Difference between revisions of ".NET Incident Response"
(New page: ==.NET Incident Response== Understanding how to respond to an incident before it occurs is critical to recovering operations. This section contains information for incident response, and ...)
|Line 26:||Line 26:|
Revision as of 19:23, 15 April 2008
.NET Incident Response
Understanding how to respond to an incident before it occurs is critical to recovering operations. This section contains information for incident response, and specific content for .NET web application and service incident response handling. In addition to traditional logging functions, how do we know if our application, service, database or other software has been exploited.
Areas of Concern
- Incident Response Plan
As they say, it is not if, it is when you are attacked, what is the plan?
Who uses your software? How do you communicate the incident to your user base?
- Activating the plan
How do we know we've been attacked. Applications and services need to be instrumented to provide information specific to functionality within the software. What guidance or tools are needed to provide information to incident response personnel.
Limit the exposure of the incident by isolating the damage.
- Attack Identification and Severity assignment
Find the origin of the attack. Estimate exposure.
- Evidence handling best practices
- Recovery and Continuity