Correcting Unauthorized Access
Must have a clear plan to respond to breaches
- Have an emergency response team (CERT for Internet)
Steps to take once intrusion detected:
- Identify where the security breach occurred and how it happened
- Helps to prevents other doing it the same way
- May report the problem to police
- Use Computer Forensics area techniques
- Use of computer analysis techniques to gather evidence for trials
Entrapments – Use of honey pots
- Divert attackers to a fake server (with interesting, but fake data used as bait)
- Monitor access to this server; use it as a proof