Incident Response: Best Practices for Common Attack Scenarios

•

0 likes•21 views

Navigate through the intricacies of incident response with proven strategies. Explore best practices tailored for addressing common attack scenarios effectively. Gain insights and expertise to fortify your cybersecurity defenses, ensuring a resilient response in the face of evolving threats.

Education

@infosectrain
SCENARIOS
INCIDENT RESPONSE
BEST PRACTICES FOR COMMON
www.infosectrain.com
ATTACK

BRUTE FORCING
www.infosectrain.com
@infosectrain
INVESTIGATION
01 Analyze Active Directory, application, and operating
system logs for multiple login failures.
02 Contact the user to confirm the legitimacy of
login attempts.
ACTIONS
01 If unauthorized activity is confirmed, disable the account.
02 Investigate and block the attacker’s IP address.
03 Implement account lockout policies to prevent
brute force attacks

BOTNETS
www.infosectrain.com
@infosectrain
ACTIONS
01 Identify and remove malicious processes.
02 Fix the vulnerabilities by applying necessary patches.
03 Isolate the affected server to prevent further
malicious activities.
INVESTIGATION
01 Monitor network traffic for connections to suspicious IPs.
02 Check OS logs for new or suspicious processes.
03 Contact the server owner and support team for
information.

RANSOMWARE
www.infosectrain.com
@infosectrain
ACTIONS
01 Request anti-virus checks and initiate a malware scan.
02 Isolate the infected machine to prevent further spread.
INVESTIGATION
01 Check for anti-virus alerts and malware indicators.
02 Monitor network traffic for connections to suspicious IPs.

DATA EXFILTRATION
www.infosectrain.com
@infosectrain
ACTIONS
01 If a rogue employee is suspected, contact their manager
for an internal investigation.
02 If it's an external threat, isolate and disconnect the
compromised machine from the network.
INVESTIGATION
01 Monitor network traffic for abnormally high traffic
patterns using DLP.
02 Check proxy logs and OS logs for unusual activities.

COMPROMISED ACCOUNT
www.infosectrain.com
@infosectrain
ACTIONS
01 If a compromised account is confirmed, disable the
account, change the password
02 Conduct forensic investigations to determine the
extent of the breach.
INVESTIGATION
01 Analyze Active Directory logs, OS logs, and network traffic for
indicators of a compromised account.
02 Contact the user for additional information.

DENIAL OF SERVICE
www.infosectrain.com
@infosectrain
ACTIONS
01 If the DoS is due to vulnerabilities, contact the patching
team to remediate the vulnerabilities.
02 Enable redundancy and failover for uninterrupted
service during an attack.
03 For a network traffic-induced attack, contact network support
or ISP and refrain from disclosing sensitive information
too quickly.
INVESTIGATION
01 Monitor network traffic for abnormally high traffic.
02 Review firewall logs and OS logs for signs of the attack.

FOUND THIS USEFUL?
Get More Insights Through Our FREE
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE SHARE FOLLOW

Similar to Incident Response: Best Practices for Common Attack Scenarios

Lannguyen-Detecting Cyber Attacks

Security Bootcamp

OWASP TOP 10 by Team xbios

Vi Vek

INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. In Fiscal Year (FY) 2015, 295 incidents were reported to ICS-CERT, and many more went unreported or undetected. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense teams a chance to quickly and effectively detect, counter, and expel an adversary. This paper presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems.

CISA GOV - Seven Steps to Effectively Defend ICS

Muhammad FAHAD

Defending Industrial Control Systems From Cyberattack

Mountain States Engineering and Controls

Defending industrial control systems from cyber attack

Analynk Wireless, LLC

NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems

Miller Energy, Inc.

Defending Industrial Control Systems From Cyberattack

CTi Controltech

Seven recommendations for bolstering industrial control system cyber security

CTi Controltech

Intrusion detection

CAS

Threat Hunting Playbook.pdf

laibaarsyila

Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client’s IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular websites. Website administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block all known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike. To address this problem, we present Nymble, a system in which servers can “blacklist” misbehaving users, thereby blocking users without compromising their anonymity. Our system is thus agnostic to different servers’ definitions of misbehavior — servers can blacklist users for whatever reason, and the privacy of blacklisted users is maintained

Nymble:Blocking misbehaving users in annoying networks(Link)

Mysa Vijay

Attachment 1 – mitigation measures for two factor authentication compromise

Hai Nguyen

The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security. One of OWASP’s core principles is that all of their materials be freely available and easily accessible on their website, making it possible for anyone to improve their own web application security. The materials they offer include documentation, tools, videos, and forums. Perhaps their best-known project is the OWASP Top 10.

