Six Myths about Ontologies: The Basics of Formal Ontology
FTP Data Breach Incident Response - Eric Vanderburg
1. FTP Data Breach Incident Response
Eric Vanderburg
June 19, 2008
2. Scenario
• Private confidential data on an FTP server is accessed
by an unauthorized individual
• Incident: YES
• Issues
– Potential privacy notification is needed
– More data could be viewed or stolen so the incident
needs to be contained
– Data needs to be replaced
3. Detection and Analysis
•
•
•
Determine access method
– Stolen or sniffed password
– Exploit in system
Determine the scope of the incident
– Find out if the incident has happened before an never
discovered.
– Find out which data was accessed and which
stakeholders/clients are impacted by the disclosure
Determine if the data obtained is in a form that would disclose
private data, can be converted into a form that would disclose
private data, or can be combined with data from another incident to
disclose private data.
4. Containment Strategies
•
•
•
•
•
•
Block IP or IP subnet from the firewall
Shutdown FTP
Change FTP passwords
Move FTP to another server
Change FTP ports
Contact source and try to stop the distribution or use of
the information
7. Preventing Future Occurrences
•
•
•
•
•
Set timeout on FTP site
Set alerts on FTP events
Encrypt username and password or require VPN for FTP
Set FTP server to only respond to specific IP addresses
Configure Firewall rules for FTP ports to only allow traffic
from specific pre-approved IP addresses or subnets.