Reporting Incidents to Third Parties
Additionally, you may wish to take advantage of some third-party channels. For example, if you seem to have a new vulnerability on your hands, you might want to contact your application, OS or security product (firewall, IDS, etc.) vendors to see what information you might be able to share with them, to help them protect against (or respond to) this vulnerability. You might want to contact CERT347 or the BUGTRAQ mailing list, to report the flaw so that other white hats find out about it and can take appropriate action (if its been aimed at you, at least one black hats already got the exploit). Depending on the type and severity of the incident, you may also want to alert law enforcement personnel.
Additionally, these channels often have information about how to respond to certain threats, such as explanations of software bugs you might have missed and information as to which versions of the software have had the bug fixed, and where to get them. As far as viruses are concerned, you can also check with the primary anti-virus sites, which often make available (even to non-customers) information on how to recover from common virus infections.
A debate has raged recently on the issue of disclosure. If you find a bug, who should you inform, when should you inform them, and how much should you say? Again, this is one of those issues where many people have opinions, but there is not necessarily one blanket answer appropriate for all situations. If you inform everyone at the same time, and crackers who might not have known about the hole beforehand find out about it and create an exploit, you could potentially be liable under the Digital Millenium Copyright Act for an activity affecting cybersecurity. On the other hand, if you inform the vendor, months go by, and the vendor has not informed you of plans to fix the hole you found, you have reason to believe an exploit is likely to show up before a fix is. Let your organizations policies, your conscience and perhaps your management be your guide.
If youre running UNIX or Linux, and would like a reference on what to do if were compromised, check out Bob Toxens Real World Linux Security348.
348. Toxen, Bob and Seth Fogie, Real World Linux Security, Prentice-Hall, November, 2000, http://www.nerdbooks.com/item.html?id=0130281875
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.