Re: I got an intruder ...
Dr. Frederick B. Cohen (fc@all.net)
Mon, 20 Nov 1995 07:14:58 -0500 (EST)
Just a few general comments on the ongoing discussion.
1) The discussion itself is very worthwhile, even though it's probably
very little help to the person who originally asked for help. Among
other things, the differring points of view show that this is not a
trivial issue or one that has a pat solution.
2) The discussion points out very clearly that the most important factor
in responding to an incident is being prepared ahead of time. Without a
corporate policy, a well prepared incident response team, proper lines
of communication with law enforcement, adequate knowledge of the laws,
commitment by top management, technical capabilities, and other similar
things, response is likely to be inadequate.
3) It seems clear from the discussion that the people making posts to
the list are not fully aware of the current environment. Several of the
postings have demonstrated some limited knowledge of legal issues and
several of the postings have ignored technological limitations of most
organizations. Nobody started their commentary (on the list) by asking
questions about the organization. Without understanding the nature of
the organization, it's almost certain that any advice could only succeed
by pure luck.
I'm sure there are other issues that I have ignored here, but I thought
it might be helpful to brush over these three areas because they are
commonly missed issues in incident response.
--
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236