18.5. Contact Appropriate Parties
While the problem is being removed from the network, forensics are being performed, and the system is being cleaned, appropriate parties should be contacted. The information about who is contacted should be logged, as well as whether that contact is made via e-mail or phone conversation.
The first organization contacted should be any organization adversely affected by the attack. If administrators are able to determine that the attacker used the compromised server to launch an attack against another server, that organization should be contacted to make them aware they may have a security breach.
Attacks are usually launched against one or more IP addresses. The IP addresses attacked can be used to track down ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
