SlideShare a Scribd company logo

Incident response table top exercises

Download as PPT, PDF
Eric Vanderburg, profile picture
Eric Vanderburg

An unauthorized individual accessed private confidential data on an FTP server, triggering an incident response. The response team needed to determine how the data was accessed, scope the incident, and identify impacted stakeholders. They then took steps to contain the incident by blocking IP addresses, shutting down the FTP server, changing credentials, and moving servers. The team also restored data from backups and requested clients resend information. Post-incident activities included meetings with management and IT to prevent future occurrences through measures like shortening timeouts, adding alerts and encryption, and restricting FTP server access.

Technology
Related topics:
Incident ResponseData Breach Insights
1 of 7
Download to read offline
1
2
Most read
3
4
5
Most read
6
7
Most read
Incident Response Table Top Exercises Eric Vanderburg, MBA, CISSP June 19, 2008
Scenario • Private confidential data on an FTP server is accessed by an unauthorized individual • Incident: YES • Issues – Potential privacy notification is needed – More data could be viewed or stolen so the incident needs to be contained – Data needs to be replaced
Detection and Analysis • Determine access method – Stolen or sniffed password – Exploit in system • Determine the scope of the incident – Find out if the incident has happened before and never discovered. – Were other systems accessed with the same credentials – Find out which data was accessed and which stakeholders/clients are impacted by the disclosure • Determine if the data obtained is in a form that would disclose private data, can be converted into a form that would disclose private data, or can be combined with data from another incident to disclose private data.
Containment Strategies • Block IP or IP subnet from the firewall • Shutdown FTP • Change FTP passwords • Move FTP to another server • Change FTP ports • Contact source and try to stop the distribution or use of the information
Recovery • Restore data from backup • Request that the client resend the data
Post-incident Activities • Attendees: – Management • CEO / Senior Partner • COO • Network Operations Manager • Litigation Support Manager – Public Relations Analyst – Sales Manager (Facilitator) – IT Staff • Senior Network Engineer • Network Engineer • FTP Administrator • Network Analyst
Preventing Future Occurrences • Set timeout on FTP site • Set alerts on FTP events • Encrypt username and password or require VPN for FTP • Set FTP server to only respond to specific IP addresses • Configure Firewall rules for FTP ports to only allow traffic from specific pre-approved IP addresses or subnets.

More Related Content

PPT
FTP Data Breach Incident Response - Eric Vanderburg
Eric Vanderburg
 
PPTX
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QAFest
 
PPTX
Apcon intellastore security visibility platform
apconinc
 
PDF
Chapter 15 incident handling
newbie2019
 
PDF
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
PPT
Incident handling.final
ahmad abdelhafeez
 
PPTX
Phases of Incident Response
EC-Council
 
PDF
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
IGN MANTRA
 
FTP Data Breach Incident Response - Eric Vanderburg
Eric Vanderburg
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QAFest
 
Apcon intellastore security visibility platform
apconinc
 
Chapter 15 incident handling
newbie2019
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
IGN MANTRA
 
Incident handling.final
ahmad abdelhafeez
 
Phases of Incident Response
EC-Council
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
IGN MANTRA
 

Similar to Incident response table top exercises (20)

PPTX
Incident Response Security
ssuser30902e
 
PPT
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
abhichowdary16
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
PDF
CNIT 152: 6. Scope & 7. Live Data Collection
Sam Bowne
 
PDF
CNIT 50: 9. NSM Operations
Sam Bowne
 
PPTX
IRP on a Budget
Sean D. Goodwin
 
PDF
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
PDF
Setting up CSIRT
APNIC
 
PDF
6 Scope & 7 Live Data Collection
Sam Bowne
 
PPTX
FUEL_USERS_GROUP
Will Pearce
 
PDF
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
PPTX
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
PDF
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
PPTX
Enterprise security management II
zapp0
 
PPTX
You Will Be Breached
Mike Saunders
 
PPT
Computer Security ch18 ppt and pentesting
JosephNketia1
 
PPTX
Incident response Process in information security .pptx
SarwatDilawaiz
 
PDF
Incident Response: How To Prepare
Resilient Systems
 
PDF
Incident response before:after breach
Sumedt Jitpukdebodin
 
PPTX
Lecture 06 - Incident Management and SOC.pptx
prasadsanjaya2
 
Incident Response Security
ssuser30902e
 
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
abhichowdary16
 
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
CNIT 152: 6. Scope & 7. Live Data Collection
Sam Bowne
 
