CIRT (Computer Incident Response Team) is also commonly called CERT (Computer Emergency Response Team) – they are personnel responsible for coordinating the response to computer security incidents in an organization (Source: www.net.ttu.edu/security/policy_definitions.doc)

Responsibilities include:

• Manage the company’s response to events that pose a risk
• Coordinating information
• Mitigating risk, minimize interruptions
• Assembling technical response teams
• Management of logs
• Management of resolution

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

• Confidentiality – no disclosure of data
• Integrity – no alteration of data
• Availability – no destruction of data

Common Remote Connections

• xDSL – Digital Subscriber Line
• Cable Modem
• Wireless
• ISDN – Integrated Services Digital Network

Common Tools in Securing External Remote Connections

• VPN – Virtual Private Network
• SSL – Secure Socket Layer
• SSH – Secure Shell

Technologies for Remote Access Authentication

• RADIUS –  Remote Authentication Dial In User Service – is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards. (Source: http://en.wikipedia.org/wiki/RADIUS)
• TACACS – Terminal Access Controller Access-Control System - is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. (Source: http://en.wikipedia.org/wiki/TACACS)

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Types Remote Node Authentication

• PAP – Password Authentication Protocol – clear text
• CHAP – Challenge Handshake Authentication Protocol – protects password

Remote User Management

• Justification of remote access
• Support issues
• Hardware & software distribution

Intrusion Detection Process

• Notification
• Remediation

Remote Access Security Management focuses in the creation of:

• Host and networked based monitoring
• Event notification
• CIRT – Computer Incident Response Team
  • CIRT Performs
    • Analysis of event
    • Response to incident
    • Escalation path procedures
    • Resolution – post implementation follow-up