[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian securing manual


Il Debian Securing manual (finalmente è quasi pronto ...) è stato
aggiornato e proprio nella parte "nuova" ci sono dei vocaboli che non
sono stati molto digeriti ... : "incident response"

Vi cito le parti che richiamano il termine, sono riferite alla sicurezza
, il termine è stato tradotto, ma senza molta convinzione come 
"incidente di risposta":

Cito un bel po' di roba però non dovete necessariamente leggerla, se è
un temine "in uso" è anche sufficiente un "si va bene" ... ;-)

Expand the incident response information, maybe add some ideas
       derived from RedHat's Security Guide's chapter on incident

Taking a snapshot of the system

  Before putting the system into production system you culd take a
  snapshot of the whole system.  This snapshot could be used in the
  event of a compromise (see Chapter 10, After the compromise (incident
  response)').  You should remake this upgrade whenever the system is
  upgraded, specially if you upgrade to a new Debian release.

10. After the compromise (incident response)

10.1. General behavior

  If you are physically present when an attack is happening, your first
  response should be to remove the machine from the network by
  unplugging the network card (if this will not adversely affect any
  business transactions).  Disabling the network at layer 1 is the only
  true way to keep the attacker out of the compromised box (Phillip
  Hofmeister's wise advice).

Parla anche di incidente in occasione di compromissioni avvenute e
contatti con il CERT:

10.3. Contact your local CERT

  The CERT (Computer and Emergency Response Team) is an organisation
  that can help you recover from a system compromise.  There are CERTs
  worldwide [1] and you should contact your local CERT in the event of a
  security incident which has lead to a system compromise.  The people
  at your local CERT can help you recover from it.

  Providing your local CERT (or the CERT coordination center) with
  information on the compromise even if you do not seek assistance can
  also help others since the aggregate information of reported incidents
  is used in order to determine if a given vulnerability is in wide 
  spread use, if their is a new worm aloft, which new attack tools are
  being used.  This information is used in order to provide the Internet
  community with information on the current security incidents activity
  (http://www.cert.org/current/), and to publish incident notes
  (http://www.cert.org/incident_notes/) and even advisories
  (http://www.cert.org/advisories/).  For more detailed information read
  on how (and why) to report an incident read CERT's Incident Reporting
  Guidelines (http://www.cert.org/tech_tips/incident_reporting.html).

  You can also use less formal mechanisms if you need help for
  recovering from a compromise or want to discuss incident information.
  This includes the incidents mailing list


Ciao, grazie

P.S: Il Java Howto era finito, peccato che è stato aggiornato
stravolgendo tutto, grazie a tutti per le indicazioni, a giorni
comunque lo sistemo e lo spedisco. :-)

Reply to: