Library items tagged: incident response

Incident response functions

Anonymous
Friday, February 17, 2012 - 10:16
security
incident response
technical guide
From the preceding discussion it is clear that any organisation connected to Janet must have at least a basic response capability to deal with security incidents as required by its Janet contract. There are also good reasons why the organisation should not be content with this minimum but should provide additional functions for the benefit of its own users and its operation. This extended capability is likely to involve people and groups beyond the basic security incident response group, some of whom may be located in a different part of the management structure.
Read more

Reasons for incident response

Anonymous
Friday, February 17, 2012 - 10:16
security
incident response
technical guide
There are a number of different reasons why a Janet customer site should improve its response to computer security incidents. Depending on the circumstances, different reasons will carry different weight in each organisation: however an effective incident response function should bring benefits in all these areas.
Read more

Effective incident response

Anonymous
Friday, February 17, 2012 - 10:12
incident response
security
technical guide
GD/NOTE/009 (03/09)
Read more

Detecting Conficker on your network

Anonymous
Monday, February 13, 2012 - 20:15
CSIRT
conficker
detecting
incident response
malware
security
From time to time Janet CSIRT may report activity to you that is related to the Conficker worm. Typically this is a record of traffic from an infected host, to a Conficker sinkhole server. These sinkhole servers pretend to be part of the worm’s command and control infrastructure. The worm then attempts to load a web page on the sinkhole server, that were the server real, would contain instructions for the worm. Our reports typically look like this
Read more

Protecting yourself from Conficker

Anonymous
Monday, February 13, 2012 - 20:14
CSIRT
conficker
incident response
malware
protection
security
The Conficker worm (also known as Downup, Downadup and Kido) is probably the most prevalent computer worm on Janet and the Internet at this time. It’s success can be attributed to it’s use of a number of different vectors it uses to infect machines:
Read more

Zeus/Zbot

Anonymous
Monday, February 13, 2012 - 20:12
security
incident response
CSIRT
advice
malware
Zeus
Zbot
Zeus is the name for a family, or perhaps ecosystem of malware that is created and customised using a single toolkit. Not only does the toolkit generate the executable that infects systems, but it also produces server files that act as the command and control infrastructure for the operator’s botnet. Primarily Zeus is used to steal banking details through the use of keystroke logging and screen captures that are sent from the infected system to the command and control sever.
Read more

The Carberp Information Stealing Trojan

Anonymous
Monday, February 13, 2012 - 20:12
security
incident response
CSIRT
malware
Carberp
Carberp is the name of the latest in an increasing line-up of information stealing malware that have evolved in the last few years. As in the case of it’s forerunners (Torpig/Mebroot,Clampi, ZeuS and SpyEye) the most recognised role of Carberp is to steal users e-commerce payment transaction data (e-banking, Paypal, debit/credit card etc.), although any sensitive data is at risk (personal identity or research data for example).
Read more

Conficker

Anonymous
Monday, February 13, 2012 - 20:12
CSIRT
conficker
incident response
malware
security
Janet CSIRT routinely processes netflow data to detect signs of Conficker infections on Janet.
Read more

Spam bounces considered harmful

Anonymous
Monday, February 13, 2012 - 20:10
CSIRT
advice
incident response
security
spam
Rodney Tillotson The expectation that e-mail services will return a failure notice or report for messages that cannot be delivered is no longer realistic. In most cases Janet-connected organisations should not attempt to provide such notifications.
Read more

Penetration testing

Anonymous
Monday, February 13, 2012 - 20:09
security
incident response
CSIRT
advice
penetration testing
testing
factsheet
PB/INFO/082 (11/04) Many organisations are looking to have some form of penetration testing performed on their systems. This may simply be to evaluate existing security measures and to find gaps where security needs improvement, but increasingly it is performed to comply with security standards when connecting to public sector networks or processing payment details.
Read more