Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Incident Response", Kevin Mandia/Chris Procise

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINCDRS.RVW 20020108 Incident Response , Kevin Mandia/Chris Procise, 2001, 0-07-213182-9, U39.99 %A Kevin Mandia mandiak@erols.com %A Chris Procise
    Message 1 of 1 , Mar 12, 2002
      BKINCDRS.RVW 20020108

      "Incident Response", Kevin Mandia/Chris Procise, 2001, 0-07-213182-9,
      %A Kevin Mandia mandiak@...
      %A Chris Procise authors@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2001
      %G 0-07-213182-9
      %I McGraw-Hill Ryerson/Osborne
      %O U$39.99 905-430-5000 fax: 905-430-5020
      %P 509 p.
      %T "Incident Response: Investigating Computer Crime"

      Part one is supposed to provide us with the basics of incident
      response. Despite the assertion, in the introduction, that such
      response deals with much more than computer crime and that incidents
      can vary widely, chapter one details a deliberate and malicious
      intrusion into a computer system, by an incredibly inept attacker,
      using inside information. Chapter two provides a definition of
      incident response, but it does lean heavily towards crimes, law
      enforcement involvement, and directed attacks. The material also
      assumes that an incident response team can be called upon or formed at
      short notice. The suggestions for advance preparation, in chapter
      three, do cover a broad range, but the writing is not always
      organized, and the material has gaps and covers many topics

      Part two purports to deal with technical issues. Chapter four deals
      with guidelines for investigations, but, again, concentrates only on
      directed attacks from outside the organization. The computer forensic
      process, in chapter five, is limited to retention and copying of
      evidence. There is a rather terse review of Internet Protocol header
      information in chapter six. Chapter seven lists some information
      related to network monitoring and logging. "Advanced Network
      Surveillance" (chapter eight) examines a few of the more convoluted

      Part three describes operating system functions associated with system
      investigation. Chapters nine to twelve list a number of utility
      programs that can be used to obtain system information.

      Part four is a grab bag of material dealing with special topics,
      chapter thirteen dealing with routers, fourteen the Web, and fifteen
      various servers. A number of security and security breaking tools are
      enumerated in chapter sixteen.

      The emphasis in this book is adversarial: seeing incident response as
      primarily a matter of active defence against an active attacker. Most
      companies will probably see incident response as a matter related to
      technical support: an endless stream of incidents, most of which are
      trivial, and a select few of which indicate serious problems. As
      such, the book does, occasionally, point out some matters to consider,
      and possibly new practices to adopt in order to deal with those
      isolated events that are important enough to turn over to law
      enforcement agencies. However, overall, the text does not provide
      much guidance in preparing for and responding to serious incidents.

      copyright Robert M. Slade, 2002 BKINCDRS.RVW 20020108

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      A doctor's reputation is made by the number of eminent men who
      die under his care. - George Bernard Shaw
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.