Scribd Logo
Importer

Bienvenue sur Scribd !

  • Muhamad Amar Jadid 13.2.2.13 Lab - Incident Handling

    Transféré par

    amarjadid
    231 vues2 pages
    tugas pelatihan kominfo

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    tugas pelatihan kominfo

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    231 vues2 pages

    Muhamad Amar Jadid 13.2.2.13 Lab - Incident Handling

    Transféré par

    amarjadid
    tugas pelatihan kominfo

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    Muhamad Amar Jadid 13.2.2.

    13 Lab - Incident Handling

    Lab - Incident Handling


    Scenario 1: Worm and Distributed Denial of Service (DDoS) Agent Infestation

    Preparation
    I will scan all types of malware and scan the IP address to ensure that other PCs are clean,
    prepare trusted anti-virus, document every change, and I will also do a lot of research on current
    worms to learn how it works etc.

    Detection And Analysis


    My first step for detection and analysis is to run anti-virus to detect viruses and check all the
    software whether it has been updated. after that, I will scan the IP address to find the next target.
    Adjacent IP addresses can be a good place to detect if a host is infected with a worm. In general,
    every legitimate program runs in a certain location on the network. Worms, on the other hand,
    need to find a target. If we monitor the number of IP addresses scanned by the host, and if it
    exceeds a certain limit, we can safely assume that the worm has been detected.

    Containment, Eradication, and Recovery


    I will aggressively quarantine any process that shows erratic behaviour. After isolating the
    process, it must be monitored for a period time that matches the erratic behaviour indicated by
    the process. If the process does not show deviant behaviour during monitoring, the process can
    be released. If it shows the same behavior over and over again, it is quarantined and labelled as a
    worm.

    Post-Incident Activity
    The system log file must be reviewed to determine if any sensitive information has been
    compromised. I must immediately notify the customer to detect the virus. hosts that are not
    currently on the network must be identified and scanned before being allowed to connect to the
    network.
    Muhamad Amar Jadid 13.2.2.13 Lab - Incident Handling

    Scenario 2: Unauthorized Access to Payroll Records

    Preparation
    I will check what tools are installed on the system, such as security cameras, etc.

    Detection And Analysis


    I will try to get into the system access control and security camera, to have evidence if there is an
    intruder

    Containment, Eradication, and Recovery


    I looked for evidence and told who was involved, and the impact after it happened. take action to
    minimize the impact, and educate the relevant department and save evidence if needed.

    Post-Incident Activity
    I will provide learning to people who handle organizational information for similar incidents so
    that they do not occur in the future and suggest having more personal security and having better
    access control

    Vous aimerez peut-être aussi