Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Advanced Log Processing
Reading logs is a crucial part of incident detection and response. However, it is easy for security personnel to be overwhelmed by the sheer volume of logs. This article will offer a brief overview of log analysis, particularly: log transmission, log collection and log analysis. It will also briefly touch upon log storing and archival.
Detecting and Removing Malicious Code
Crackers have access to countless variations of malicious code: automated rootkits, trojans, viruses and specific exploits, all designed to breach your security. Detecting and removing these programs can be a daunting task, with little room for error or wasted time. This article will explain techniques readers can use to get their system back on-line and prevent it from happening again.
Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough
This paper discusses IRC-based trojans as a distinctly underestimated class of malicious activity, and how real time security event monitoring is the key to identifying and containing similar compromises. It discusses the general methodology used to discover, track, and stop such malicious activity by presenting a real-world case study.
No Stone Unturned, Part Five
This is the fifth and final installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "The Way" of incident response. As we left off last time, Eliot had started putting together a toolkit to help with incident response and analysis.
Developing an Effective Incident Cost Analysis Mechanism
One of the challenges facing security and accounting personnel is to calculate the real costs of security incidents. In this article, SecurityFocus contributor Dave Dittrich discusses the Incident Cost Analysis Modeling Project (I-CAMP), an attempt to develop a workable model for estimating the costs of computer security incidents.
No Stone Unturned, Part Four
This is the fourth installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering "the Way" of incident response.
No Stone Unturned, Part Three
This is the third installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering “the Way” of incident response. As we left off last time, Eliot had just begun compiling a list of tools that would be helpful in incident investigation when he was interrupted by a call from Dave, a sys admin with a branch office on the West Coast. Dave had asked for Eliot's assistance with an apparent incident. Now, having begun an...
No Stone Unturned, Part Two
This is the second installment of a five-part series describing the (mis)adventures of a sysadmin named Eliot and his haphazard journey in discovering “the Way” of incident response.
Going to the Source: Reporting Security Incidents to ISPs
Once a security incident has been detected, one of the most effective ways to prevent a recurrence of the attack is to notify the source ISP. However, this is not always as straightforward as it may seem. This article will offer a brief overview of the dos and don'ts, so that security administrators can file effective incident reports.
No Stone Unturned: Part One
No Stone Unturned is a five-part fictional series about a system administrator named Eliot who progresses through several stages on his way toward developing and implementing an incident response policy. The intention is to present this process as a work of fiction based closely on real events.