Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Daily Topics

Published: 2008-09-30
Last Updated: 2008-10-14 15:11:40 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

October is Cyber Security Awareness Month and this year the SANS Internet Storm Center is going to offer daily tips on each of the six steps of incident handling areas according to the following schedule:

Preparation:  October 1-4
Identification:  October 5-11
Containment:  October 12-18
Eradication:  October 19-25
Recovery:  October 26-31
Lessons Learned:  November 1-3

Below is the list of topics by week and day that we will use in October.  As you can see, the first week focuses on tips for getting getting prepared.  Subsequent weeks focus on the remaining steps.

We need your help beginning this week and continuing through the month of October.  If you would like to submit a tip, please use our contact form and be sure to put something in the subject like "Security Tip, day 15" to make it easier for us to sort them.  Keep your tips brief and to the point, also remember that the audience is broad, including end users, sysadmins, and managers.

1. Preparation
  1 Policies, Management Support, and User Awareness
  2 Building a Response Team
  3 Building Checklists
  4 What Goes Into a Response Kit

2. Identification
  5 Events versus Incidents
  6 Network-based Intrusion Detection Systems
  7 Host-based Intrusion Detection Systems
  8 Global Incident Awareness
  9 Log and Audit Analysis
 10 Using Your Help Desk to Identify Security Incidents
 11 Other Methods of Identifying an Incident

3. Containment
 12 Gathering Evidence That Can be Used in Court
 13 Containment on Production Systems Such as a Web Server
 14 Containing a Personal IdentityTheft Incident
 15 Containing the Damage From a Lost or Stolen Laptop
 16 Containing a Malware Outbreak
 17 Containing a DNS Hijacking
 18 Containing Other Incidents

4. Eradication
 19 Forensic Analysis Tools - What Happened?
 20 Eradicating a Rootkit
 21 Removing Bots, Keyloggers, and Spyware
 22 Wiping Disks and Media
 23 Turning off Unused Services
 24 Cleaning Email Servers and Clients
 25 Finding and Removing Hidden Files and Directories

5. Recovery
 26 Restoring Systems From Backups
 27 Validation via Vulnerability Scanning
 28 Avoiding Finger Pointing and the Blame Game
 29 Should I Switch Software Vendors?
 30 Applying Patches and Updates
 31 Legal Awareness (Regulatory, Statutory, etc.)

6. Lessons Learned (November)
 1 What Should I Make Public?
 2 Working With Management to Improve Processes
 3 Feeding The Lessons Learned Back to the Preparation Phase
 

Marcus H. Sachs
Director, SANS Internet Storm Center

 

Keywords: Awareness2008
0 comment(s)

TCp Sockstress vulnerability

Published: 2008-09-30
Last Updated: 2008-10-01 00:02:08 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

There have been a few mentions of the TCP Sockstress AKA TCP state table manipulation vulnerability(ies) posted, with few technical details published. Once these are available I am certain we can then more fully consider impact and mitigation. The immediate impact appears to be Denial of Service.

Cheers,
Adrien de Beaupré
intru-shun.ca

 

Keywords:
0 comment(s)
Diary Archives