Computer Incident Response and Product Security

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $31.34
Usually ships in 1-2 business days
(Save 37%)
Other sellers (Paperback)
  • All (10) from $31.34   
  • New (9) from $31.34   
  • Used (1) from $35.07   

Overview

Learn how to build a Security Incident Response team with guidance from a leading SIRT from Cisco

  • Gain insight into the best practices of one of the foremost incident response teams
  • Master your plan for building a SIRT (Security Incidence Response Team) with detailed guidelines and expert advice for incident handling and response
  • Review legal issues from a variety of national perspectives, and consider practical aspects of coordination with other organizations

Network Security Incident Response provides practical guidelines for building an SIRT team as well offering advice on responding to actual incidents. For many companies, incident response is new territory. Some companies do not have an incidence response team at all. Some would like to have one but need guidance to start and others would like to improve existing practices. Today, there are only a handful of organizations that do have mature and experienced teams. For that reason this book is structured to provide help in both creating and running an effective Security Incident Response Team. Organizations who are evaluating whether to invest in a SIRT or who are just getting started building one will find the information in this book to be invaluable in helping them understand the nature of the threats, justifying resources, and building effective IR (Incidence Response) teams. Established IR teams will also benefit from the best practices highlighted in building IR teams as well as information on the current state of incident response handling, incident coordination, and legal issues. Written by a leading SIRT (Security Incident Response Team) from Cisco, the expertise and guidance provided in this book will serve as the blueprint for successful incidence response planning for most any organization.

Read More Show Less

Product Details

  • ISBN-13: 9781587052644
  • Publisher: Cisco Press
  • Publication date: 12/20/2010
  • Series: Networking Technology: Security Series
  • Pages: 225
  • Sales rank: 1,173,911
  • Product dimensions: 7.30 (w) x 9.00 (h) x 0.70 (d)

Meet the Author

Damir Rajnovic finished his education in Croatia where, in 1993, he started his career in computer security. He started at the Croatian News Agency Hina, then moved on to the Ministry of Foreign Affairs, and finally to the Ministry of Science and Technology. During that time, Damir became involved with the Forum of Incident Response Teams (FIRST) and established the Croatian Academic and Research Network Computer Incident Response Team (CARNet CERT), which, until recently, was not only handling computer incidents for CARNet but was also acting as the Croatian national CERT. Damir then moved to the United Kingdom to work in EuroCERT which was a project that aimed to coordinate CERTs within the European region. After EuroCERT, Damir moved to the Cisco Product Security Incident Response Team (Cisco PSIRT), where he is still working. Cisco PSIRT is the focal point for managing security vulnerabilities in all Cisco products.

Damir remains active in FIRST, where he created Vendor SIG, and currently serves as liaison officer to the International Organization for Standardization (ISO) and International Telecommunication Union (ITU). Damir was an invited lecturer for the MSc Information Technology Security course at Westminster University, London. He was one of the core people who dreamed up and formed the Industry Consortium for the Advancement of Security on the Internet (ICASI).

His nonsecurity-related work includes working as a sound engineer on Radio 101 (http://www.radio101.hr) while living in Zagreb, Croatia. Damir lives with his family in Didcot, UK.