Owasp top ten 2017

AnukaJinadasa

NormShield 2018 Cyber Security Risk Brief

NormShield

Stop blaming your users for compromised passwords. Bolster your defense against security breaches that stem from both stolen and shared user login credentials. For IT security administrators it's tough to identify malicious network access from valid credentials. Rather than blaming users for being human, our latest infographic shows you how to better protect users' authenticated logins. By taking a closer look at the contextual information around the logon or file access, you can identify and stop network access when credentials have been compromised.

Security Breaches from Compromised User Logins

IS Decisions

20 Security Controls for the Cloud

NetStandard

Webinar 2.1 - Network protection and devices.pptx

RoyMurillo4

Cm4 secure code_training_1day_error handling and logging

dcervigni

Rake Antifraud Detection

Fabrizio Malfanti

Idps

GNANARAJA R

Similar to Incident Response: Best Practices for Common Attack Scenarios (20)

Lannguyen-Detecting Cyber Attacks

OWASP TOP 10 by Team xbios

CISA GOV - Seven Steps to Effectively Defend ICS

Defending Industrial Control Systems From Cyberattack

Defending industrial control systems from cyber attack

NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems

Defending Industrial Control Systems From Cyberattack

Seven recommendations for bolstering industrial control system cyber security

Intrusion detection

Threat Hunting Playbook.pdf

Nymble:Blocking misbehaving users in annoying networks(Link)

Attachment 1 – mitigation measures for two factor authentication compromise

Owasp top ten 2017

NormShield 2018 Cyber Security Risk Brief

Security Breaches from Compromised User Logins

20 Security Controls for the Cloud

Webinar 2.1 - Network protection and devices.pptx

Cm4 secure code_training_1day_error handling and logging

Rake Antifraud Detection

Idps

More from InfosecTrain Education

Discover the Dark Web: How to Stay Safe .pdf

InfosecTrain Education

Ransomware is malicious software that encrypts files or locks users out of their systems, demanding payment for decryption or access. It typically spreads through phishing emails, malicious attachments, or exploit kits. Ransomware seriously threatens data security, often resulting in financial loss and operational disruptions. Effective cybersecurity measures, such as regular backups and up-to-date security software, are crucial for protection against ransomware. Understanding Ransomware and How to Protect Against It by reading this related blog: https://www.infosectrain.com/blog/types-of-ransomware/

Decoding Ransomware: Understanding the Various Types and Their Impacts.pdf

InfosecTrain Education

Here’s your guide to the Data Defense Squad: Tools for Security Encryption: Scramble your data with a secret key for secure storage and transmission. Masking: Replace sensitive data with realistic but fictional substitutes to protect privacy. Steganography: Hide messages within other files, like images or audio, for secure communication. Encoding: Convert data into a different format for easier transfer and processing. Tokenization: Replace sensitive data with unique tokens to protect information during transactions. Pseudonymization: Safeguard personal identifiers by replacing them with pseudonyms, preserving privacy in data analysis. Hashing: Create a unique fingerprint for your data to detect tampering.

Data Defense Squad-Tools for Security.pdf

InfosecTrain Education

Dive into the CRISC (Certified in Risk and Information Systems Control) perspective of Risk Governance! 🌐 This mind map provides a comprehensive overview of Risk Governance principles from a CRISC standpoint. Stay tuned for more insights. Keep learning with Infosec Train! Unlock the power of CRISC for effective Risk Governance! Enroll now: https://www.infosectrain.com/courses/crisc-certification-training/

𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf

InfosecTrain Education

Guarding Against Digital Intruders Spyware & Malware Awareness" emphasizes understanding and preventing malicious software threats. This educational initiative equips individuals with knowledge to identify, avoid, and combat spyware and malware attacks. By promoting awareness and proactive measures, it empowers users to safeguard their digital devices and personal information from cyber threats. – InfosecTrain

Guarding Against Digital Intruders Spyware & Malware Awareness

InfosecTrain Education

Differences Between Qualitative and Quantitative Risk Management

InfosecTrain Education

Security Analysts adopt a proactive approach known as Threat Hunting to uncover unfamiliar cyber threats within networks. This method employs iterative techniques to identify indicators of compromise, such as Advanced Persistent Threats (APTs) and Hacker tactics. Utilizing data analysis, Threat Hunters seek confidential clues beyond conventional detection methods to effectively prevent recurring cyberattacks. Gain valuable insights into threat hunting through Infosec Train's expert tips.

𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬

InfosecTrain Education

All You Want to Know About CEH v12 Certification pdf

InfosecTrain Education

"Strategies for Enforcing Data Privacy in Your Organization" Data privacy shields individuals' data from unauthorized access. It emphasizes accurate collection, storage, processing, and management of data in line with data protection regulations. Implementing data privacy involves adopting rules, guidelines, best practices, and techniques to ensure organizational compliance and address privacy concerns effectively.

How to Implement Data Privacy in Your Organization

InfosecTrain Education

Password cracking attacks are constantly increasing due to the widespread use of weak passwords, poor password management practices, and the increasing sophistication of password-cracking tools and techniques used by cybercriminals. It is a serious illegal and unethical crime that can result in severe legal consequences. The risk of password cracking can cause significant harm to individuals and organizations, including data theft, financial loss, and damage to reputation.

Exploring Password Attacks: Understanding Different Types.pdf

InfosecTrain Education

Explore the comprehensive CISSP Certification Course syllabus with InfosecTrain's CISSP Online Training. Covering eight domains essential for Information Security Professionals, our program delves into topics like Security and Risk Management, Asset Security, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security, and Security Architecture and Engineering. With our expert-led training, you'll acquire the knowledge and skills needed to ace the CISSP exam and excel in the field of cybersecurity.

Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...

InfosecTrain Education

Enterprise Risk Management (ERM) is a comprehensive approach to assessing risk within a business, emphasizing its overarching impact on operations. ERM aims to thoroughly grasp, scrutinize, and address risks across all facets of an organization. By understanding and mitigating risks holistically, ERM enhances the resilience and adaptability of businesses to potential threats, fostering sustainable growth and stability.

What is Enterprise Risk Management (ERM)

InfosecTrain Education

Unlock Your Potential with Ethical Hacker Certification Training from InfosecTrain. Dive into the renowned CEH v12 program, a cornerstone in ethical hacking certification for two decades. Our online training adheres to the latest curriculum, ensuring thorough exam preparation and hands-on lab experience. Designed to industry standards, our program prioritizes practical skills, making it the top choice for cybersecurity professionals seeking certification.

The Ultimate Guide to Ethical Hacking Careers with C|EH

InfosecTrain Education

SOC Specialists are at the heart of the organization's security teams, detecting and responding to suspicious activity and cyber threats as they occur. The SOC Specialist training course at InfosecTrain is designed for applicants who want to learn how to prevent, identify, assess, and respond to cybersecurity threats and incidents. The course is the second in a series that includes Part 1 (SOC Analyst) and Part 2 (SOC Specialist). It aims to help you master trending and in-demand technological competence so that you can undertake advanced SOC operations. This training session will help participants secure their organization's digital assets.

Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf

InfosecTrain Education

Information Technology (IT) has transformed traditional corporate processes with the advent of cutting-edge advancements such as cloud computing, AI, and machine learning. It is a valuable asset to any firm, but as IT advances, so do risks to corporate security. According to research and studies, IT threats and vulnerabilities are becoming progressively worse daily and are now a big worry for enterprises and individuals.

Common Security Attacks in the OSI Layer Model

InfosecTrain Education

TOP CHALLENGES IN OT SECURITY IN 2024.pdf

InfosecTrain Education

CompTIA Security+ (Plus) Certification Training Course

InfosecTrain Education

Unmasking the Cunning Ways Computer Viruses

InfosecTrain Education

In a rapidly evolving digital era, the integration of Artificial Intelligence (AI) has not only led to unprecedented advancements but has also been inadvertently responsible for a new breed of sophisticated cybersecurity threats. As AI technology grows, malicious actors leverage its capabilities to orchestrate cyberattacks with increasing complexity and precision. More Information: https://www.infosectrain.com/blog/ai-powered-cybersecurity-threats/

Navigating the Landscape of AI-Powered Cybersecurity Threats

InfosecTrain Education

Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...

InfosecTrain Education

More from InfosecTrain Education (20)

Discover the Dark Web: How to Stay Safe .pdf

Decoding Ransomware: Understanding the Various Types and Their Impacts.pdf

Data Defense Squad-Tools for Security.pdf

𝐂𝐑𝐈𝐒𝐂 𝐌𝐢𝐧𝐝 𝐌𝐚𝐩 𝐟𝐨𝐫 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐑𝐢𝐬𝐤 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞.pdf

Guarding Against Digital Intruders Spyware & Malware Awareness

Differences Between Qualitative and Quantitative Risk Management

𝐄𝐧𝐡𝐚𝐧𝐜𝐞 𝐘𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 𝐒𝐤𝐢𝐥𝐥𝐬 𝐰𝐢𝐭𝐡 𝐓𝐡𝐞𝐬𝐞 𝐏𝐫𝐨 𝐓𝐢𝐩𝐬

All You Want to Know About CEH v12 Certification pdf

How to Implement Data Privacy in Your Organization

Exploring Password Attacks: Understanding Different Types.pdf

Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...

