Incident Response
Incident Response
An Incident describes a happening which negatively influences the integrity of existing IT systems. This includes e.g. virii-attacks, worms, trojans, and not too rare forms of Denial of Service (DoS) or Distributed Denial of Service (DDoS) where a large number of mostly fake IP sourceadresses send a large amount of requests to a service so that it cannot continue in serving "legal" requests any more.
Description
In the worst case, an incident can lead into a total failure of the normal operation and consequently to enormous financial damage. When an incident occurs, suitable Counter Measures have to be taken immediately. This can e.g. be accomplished by updating firewall rulesets, patching of running software or a change in the configuration.
Using forensic elements (forensic here means the reconstruction of changes on the system by attack(er)s, everything gets documented and added into the Incident Database on the NetSEC-Network. The countermeasures can thus consist of:
- Response (Reply, e.g. blocking the IP address, simple "mirroring" of the attack)
- Recovery (e.g. patching of holes in software, check on the amount of damage, backup restoration etc.).
Benefits
- Competent and complete consultation
- Permanent availability (DSL, LAN, WLAN & GPRS internet access)
- Contacting of involved providers (if you wish to).
- Fixed rate / hour.