Securing Citrix XenApp Server in the Enterprise (eBook)

Front Cover 1
Securing Citrix XenApp Server in the Enterprise 4
Copyright Page 5
Technical Editor 6
Contributors 8
Contents 10
Chapter 1: Introduction to Security 30
Introduction 31
Defining Security 31
Defining Risk 31
Defining Value 32
Defining Threat 33
Defining Vulnerability 34
Defining Countermeasures 34
You Really Can’t Counter Threat 35
What Is a Security Program? 36
Optimizing Risk 36
Consciously Accept Risk 39
Understanding the Security Design Process 39
The CIA Triad 40
Why Does Your Organization Need a Security Infrastructure? 42
Analyzing Existing Security Policies and Procedures 42
Acceptable Use Policies 43
Privacy versus Security 44
Security versus Usability 45
Designing a Framework for Implementing Security 45
Predicting Threats to Your Network 46
Recognizing Internal Security Threats 48
Increasing Security Awareness 48
Recognizing External Threats 49
Denial-of-Service Attacks 49
Distributed Denial-of-Service Attacks 50
Viruses, Worms, and Trojan Horses 51
Software Vulnerabilities 51
Nontechnical Attacks 53
What Motivates External Attackers? 54
Implementing Risk Analysis 55
Addressing Risks to the Corporate Network 56
Analyzing Security Requirements for Different Types of Data 57
Defining Best Practices for Designing Your Security Framework 58
Reviewing Compliancy 60
Citrix and HIPAA, Sarbanes-Oxley, FERPA 60
FIPS 40-2, FIPS 20 and HSPD- 2 61
Explaining Security Technologies 62
Digital Certificates 62
Cryptography 64
Auditing and Vulnerability Assessments 68
Assessment Types 69
Host Assessments 69
Network Assessments 70
Automated Assessments 70
Stand-Alone versus Subscription 71
Two Approaches 71
Administrative Approach 71
The Outsider Approach 72
The Hybrid Approach 73
Realistic Expectations 74
Defining Authentication Models 75
How Does the System Authenticate a User? 75
Kerberos 77
Understanding the Kerberos Authentication Process 78
Secure Sockets Layer/Transport Layer Security 78
NT LAN Manager 80
Digest Authentication 80
Passport Authentication 80
Multifactor Authentication Models 81
Passwords 82
Windows Password Policies 83
Smart Card 85
Token 86
Biometrics 87
Summary 90
Solutions Fast Track 91
Frequently Asked Questions 94
Chapter 2: Security Guidance for Operating Systems and Terminal Services 98
Introduction 99
Windows 2003 Basics 100
Kernel Protection Mechanisms 100
Disk File System Basics and Recommendations 102
NTFS 102
FAT 32 103
Creating, Using, and Maintaining Users and Groups in Windows 2003 103
Local Accounts 103
Domain Accounts 106
Windows 2003 Security Essentials 108
What Is Vulnerable in Windows 2003? 108
RUNAS Service 108
Files and Applications 108
Accounts Data 109
Providing Basic Security Levels in Windows 2003 109
Creating Security Templates 110
Analyzing Security Policy Templates and Machine Security Configuration 110
Installing and Checking Security Policy Templates 116
Attacking Windows 2003 117
System Identification Methods 118
Remote Enumeration 119
NetBIOS 119
SNMP 121
Probing 123
Local Enumeration 124
Authentication Attack Methods 125
Attacks Using Common and Known Vulnerabilities 125
Defending and Hardening Windows 2003 126
Evaluate Your Needs and Current Status 127
Evaluating Services 127
Evaluating Access to Protocols 127
Secure Your Equipment and OS 128
Applying Patches and Service Packs 128
Security Templates 129
Securing Access Control Methods 129
File and Data Security Settings 130
Password Policies and Protections 130
Secure Network Communications 131
Eliminating Unnecessary Components 131
Network Services 131
Local Services 132
Using Tools and Methodologies to Analyze Weaknesses and Configuration Changes 133
Tracking and Applying Updates, Service Packs, and Patches 133
Security Checklist 135
Windows 2003 System 135
Windows 2003 Terminal Services Basics 136
Terminal Server Clients 137
Windows Remote Desktop Client 138
TSAC (ActiveX) 138
Windows XP TSAC 139
TSAC and Alternate Terminal Server Ports 139
MMC Snap-in 140
Using the Rdesktop Linux Client 141
Macintosh Clients 142
Using Terminal Server Tools 142
Using Windows 2003 Terminal Server Commands 143