What is Enterprise Risk Management (ERM)

The Ultimate Guide to Ethical Hacking Careers with C|EH

Unlock Your Future in Cybersecurity with the ULTIMATE SOC CAREER.pdf

Common Security Attacks in the OSI Layer Model

TOP CHALLENGES IN OT SECURITY IN 2024.pdf

CompTIA Security+ (Plus) Certification Training Course

Unmasking the Cunning Ways Computer Viruses

Navigating the Landscape of AI-Powered Cybersecurity Threats

Trojan viruses: Digital foes with deceptive tactics. Stealthy and cunning, th...

Recently uploaded

PSYPACT- Practicing Over State Lines May 2024.pptx

Marlene Maheu

ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...

Nguyen Thanh Tu Collection

Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx

Limon Prince

Trauma-Informed Leadership - Five Practical Principles

Pooky Knightsmith

How to Send Pro Forma Invoice to Your Customers in Odoo 17

Celine George

TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...

Nguyen Thanh Tu Collection

FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf

Pondicherry University

This presentation covers the essential parameters of Unit 2 Operations Processes of the subject Operations & Supply Chain Management. Topics Covered: Volume Variety and Flow. Types of Processes and Operations Systems - Continuous Flow system and intermittent flow systems.Job Production, Batch Production, Assembly line and Continuous Flow, Process and Product Layout. Design of Service Systems, Service Blueprinting.

OSCM Unit 2_Operations Processes & Systems

Sandeep D Chaudhary

AIM of Education-Teachers Training-2024.ppt

Nishitharanjan Rout

Program code examples (known also as worked examples) play a crucial role in learning how to program. Instructors use examples extensively to demonstrate the semantics of the programming language being taught and to highlight the fundamental coding patterns. Programming textbooks allocate considerable space to present and explain code examples. To make the process of studying code examples more interactive, CS education researchers developed a range of tools to engage students in the study of code examples. These tools include codecasts (codemotion,codecast,elicasts), interactive example explorers (WebEx, PCEX), and tutoring systems (DeepTutor). An important component in all types of worked examples is code explanations associated with specific code lines or code chunks of an example. The explanations connect examples with general programming knowledge explaining the role and function of code fragments or their behavior. In textbooks, these explanations are usually presented as comments in the code or as explanations on the margins. The example explorer tools allow students to examine these explanations interactively. Tutoring systems, which engage students in explaining the code, use these model explanations to check student responses and provide scaffolding. In all these cases, to make a worked example re-usable beyond its presentation in a lecture, the explanations have to be authored by instructors or domain experts i.e., produced and integrated into a specific system. As the experience of the last 10 years demonstrated, these explanations are hard to obtain. Those already collected are usually “locked” in a specific example-focused system and can’t be reused. The purpose of this working group is to support broader re-used of worked examples augmented with explanations. Our current plan is to develop а standard approach to represent explained examples. This approach will enable an example created for any of the existing systems to be explored in a standard format and imported into any other example-focused system. We plan to follow a successful experience of the PEML working group focused on re-using programming exercises.

SPLICE Working Group:Reusable Code Examples

Peter Brusilovsky

The Department of Emergency Medicine at Carolinas Medical Center is passionate about education! Dr. Michael Gibbs is a world-renowned clinician and educator and has helped guide numerous young clinicians on the long path of Mastery of Emergency Medical Care. With his oversight, the EMGuideWire team aim to help augment our understanding of emergent imaging. You can follow along with the EMGuideWire.com team as they post these educational, self-guided radiology slides or you can also use this section to learn more in-depth about specific conditions and diseases. This Radiology Reading Room pertains to Sternal Fractures and Dislocations and is brought to you by Carrie Bissell, MD, Aaron Fox, MD, Kendrick Lim, MD, Stephanie Jensen, MD, and Olivia Rice, MD. It is has special guest editor: Sean Dieffenbaugher, MD and Laurence Kempton, MD

Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room

Sean M. Fox

How To Create Editable Tree View in Odoo 17

Celine George

Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf

cupulin

e-Sealing at EADTU by Kamakshi Rajagopal

EADTU

Personalisation of Education by AI and Big Data - Lourdes Guàrdia

EADTU

VAMOS CUIDAR DO NOSSO PLANETA! .

