Re: REVIEW: "Incident Response", Kevin Mandia/Chris ProciseFrom: Van.ForSaler (email@example.com)
- Next message: Parker: "Re: CIW Security exam"
- Previous message: Tweetie Pooh: "Re: How can I restrict user from accessing web mail service on the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Van.ForSaler" <firstname.lastname@example.org> Date: Tue, 12 Mar 2002 17:21:09 GMT
Is there a book, website or other source of information dealing with this
subject that you would recommend?
"Rob Slade, doting grandpa of Ryan and Trevor" <email@example.com> wrote in
> BKINCDRS.RVW 20020108
> "Incident Response", Kevin Mandia/Chris Procise, 2001, 0-07-213182-9,
> %A Kevin Mandia firstname.lastname@example.org
> %A Chris Procise email@example.com
> %C 300 Water Street, Whitby, Ontario L1N 9B6
> %D 2001
> %G 0-07-213182-9
> %I McGraw-Hill Ryerson/Osborne
> %O U$39.99 905-430-5000 fax: 905-430-5020
> %P 509 p.
> %T "Incident Response: Investigating Computer Crime"
> Part one is supposed to provide us with the basics of incident
> response. Despite the assertion, in the introduction, that such
> response deals with much more than computer crime and that incidents
> can vary widely, chapter one details a deliberate and malicious
> intrusion into a computer system, by an incredibly inept attacker,
> using inside information. Chapter two provides a definition of
> incident response, but it does lean heavily towards crimes, law
> enforcement involvement, and directed attacks. The material also
> assumes that an incident response team can be called upon or formed at
> short notice. The suggestions for advance preparation, in chapter
> three, do cover a broad range, but the writing is not always
> organized, and the material has gaps and covers many topics
> Part two purports to deal with technical issues. Chapter four deals
> with guidelines for investigations, but, again, concentrates only on
> directed attacks from outside the organization. The computer forensic
> process, in chapter five, is limited to retention and copying of
> evidence. There is a rather terse review of Internet Protocol header
> information in chapter six. Chapter seven lists some information
> related to network monitoring and logging. "Advanced Network
> Surveillance" (chapter eight) examines a few of the more convoluted
> Part three describes operating system functions associated with system
> investigation. Chapters nine to twelve list a number of utility
> programs that can be used to obtain system information.
> Part four is a grab bag of material dealing with special topics,
> chapter thirteen dealing with routers, fourteen the Web, and fifteen
> various servers. A number of security and security breaking tools are
> enumerated in chapter sixteen.
> The emphasis in this book is adversarial: seeing incident response as
> primarily a matter of active defence against an active attacker. Most
> companies will probably see incident response as a matter related to
> technical support: an endless stream of incidents, most of which are
> trivial, and a select few of which indicate serious problems. As
> such, the book does, occasionally, point out some matters to consider,
> and possibly new practices to adopt in order to deal with those
> isolated events that are important enough to turn over to law
> enforcement agencies. However, overall, the text does not provide
> much guidance in preparing for and responding to serious incidents.
> copyright Robert M. Slade, 2002 BKINCDRS.RVW 20020108
> firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com
> Find virus, book info http://victoria.tc.ca/techrev/rms.htm
> Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
> Review mailing list: send mail to firstname.lastname@example.org
> Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
> Viruses Revealed http://viruses-revealed.org.uk or