Read More Show Less

Table of Contents

Introduction xvii

Part I Computer Security Incidents

Chapter 1 Why Care About Incident Response? 1

Instead of an Introduction 1

Reasons to Care About Responding to Incidents 2

Business Impacts 2

Legal Reasons 3

Being Part of a Critical Infrastructure 4

Direct Costs 5

Loss of Life 6

How Did We Get Here or “Why Me?” 7

Corporate Espionage 7

Unintended Consequences 8

Government-Sponsored Cyber Attacks 8

Terrorism and Activism 8

Summary 9

References 9

Chapter 2 Forming an IRT 13

Steps in Establishing an IRT 14

Define Constituency 14

Overlapping Constituencies 15

Asserting Your Authority Over the Constituency 16

Ensure Upper-Management Support 17

Secure Funding and Funding Models 18

IRT as a Cost Center 19

Cost of an Incident 19

Selling the Service Internally 25

Price List 25

Clear Engagement Rules 26

Authority Problems 26

Placement of IRT Within the Organization 28

Central, Distributed, and Virtual Teams 29

Virtual Versus Real Team 30

Central Versus Distributed Team 31

Developing Policies and Procedures 32

Incident Classification and Handling Policy 33

Information Classification and Protection 35

Information Dissemination 36

Record Retention and Destruction 38

Usage of Encryption 39

Symmetric Versus Asymmetric Keys and Key Authenticity 40

Creating Encryption Policy 42

Digression on Trust 45

Engaging and Cooperation with Other Teams 46

What Information Will Be Shared 47

Nondisclosure Agreement 47

Competitive Relationship Between Organizations 47

Summary 47

References 48

Chapter 3 Operating an IRT 51

Team Size and Working Hours 51

Digression on Date and Time 53

New Team Member Profile 53

Strong Technical Skills 54

Effective Interpersonal Skills 55

Does Not Panic Easily 55

Forms an Incident’s Image 55

Advertising the IRT’s Existence 56

Acknowledging Incoming Messages 56

Giving Attention to the Report 57

Incident Tracking Number 57

Setting the Expectations 57

Information About the IRT 58

Looking Professional and Courteous 58

Sample Acknowledgment 58

Cooperation with Internal Groups 59

Physical Security 59

Legal Department 59

Press Relations 60

Internal IT Security 61

Executives 61

Product Security Team 65

Internal IT and NOC 65

Be Prepared! 65

Know Current Attacks and Techniques 66

Know the System IRT Is Responsible For 67

Identify Critical Resources 69

Formulate Response Strategy 69

Create a List of Scenarios 70

Measure of Success 72

Summary 74

References 74

Chapter 4 Dealing with an Attack 75

Assigning an Incident Owner 76

Law Enforcement Involvement 77

Legal Issues 78

Assessing the Incident’s Severity 78

Assessing the Scope 81

Remote Diagnosis and Telephone Conversation 83

Hint #1: Do Not Panic 83

Hint #2: Take Notes 84

Hint #3: Listen 84

Hint #4: Ask Simple Questions 84

Hint #5: Rephrase Your Questions 85

Hint #6: Do Not Use Jargon 85

Hint #7: Admit Things You Do Not Know 85

Hint #8: Control the Conversation 86

Solving the Problem 86

Determining the Reaction 86

Containing the Problem 88

Network Segmentation 88

Resolving the Problem and Restoring the Services 89

Monitoring for Recurrence 90

Involving Other Incident Response Teams 90

Involving Public Relations 90

Post-Mortem Analysis 91

Incident Analysis 92

IRT Analysis 94

Summary 95

References 95

Chapter 5 Incident Coordination 97

Multiple Sites Compromised from Your Site 97

How to Contact Somebody Far Away 98

Contact a CERT Local at the Remote End 98

Standard Security Email Addresses 99

Standard Security Web Page 99

whois and Domain Name 99

Who Is Your ISP? 102

Law Enforcement 102

Working with Different Teams 102

Keeping Track of Incident Information 103

Product Vulnerabilities 104

Commercial Vendors 104

Open Source Teams 105

Coordination Centers 105

Exchanging Incident Information 106

Summary 107

References 107

Chapter 6 Getting to Know Your Peers: Teams and Organizations Around the World 109

