Your SlideShare is downloading. ×
FTP Data Breach Incident Response - Eric Vanderburg
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

FTP Data Breach Incident Response - Eric Vanderburg

105

Published on

FTP Data Breach Incident Response - Eric Vanderburg

FTP Data Breach Incident Response - Eric Vanderburg

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
105
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. FTP Data Breach Incident Response Eric Vanderburg June 19, 2008
  • 2. Scenario • Private confidential data on an FTP server is accessed by an unauthorized individual • Incident: YES • Issues – Potential privacy notification is needed – More data could be viewed or stolen so the incident needs to be contained – Data needs to be replaced
  • 3. Detection and Analysis • • • Determine access method – Stolen or sniffed password – Exploit in system Determine the scope of the incident – Find out if the incident has happened before an never discovered. – Find out which data was accessed and which stakeholders/clients are impacted by the disclosure Determine if the data obtained is in a form that would disclose private data, can be converted into a form that would disclose private data, or can be combined with data from another incident to disclose private data.
  • 4. Containment Strategies • • • • • • Block IP or IP subnet from the firewall Shutdown FTP Change FTP passwords Move FTP to another server Change FTP ports Contact source and try to stop the distribution or use of the information
  • 5. Recovery • Restore data from backup • Request that the client resend the data
  • 6. Post-incident Activities • Attendees: – Management • CEO / Senior Partner • COO • Network Operations Manager • Litigation Support Manager – Public Relations Analyst – Sales Manager (Facilitator) – IT Staff • Senior Network Engineer • Network Engineer • Exchange Administrator • Network Analyst
  • 7. Preventing Future Occurrences • • • • • Set timeout on FTP site Set alerts on FTP events Encrypt username and password or require VPN for FTP Set FTP server to only respond to specific IP addresses Configure Firewall rules for FTP ports to only allow traffic from specific pre-approved IP addresses or subnets.

×