Using TSCmd.exe 144
Querying Logon Permissions with TSCmd.exe 144
Modifying Settings with TSCmd.exe 144
Terminal Services Manager 146
Terminal Services Configuration 147
Attacking Terminal Servers 149
Locating Terminal Servers 150
Port Scanning 150
Identifying Hidden Terminal Servers 150
Finding Windows Servers with Access to Other Segments 151
Using Windows Endpoints 152
Enumerating Users and Logon Rights 152
Manual Password Guessing via Terminal Server GUI 153
Automated Password Guessing via Windows (TCP 139,445) 154
Automated Password Guessing via TCP 3389 154
Application Server Attacks 158
Breaking out of a Specified Internet Explorer Application 159
Using the Task Manager to Obtain a Shell 160
Using WinZip to Obtain a Shell 160
Privilege Escalation Attacks 160
Running GetAd.exe 161
Running DebPloit Exploit in TS to Get Administrator 161
Regaining Logon Rights as an Administrator 162
Maximizing Your SQL Compromise with Terminal Server 163
Getting Your Tools for Further Attacks 164
The Beauty of the GUI 164
Using Hacker Tools to Expand Influence from Terminal Server 165
Defending Terminal Servers 165
Install Current Patches 166
Set Strong Windows Passwords 166
Use High Encryption for Sessions in Windows 2003 167
Set Strongest Usable Terminal Server Permissions 168
Terminal Server Group Policies 172
Relocate Terminal Server to a Obscure Port 172
Implementing Basic Host-Level Security 173
Use the Principle of Least Privilege 174
Set a Logon Banner 175
Increasing Security with Extreme Measures 175
Remote Administration Mode Specific Defenses 175
Rename the Administrator 175
Disable TSInternetUser and Remove Licensing Service 175
Application Server Mode Specific Defenses 176
File Security 176
Disallow User Access to Shared Clipboard 176
Disallow Remote Control 176
Specify an Initial Starting Program 176
Restrict Application Usage 176
Limit and Log Access from Older Clients 177
Case Study: Attacking Terminal Server 177
Security Checklist 178
General Points of Server Inspection 178
Application Sharing Specifics 179
Remote Administration Mode Specifics 179
Windows XP Remote Desktop Specifics 180
Summary 181
Solutions Fast Track 182
Frequently Asked Questions 185
Chapter 3: Terminal Services and XenApp Server Deployment 186
Introduction of Terminal Services and Citrix XenApp Server 187
What Is Terminal Services? 187
History of Terminal Services 188
The Dark Ages: The Birth of Windows NT 4.0 Terminal Server Edition 188
The Renaissance: The Light of Windows 2000 Terminal Services 191
The Future and Beyond: Capabilities of Windows Server 2003 Terminal Services 194
Installing Terminal Services 196
Limitations of Windows Server 2003 Terminal Services 201
Load Balancing Limitations 201
Secure Remote Access Solution 202
Lack of an Enterprise Toolset for Management 203
Lack of Built-in Application Deployment Solution 204
Small List of Supported Clients 205
Limited Client-Side Functionality 205
History of Citrix XenApp Server 206
Understanding the XenApp Server Architecture 207
XenApp Server Farms 207
Implementing a Server Farm 208
A Single Server Farm 208
Multiple Server Farms 209
Planning a Server Farm Project 209
The IMA Data Store 210
Local Host Cache 211
IMA Zones 212
The IMA Data Collector 212
Bandwidth Requirements for a Server Farm 214
Server-to-Data-Store Communication 214
Data Collector Communication 214
Listener Ports 215
Independent Management Architecture 215
Independent Computing Architecture 216
The Future and Beyond: Capabilities of XenApp Server 216
XenApp Server Version Information 217
Management and Monitoring 217
Application Publishing 218
Printer Management 219
Deploying Service Packs and Hotfixes 219
Security Improvements with XenApp Server 219
How XenApp Server Fills the Gaps in Terminal Services 220
Improvements in Terminal Services 220
So, Where Are the Gaps? 221
Application-Level Improvements 221
Citrix Speedscreen 222
Session Disconnections and Reliability 222
Web Interface 223
Performance Issues 224
Load Balancing 224
Planning for XenApp Server Deployment 225
Hardware Planning 225
Horizontal vs. Vertical Scaling 225
Build In Redundancies 229
Server Virtualization 231
Platform Deployment Options 232
Manual Installation 232
Unattended or Scripted Installs 233
Server Cloning 236
Server Provisioning 238
Hybrid Approach 240
Citrix XenApp Server Installation Process 241
Planning for Home Folder and Terminal Server Profile 243
Analyze Hardware and Software Requirements 248
View Installation Checklist 248
Remap the Server Drives 249
Install the Document Center 250
Create the Data Store 250
Installing Microsoft SQL Express 2005 Desktop Engine with Service Pack 1 251
Creating a Database with Microsoft SQL Server 2005 252
Install the License Server 253
Installing Internet Information Server 254
Installing Citrix Access License Servers in a XenApp Environment 256
Define the Server where you will be installing the Citrix License Server 257
Activate your Serial number and download a License file 257
Install Citrix License Server 258
Copy the license file to the folder on the License Server 259
Verification of the License Server and Licenses 259
Configure Delegated Administration 259
Enable Licensing Report Logging 260
Installing XenApp Server 260
Summary 279
Solutions Fast Track 280
Frequently Asked Questions 285
Chapter 4: Understanding XenApp Security 288
Introduction 289
Defining the XenApp Security Model 289
Defining Farm Security and Farm Boundaries 292
Defining XenApp Server Security 294
Introducing Microsoft Security Tools 294
Understanding Alternate Data Streams 296
Understanding Security Configuration and Remediation 298
Using Windows Group Policy Objects 300
Using Windows Security Templates to Baseline Your System 301
Defining an Antivirus Solution 302
Understanding Intrusion Detection 303
Understanding Published Application Security 304
Understanding Application Security Policies 304
Explaining NTFS Permissions for Published Application Security 306
Defining XenApp Published Application Properties 306
Understanding ICA Connections 308
Understanding Network Configuration 308
Understanding Client Devices 312
Understanding Users Rights, Responsibilities, and Permissions 314
Defining Types of Deployments 316
Internal Network (Intranet) Deployment Using SSL Relay 316
External Network Deployment (Single Hop) 318
External Network Deployment (Double Hop) 319
Web Interface with SSL Relay 320
Understanding Wireless LANs (WLANs) 323
Understanding Authentication Methods 323
Understanding Explicit Authentication 323
Understanding Kerberos Authentication 323
Understanding Multifactor Authentication 325
Understanding Pass-Through Authentication 326
Encrypting XenApp 327
Understanding Encryption 327
Symmetric Key Encryption 327
Asymmetric Key Encryption 328
Secure Sockets Layer (SSL) 330
How a Secure Channel is Established 330
Transport Layer Security (TLS) 331
Advanced Encryption Standard (AES) 332
Fips 140-2 333
Encryption Strength Options 333
Where Can You Use Encryption? 334
Encrypting Server, Published Application, and Client Communications 335
Using HTTPS 336
ICA Encryption (Secure ICA) 336
Using the SSL Relay Service 338
Secure Gateway 338
Clients that Can Support Encryption 340
Explaining IMA Encryption 340
Summary 341
Solutions Fast Track 341
Frequently Asked Questions 344
Chapter 5: Security Guidance for Citrix XenApp Server 346
Introduction 347
Deployment Considerations 347
Active Directory 349
Domains 350
Domain Tree 350
Forests 351
Organizational Units 352
Protecting Your Active Directory Data 353
Implementing Active Directory Security Groups 354
Best Practices 355
Forest Trusts 355
Trust-Based Routing 357
Maintaining Software Integrity 358
Using a Supported Software Version 358
Understanding Citrix Service Accounts 360
Securing Java Client on XenApp Servers 362
Defining Multiple Services on Host Systems 362
Understanding Anonymous Accounts 363
Configuring XenApp Components 364
Understanding and Using XenApp Policies 366
Understanding XenApp Shadowing 366
Configuring Shadowing 367
Configuring During Installation 368
Creating XenApp Shadowing Policies 369
Shadowing through Group Policy Objects 371
Using the Terminal Services Configuration Tool 372
Editing the Registry 373
Controlling through User Account Properties 374
Configuring Shadow Auditing and Logging 375
Understanding Drive Remapping 378
Configuring the XML Service 379
Configuring Session Reliability (XTE Service) 380
Understanding MFCOM 382
Securing Your XenApp Farm 383
Planning for Farm Security 383
Securing Your XenApp Server 385
Securing Client Server Communication 386
Configuring ICA Encryption 386
Configuring SSL Relay 389
Using Virtual Private Networking to Secure XenApp Sessions 391
Configuring the Secure Ticket Authority (STA) 392
Configuring Smart Card Authentication 394
Configuring Kerberos 395
Using XenApp and Kerberos without Pass–Through 396
Using XenApp and Kerberos with Pass-Through 396
Configuring Automatic Client Reconnection 396
Configuring the SNMP Service 397
Configuring Network Firewalls 402
Configuring IMA and IMA Encryption 402
Securing the Data Store 403
MS Access Database Data Store 405
SQL Express Data Store 405
DBMS Data Store (IBM DB2) 406
DBMS Data Store (SQL) 406
Multifaceted SQL Server Security 406
Security: Why Worry About It? 406
The Principle of Least Access 407
Installing SQL Server 408
Best Practices for Installing SQL Server According to Microsoft 408
Services Off by Default 409
SQL Server Surface Area 410
What Is Surface Area? 411
The Surface Area Configuration Tool 411
The Surface Area Configuration Tool GUI 411
Roles 411
Using Roles 412
Role Types 412
User-Defined Standard Roles 412
User-Defined Application Roles 413
Predefined Database Roles 413
Fixed Server Roles 414
Understanding the SQL Server Authentication Modes 414
Understanding Granular Access 416
Principals 416
Securables 417
Permissions 418
Control 418
Alter 419
Alter Any 419
Take Ownership 419
Impersonate 419
Create 419
View Definition 420
Backup 420
Restore 420
Managing Granular Access 420
Understanding Implied Permissions 421
Assigning Permissions 421
DBMS Data Store (Oracle) 423
Implementing Oracle Best Practices 424
Locking Down Your Database 425
Monitoring Your XenApp Farm 426
Planning for Logging 426
Enable Configuration Logging 426
Using Configuration Logging and Creating Reports 428
Summary 430
Solutions Fast Track 430
Frequently Asked Questions 434
Chapter 6: Policies and Procedures for Securing XenApp 436
Introduction 437
Windows Server 2003 Group Policy 437
Terminology and Concepts 439
Local and NonLocal Policies 439
User and Computer Policies 440
Software Settings 440
Windows Settings 440
Administrative Templates 441
Group Policy Objects 442
Scope and Application Order of Policies 442
Local, Site, Domain, OU 442
Understanding Policy Inheritance 443
Filtering Scope by Security Group Membership 444
Planning a Group Policy Strategy 444
Using RSoP Planning Mode 444
Opening RSoP in Planning Mode 445
Reviewing RSoP Results 447
Strategy for Configuring the User Environment 449
Strategy for Configuring the Computer Environment 450
Run an RSoP Planning Query 450
Applying Group Policy Best Practices 455
Configuring Group Policy with the Group Policy Management Console 456
Features of the GPMC 457
Installing the GPMC 459
Using the GPMC 461
The Domains Node 462
The Sites Node 462
The Group Policy Modeling Node 462
The Group Policy Results Node 463
Creating and Editing Group Policy Objects with the GPMC 464
Policy Design Considerations 466
GPO Elements of Special Importance 467
Creating an Assigned Software Package Installation in the Computer Configuration Node 470
Configuring XenApp Policies 471
Creating and Configuring Policies 472
Creating a XenApp Policy 473
Applying Policy Filters 476
Using Policies to Make XenApp More Secure 479
Windows Policies to Secure XenApp 480
Computer Policies 480
User Policies 487
XenApp Policies to Secure XenApp 508
Summary 512
Solutions Fast Track 512
Frequently Asked Questions 514
Chapter 7: Locking Down Your XenApp Server 516
Introduction 517
Protecting Your Server (and Its Parts) 517
System BIOS Lockdown 517
USB Blockers 518
Alarms 518
Intrusion Detection Systems 519
What Is an Intrusion? 520
What Is Intrusion Detection? 521
Network IDS 522
Host-Based IDS 523
Distributed IDS 524
Why Are Intrusion Detection Systems Important? 525
Why Are Attackers Interested in Me? 526
Where Does an IDS Fit with the Rest of My Security Plan? 526
Doesn’t My Firewall Serve as an IDS? 526
Where Else Should I Be Looking for Intrusions? 528
Using an IDS to Monitor My Company Policy 528
Protecting Your Data 529
Considerations for Disaster Recovery and Business Continuity 529
Business Continuity and Disaster Recovery Defined 530
Understanding Disaster Recovery 532
Understanding the Components of Disaster Recovery 533
Using Disaster Recovery Best Practices 533
Understanding Business Continuity Plans 535
The Elements of a Business Continuity Plan 535
Backing Up Your Data 536
Backup Concepts 536
Backup Media 537
Managing Media 537
Off-Site Storage 538
Configuring Security for Backup Operations 538
Understanding Backup Types 539
Creating a System Recovery Plan 542
Backing Up System State Data 542
Primary, Nonauthoritative, and Authoritative Restores 543
Creating an Automated System Recovery Set 544
Installing and Using the Recovery Console 544
Using Windows Startup Options 547
Safe Mode 548
Safe Mode with Networking 548
Safe Mode with Command Prompt 548
Enable Boot Logging 548
Enable VGA Mode 548
Last Known Good Configuration 548
Directory Service Restore Mode 549
Debugging Mode 549
Updating and Patching the Network Operating System 549
Designing a Windows Server Update Services Infrastructure 549
Using Group Policy to Deploy Software Updates 551
Design a Strategy for Identifying Computers That Are Not at the Current Patch Level 552
Recovering from Server Hardware Failure 554
The Role of Fault-Tolerant Disks 554
RAID 1 555
RAID 5 555
Planning Physical Security 556
Creating a Plan for Physical Security 557
Network Resources That Require Physical Security 557
Protecting the Servers 557
Keeping Workstations Secure 558
Protecting Network Devices 558
Securing the Cable 560
Methods for Securing Facilities 560
Security Measures and Objectives 560
People 561
Know Your Users 562
Educate Your Users 562
Control Your Users 562
Hiring and Human Resource Policies 562
Physical Security 563
The Paper Chase 563
Removable Storage Risks 564
Password Security 564
User Roles and Responsibilities 565
Technology 566
Firewall Security 566
Firewall Types 567
Antivirus Software Security 568
Securing the File System 568
NTFS Permissions Defined 569
Windows Group Policy 570
Citrix Policies 571
Public Key Infrastructure 571
Understanding the Function of a PKI 571
Digital Certificates 572
Certification Authorities 573
Applying PKI Best Practices 574
Processes 574
Security Patch Management 574
Backup Policies 575
Backup Rotation Schemes 576
Auditing Policies and Audit Logging 576
Change Management 578
Summary 579
Solutions Fast Track 579
Frequently Asked Questions 582
Chapter 8: Security Guidance for ICA and Network Connections 436
Introduction 587
Understanding Network Protocols 587
Configuration of the RDP Protocol 587
Controlling Connection Access 591
Configuration of the ICA Protocol 592
Configuring TCP Ports 594
Defining Network Segregation 595
Multihomed servers 595
XenApp Zones 597
Understanding Connections to a XenApp Server 598
Connections via Program Neighborhood Agent 598
Connections via Program Neighborhood 599
Kerberos Pass-Through Authentication 600
Selecting a Server Location Protocol 602
Configuring Certificate Revocation List Checking 606
Connections via the Web Interface 608
Connecting through a Proxy Server 609
Additional Client Configuration Settings 611
Understanding Internet Protocol Security 612
How IPsec Works 613
Securing Data in Transit 613
IPsec Cryptography 614
IPsec Modes 614
Tunnel Mode 614
Transport Mode 614
IPsec Protocols 615
Determine IPsec Protocol 615
ESP 615
AH 616
Additional Protocols 617
ISAKMP and IKE 617
Oakley 617
Diffie-Hellman 617
IPsec Components 617
IPsec Policy Agent 618
IPsec Driver 618
Deploying IPsec 618
Determining Organizational Needs 618
Security Levels 619
Managing IPsec 619
Using the IP Security Policy Management MMC Snap-in 619
Default IPsec Policies 621
Client (Respond Only) 621
Server (Request Security) 621
Secure Server (Require Security) 621
Custom Policies 622
Using the IP Security Policy Wizard 623
