- There are times where you will be required to do more than the standard Incident Response tactics.
- In particular when working with law enforcement
- Being that this is an advanced topic and we need to be prepared.
Guideline:
- Annoyance - Because messing with attackers is fun.
- OODA:
- Observe
- Orient
- Decide
- Act
- Whoever can do these things the fastest - does not die
- Originally developed for fighter-pilots
- Can apply to computer security
- With current security models, how many of these can you impact?
- OODA:
- Attribution - Who is attacking me?
- Why Attribution? - Easy answer: Get the bad guys
- More difficult situation: You cannot get the bad guys
- What?
- If you are being attacked by a nation state, "getting the bad guys" might be kind of hard
- So, why do this then?
- One, know what they are after
- Two, understand what they already have
- This will help you better design defenses and better understand how much you need to allocate to this issue
- Attack - Here There Be dragons.
- Court authorization is very helpful
- But even with this there are different areas
- We want to focus on client-side attacks
- Force the attacker to take something from us in the first place
- Do not make your malware easily accessible
- You want to be pretty clear that if an attacker does trip on this, they stole from you first
- There are many ways this can go wrong
- Be careful
- Court authorization is very helpful
No comments:
Post a Comment