Linux Today: Linux News On Internet Time.

Security Portal: Do you have an Intrusion Detection Response Plan?

Aug 24, 1999, 04:51 (2 Talkback[s])

"Last week, we explored methods and tools for detecting intruders on Linux platforms. In response to several reader inquiries, we are focusing on what an intrusion detection response plan should consist of."

"It is impossible to create a response plan that reflects your organization's values without an accurate risk assessment."

"After gaining the report of the intrusion, it is time to take countermeasure steps:"

  • "Define the type of attack."
  • "Inform Users."
  • "Contain the intrusion."
  • "Identify the source."
  • "Notify all interested parties."
  • "More detailed repair of the systems, if needed."
  • "Detailed post-mortem of the intrusion."

Complete story.