Performing Incident Response and Handling

In this course, you’ll explore and investigate into the countless aspects of incident response and how you can plan and design a process for responding to that breach that is coming sooner or later to your organization.
Course info
Level
Beginner
Updated
Jan 24, 2018
Duration
5h 19m
Table of contents
Course Overview
Preparing for Incident Response and Handling
Incident Response Processes
The Workflow of Incident Response
Networks and Host Attacks
Service and Application Attacks
Malicious Code and Insider Threats
Description
Course info
Level
Beginner
Updated
Jan 24, 2018
Duration
5h 19m
Description

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
Ethical Hacking: Vulnerability Analysis
Intermediate
3h 14m
27 Sep 2018
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dale Meredith, and I'd like to welcome you to my course, Performing Incident Response and Handling. This is an exciting course because it actually covers three certification domains from CSA+ to GCIH, as well as ECIH. Now I know, it's a bargain. It's a three-for-one deal. Now I personally have been a Microsoft trainer since 1998, as well as a cybersecurity trainer and consultant. I've worked with several corporate 500 companies, as well as the Department of Homeland Security on several different projects. I'd tell you about them, but then I'd have to kill you. So listen, if your organization experiences any incidences that aren't properly contained and handled, it's going to escalate into a bigger problem that eventually could lead to a data breach or even system failures. Responding to any incident rapidly will help your organization minimize losses, as well as mitigate any vulnerabilities and restore services and processes as quickly as possible, as well as reduce the risk of being attacked in the future. Incident response allows an organization to be equipped for the unknown and is a dependable method for detecting a security instant instantly when it occurs. In this course, we'll talk and teach you about how to respond to major incidences that can cripple an organization. We'll also talk about some best practices for each type of issue to help stop the intrusion before it causes damage. Plus, if you're familiar with my other courses, you know we'll have some fun along the way. Some of the topics that we'll actually cover in this particular course include the actual workflow of what you should follow during an incident response. It'll kind of help you keep organized. We'll also look at some of the major symptoms, the defenses, and what to do when an incident happens. Oh, it's going to happen, trust me. Need a policy? I've got a whole module that's going to give you a complete list of all the policies that your organization should have in place. By the end of this course, you should have a great understanding of how to prepare yourself and your company or organization for an incident, as well as be able to identify different signs that could actually end up warning you that you've had an incident or one's coming your way. We'll also make sure that you understand how to handle some of the more common issues, as well as how to stop them from happening. Spoil alert, you can't stop them. But you can be good to go if anything happens. Now before beginning this course, you should be familiar with some basic network typologies and technologies, such as TCP/IP, devices like routers and switches, as well as you should be familiar with different operating systems, such as Windows and Linux. No, I'm not going to quiz you, but we do do some demos in those operating systems. After you've finished this course, you should feel comfortable diving into the other courses within this series, such as the Performing and Analyzing Network Reconnaissance or even branching out a bit and taking a look at the Ethical Hacking series. I hope you'll join me on this adventure in learning with Performing Incident Response and Handling course here, at Pluralsight.

Incident Response Processes
Okay, let's now talk about incident response processes. In this module, we're going to go through and take a look at several different things for you. We'll first go through and take a look at what is a computer security incident and make sure you have a clear understanding of that. After that, we'll go through and talk about what I refer to as information warfare. After we review that, we'll then look at vulnerability, attacks, and threats, as well as a sign of an incident. Sometimes the incident isn't necessarily visible or you may not actually recognize it, so we need to be looking at signs of maybe something's coming our way. We'll then talk about actually how do we respond to an incident or a sign of an incident or any type of issue? And we'll sum this up or wrap this up by looking at the teams that should be involved throughout this process. Okay, so we've got our blueprint of what we're going to be reviewing here. Let's get going.

Networks and Host Attacks
Okay, so now we're going to look at Incident Response and Handling: Networks and Host Attacks. Now in this module, we're going to go through and take a look at a couple of different things when it comes to these issues. We're going to first take a look at how to handle a DoS, or the issues that it might create for us, as well as actually what it is. We'll review each one of these types of attacks. We'll look at handling unauthorized access issues, as well as handling inappropriate, oh that's so inappropriate Dale, usage issues, as well as how do we handle multiple component issues? So we've got a lot to cover here. Let's get going.

Service and Application Attacks
Okay, so when it comes to actually looking at applications and service issues or incidents, it requires information about what the service or the application that's running, and how they are expected to behave. So we're going to go through in this module then and take a look at things at the following issues that you may want to make note of, both for immediate future and real world. We'll look at how we actually monitor applications and services, as well as some of the symptoms that we might see that a service is under attack, and how to actually respond and restore. We'll look at some of the attacks that we might see, or how to detect those attacks that hit the applications, and the different types of attacks. We'll get into several different types of attacks when it comes to apps, like SQL injection and cross-site script attacks. So let's go ahead and jump in and see what we can learn today.

Malicious Code and Insider Threats
Okay, so in this module, we're going to take a look at incident response and handling, both of malicious code and insider treats. No, it's threats. I just like how close that name is to treats. We're going to first go through and focus in on the aspects of looking at the malicious code side of things. And in that, we're going to go through and take a look at obviously viruses and worms. We'll also take a look at trojans and spyware, as well as bots and botnets. We'll also take a look at backdoors and rootkits. After we take a look at all this malicious code, we'll then go through and take a look at the insider threats. And in that aspect, we'll look at making sure we understand what the current landscape is with insider threats, and it's always changing to be honest with you. We'll also take a look at the workflow of an insider threat, as well as how to detect and respond to this type of incident, and then also give you some best practices when it comes to dealing with insider threats. I know, some of you guys are thinking I can handle an insider threat, Dale. Well, that really does depend because we're going to be talking about things about involving HR, and the possible legal ramifications. So when you're ready, go ahead and hit next, and we'll get going.