CNIT 50: 9. NSM Operations
Sam Bowne
 
IRP on a Budget
Sean D. Goodwin
 
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Setting up CSIRT
APNIC
 
6 Scope & 7 Live Data Collection
Sam Bowne
 
FUEL_USERS_GROUP
Will Pearce
 
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
CNIT 152: 1 Real-World Incidents
Sam Bowne
 
Enterprise security management II
zapp0
 
You Will Be Breached
Mike Saunders
 
Computer Security ch18 ppt and pentesting
JosephNketia1
 
Incident response Process in information security .pptx
SarwatDilawaiz
 
Incident Response: How To Prepare
Resilient Systems
 
Incident response before:after breach
Sumedt Jitpukdebodin
 
Lecture 06 - Incident Management and SOC.pptx
prasadsanjaya2
 
Ad

More from Eric Vanderburg (20)

PPTX
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
PPTX
Modern Security the way Equifax Should Have
Eric Vanderburg
 
PPTX
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
PPTX
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
PPTX
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
PPTX
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
PPTX
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
PPT
Emerging Technologies: Japan’s Position
Eric Vanderburg
 
PPT
Principles of technology management
Eric Vanderburg
 
PPT
Japanese railway technology
Eric Vanderburg
 
PPT
Evaluating japanese technological competitiveness
Eric Vanderburg
 
PPT
Japanese current and future technology management challenges
Eric Vanderburg
 
PPT
Technology management in Japan: Robotics
Eric Vanderburg
 
PPTX
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
PPTX
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
PPTX
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
PPTX
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
PPTX
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
 
PPTX
Countering malware threats - Eric Vanderburg
Eric Vanderburg
 
PPTX
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Eric Vanderburg
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Modern Security the way Equifax Should Have
Eric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
Emerging Technologies: Japan’s Position
Eric Vanderburg
 
Principles of technology management
Eric Vanderburg
 
Japanese railway technology
Eric Vanderburg
 
Evaluating japanese technological competitiveness
Eric Vanderburg
 
Japanese current and future technology management challenges
Eric Vanderburg
 
Technology management in Japan: Robotics
Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Eric Vanderburg
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Eric Vanderburg
 
Ad

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Approach and Philosophy of On baking technology
30anthuong17
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Encapsulation theory and applications.pdf
gurumoop
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 

Incident response table top exercises

  • 1. Incident Response Table Top Exercises Eric Vanderburg, MBA, CISSP June 19, 2008
  • 2. Scenario • Private confidential data on an FTP server is accessed by an unauthorized individual • Incident: YES • Issues – Potential privacy notification is needed – More data could be viewed or stolen so the incident needs to be contained – Data needs to be replaced
  • 3. Detection and Analysis • Determine access method – Stolen or sniffed password – Exploit in system • Determine the scope of the incident – Find out if the incident has happened before and never discovered. – Were other systems accessed with the same credentials – Find out which data was accessed and which stakeholders/clients are impacted by the disclosure • Determine if the data obtained is in a form that would disclose private data, can be converted into a form that would disclose private data, or can be combined with data from another incident to disclose private data.
  • 4. Containment Strategies • Block IP or IP subnet from the firewall • Shutdown FTP • Change FTP passwords • Move FTP to another server • Change FTP ports • Contact source and try to stop the distribution or use of the information
  • 5. Recovery • Restore data from backup • Request that the client resend the data
  • 6. Post-incident Activities • Attendees: – Management • CEO / Senior Partner • COO • Network Operations Manager • Litigation Support Manager – Public Relations Analyst – Sales Manager (Facilitator) – IT Staff • Senior Network Engineer • Network Engineer • FTP Administrator • Network Analyst
  • 7. Preventing Future Occurrences • Set timeout on FTP site • Set alerts on FTP events • Encrypt username and password or require VPN for FTP • Set FTP server to only respond to specific IP addresses • Configure Firewall rules for FTP ports to only allow traffic from specific pre-approved IP addresses or subnets.