Correcting Unauthorized Access

• Must have a clear plan to respond to breaches

  • Have an emergency response team (CERT for Internet)

• Steps to take once intrusion detected:

  • Identify where the security breach occurred and how it happened
    • Helps to prevents other doing it the same way
    • May report the problem to police
  • Use Computer Forensics area techniques
    • Use of computer analysis techniques to gather evidence for trials

• Entrapments – Use of honey pots

  • Divert attackers to a fake server (with interesting, but fake data used as bait)
  • Monitor access to this server; use it as a proof

Previous slide

Back to first slide

View graphic version