Slashdot Mirror

← Back to Stories (view on slashdot.org)

NIST Releases Guide to Cyber Attacks

Posted by CowboyNeal on from the get-a-security-plan dept.

treerex writes "NIST (the US National Institute of Standards and Technology) has just released a 148 page report entitled Computer Security Incident Handling Guide (PDF). It covers the gamut, from setting up a response team to dealing with specific types of attacks: DoS, trojans, worms, malicious code, and unauthorized access. While written by a team from NIST and the contractor Booz-Allen Hamilton (BAH), they appear to have taken input from CERT and luminaries like Spafford. It is an interesting read."

8 of 126 comments (clear)

  1. Re:Are these all the attacks? by ElGnomo · · Score: 5, Insightful

    I would think that if the majority of people did something so simple as to patch their machines, worms would posed half the threat they do now. So, yes, Education is a simple but effective measure to combat security exploits.

  2. Interesting! by dot-magnon · · Score: 5, Interesting

    This might be unnescessary for "professionals", people who know these things from before and work with it. But for the average sysadmin, this is just great! He/she could know how to:

    1. Find out what happened
    2. Close the breach
    3. Report the breach.

    If the sysadmin doesn't know how to do this, they also know where to seek help.

    I'll probably get messages back saying this is just dumb and generic, but it's better than not knowing anything at all. A lot better. All too few people know how to handle situations like this, and they will need somewhere to start.

    I'll give this thing a skim read (just read contents and some interesting paragraphs now) and get back to this ;)

  3. IJDE by Anonymous Coward · · Score: 5, Informative

    The International Journal of Digital Evidence is also worth keeping up with, if this type of stuff interests you.

  4. Gleam Something From This by munch0wnsy0u · · Score: 5, Insightful

    Beyond the typical vapid governmental reports, this is a step in the right direction. Anything to create a buzz around security, especially computer security, will serve the public well. This is what needs to happen: standardization. The government has done a commendable job in creating standards for dealing with national security - why not extend that to computer security. All these posts that do nothing to note the fact that this is a good thing don't see past the .gov TLD

  5. Re:Are these all the attacks? by Davak · · Score: 5, Funny

    They also have a 1-800 number.


    Thank you for calling the US National Institute of Standards and Technology Security Hotline.

    Please say "HOLA" now if you espanol...

    Otherwise please select one of the following selections dealing with your security problem.

    Press 1 if you have suffered a DOS attack
    Press 2 if your network has been infected with a worm
    Press 3 if your site is being slashdotted
    Press 4 if 13 year olds have defaced your web site
    Press 5 if you are running windows as your server

    Press 666 if you are a missle silo control room and have realized that someone has gained root or administrative access on your control system

    Have a nice day.

  6. Corporate Incident Response Checklist by Jonathan+Quince · · Score: 5, Funny

    Guide for Sysadmins: Upon learning that your systems have been penetrated, proper incident response is as follows:

    1. Scream. Hold head between hands and moan.
    2. Check passport, one-way tickets to South American country of choice. Express relief that the emergency escape kit is still operational.
    3. Remember advising boss to recind deparmental policy of secure sticky-note-on-the-monitor storage for passwords. Recall boss' gales of laughter in response. Take hefty swig of Jack Daniel's.
    4. Remember advising boss to please not open random e-mail attachments. Recall boss' blank stare in response. Suck on barrel of .357 revolver for 5 minutes or until sufficiently calmed down.
    5. Remember pleading with boss to allow filtering executable attachments. Recall boss' response. Almost pull trigger.
    6. Resist urge to yank server out of rack and dump out nineth-story window.
    7. Advise boss of break-in. This starts the long chain of blame-passing that ends when the CEO sacks 5 random people in middle management and below.
    8. Sit back and watch the spin machine start the vital post-incident response protocol of figuring out who might know what happened and silencing them.
    9. ???
    10. Profit!
    --
    Microsoft Windows is, fittingly, the official Desktop OS of Olig
  7. Does it say... by Black+Parrot · · Score: 5, Funny


    ...what to do in case of a Slashdotting?

    --
    Sheesh, evil *and* a jerk. -- Jade
  8. A good idea by unstable23 · · Score: 5, Insightful

    I think it's actually a good use of taxpayer money, which is the first time that I've said that in public.

    If nothing else, it provides a good framework to start from, especially small companies/non-profits etc, where they don't have the resources to hire a full-time crack security team. This helps them set priorities and useful business things like that.

    I'm really quite surprised people are being negative about it.