• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
FTP Data Breach Incident Response - Eric Vanderburg
 

FTP Data Breach Incident Response - Eric Vanderburg

on

  • 133 views

 

Statistics

Views

Total Views
133
Views on SlideShare
133
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    FTP Data Breach Incident Response - Eric Vanderburg FTP Data Breach Incident Response - Eric Vanderburg Presentation Transcript

    • FTP Data Breach Incident Response Eric Vanderburg June 19, 2008
    • Scenario • Private confidential data on an FTP server is accessed by an unauthorized individual • Incident: YES • Issues – Potential privacy notification is needed – More data could be viewed or stolen so the incident needs to be contained – Data needs to be replaced
    • Detection and Analysis • • • Determine access method – Stolen or sniffed password – Exploit in system Determine the scope of the incident – Find out if the incident has happened before an never discovered. – Find out which data was accessed and which stakeholders/clients are impacted by the disclosure Determine if the data obtained is in a form that would disclose private data, can be converted into a form that would disclose private data, or can be combined with data from another incident to disclose private data.
    • Containment Strategies • • • • • • Block IP or IP subnet from the firewall Shutdown FTP Change FTP passwords Move FTP to another server Change FTP ports Contact source and try to stop the distribution or use of the information
    • Recovery • Restore data from backup • Request that the client resend the data
    • Post-incident Activities • Attendees: – Management • CEO / Senior Partner • COO • Network Operations Manager • Litigation Support Manager – Public Relations Analyst – Sales Manager (Facilitator) – IT Staff • Senior Network Engineer • Network Engineer • Exchange Administrator • Network Analyst
    • Preventing Future Occurrences • • • • • Set timeout on FTP site Set alerts on FTP events Encrypt username and password or require VPN for FTP Set FTP server to only respond to specific IP addresses Configure Firewall rules for FTP ports to only allow traffic from specific pre-approved IP addresses or subnets.