Posts Tagged ‘computer security’


Does Your Company Have A Computer Incident Response Team (CIRT)?

Saturday, July 31st, 2010

Computer Incident Response Team is an expert group that handles computer security incidents. Whenever a new technology arrives, it is invariably dogged by misuse like the first worm in the IBM VNET and Morris Worm that hit Internet and paralyzed it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract. With the massive growth in the use of Information and Communications Technologies thereafter, the Computer Incident Response Team (CIRT) has come to stay as an essential part of large organizations.

No matter how well your network is protected, there are always incidents you are not prepared to deal with, by yourself. It may be because the problem is beyond your technical know-how for the necessary action to be taken. Security policy of a company is not complete until procedures are put into place for the handling and recovery from the incidents. The best solution is to include a Computer Incident Response Team (CIRT) within the company’s incident response procedures.

What is a Computer Incident Response Team (CIRT)?

A Computer Incident Response Team (CIRT) is a group of people who can promptly and correctly handle an incident. A Computer Incident Response Team (CIRT) can quickly contain, investigate and recover from an incident that poses a threat to the security of an organization. A Computer Incident Response Team (CIRT) is usually comprised of members from within the company. A Computer Incident Response Team (CIRT) must have people with the authority to make decisions and take actions.

Who constitute a Computer Incident Response Team CIRT?

Depending on the needs and resources of the company a Computer Security Incident Response Team (CIRT) is constituted.

Members in a Computer Security Incident Response Team (CIRT):

Management: A member of upper level management on the Computer Security Incident Response Team can make the big decisions, and be an effective resource involved in evaluating security, selecting a team, developing a policy and exercising the plan during an incident based on input from the members of the team.

Information Security: They are the trained personnel in the area of handling electronic incidents with an ability to handle a multitude of incidents. An Information Security member on the Computer Security Incident Response Team can assess the extent of the damage and execute containment, basic forensics and recovery.

IT Team: In the event of an incident, the IT team on the Computer Security Incident Response Team knows where the data can be accessed or discovered before the evidence or the corrupt database is over written and replaced from a back up.

The IT/MIS: The IT/MIS on the Computer Security Incident Response Team can assist the Information Security team with technical matters if required.

IT Auditor: The IT Auditor tracks the incident and works with IT/security conducting post-incident reviews to avoid problems in the future.

Security: The Security on the Computer Security Incident Response Team can assess any physical damage, investigate physical evidence and guard evidence during a forensics investigation to maintain a chain of evidence.

Attorney: An attorney on the Computer Security Incident Response Team is useful for supplying them with legal advice on the usability of any evidence collected during an investigation and also provide advice regarding liability issues that affect customers, vendors or the general public.

Human Resource: Many incidents involve company employees. The Human Resource on the Computer Security Incident Response Team provides advice as to how best to handle situations when an employee is discovered to be involved.

Public Relations: The Public Relations on the Computer Security Incident Response Team communicate with team leaders, the press and stockholders to ensure an accurate understanding of the issue, the company status and current situation.

Financial Auditor: Financial Auditor on the Computer Security Incident Response Team has the hardest job to do when an incident occurs putting a monetary figure that has occurred as a result of an incident for insurance companies and to press charges under the National Information Infrastructure Protection Act.

Some managers may not opt to create a team and prefer outsourcing professionals when an incident occurs. For them creating a Computer Incident Response Team may not be the best solution for every company, but it can prove to be an invaluable tool. Computer Incident Response Team improves the response time to any computer based problems an organization may face.

Data Triage’s Computer Incident Response Team helps the organizations which has become the victim a of security breach. CIRT team captures and isolates evidence while restoring services efficiently. Steps are taken to insure the evidence is preserved for possible litigation or legal compliance.

Network Forensic Analysis Tools to Assess Network Vulnerabilities

Friday, October 24th, 2008

Every organization today has some type of a network security policy to protect or secure its systems, but when there is a violation of organization policies with vulnerable attacks then forensic analysis plays a crucial role. The evidence in computer forensics may take many forms with the help of network forensic tools.

Many network analysis tools are available nowadays to create a report containing details of potential problems like monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack etc. Some of the forensic tools are specially designed for networks.

For example: DNA (Distributed Network Attack) a new approach in computer forensic analysis is one of the most efficient forensic tools in recovery of password protected files. The new tool made major advancements in recovery of distributed network system, which were earlier limited to the processing of single machine.

With installation of the DNA tool on the server it will have access to the network and power to processes on different machines to decrypt the passwords. There by the DNA manager is responsible for coordinating the attack, assigning small portions of key search to machines distributed throughout the network. With the use of this forensic tool the liability of client to commit mistakes can be avoided.

There are other forensic tools, some designed for analysis of network activity and some are intended for log aggregation or analysis. Through these forensic tools you can see the services operating over the network like file openings and closing.

Network security audit helps reduce the possibility of network downtime by discovering the security incidents and the attacks through its LAN, WAN or intranet. In terms of network security concerns you can even go for external and internal security audits to identify and eliminate any security vulnerabilities in your systems.

An External network access will test your network devices and servers for vulnerability to a wide range of exploits, viruses, worms and other common internet attacks. Where as internal security audit starts with threat discoveries which include frequent virus outbreaks, unauthorized access to sensitive e-mail or documents etc.

The domain hijacking, machine break-ins, cracking user passwords, retrieval of sensitive documents, and physical access to sensitive hardware or software can also be analyzed with these audits.

Once the analysis or audit is completed you can easily eliminate the network security problems. These are also applied to the storage area networks and network attached storage. With the help of network forensic tool you can identify and respond to computer crimes and policy violations, not just investigating historical incidents.

www.Datatriage.com, a leading expert in Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.