Colégio Santa Teresinha

Observing-Correct-Grammar-in-Making-Definitions.pptx

AdelaideRefugio

The Story of Village Palampur Class 9 Free Study Material PDF

Vivekanand Anglo Vedic Academy

Andreas Schleicher presents at the launch of What does child empowerment mean...

EduSkills OECD

male presentation...pdf.................

MirzaAbrarBaig5

Recently uploaded (20)

PSYPACT- Practicing Over State Lines May 2024.pptx

ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...

Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx

Trauma-Informed Leadership - Five Practical Principles

How to Send Pro Forma Invoice to Your Customers in Odoo 17

TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...

FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf

OSCM Unit 2_Operations Processes & Systems

AIM of Education-Teachers Training-2024.ppt

SPLICE Working Group:Reusable Code Examples

Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room

How To Create Editable Tree View in Odoo 17

Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf

e-Sealing at EADTU by Kamakshi Rajagopal

Personalisation of Education by AI and Big Data - Lourdes Guàrdia

VAMOS CUIDAR DO NOSSO PLANETA! .

Observing-Correct-Grammar-in-Making-Definitions.pptx

The Story of Village Palampur Class 9 Free Study Material PDF

Andreas Schleicher presents at the launch of What does child empowerment mean...

male presentation...pdf.................

Incident Response: Best Practices for Common Attack Scenarios

1. @infosectrain SCENARIOS INCIDENT RESPONSE BEST PRACTICES FOR COMMON www.infosectrain.com ATTACK

2. BRUTE FORCING www.infosectrain.com @infosectrain INVESTIGATION 01 Analyze Active Directory, application, and operating system logs for multiple login failures. 02 Contact the user to confirm the legitimacy of login attempts. ACTIONS 01 If unauthorized activity is confirmed, disable the account. 02 Investigate and block the attacker’s IP address. 03 Implement account lockout policies to prevent brute force attacks

3. BOTNETS www.infosectrain.com @infosectrain ACTIONS 01 Identify and remove malicious processes. 02 Fix the vulnerabilities by applying necessary patches. 03 Isolate the affected server to prevent further malicious activities. INVESTIGATION 01 Monitor network traffic for connections to suspicious IPs. 02 Check OS logs for new or suspicious processes. 03 Contact the server owner and support team for information.

4. RANSOMWARE www.infosectrain.com @infosectrain ACTIONS 01 Request anti-virus checks and initiate a malware scan. 02 Isolate the infected machine to prevent further spread. INVESTIGATION 01 Check for anti-virus alerts and malware indicators. 02 Monitor network traffic for connections to suspicious IPs.

5. DATA EXFILTRATION www.infosectrain.com @infosectrain ACTIONS 01 If a rogue employee is suspected, contact their manager for an internal investigation. 02 If it's an external threat, isolate and disconnect the compromised machine from the network. INVESTIGATION 01 Monitor network traffic for abnormally high traffic patterns using DLP. 02 Check proxy logs and OS logs for unusual activities.

6. COMPROMISED ACCOUNT www.infosectrain.com @infosectrain ACTIONS 01 If a compromised account is confirmed, disable the account, change the password 02 Conduct forensic investigations to determine the extent of the breach. INVESTIGATION 01 Analyze Active Directory logs, OS logs, and network traffic for indicators of a compromised account. 02 Contact the user for additional information.

7. DENIAL OF SERVICE www.infosectrain.com @infosectrain ACTIONS 01 If the DoS is due to vulnerabilities, contact the patching team to remediate the vulnerabilities. 02 Enable redundancy and failover for uninterrupted service during an attack. 03 For a network traffic-induced attack, contact network support or ISP and refrain from disclosing sensitive information too quickly. INVESTIGATION 01 Monitor network traffic for abnormally high traffic. 02 Review firewall logs and OS logs for signs of the attack.

8. FOUND THIS USEFUL? Get More Insights Through Our FREE Courses | Workshops | eBooks | Checklists | Mock Tests LIKE SHARE FOLLOW

Incident Response: Best Practices for Common Attack Scenarios

Recommended

Recommended

More Related Content

Similar to Incident Response: Best Practices for Common Attack Scenarios

Similar to Incident Response: Best Practices for Common Attack Scenarios (20)

More from InfosecTrain Education

More from InfosecTrain Education (20)

Recently uploaded

Recently uploaded (20)

Incident Response: Best Practices for Common Attack Scenarios