AOH :: ISNQ7219.HTM

You've Been Breached: Now What?




You've Been Breached: Now What?
You've Been Breached: Now What?



http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=228800744 

By Adam Ely 
InformationWeek
December 18, 2010 

No one likes to think about database breaches, but the fact is, they 
happen. Rather than cross your fingers and hope for the best, create an 
incident response plan ahead of time. Without a plan, you may destroy 
critical evidence that could be used to prosecute the offender. You 
might also overlook just how the incident occurred, leaving you exposed 
to future breaches.

Log analysis is an essential component of an incident response plan. 
You'll want to review logs from the compromised machine or machines and 
from other sources, including network devices and access control 
systems.

A number of log types--transaction, server access, application server, 
and OS--can all provide valuable information to retrace what occurred. 
If your database administrator has enabled transaction logs--and it's a 
big if--start there because they're a rich source of information.

Your first goal is to understand what data has been extracted, which 
will help you gauge the current risk to the company. Then examine what 
else the attacker may have tried to do. As you review logs, look for 
queries that would match the data known to be exported. If you don't 
have any evidence to match against, gather up the database 
administrator, application developer, and anyone else who knows normal 
application and database activity. Get a conference room, display the 
logs on a projector, and have them help you look for anomalies such as 
unusual queries that applications or administrators wouldn't normally 
make.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/ 

Site design & layout copyright © 1986-2014 CodeGods