Performing Incident Response and Handling
In this course, you’ll explore and investigate into the countless aspects of incident response and how you can plan and design a process for responding to that breach that is coming sooner or later to your organization.
What you'll learn
It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.
Table of contents
- Course Introduction 7m
- Security Policies and Their Goals 7m
- Characteristics and Implementation 4m
- Access Control Policy 2m
- Acceptable Use Policy 2m
- Administrative Security Policy 2m
- Asset Control Policy 2m
- Audit Trail Policy 2m
- Logging Policy 2m
- Documentation Policy 3m
- Evidence Collection Policy 2m
- Evidence Preservation Policy 2m
- Information Security Policy 2m
- NIACAP, IA, and C/A Policy 1m
- Physical Security Policy 2m
- Physical Security Guidelines 1m
- The Law in a Digital World 4m
- Summary 2m
- What We're Going to Learn 1m
- What Is a Computer Security Incident? 3m
- How Do We Identify an Incident? 4m
- How Do We Handle an Incident? 1m
- So What's the Goal? 2m
- What's the Plan? 3m
- Information Warefare 4m
- Vulnerability, Attacks, and Threats 6m
- Signs of an Incident 10m
- How Do We Respond? 4m
- The Team 4m
- What Did We Learn? 1m
- Understanding the Workflow 3m
- Identification 5m
- Incident Recording 1m
- Initial Response 2m
- Communicating the Incident 1m
- Containment 3m
- Formulating a Response Strategy 3m
- Incident Classification 2m
- Incident Investigation 1m
- Data Collection 2m
- Forensic Analysis 2m
- Evidence Protection 2m
- Notifying External Agencies 1m
- Eradication 6m
- System Recovery 2m
- Incident Documentation 2m
- Incident Damage and Cost Assessment 2m
- Review and Update the Response Policies 1m
- What Did We Learn? 1m
- What We're Going to Learn 1m
- Denial of Service: Handling 5m
- Denial of Service: Detection 5m
- Denial of Service: Handling 3m
- Denial of Service: Responding 2m
- Denial of Service: Prevention 2m
- Denial of Service: Containment 3m
- Denial of Service: Best Practices 1m
- Unauthorized Access: Handling 7m
- Unauthorized Access: Signs of a Root Compromise 4m
- Unauthorized Access: Hardware 2m
- Unauthorized Access: Responding 2m
- Unauthorized Access: Prevention 4m
- Unauthorized Access: Responding 2m
- Unauthorized Access: Eradicate and Recovery 1m
- Unauthorized Access: Best Practices 3m
- Inappropriate Usage: Detecting 4m
- Inappropriate Usage: Prevention 3m
- Inappropriate Usage: Containment 1m
- Multiple Components Issues: Handling 2m
- Multiple Components Issues: Responding 1m
- What Did We Learn? 1m
- What We're Going to Learn 1m
- Service and Application: Monitoring 2m
- Some Symptoms: Services 2m
- Demo: Checking Services 8m
- Demo: Application Error Monitoring 4m
- Analysis: Applications 1m
- Service and Application: Response and Restore 2m
- Detecting the Attacks: Applications 4m
- Types of Attacks: Session Hijacking 2m
- Demo: Session Hijack 4m
- Symptoms: Session Hijacking 4m
- Defense: Session Hijacking 3m
- When It Happens: Session Hijacking 1m
- Types of Attacks: Command Injection 6m
- Defense: SQL Injections 3m
- When It Happens: SQL Injection 2m
- Types of Attacks: XSS Attacks 1m
- What Attackers Are Looking For: XSS Attacks 3m
- Types of XSS Attacks 2m
- Tools: XSS Attacks 1m
- Defense: XSS Attacks 3m
- When It Happens: XSS Attacks 1m
- Types of Attacks: Buffer Overflow 2m
- Types of Buffer Overflows 1m
- Tools: Buffer Overflows 2m
- Defense: Buffer Overflows 3m
- When It Happens: Buffer Overflows 1m
- What Did We Learn? 1m
- What We're Going to Learn 1m
- Malicious Code: Virus and Worms 2m
- Malicious Code: Trojans and Spyware 3m
- Malicious Code: What to Do? 4m
- Malicious Code: What Are the Signs? 2m
- Malicious Code: Containment 3m
- Malicious Code: Gather Evidence 2m
- Malicious Code: Bots and Botnets 3m
- Malicious Code: How Bots and Botnets Work 5m
- Incident Response Handling Performing 2m
- Malicious Code: Rootkits in Windows 3m
- Malicious Code: Rootkits - Kernel Mode 1m
- When It Happens: Rootkits 2m
- Prevention: Rootkits 3m
- Insider Threats: The Landscape 2m
- Insider Threats: The Workflow 1m
- Insider Threats: Detection and Response 3m
- Insider Threats: Prevention - Network Level 2m
- Insider Threats: Prevention - Access Control 2m
- Insider Threats: Prevention - Awareness Program 2m
- Insider Threats: Prevention - Admins and Privileged Users 3m
- Insider Threats: Prevention - Backups 2m
- What Did We Learn? 1m
About the author
Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years. Dale also has an additional 7 years of senior IT management experience and worked as a CTO for a popular ISP provider. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge of the course material. Straddling the line of fun and function, Dale's instruction is memorable and entertaining. Dale's knowl... more