Responding to an Incident
Knowing in advance the steps you will need to follow when responding to an incident will make you better prepared for the task when it arises. Outlining the steps in a plan or procedure that can be quickly and easily followed will lessen the chance that crucial pieces of data are overlooked.
When responding to an incident, never lose sight of the primary goal. If that goal is to restore control of the system as quickly as possible, you should not spend an inordinate amount of time gathering evidence. If the goal is to limit the extent of the damage while possibly pursuing the attacker, make sure to create images, backups, and a chain of custody to develop a solid set of evidence. A best practice is to have a redundant ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
