Debian securing manual
Salve!!!
Il Debian Securing manual (finalmente è quasi pronto ...) è stato
aggiornato e proprio nella parte "nuova" ci sono dei vocaboli che non
sono stati molto digeriti ... : "incident response"
Vi cito le parti che richiamano il termine, sono riferite alla sicurezza
, il termine è stato tradotto, ma senza molta convinzione come
"incidente di risposta":
Cito un bel po' di roba però non dovete necessariamente leggerla, se è
un temine "in uso" è anche sufficiente un "si va bene" ... ;-)
"""
Expand the incident response information, maybe add some ideas
derived from RedHat's Security Guide's chapter on incident
response
(http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-response.html).
Taking a snapshot of the system
-------------------------------------
Before putting the system into production system you culd take a
snapshot of the whole system. This snapshot could be used in the
event of a compromise (see Chapter 10, After the compromise (incident
^^^^^^^^
response)'). You should remake this upgrade whenever the system is
^^^^^^^^^^^
upgraded, specially if you upgrade to a new Debian release.
10. After the compromise (incident response)
--------------------------------------------
10.1. General behavior
----------------------
If you are physically present when an attack is happening, your first
response should be to remove the machine from the network by
unplugging the network card (if this will not adversely affect any
business transactions). Disabling the network at layer 1 is the only
true way to keep the attacker out of the compromised box (Phillip
Hofmeister's wise advice).
"""
Parla anche di incidente in occasione di compromissioni avvenute e
contatti con il CERT:
"""
10.3. Contact your local CERT
-----------------------------
The CERT (Computer and Emergency Response Team) is an organisation
that can help you recover from a system compromise. There are CERTs
worldwide [1] and you should contact your local CERT in the event of a
security incident which has lead to a system compromise. The people
at your local CERT can help you recover from it.
Providing your local CERT (or the CERT coordination center) with
information on the compromise even if you do not seek assistance can
also help others since the aggregate information of reported incidents
is used in order to determine if a given vulnerability is in wide
spread use, if their is a new worm aloft, which new attack tools are
being used. This information is used in order to provide the Internet
community with information on the current security incidents activity
(http://www.cert.org/current/), and to publish incident notes
(http://www.cert.org/incident_notes/) and even advisories
(http://www.cert.org/advisories/). For more detailed information read
on how (and why) to report an incident read CERT's Incident Reporting
Guidelines (http://www.cert.org/tech_tips/incident_reporting.html).
You can also use less formal mechanisms if you need help for
recovering from a compromise or want to discuss incident information.
This includes the incidents mailing list
"""
Ciao, grazie
Ferdinando
P.S: Il Java Howto era finito, peccato che è stato aggiornato
stravolgendo tutto, grazie a tutti per le indicazioni, a giorni
comunque lo sistemo e lo spedisco. :-)
Reply to: