Joaquin,
The first I would do is put together an Incident Response Plan. You can search the net and find several good examples (I'd start with CERT).
The plan is going to address all the question you've posed. In the long run, creating a plan will have more benefit to you because it will provide you with a consistent way to ensure that:
- Reported incidents are quickly evaluated.
- Incidents are properly identified by type and occurrence.
- Incidents are quickly contained to limit the scope and magnitude of damage.
- Incident causes are eradicated.
- Systems are restored to normal operations.
- Incidents are evaluated to determine what technical or organizational changes can be made to prevent future occurances.
-- Bill Stackpole, CISSP
"Joaquin Tejada" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]05/08/01 09:12 AM
To: <[EMAIL PROTECTED]>
cc:
Subject: Countermeasures
Hi all,
I've been asked to make a plan on how to deal if we get hack. For example,
what if our web or ftp got hack - what are the steps we should follow or do
to catch or trace the culprit and how to prevent it from happening again.
Who should we report it to? Our web and ftp servers are in a dmz zone and
only http and ftp services are allowed. Thanks in advance.
Regards,
Joaquin
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
