Putting Attack Tracing in Context
Attack tracing is often a misunderstood and misused concept. This section explores what attack tracing is, the costs versus benefits, and reasons for wanting to trace attacks.
Attack Tracing Versus Intrusion Tracing
Sometimes attack tracing is erroneously equated to intrusion tracing. As mentioned in Chapter 1,“An Introduction to Incident Response,” however, an intrusion is just one of many types of security-related incidents. Suppose, for example, that a DDoS attack occurred recently. A victim organization might want to determine where this attack originated. The only intrusions per se that might have occurred are ones in which zombies and handlers have been installed in systems, although many of today’s attack ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
