検索

このコンテンツは選択した言語では利用できません。

10.3. Implementing the Incident Response Plan

download PDF
Once a plan of action is created, it must be agreed upon and actively implemented. Any aspect of the plan that is questioned during an active implementation can result in poor response time and downtime in the event of a breach. This is where practice exercises become invaluable. Unless something is brought to attention before the plan is actively set in production, the implementation should be agreed upon by all directly connected parties and executed with confidence.
If a breach is detected and the CERT team is present for quick reaction, potential responses can vary. The team can decide to disable the network connections, disconnect the affected systems, patch the exploit, and then reconnect quickly without further, potential complications. The team can also watch the perpetrators and track their actions. The team could even redirect the perpetrator to a honeypot — a system or segment of a network containing intentionally false data — used to track incursion safely and without disruption to production resources.
Responding to an incident should also be accompanied by information gathering whenever possible. Running processes, network connections, files, directories, and more should be actively audited in real-time. Having a snapshot of production resources for comparison can be helpful in tracking rogue services or processes. CERT members and in-house experts are great resources in tracking such anomalies in a system. System administrators know what processes should and should not appear when running top or ps. Network administrators are aware of what normal network traffic should look like when running snort or even tcpdump. These team members should know their systems and should be able to spot an anomaly more quickly than someone unfamiliar with the infrastructure.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.