FIRST 110

APCERT 111

TF-CSIRT 111

BARF 112

InfraGard 112

ISAC 113

NSP-Security Forum 113

Other Forums and Organizations of Importance 114

Summary 114

References 115

Part II Product Security

Chapter 7 Product Security Vulnerabilities 117

Definition of Security Vulnerability 118

Severe and Minor Vulnerabilities 120

Chaining Vulnerabilities 122

Fixing Theoretical Vulnerabilities, or Do We Need an Exploit? 124

Internally Versus Externally Found Vulnerabilities 125

Are Vendors Slow to Produce Remedies? 126

Process of Vulnerability Fixing 127

Vulnerability Fixing Timeline 128

Reasons For and Against Applying a Remedy 130

Question of Appliances 133

Summary 135

References 135

Chapter 8 Creating a Product Security Team 137

Why Must a Vendor Have a Product Security Team? 137

Placement of a PST 138

PST in the Engineering and Development Department 138

PST in the Test and Quality Assurance Group 139

PST in the Technical Support Department 140

Product Security Team Roles and the Team Size 140

PST Interaction with Internal Groups 141

PST Interaction with Engineering and Development 141

PST Interaction with Test Group 141

PST Interaction with Technical Support 142

PST Interaction with Sales 142

PST Interaction with Executives 143

Roles the PST Can Play and PST Involvement 143

PST Team Size 144

Virtual Team or Not? 144

Summary 145

References 145

Chapter 9 Operating a Product Security Team 147

Working Hours 147

Supporting Technical Facilities 147

Vulnerability Tracking System 148

Interfacing with Internal Databases 149

Laboratory Resources 150

Geographic Location of the Laboratory 151

Shared Laboratory Resources 151

Virtual Hardware 152

Third-Party Components 152

Product Component Tracking 152

Tracking Internally Developed Code 155

Relationship with Suppliers 155

Summary 156

References 156

Chapter 10 Actors in Vulnerability Handling 159

Researchers 159

Vendors 160

Who Is a Vendor? 160

Vendor Communities 162

Vendor Special Interest Group (SIG) 162

ICASI 162

IT-ISAC 163

VSIE 163

Vendor Point of Contact—Japan 164

SAFECode 164

vendor-sec 164

Coordinators 164

Vendors’ Incentive to Be Coordinated 165

Coordinators’ Business Model 165

Commercial Coordinators 166

Government and Government Affiliated 166

Open-Source Coordinators 167

Other Coordinators 167

Users 167

Home Users 167

Business Users 168

Equipment Usage 168

Interaction Among Actors 169

Summary 171

References 171

Chapter 11 Security Vulnerability Handling by Vendors 173

Known Unknowns 173

Steps in Handling Vulnerability 174

Discovery of the Vulnerability 174

Initial Triage 175

Reproduction 176

Detailed Evaluation 177

Remedy Production 177

Remedy Availability 179

Remedy Distribution and Notification 180

Monitoring the Situation 181

Summary 181

References 181

Chapter 12 Security Vulnerability Notification 183

Types of Notification 183

When to Disclose Vulnerability 184

Amount of Information in the Notice 186

Disclosing Internally Found Vulnerabilities 187

Public Versus Selected Recipients 188

Vulnerability Predisclosure 190

Scheduled Versus Ad Hoc Notification Publication 193

Vulnerability Grouping 194

Notification Format 197

Notification Medium 197

Electronic Document Type 198

Electronic Document Structure 198

Usage of Language in Notifications 199

Push or Pull 200

Internal Notification Review 202

Notification Maintenance 203

Access to the Notifications 204

Summary 205

References 205

Chapter 13 Vulnerability Coordination 209

Why Cooperate and How to Deal with Competitors 209

Who Should Be a Coordinator? 211

How to Coordinate Vendors on a Global Scale 212

Vendors Never Sleep 212

Be Sensitive to Multicultural Environments 213

Use Good Communication Skills 213

No Surprises 214

Summary 214

References 214

9781587052644 TOC 11/9/2010

Read More Show Less

Customer Reviews

Average Rating 4.5
( 2 )
Rating Distribution

5 Star

(1)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Posted December 29, 2011

    GET AN IMMEDIATE RESPONSE NOW!!

    Are you about to form and run a computer incident response team? If you are, then this book is for you! Author Damir Rajnovic , has done an outstanding job of writing a book that provides guidance in both creating and running an effective incident response team. Author Rainovic, begins by covering the various reasons an organization should set up an incident response team. Then, the author shows you how to form an IRT: how to make your case to upper management; how to defend your budget; where to place the team within the organizational hierarchy; and, what policies you might want to put in place. Next, he shows you how to operate a successful IRT. The author also covers what process to follow to manage an attack situation well. He continues by dealing with the issues of incident coordination. Then, the author presents some more significant forums where various teams are coming together. Next, he introduces the theme of product security vulnerability. The author also deals with issues specific to forming the product security team. He continues by providing an overview on who can be involved in the whole product vulnerability space and what their motivation might be. Then, the author describes in detail steps to deal with a vulnerability¿starting from receiving a report on potential vulnerability all the way to publishing a notification. Next, he discusses various issues related to the notification, from what types a vendor may need and why, to language and dissemination, and finishes with document maintenance. Finally, he discusses issues related to vulnerability coordination. This most excellent book helps you establish computer incident response teams, if you do not have them, and gives you ideas on how to improve the operation of the existing ones. Perhaps more importantly, this book helps vendors in understanding that their products will contain security vulnerabilities no matter how hard they try to avoid them and to form a team and processes to manage these vulnerabilities.

    Was this review helpful? Yes  No   Report this review
  • Posted December 12, 2010

    more from this reviewer

    non-technical overview

    The book is pitched at a manager who does not have a deep computing background. It explains numerous aspects of running a computer security team. There is very little jargon or indepth discussion of how a cracker might mount a successful intrusion. Instead you can see what computer security groups already exist, and how to contact them for assistance. You should not hesitate to avail yourself of this global security backup. Likely, those in a security group might have already encountered a similar attack and can suggest countermeasures.

    Of course, your team might have first taken precautions in securing your network and its machines. Here, the book suggests how to do a survey and analysis of your computing environment before any attack. This proactive approach lets you and your team calmly prepare for a perhaps inevitable attack.

    Some issues like whether to publicly disclose that your company has been under attack can be difficult to decide. Your firm might be in an industry where it has an obligation to disclose if, say, a cracker has copied your customer [personal] data. But what if there is no legal obligation. Should you still disclose? Never a pleasant thing to decide! So the book gives you incentive to absorb its advice and try to prevent such an occurrence.

    The references at the end of each chapter take you into more detailed technical discussions. Useful if you need extra information.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)