Incident Response

• Don't panic!
• Evaluate the situation
  • Has attacker succeeded?
  • Is the attack in progress?
• Follow your organization’s policies and procedures,
• Use the appropriate chain of command when notifying other people or organizations.
• Contact incident response agencies appropriate for your site
• Make communication via an out-of-band method (e.g., a phone call) to ensure intruders do not intercept information.
• Document your actions
  • persons contacted
  • phone calls made
  • files modified
  • system jobs stopped
• Snapshot the system
• Make copies of files the intruders may have left or touched and store them off-line.
  • Malicious code
  • Log files
• If you are unsure of what actions to take, seek additional help and guidance before removing files or halting system processes.
• Involve security department
  • Physical access
  • Insider
  • Law enforcement officers
• Plan

Incident Response Centers

GRNET-CERT

Computer Emergency Responce Team for the Greek National Research Network

E-Mail: grnet-cert@grnet.gr

Network Operations Center, University of the Aegean, 30 Voulgaroktonou str, Athens 114 72, Greece

Telephone: +30 - 210 - 649 - 2056
Telefax: +30 - 210 - 649 - 2499
World Wide Web: http://cert.grnet.gr

Network Management Center
National Technical University of Athens
Iroon Polytechnioy 9
Zografou, GR 157 80
Athens
Greece
phone [+30-210] 772.1860
fax [+30-210] 772.1866
http://www.ntua.gr/grnet-cert/grnet-cert.html

• PreviousInternet Attack Methods
• Contents
• NextManagement-related Security Problems

 Last change: Friday, June 6, 2003 5:58 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.