Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Releases Guide to Cyber Attacks

Posted by CowboyNeal on from the get-a-security-plan dept.

treerex writes "NIST (the US National Institute of Standards and Technology) has just released a 148 page report entitled Computer Security Incident Handling Guide (PDF). It covers the gamut, from setting up a response team to dealing with specific types of attacks: DoS, trojans, worms, malicious code, and unauthorized access. While written by a team from NIST and the contractor Booz-Allen Hamilton (BAH), they appear to have taken input from CERT and luminaries like Spafford. It is an interesting read."

12 of 126 comments (clear)

  1. IJDE by Anonymous Coward · · Score: 5, Informative

    The International Journal of Digital Evidence is also worth keeping up with, if this type of stuff interests you.

  2. No...It's FOR federal agencies by waferhead · · Score: 4, Informative

    The fact that the guvmint machines are the easy targets is apparently the point.

    This if for federal agency use, and anyone elses.

    This also effectively says "You WILL do it like this" to the federal agencies.

    There will be a quiz.

  3. Re:Interesting! by randyest · · Score: 4, Informative

    As you will no doubt glean if you read the document completely, there are a lof of "Oh, and I forgot"'s in order -- that's why they made the doc and, presumably, why it's posted here. So, please hold the preemptive (and thus incomplete) summary. It's useful info for us all to read.

    Then again, looks like all the other threads below are mired in conversations about nukes, Amerika-bashing, and other offtopic stuff, so at least you're on topic.

    --
    everything in moderation
  4. Text Version by Hal+The+Computer · · Score: 3, Informative

    You're going to need a text editor that supports lines longer than 80 charachters, but if you have one, I've made a decent zipped text file from the PDF for people with slow connections. As always NO WARRENTY WHATSOEVER.
    Computer Security Incident Handling Guide.zip (113K) (zipped text file)

    --

    int main(void){int x=01232;while(malloc(x));return x;}
  5. Re:Does it say... (Simpsons sig) by jatencio · · Score: 2, Informative

    How come Homer and Krusty look like clones?

    I think Homer and Krusty look a like because originally, the Simpson's premise was about a boy who hated his father but was in awe with a clown who looked exactly like his father. Thus they look a like.

  6. Re:BAH? by J3zmund · · Score: 2, Informative

    Well, the original server-sitter left BAH before the break-ins occured. His position prior to building and maintaining webservers for a DoD contractor was dog-walker (no, seriously, he walked dogs for a living).

    The people who took over his position didn't change the passwords. They have since been re-educated about security and best-practices. Nothing confidential was on the servers in question, but it looked bad for their web-team here in San Diego.

    --

    It's all Hood
  7. Issues on accuracy by Anonymous Coward · · Score: 2, Informative

    I can tell that certain parts of the document were not written by people who have actually done the work. For example, a portion of it talks about write-protection software. Unfortunately it is in the wrong section where they talk about a live response. I'd love to see them apply a write protection device on an active Windows system!

    Typical Booz-Allen crud. We hated these guys when I worked in the gov. Our command once paid over 250k for a 2" high report that simply re-hashed the interviews they conducted.

  8. Speaking of Spafford.... by securitas · · Score: 3, Informative


    ... Here's an interview with Gene Spafford in two parts that outlines a lot of the issues that he's concerned with. It provides some background and insights into some of the thinking behind the guide. I found his views on the purpose of security technology especially interesting and somewhat unexpected. The same goes for his indirect criticism of Microsoft.

    Description courtesy of Bruce Schneier's Crypto-gram:

    Long and interesting interview with Gene Spafford, about the infosec threat landscape; privacy; the challenges of digital certificates, CRLs, public key infrastructure standards and interoperability; key escrow, backup and recovery; identity fraud; trust on the Internet; and the problems of security education today. Sample quote: "Security doesn't work as an add-on. It really needs to be built-in from the beginning."
  9. Re:DoS, trojans, worms, malicious code.... by LucidityZero · · Score: 2, Informative
    Why don't companies really concerned about security simply disconnect

    Ummm... They do. If you've ever worked anywhere involving classified information, you'd know that EXTREME measures and controls are normally in place in order to completely eliminate possible bleeding between classified and unclassified networks...

    --
    Sig.i>
  10. Re:Limit outbound encrypted traffic? Damn straight by js7a · · Score: 2, Informative
    No really, blocking SSH/ESP and tracking HTTPS is a reasonable suggestion -- if anything, I'd say the above doesn't go far enough.

    Reasonable? Pointless.

    Applications which tunnel through the HTTP application layer (not just SSH o port 80) using fully obscured forms encryption are prevalent and readily available to the non-technical PC user. Such applications are very popular in Saudi Arabia and China, for example. Primarily because there are, at this time, no proxies capable of blocking them.

    And as soon as such proxies appear, the HTTP application layer tunnels will go polymorphic in their protocols. There is no hint of evidence that the proxies have any chance of keeping up.

    It is well-known to the steganography community that any open channel, even email, are insecure. Unless such channels are closely monitored by a professional cryptographer, there is no chance that they can reliably be monitored to prevent unfriendly traffic.

  11. Re:There's one HUGE thing missing here. by Antibozo · · Score: 2, Informative

    Page ES-4:

    Practicing the handling of large-scale incidents through exercises and simulations on a regular basis; such incidents happen rarely, so incident response teams often lack experience in handling them effectively.

    See also appendix B, "Incident Handling Scenarios".

  12. It's simple but that's what you need. by gelfling · · Score: 2, Informative

    While you all give mad props to each other about how much you know and how silly this is, there really are thousands of admins and others who need to be told to scratch their ass with THIS finger. Whether it's institutional paranoia, fear or lack of knowledge, skill or training - most of the problems we experience out there are easily preventable if someone enforced it, someone audited it, someone got educated in it or someone was simply TOLD to do it.