Incident Response

Kenneth R. van Wyk is an internationally known incident response and anti-virus expert and an active member of the computer security community. He has worked on and managed numerous incident response teams including Carnegie Mellon University's famous CERT/CC, the U.S. Department of Defense's ASSIST incident response team, and SAIC. He is cofounder and chief technology officer for Para-Protect, Inc., a company that specializes in incident response and other operational security services. Richard Forno is a recognized security professional and coauthor of The Art of Information Warfare. He has held high-profile security positions at major companies and government organizations; he helped establish the first incident response team for the United States House of Representatives and provided advisory support to offices of the Department of Defense on information warfare. He is the cofounder of G2-Forward, a prominent information analysis and distribution service supporting the military intelligence and law enforcement communities. In 1998, he became the chief security officer for Network Solutions (the InterNIC), the company responsible for developing and operating the Internet Shared Registry System.

Foreword. Preface. 1. What Is Incident Response? Real-Life Incidents What Is an Incident? About the Bad Guys What Is Incident Response? Risk Assessment and Incident Response Development of Incident Response Efforts Are You Ready? Are You Willing? 2. Incident Response Teams Who Should Do It? Public Resource Teams Internal Teams Commercial Teams Vendor Teams Ad Hoc Teams Forum of Incident Response and Security Teams (FIRST) Now Who Should Do It? 3. Planning the Incident Response Program Establishing the Incident Response Program Internal Versus External Types of Incidents Who Are the Clients? Summary. 4. Mission and Capabilities Roles and Responsibilities Staffing and Training Involving the Critical Players List of Contacts Setting Up a Hotline Establishing Procedures Awareness and Advertising Fire Drills Issues and Pitfalls. 5. State of the Hack The Moving Target Keeping Up with Attack Profiles Training. 6. Incident Response Operations We've Been Hit-Now What? Incident Response Processes While Under Pressure 7. Tools of the Trade hat's Out There? Network-Based Tools Network Monitors and Protocol Analyzers Network-Based Intrusion Detection Systems Network Vulnerability Scanners Other Essential Network-Based Tools Host-Based Tools Communications Encryption Removable Storage Media The Incident Kit If We Ruled the World. 8. Resources Security Information on the Web Incident Response Team Resources Commercial Incident Response Service Providers Antivirus Products Mailing Lists and Newsgroups U.S. Government Resources Training, Conferences, and Certification Programs Legal Resources A. FIRST B. Sample Incident Report Index