Re: Incident handling...

[Ron Gula <rgula () ENTERASYS COM>]

I wrote a paper a few years ago on basic incident handling. It's
at http://www.securitywizards.com/papers and called "How to Handle
and Identify Network Probes".

Ron Gula
VP IDS Products
Enterasys Networks


At 09:23 AM 2/5/01 +0800, you wrote:
> Dear all,
>
> I am currently compiling a paper on incident handling, i.e., actions/steps
> to be taken when an incident occurs, example would be if a mail bombing
> occurs,
> Step 1: nullify the incoming email
> Step 2: Check the previous saved email of the sender
> Step 3: configure the router or firewall to block the sender
> Step 4 and so on and so on.
>
> Is there a site where this kind of information could be found?
> I have checked SANS, CERT and Securityfocus sites and only found incident
> handling on virus and system compromise, nothing on mail bomb, launchpad,
> web defacement, DNS attack, syn flooding, DOS, etc.
>
> TIA
>
> Thanks and regards
> Kwan Hep Chuen
>
> Disclaimer Note.
>
> This e-mail and any files transmitted with it is confidential and
> intended solely for the use of the individual or entity to whom it
> is addressed. If you are not the intended recipient, or the person
> responsible for delivering the e-mail, be advised that you have
> received this e-mail and any files transmitted with it in error and
> that any use, dissemination, forwarding, printing or copying of this
> e-mail and any files transmitted with it is strictly prohibited.
> If you have received this e-mail and any files transmitted with it in
> error, please advise the sender immediately by reply e-mail and delete
> this message. Thank you for your co-operation.