What to Do When Your Security is Breached 177
ancientribe writes "When you've got a full-blown security breach on your hands, what do you do? If you've been smart, you'll already have a computer security incident response team — and a plan — in place. But many companies are too resource-strapped to have a full-blown, fully-tested incident response strategy. DarkReading has some tips on what to do — and what not to do."
Do what the government does. (Score:4, Funny)
What to Do When Your Security is Breached? (Score:2, Funny)
Dispatch the Tie Fighters (Score:5, Funny)
How about... (Score:2, Funny)
my plan (Score:5, Funny)
Professor: Yes I would, Kent.
I love these content-free articles (Score:5, Funny)
1. first, remove your hand from the burning stove.
2. use ice to cool your hand
3. seek medical attention.
wow. Thanks. I never would have figured any of that out on my own.
part of a larger contingency plan (Score:5, Funny)
For most disasters, whether it's an IT disaster, a natural disaster, a non-natural physical disaster like a fire, a real or frivolous patent lawsuit, employee or company malfeasance, or what not, you need a plan.
For "terminal" disasters, like a nuclear blast that kills all employees and destroys all company assets, folding up shop may be the right business plan. For small businesses, extreme disasters like car wreck that kills all the employees might also be terminal in a slightly less catastrophic way. In these cases, at least you can plan to sell your business or its assets to another entity, so your customers have continuity.
Basically, divide your disasters into categories, and plan and insure accordingly:
0) end of the world, big asteroid or global thermonuclear war
1) major catastrophe, we are dead, forget about the customer, nuclear detonation event
2) end of the company, save the customer, Enron
3) end of the management team, save the company, MCI
4) we can recover from this but it's gonna hurt a lot, Vonage(?)
5) it's a flesh wound, CEO dies of heart attack
6) mosquito bite, SCO sues IBM
7) what? something happened? I didn't even notice, {if I had an example it would be #6}
Clearly (Score:5, Funny)
Script of comments to come... (Score:5, Funny)
Windows Vista: This wouldn't happen to me anyway, I'm the Most Secure OS (tm)!
Mac OS X: I never get any viruses!
GNU/Linux: Me neither!
Windows Vista User Access Control: You are entering a conversation with flaming probability 89%. Cancel or Allow?
Windows Vista: [to Vista UAC] Allow. [to the others] That's because nobody uses you!
GNU/Linux: Oh yeah...
Mac OS X: That's because only elite people use Mac OS X. Because you're not worth them.
GNU/Linux: Wait! Windows Vista, you lie! Lot's of people from all around the world use me! In fact, they even improve me! That's because we believe that...
Mac OS X and Windows Vista: [at the same time] Shut up Linux.
Windows Vista: [to Mac OS X] But anyway, even if there were a "Security Breach", it's not like they'd be able to mess anything up!
Mac OS X: That's because it's impossible to do anything in Vista.
Windows Vista User Access Control: [to Vista] You are coming to a sad realization... Cancel or Allow?
NB: the views or opinions expressed by any of the characters do not necessarily resemble the views or opinions of the author.
Re:I love these content-free articles (Score:5, Funny)
"To treat a minor burn, run cool water over the area of the burn or soak it in a cool water bath (not ice water). Keep the area submerged for at least 5 minutes."
http://www.nlm.nih.gov/medlineplus/ency/presentat
"Flush the burn with cool running water or apply cold- water compresses (a wet towel or handkerchief) until the pain lessens. Do not use ice or ice water, which can cause more damage to the tissues."
http://www.personalmd.com/healthtopics/crs/burn1.
*emphasis mine*
OpenBSD (Score:4, Funny)
Ahhh... easy... (Score:1, Funny)
Re:OpenBSD (Score:2, Funny)
OpenBSD: [angry] I'm not Linux you freak! Why is everyone always mixing us up?! [leaves room in tantrum]
Try to cover it up to get out of the TPS reports (Score:1, Funny)
Patch a socket (Score:2, Funny)
We had a security breach once (Score:5, Funny)
So in our case the response was:
1. Stop access.
2. Buy beer and popcorn
3. Watch movies.
Re:Well...I'll give you some help (Score:2, Funny)
Easy... (Score:5, Funny)
or in doubt
Run in circles
scream and shout.
And yeah, pull the ethernet cables out.
Re:I love these content-free articles (Score:1, Funny)
Re:We had a security breach once (Score:3, Funny)
Re:OpenBSD (Score:5, Funny)
Mac OS X: No no, that was OS/2 that died. Remember? You got his kidneys.
Re:How about... (Score:3, Funny)
Then reverse the polarity FTW!
What to do next ? (Score:3, Funny)
So you did the right thing! (Score:3, Funny)
1. Assemble an incident response team.
Gather the buddies round the terminal, see what we got here.
2. Assess the initial damage and the risk for more.
You measured the damage, all 14GB of it. In assessing the risk for more of this damage, you noted that no ftp write access had been tried in a while, concluding that the risk was relatively low.
3. Develop a notification plan.
You sent an email-to-all that there's going to be a movie night, cancel your dates, postpone dinner, it's going to be a long one!
4. Begin remediating the problem.
You closed off ftp access.
5. Document everything.
I guess watching the movies, I mean damage, would fall under the documentation stage.
6. Develop a strategy for stopping the next attack.
Contemplate re-opening the ftp server to encourage more damage.
Comment removed (Score:4, Funny)