That access doesn’t just involve setting and removing account permissions, either. Horton says an important first step is putting a team under legal privilege, which means those working on an incident response can't be forced to disclose details.“If an outside firm comes in and does its work for two or three weeks, and then you decide that all the stuff that has been uncovered should have been privileged, it’s too late. Get it in as soon as possible,” he warns.You have your plan and your team but one day, in spite of your best efforts, someone prises open your network and causes some damage. This is where the identification and investigation phase kicks in.“The realisation might come days, weeks or months after the event,” says Osborn.Be prepared to do some digging after alerting the response team, he advises. Solid data collection is key so that you can drill down into the data and understand what has happened.“You should be collecting the logged information all day, every day,” he says.

There are various tools to do this, including Splunk, which provides operational intelligence based on logs. Security information and event management tools can be useful, as they aggregate log data from a variety of sources and alert you when different events correlate to indicate a threat.Properly used, these tools will enable you to analyse historic data to find the root of a particular network incident.The key rule here is that everything should be documented in anticipation of using it in court, says SANS. The document should cover what team members did in their investigations, in addition to who, where, when, why and the all-important how.Containment is where things get really interesting. The aim, of course, is to mitigate any damage that has already been done and to stop the attacker doing any more.Throttling attackers involves understanding how they work. Experts explain that they gain access to a system and then escalate their privilege to gain access to more sensitive information.

Then when they have found the data they want, they steal it via exfiltration. In their quest for valuable data, some can siphon it off stealthily for long periods.““You must ask yourself how can we split off the compromised user account? How can we lock down the server that was breached?” says Paul Nguyen, president of global security solutions for automated threat response firm CSG Invotas."What about the database or application layer: how can we close off whole event levels?”Companies should take forensic backups of infected machines to preserve evidence
SANS breaks down containment into various stages. One is short-term mitigation – cutting infected networks off from the rest of the network, for example. This needs to be done as quickly as possible.Nguyen advocates automation at this stage to expedite protection. His company provides tools designed to harden internal resources against the spread of a threat using automated scripts that configure devices on the fly.SANS recommends system backup as a second stage. Companies should take forensic backups of infected machines to preserve evidence.And finally, long-term containment involves fixing affected systems temporarily so that they can still be used as the team prepares to completely eradicate the threat. This includes removing backdoors and patching systems against the threats.

• HP Pavilion dv6-14 Battery


• HP Pavilion dv6-20 Battery


• HP Pavilion dv6-21 Battery


• HP Pavilion dv6-30 Battery


• HP Pavilion dv6-31 Battery


• HP Pavilion dv6-32 Battery


• HP Pavilion dv6-33 Battery


• HP Pavilion dv6-40 Battery


• HP Pavilion dv6-60 Battery


• HP Pavilion dv6-61 Battery


• HP Pavilion dv6t-1000 Battery


• HP Pavilion dv6t-1100 Battery


• HP Pavilion dv6z Battery


• HP Pavilion dv6z-10 Battery


• HP Pavilion dv7-10 Battery


• HP Pavilion dv7-11 Battery


• HP Pavilion dv7-12 Battery


• HP Pavilion dv7-20 Battery


• HP Pavilion dv7-21 Battery


• HP Pavilion dv7-22 Battery

Von Roessing has his own take on the containment phase, which he calls “response”. In addition to mitigating damage, he advocates secret observation to find out as much about the intruder as possible.“Resist the temptation to beat them over the head because you will lose a lot of intelligence if you do that,” he says.“You must set up a honeypot to keep them distracted, while having your forensics team secure the evidence."Everything you can find out about attackers will help you to get closer and work out where they are coming from. What IP ranges are they using? Is there a digital “handwriting” that they are using?Technological approaches to containment are just one aspect of mitigating the effects of a breach. Another is notification. Companies must tick their legal and ethical boxes, notifying customers and regulators where necessary.Paul Simmonds, CEO of the Global Identity Foundation and one of the original architects of deperimeterisation at the Jericho Forum, is sceptical about companies’ capabilities here.“There is a playbook, which is don’t make it public unless you have to. If you go to your PR department, that’s what they will advise you,” he says.“The next question is: what laws are in place to mandate notification? And the one after that is: can we get away with it if we don’t notify?” And that’s if the company is an ethical one, he adds.

With the containment taken care of, it is time to eradicate the threat from your network entirely. When taking this step, document human resources and other costs that go into the effort.This will help you to understand how much this part of the breach cost you, says SANS, while also providing proof that the toxins were removed from your systems.Wiping and re-imaging systems is important, as is patching the re-imaged systems against the vulnerabilities that allowed the attack to happen in the first place.Von Roessing’s team treats this as an exercise in disaster recovery because companies are taking systems out of operation, at least for a short while.“Once you do that, you may have killed the attacker but you may have also killed yourself unless you have a strong disaster recovery and business continuity capability,” he says.Many systems may need to be patched. Some hardware may need to be replaced entirely, and components of the network may have to be reconfigured.“In between you run things in alternative or emergency operations mode,” he says.The final two steps in the incident response process are recovery and improvement. Ensuring that the systems are clean and working properly involves a set period of monitoring them for abnormal behaviour.

The improvement process is your way to potentially come out ahead. Reviewing how the incident response was managed will hone your skills so that next time (and let's not fool ourselves here) you will be able to act even faster and more decisively.The improvement phase goes beyond refining your incident response into an analysis of your security protections.The attacker's behaviour may give you clues about how you can tighten up your security operations and tools to make another attack more difficult. Look for systematic weaknesses in your infrastructure and processes."Rather than closing a few loopholes, we should take a big step back and think holistically. What was the degree of vulnerability? Did we deter them?” says Von Roessing.Without this broader analysis, the same attacker may be back for another try, he warns.From preparation through to transformation, the incident response process should be a cyclical one. What is learned from one incident should be fed back into your preparation phase, creating a positive feedback loop.Be sure of one thing: your attackers are busy perfecting their skills and finding new ways into your system.

• HP Pavilion dv7-30 Battery


• HP Pavilion dv7-31 Battery


• HP Pavilion dv7-40 Battery


• HP Pavilion dv7-41 Battery


• HP Pavilion dv7-42 Battery


• HP Pavilion dv7-43 Battery


• HP Pavilion dv7-50 Battery


• HP Pavilion dv7-60 Battery


• HP Pavilion dv7-61 Battery


• HP Pavilion dv7-7100 Battery


• HP Pavilion dv7-ct Battery


• HP Pavilion g4t Battery


• HP Pavilion g6s Battery


• HP Pavilion g6x Battery


• HP Pavilion g7t Battery


• HP Pavilion g7x Battery

Unless you are constantly improving, you will be at a disadvantage in a game with ever-growing stakes. Analysis It seems hard to believe but 10 years ago the PC was the only computing interface for billions of consumers and businesses and Microsoft owned them all.A desktop or laptop running MS Windows loaded with Office for creating documents and spreadsheets and Internet Explorer to view web pages.Nearly 100 per cent market share is difficult for anybody to attain, yet Microsoft did it – in the OS, on productivity, and in web browsing.Then came Firefox 1.0 for Windows, Mac OS and Linux. Mozilla’s browser was released 10 years ago today (9 November 2004). It was responsible for a catastrophic (for Microsoft) loosening of IE’s strong grip on the browser market.Today Internet Explorer is a shadow of its former self, with half its 2004 market share.Firefox zoomed, in contrast, to around a quarter of the web browser market relatively quickly and stayed there.It achieved the impossible: slackened the auto-buy mindset of consumers, businesses and PC makers, who had believed that the only way was IE. And Firefox proved that the world’s largest software company didn’t own the keys to making a successful browser.

It also opened up the market for others: without Firefox there’d have been no Chrome.With hindsight, we can now see Firefox as the start of the beginning of the end for Microsoft’s desktop troika: Office’s lock on documents had been cracked by open-source and web-based alternatives like Google Docs in 2004, and latterly, LibreOffice in 2011.The PC has been surpassed by the tablet and smartphone, by iOS and Android.But 10 years on, Firefox itself now occupies the flat lands in terms of growth, as the dial on its market share hasn’t moved for some time.In some ways, that’s a comment on the situation in 2004: Mozilla exploded like a Blitzkrieg on a sleeping giant – gains were arguably inevitable as the giant’s defences were down. Today, nobody is being complacent, and both Microsoft and Google are working furiously for ways to undermine and overwhelm the other two rivals Firefox and Apple's Safari.Chrome is regularly updated. While Microsoft is cooking up a version of Internet Explorer in the hope of bringing the developers who abandoned it back into the fold. It will come loaded with RemoteIE and Windows Azure on the back end to let devs test client apps for Windows, Android, Mac, and iOS.

To add a comment please login by clicking here