9. Incident Response
Even with the best intentions, practices, and efforts, sometimes an attacker still finds a way in. When that happens, you will want to collect evidence and try to find out how she got in and how to stop it from happening again. This chapter covers how to best respond to a server you suspect is compromised, how to collect evidence, and how to use that evidence to figure out what the attacker did and how she got in. “Section 1: Incident Response Fundamentals” lays down some fundamental guidelines for how to approach a compromised machine and safely shut it down so other parties can start an investigation. “Section 2: Secure Disk Imaging Techniques” gives an overview on how to perform your own investigation. It discusses how ...
Get Linux Hardening in Hostile Networks: Server Security from TLS to Tor now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
