Chapter 18. Responding to an Attack

Despite all security systems in place, and regardless of the precautions taken, the fact is that most networks will be attacked. There are simply too many people who launch attacks against networks and too many security holes to be able to say with any assurance that a network is not vulnerable to attacks. In fact, it is extremely foolish to think that a network is invulnerable.

When an attack does occur, an organization should have four goals:

  1. Detect the problem.

  2. Isolate the problem.

  3. Stop the problem.

  4. Report the problem.

A fifth goal, which is not always possible, should be to prosecute the person who caused the problem. Too many organizations end the process after the problem has been stopped. It is important ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.