|
 |
|
 |
 |
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
|
(Paperback - Nov. 18, 2001)
by E. Eugene Schultz
Sales Rank: 306304
|
List Price: $39.99
$36.32
At Amazon
|
|
Paperback: 408 pages
Publisher: Sams; illustrated edition edition November 18, 2001
Language: English
ISBN-10: 1578702569
ISBN-13: 978-1578702565
Product Dimensions:
8.8 x 3.8 x 0.2 inches
Shipping Weight: 2.1 ounces
Amazon.com Review
Incident Response fills a need that's existed in the security book market for some time. The authors--a pair of accomplished incident response experts, not merely researchers--have converted to book form their accumulated wisdom on the question of how to respond to an attack on computer systems. Their expertise is only partly technical; much of what Eugene Schultz and Russell Shumway have written has to do with legal questions and policy decisions. It's a reasonable balance, considering that the state of the art in network intrusion (and defense against it) changes frequently and security administrators are better armed with concepts and strategies than with "click this, type that" instructions. The explicit technical material that does appear here is nicely balanced between Windows and Unix systems, and clearly explains networking details of interest to security people and their managers. The explanation of how a spanning port can make a switch work like a hub for purposes of packet monitoring--nearly entirely prose--is one example of high-quality technical coverage that will remain valuable as operating systems and other network details change over time. Unlike many books about computers, this one deserves to be read cover to cover. The authors have points to make, and they generally build on their earlier thoughts as they go. Some material in these pages seems somewhat obvious--the advice to dress nicely for a media interview, for example--but it all fits with the authors' goal of showing their readers how to react (in all respects) to security problems when they happen. Read this, be prepared for trouble, and know how to educate others about incident response. --David Wall Topics covered: How an organization should react--organizationally, technically, legally, and in terms of public relations--to incidents of unauthorized access (originating both internally and externally) to its computer systems.
Customer Reviews & Comments
I am a senior engineer for network security operations. I read "Incident Response: A Strategic Guide" (IR:ASG) by Shultz and Shumway to enhance my own understanding of ways to deal with security events. As a "strategic guide," the book will be useful to managers of incident response teams. Nevertheless, "Incident Response: Investigating Computer Crime," by Mandia, Prosise, and Pepe remains king of the hill. IR:ASG is well-written, and focuses attention on processes and methodology over technical implementation. While this approach lengthens the book's shelf-life, it lessens its value to those looking for solutions to technical problems. Still, IR:ASG offers plenty of good advice, such as guidelines for users reporting security events, tips for handling the media, and recognition of the importance of operations staff. Chapter five provides useful recommendations for training and testing incident response personnel, and chapter ten's coverage of insider attacks is especially enlightening. On the negative side, incorrect material on "packet sequence numbers" on pages 34-5 reflects the widespread misunderstanding that TCP sequence numbers count packets. As RFC 793 clearly states, "each octet of data is assigned a sequence number;" i.e., packets are NOT assigned sequence numbers; bytes of data are. The authors do not accurately represent the 2600 DeCSS case properly on p. 148, as the issue is not copy-protection but play-prevention on non-licensed platforms. The "traps and deceptions" chapter is weak compared to Lance Spitzner's truly definitive honeynet work, and in chapter thirteen the authors repeat the party line on the supposed weaknesses of intrusion detection systems. The best reason to buy and read IR:ASG isn't written by the lead authors. Dr. Terry Gudaitis' chapter eleven, "The Human Side of Incident Response," is refreshing and educational. As a behavioral scientist and criminologist, she discusses "cyber criminal profiling." While the average security incident may not require application of her techniques, it's reassuring to know people with her level of skill and insight are available to add a human dimension when responding to serious incidents. IR:ASG reminded me of "Computer Forensics" by Kruse and Heiser when I read this line on p. 188 in the "Forensics II" chapter: "The specific steps in analyzing a mission-critical system are beyond the scope of this book." Unfortunately for both books, most readers crave details on investigating systems for signs of external compromise and exploitation. We've heard enough about searching hard drives for remnants of illicit images, illegal software, or harassing emails. Until another set of authors can do better, "Incident Response" by Mandia, Prosise, and Pepe will be the single "go-to" book for most incident responders. (Disclaimer: I received a free review copy of this book.)
|
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
List Price: $39.99
Available from Amazon
Price: $36.32
| |
|
|
|
|
