Debian securing manual

To: debian-l10n-italian@lists.debian.org
Subject: Debian securing manual
From: Ferdinando <zappagalattica@inwind.it>
Date: Sat, 31 May 2003 13:38:55 +0200
Message-id: <[🔎] 20030531113855.GE4756@debian>
Mail-followup-to: debian-l10n-italian@lists.debian.org

Salve!!!

Il Debian Securing manual (finalmente è quasi pronto ...) è stato
aggiornato e proprio nella parte "nuova" ci sono dei vocaboli che non
sono stati molto digeriti ... : "incident response"

Vi cito le parti che richiamano il termine, sono riferite alla sicurezza
, il termine è stato tradotto, ma senza molta convinzione come 
"incidente di risposta":

Cito un bel po' di roba però non dovete necessariamente leggerla, se è
un temine "in uso" è anche sufficiente un "si va bene" ... ;-)

"""
Expand the incident response information, maybe add some ideas
       derived from RedHat's Security Guide's chapter on incident
       response
(http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-response.html).




Taking a snapshot of the system
-------------------------------------

  Before putting the system into production system you culd take a
  snapshot of the whole system.  This snapshot could be used in the
  event of a compromise (see Chapter 10, After the compromise (incident
                                                              ^^^^^^^^ 
  response)').  You should remake this upgrade whenever the system is
  ^^^^^^^^^^^
  upgraded, specially if you upgrade to a new Debian release.




10. After the compromise (incident response)
--------------------------------------------


10.1. General behavior
----------------------

  If you are physically present when an attack is happening, your first
  response should be to remove the machine from the network by
  unplugging the network card (if this will not adversely affect any
  business transactions).  Disabling the network at layer 1 is the only
  true way to keep the attacker out of the compromised box (Phillip
  Hofmeister's wise advice).
"""

Parla anche di incidente in occasione di compromissioni avvenute e
contatti con il CERT:

"""
10.3. Contact your local CERT
-----------------------------

  The CERT (Computer and Emergency Response Team) is an organisation
  that can help you recover from a system compromise.  There are CERTs
  worldwide [1] and you should contact your local CERT in the event of a
  security incident which has lead to a system compromise.  The people
  at your local CERT can help you recover from it.

  Providing your local CERT (or the CERT coordination center) with
  information on the compromise even if you do not seek assistance can
  also help others since the aggregate information of reported incidents
  is used in order to determine if a given vulnerability is in wide 
  spread use, if their is a new worm aloft, which new attack tools are
  being used.  This information is used in order to provide the Internet
  community with information on the current security incidents activity
  (http://www.cert.org/current/), and to publish incident notes
  (http://www.cert.org/incident_notes/) and even advisories
  (http://www.cert.org/advisories/).  For more detailed information read
  on how (and why) to report an incident read CERT's Incident Reporting
  Guidelines (http://www.cert.org/tech_tips/incident_reporting.html).

  You can also use less formal mechanisms if you need help for
  recovering from a compromise or want to discuss incident information.
  This includes the incidents mailing list

"""

Ciao, grazie
Ferdinando

P.S: Il Java Howto era finito, peccato che è stato aggiornato
stravolgendo tutto, grazie a tutti per le indicazioni, a giorni
comunque lo sistemo e lo spedisco. :-)

Reply to:

Follow-Ups:
- Re: Debian securing manual
  - From: Ferdinando <zappagalattica@inwind.it>

Prev by Date: Re: help: device in woody
Next by Date: Re: Debian securing manual
Previous by thread: Re: help: device in woody
Next by thread: Re: Debian securing manual
Index(es):
- Date
- Thread