Incident Analysis | p. 159 |
Remediation | p. 161 |
System Restoration | p. 165 |
Lessons Learned | p. 166 |
Sample Incidents | p. 168 |
Incident Reporting | p. 171 |
Feedback | p. 172 |
Tracking Incidents | p. 174 |
Keeping Current | p. 177 |
Writing Computer Security Advisories | p. 178 |
Summary | p. 180 |
What Did That Incident Cost? | p. 183 |
Statistics and Cases | p. 184 |
CSI/FBI Survey Results | p. 184 |
Some Example Cases | p. 184 |
Forms of Economic Impact | p. 189 |
Costs Associated with Time Frames | p. 189 |
Tangible Versus Intangible Costs | p. 191 |
An Incident Cost Model | p. 193 |
Summary | p. 199 |
The Legal Eagles | p. 201 |
Working with the Legal Community | p. 202 |
The Need for Legal Assistance | p. 202 |
Establishing Contacts | p. 203 |
Laws Pertaining to Computer Crime | p. 204 |
Needed--Case Law | p. 208 |
Reporting Computer Crime | p. 209 |
Summary | p. 213 |
Computer Forensics: An Evolving Discipline | p. 215 |
The World of Forensics | p. 215 |
What Is Forensics? | p. 215 |
The Forensics Investigation | p. 217 |
Overview and Importance of Computer Forensics | p. 221 |
Computer Forensics Challenges | p. 221 |
Computer Evidence | p. 223 |
Methodologies | p. 227 |
Education | p. 231 |
Summary | p. 231 |
Conclusions | p. 233 |
Sample Incident Report Form | p. 239 |
Federal Code Related to Cyber Crime | p. 243 |
18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices | p. 243 |
18 U.S.C. 1030. Fraud and Related Activity in Connection with Computers: As amended October 11, 1996 | p. 248 |
18 U.S.C. 1362. Communication Lines, Stations, or Systems | p. 255 |
Sample Frequently Asked Questions | p. 257 |
Domain Name Extensions Used for Internet Addresses | p. 263 |
Well-Known Port Numbers | p. 283 |
Glossary | p. 285 |
Bibliography | p. 291 |
Index | p. 295 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.