On Mon, Jun 8, 2009 at 12:15 PM, Drexx Laggui [personal]<[email protected]> wrote: > 08Jun2009 (UTC +8) > > They all got good suggestions here. Do activate your company's > Incident Response Plan. > > If you don't have one, and this is an ad hoc response, please > *document* your every action before you start proceeding any further. > Trust me, when a company does a post-mortem analysis later, sys admins > get a lot of heat if upper management thinks they didn't respond well > enough.
A good example of these would be post-mortem analyses of compromise and intrusion reports of well-known FOSS projects. Debian comes to mind: in fact they do have some guidelines in their Securing HOWTO[1] and their IRP for the 2003 compromise at wiggy's.[2] [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch-after-compromise.en.html [2] http://www.wiggy.net/debian/ -- Zak B. Elep || zakame.net 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
