Incident Handling
Suspicious Unix Log File Entries and Reporting Considerations
In my Kickstart paper I covered basic Unix log files with a configuration file that gathered everything. I would like to expand on that and now cover messages found in ...
Written by: Cathy Gresham and added on April 16, 2011A 'Bag of Tricks' Approach to Proactive Security
Security does not begin with the detection of a compromised server or other form of detected intrusion. Where then, does security begin? This paper explores this question. Simply stated this ...
Written by: Mitch Saba and added on Jan. 18, 2011Reporting Incidents to an ISP with BlackICE ClearICE Report Utility and the Importance of Submitting Firewall Logs to the Dshield.org Project
This practical has two objectives: guide users of BlackICE to report incidents to their ISPs (using ClearICE Report Utility) and show users the importance of submitting firewall logs to the ...
Written by: Victor Arnaud and added on June 15, 2011The Devil You Know: Responding to Interface-based Insider Attacks
Carl made a mistake. In his repetitious data entry job he entered employee information every workday. He always was careful to input the correct job requisition number in the user ...
Written by: Ronald L. Mendell and added on March 27, 2011No Stone Unturned: Part One
Eliot sat before the glow of his screen. It was early Monday morning, too early for most people to be in the office and still quiet enough for him to ...
Written by: H. Carvey and added on Feb. 28, 2011No Stone Unturned, Part Two
A lone figure sat in front of a computer monitor, silhouetted in its cold, blue glow. The dark, cave-like room hummed with the life of high-powered computer systems and their ...
Written by: H. Carvey and added on May 3, 2011No Stone Unturned, Part Three
This is the third installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "the Way" of incident response. As we ...
Written by: H. Carvey and added on Feb. 13, 2011No Stone Unturned, Part Four
This is the fourth installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "the Way" of incident response. As we ...
Written by: H. Carvey and added on March 4, 2011No Stone Unturned, Part Five
This is the fifth and final installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "The Way" of incident response. ...
Written by: H. Carvey and added on April 16, 2011No Stone Unturned, Part Six
This is an additional installment to the No Stone Unturned series, which was written to help clarify to NT/2K admins the steps they can take to determine the nature and ...
Written by: H. Carvey and added on Feb. 17, 2011