Incident Response Containment Strategy: [Essay Example], 588 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Incident Response Containment Strategy

Print Download now

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

Steps to respond to the incident

Buffer overflow is a vulnerability was first detected in 1980s when Robert Morris created a worm which infected ten percent of the internet in two days. The vulnerability that deals with buffers which are the smallest memory locations for programs that allow for direct access to write and read memory (Foster, 2005). Buffer overflow occurs when the data to be stored in a particular buffer overwrites to subsequent spaces causing overwriting or excess data reading. In our case, the incident response strategic decisions team has learnt about a potential worm that may compromise the safety of Microsoft IIS servers. Our team has to act fast since the worm situation may get out of hand in a very short while and the effects may be disastrous.

First, the team has to identify that the threat is real meaning we should test to determine the vulnerability. While looking at the source code, our focus is on the areas that require buffer access, modification and use. For example, areas where there is input supplied by a user pose a potential point for stack overflow since it is easy to exploit (McGraw, 2004).

Code example:

void askquestion () {

char client_answer [4];

Printf (“Was this information helpful? Please answer yes or no:”);

gets (client_answer);

}

The code above asks a question to the user prompting a yes or no answer. The user may input ‘not-really’ forcing the program to crash instead of displaying an error message and prompting the question again.

Process flow diagram to determine strategy to use.

Process flow diagram to determine when to relay information to upper management.

Upper management should be notified immediately the suspicion is confirmed since the potential threat could turn into a disaster within moments.

Incident recovery process

Types of disasters, response and recovery.

Stack attacks

The smallest in it of memory is a stack. The worm overloads the stack and tricks the program to open malware they have saved elsewhere. The computer then implements what the code dictates.

Heap attacks

Are associated with larger memory spaces such as those used to store pictures and texts. Such an attack is hard for the attacker to implement since the heap has no direct access to executable code memory

Arithmetic attacks

Comes from the improper handling of signed and unsigned numbers in C

Format attacks

When operating systems require automatic conversion of text string s from small text format to a larger format, the code may be manipulated such that a buffer overflow is reached.

Mitigation techniques include;

Developing stronger apps in teams and utilizing recent programming languages such as python and java.

Updating security systems regularly

Constantly checking for malware and loopholes for hackers.

Techniques for different disasters.

Since we have successfully identified the problem, we identify the best strategy to resolve the problem. Protection techniques can be categorized into;

Static- Offers correction to the software with tools such as STOBO and RATS (Viega, 2003).

Dynamic- (hardware and software) monitor and protect data at the source or the other end of an overflow

Isolation- not executing in stack memory and limiting the space of a process. (using SPEF and sandboxing)

Issues in disaster recovery

The main issue in disaster recovery is unpreparedness. Individuals and organizations should be prepared for disaster with back up storages in the cloud while utilizing data duplication tools to reduce storage costs (Patterson, 2013).

Back up plans should be put in place carrying out the back ups in small chunks over short periods to ensure viability.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Cite this Essay

To export a reference to this article please select a referencing style below:

GradesFixer. (2019, May, 14) Incident Response Containment Strategy. Retrived February 17, 2020, from https://gradesfixer.com/free-essay-examples/incident-response-containment-strategy/
"Incident Response Containment Strategy." GradesFixer, 14 May. 2019, https://gradesfixer.com/free-essay-examples/incident-response-containment-strategy/. Accessed 17 February 2020.
GradesFixer. 2019. Incident Response Containment Strategy., viewed 17 February 2020, <https://gradesfixer.com/free-essay-examples/incident-response-containment-strategy/>
GradesFixer. Incident Response Containment Strategy. [Internet]. May 2019. [Accessed February 17, 2020]. Available from: https://gradesfixer.com/free-essay-examples/incident-response-containment-strategy/
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

close

Thanks!

Your essay sample has been sent.

Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

thanks-icon Order now
boy

Hi there!

Are you interested in getting a customized paper?

Check it out!
Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.