Summary
This chapter covered important issues related to tracing incidents. We delved into what tracing network attacks means and involves, namely finding the source (usually in terms of the identity of a host or IP address) of an attack. Tracing network attacks is not synonymous with tracing network intrusions; many attacks other than intrusions occur. It is important to put attack tracing in proper perspective, paying particular attention to issues such as what your organization’s policy is regarding tracing attacks. A number of organizations have a policy that specifies that attacks must not (except perhaps in extraordinary circumstances) be traced. Considering other issues such as costs versus benefits, available resources, the number of ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
