Cisco.-.Computer.Incident.Response.and.Product.Security(1).pdf

(1223 KB) Pobierz
Computer Incident
Response and Product
Security
Damir Rajnovic
Cisco Press
8 0 0 East 96th Street
Indianapolis, IN 4 6 2 4 0
¡v
C o m p u t e r Incident R e s p o n s e a n d P r o d u c t S e c u r i t y
Computer Incident Response and Product Security
Damir Rajnovic
Copyright© 2 0 1 1 Cisco Systems, Inc
Published by
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval
system, without written permission from the publisher, except for the inclusion of brief quotations in a
review
Printed in the United States of America
First Printing December 2 0 1 0
Library of Congress Cataloging-in-Publication Data
Rajnovic, Damir, 1965-
Computer incident response and product security / Damir Rajnovic
p cm
Includes bibliographical references
ISBN 978-1-58705-264-4 (pbk )
1 Computer networks—Security measures 2 Computer crimes—Risk assessment
3 Data recovery (Computer science) I Title
TK5105 59 R35 2 0 1 1
005 8—dc22
2010045607
ISBN-13 978-1-58705-264-4
ISBN-10 1-58705-264-4
Warning and Disclaimer
This book is designed to provide information about computer incident response and product security
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or
fitness is implied
The information is provided on an as is basis The author, Cisco Press, and Cisco Systems, Inc shall have
neither liability nor responsibility to any person or entity with respect to any loss or damages arising from
the information contained in this book or from the use of the discs or programs that may accompany it
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately
capitalized Cisco Press or Cisco Systems, Inc , cannot attest to the accuracy of this information Use of a
term in this book should not be regarded as affecting the validity of any trademark or service mark
ix Computer Incident Response and Product Security
Contents at a Glance
Introduction
xvii
Part 1
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Computer Security Incidents
W h y Care A b o u t Incident Response?
Forming an IRT
O p e r a t i n g an IRT
13
51
75
97
1
Dealing w i t h an Attack
Incident Coordination
Getting to K n o w Your Peers: Teams and Organizations
A r o u n d the W o r l d
109
Part II
Chapter 7
Chapter 8
Chapter 9
C h a p t e r 10
C h a p t e r 11
C h a p t e r 12
C h a p t e r 13
Product Security
Product S e c u r i t y Vulnerabilities
Creating a Product S e c u r i t y Team
O p e r a t i n g a Product S e c u r i t y Team
A c t o r s in Vulnerability Handling
159
173
117
137
147
S e c u r i t y Vulnerability Handling by V e n d o r s
S e c u r i t y Vulnerability Notification
Vulnerability Coordination
Index
217
209
183
Contents
Introduction
Parti
Chapter 1
xvii
Computer Security Incidents
W h y Care About Incident Response?
Instead of an Introduction
Business Impacts
Legal Reasons
Direct Costs
Loss of Life
5
6
7
7
8
8
3
4
2
1
2
1
Reasons to Care About Responding to Incidents
Being Part of a Critical Infrastructure
How Did We Get Here or "Why Me?"
Corporate Espionage
Unintended Consequences
Terrorism and Activism
Summary
References
Chapter 2
9
9
13
14
15
14
8
Government-Sponsored Cyber Attacks
Forming an IRT
Steps in Establishing an IRT
Define Constituency
Overlapping Constituencies
Asserting Your Authority Over the Constituency
Ensure Upper-Management Support
Secure Funding and Funding Models
IRT as a Cost Center
Cost of an Incident
Price List
25
26
26
28
29
19
19
25
17
18
Selling the Service Internally
Clear Engagement Rules
Authority Problems
Placement of IRT Within the Organization
Central, Distributed, and Virtual Teams
Virtual Versus Real Team
30
31
Central Versus Distributed Team
xi C o m p u t e r Incident R e s p o n s e and Product S e c u r i t y
Developing Policies and Procedures
32
33
35
Incident Classification and Handling Policy
Information Classification and Protection
Information Dissemination
Usage of Encryption
Symmetric
39
42
36
38
Record Retention and Destruction
Versus Asymmetric Keys and Key Authenticity
45
46
47
Organizations
47
Creating Encryption Policy
Digression on Trust
Engaging and Cooperation with Other Teams
What Information Will Be Shared
Nondisclosure Agreement
Summary
References
Chapter 3
47
48
51
51
53
47
Competitive Relationship Between
Operating an IRT
Team Size and Working Hours
Digression on Date and Time
New Team Member Profile
Strong Technical Skills
Does Not Panic Easily
53
54
Effective Interpersonal Skills
55
55
Forms an Incident's Image
Advertising the IRT's Existence
Giving Attention to the Report
Incident Tracking Number
Setting the Expectations
Information About the IRT
Sample Acknowledgment
Physical Security
Legal Department
Press Relations
60
61
Internal IT Security
59
59
57
57
55
56
56
57
Acknowledging Incoming Messages
58
58
58
59
Looking Professional and Courteous
Cooperation with Internal Groups

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin