O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Responding to an Incident

Knowing in advance the steps you will need to follow when responding to an incident will make you better prepared for the task when it arises. Outlining the steps in a plan or procedure that can be quickly and easily followed will lessen the chance that crucial pieces of data are overlooked.

When responding to an incident, never lose sight of the primary goal. If that goal is to restore control of the system as quickly as possible, you should not spend an inordinate amount of time gathering evidence. If the goal is to limit the extent of the damage while possibly pursuing the attacker, make sure to create images, backups, and a chain of custody to develop a solid set of evidence. A best practice is to have a redundant ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required