Incident Response: Best Practices For Common Attack Scenarios

Incident Response: Best Practices for Common Attack Scenarios

97 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Infoectrainsunny

Uploaded on Feb 16, 2024

Category Education

Navigate through the intricacies of incident response with proven strategies. Explore best practices tailored for addressing common attack scenarios effectively. Gain insights and expertise to fortify your cybersecurity defenses, ensuring a resilient response in the face of evolving threats. Elevate your incident response capabilities with targeted guidance and practical insights.

Category Education

Comments

                     Incident Response: Best Practices for Common Attack Scenarios
                     www. infosectra in .com
INCIDENT RESPONSE
BEST PRACTICES FOR COMMON 
ATTACK
SCENARIOS 
@infosectra in
www. infosectra in .com
BRUTE FORCING
INVESTIGATION 
01 Analyze Active Directory, application, and operating
system logs for multiple login failures.
02 Contact the user to confirm the legitimacy of
login attempts.
ACTIONS 
01 If unauthorized activity is confirmed, disable the account.
02 Investigate and block the attacker’s IP address.
03 Implement account lockout policies to prevent
brute force attacks
@infosectra in
www. infosectra in .com
BOTNETS
INVESTIGATION 
01 Monitor network traffic for connections to suspicious IPs.
02 Check OS logs for new or suspicious processes.
03 Contact the server owner and support team for
information.
ACTIONS 
01 Identify and remove malicious processes.
02 Fix the vulnerabilities by applying necessary patches.
03 Isolate the affected server to prevent further
malicious activities.
@infosectra in
www. infosectra in .com
RANSOMWARE
INVESTIGATION 
01 Check for anti-virus alerts and malware indicators.
02 Monitor network traffic for connections to suspicious IPs.
ACTIONS 
01 Request anti-virus checks and initiate a malware scan.
02 Isolate the infected machine to prevent further spread.
@infosectra in
www. infosectra in .com
DATA EXFILTRATION
INVESTIGATION 
01 Monitor network traffic for abnormally high traffic
patterns using DLP.
02 Check proxy logs and OS logs for unusual activities.
ACTIONS 
01 If a rogue employee is suspected, contact their manager
for an internal investigation.
02 If it's an external threat, isolate and disconnect the
compromised machine from the network.
@infosectra in
www. infosectra in .com
COMPROMISED ACCOUNT
INVESTIGATION 
01 Analyze Active Directory logs, OS logs, and network traffic for
indicators of a compromised account.
02 Contact the user for additional information.
ACTIONS 
01 If a compromised account is confirmed, disable the
account, change the password
02 Conduct forensic investigations to determine the
extent of the breach.
@infosectra in
www. infosectra in .com
DENIAL OF SERVICE 
INVESTIGATION 
01 Monitor network traffic for abnormally high traffic. 
02 Review firewall logs and OS logs for signs of the attack.
ACTIONS 
01 If the DoS is due to vulnerabilities, contact the patching
team to remediate the vulnerabilities.
02 Enable redundancy and failover for uninterrupted
service during an attack.
03 For a network traffic-induced attack, contact network support
or ISP and refrain from disclosing sensitive information
too quickly.
@infosectra in
FOUND THIS USEFUL?
Get More Insights Through Our FREE 
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE SHARE  FOLLOW