Managing Filter Lists and Filter Actions 628
Assigning and Applying Policies in Group Policy 628
Active Directory Based IPsec Policies 628
Cached IPsec Policy 628
Local Computer IPsec Policy 629
Addressing IPsec Security Considerations 629
Strong Encryption Algorithm (3DES) 629
Firewall Packet Filtering 629
Diffie-Hellman Groups 630
Preshared Keys 630
IPsec Configurations for XenApp 630
Understanding Public Key Infrastructure 634
The Function of the PKI 634
Components of the PKI 635
Understanding Digital Certificates 635
User Certificates 636
Machine Certificates 636
Application Certificates 637
Understanding Certification Authorities 637
Root CAs 637
Subordinate CAs 637
Certificate Requests 638
Certificate Revocation 639
Securing the Citrix License Server 640
Multiple Licensing Servers 640
Fault Tolerance 640
When to Use a Shared or Dedicated Server 641
Securing Your License Server 641
Summary 643
Solutions Fast Track 643
Frequently Asked Questions 646
Chapter 9: Securing Access to XenApp Using Citrix Secure Gateway 648
Introduction 649
Methods of Remote Access 649
Securing Communications between XenApp Server and Client 652
Secure ICA 652
Secure Socket Layer Relay (SSL Relay) 658
Private Networking to Secure ICA Sessions 659
Citrix Secure Gateway 661
Citrix Access Gateway 662
Citrix Secure Gateway Components 664
Secure Ticket Authority Configuration 665
Secure Gateway Installation and Configuration 669
Web Interface Configuration to Allow for Secure Gateway Connections 690
Summary 694
Solutions Fast Track 694
Frequently Asked Questions 695
Chapter 10: Auditing and Security Incidents 696
Introduction 697
Introduction to Auditing 697
The Auditing Process 697
Auditing Will Help You 698
Why Is Auditing Important? 698
Identifying Threats to Internal Network Security 699
Internal Network Security Assessment Methodology 699
Standardization and SAS70 700
Designing an Auditing Policy 700
Process for Planning an Audit Policy 700
Auditing of Active Directory Access 701
Filtering of Active Directory-Related Traffic 703
What Time Is It? 704
Identity Management 705
Event Management Storage 706
Determining What You Need to Monitor 708
Applications Services 708
Data Storage Points 708
Data Access Points 708
Infrastructure Components 709
Host Operating Systems (aka Servers) 709
Network Objects 710
Integrity Monitoring 710
Common Auditing Tools and Sources 710
Security Information Management 710
Security Event Alerting 711
Understanding System and Network Logs 711
Which Logs are Relevant? 713
Deciding Which Tools Will Help You Best 714
Log Correlation 714
Log Searching 714
Alerting Tools 715
Intrusion Detection and Prevention 715
Intrusion Detection 715
Intrusion Prevention 715
Dealing With Auditor’s Mistakes 715
Planning for Remediation 717
Understanding Penetration Testing 722
Know the Security Analysis Life Cycle 722
Programmatic Testing 723
Technical Testing 724
Customer Responsibilities 724
Penetration Testing 724
The Penetration Tester Mentality 724
Know the Core Processes 724
Think for Yourself 725
Ethical Conduct 725
Know When to Fold 726
Use the Right Tools 726
Build Your Own 726
The Penetration Methodology 726
Information Gathering 728
Search Engines 728
Newsgroup Searches 728
Forums and Blogs 728
Network Enumeration 729
Vulnerability Identification 729
Vulnerability Exploitation 729
Privilege Escalation 730
Expansion of Reach 730
Ensure Future Access 731
Compromise Information 732
The Cleanup 732
Understanding Vulnerability Assessments 733
What Is a Vulnerability Assessment? 733
Why a Vulnerability Assessment? 735
Assessment Types 736
Host Assessments 736
Network Assessments 737
Automated Assessments 737
Stand-Alone vs. Subscription 738
The Assessment Process 738
Detecting Live Systems 738
Identifying Live Systems 739
Enumerating Services 739
Identifying Services 740
Identifying Applications 740
Identifying Vulnerabilities 741
Reporting Vulnerabilities 741
Two Approaches 741
Administrative Approach 742
The Outsider Approach 743
The Hybrid Approach 743
Realistic Expectations 744
The Limitations of Automation 745
Creating an Incident Response Procedure 746
What to Include in a Communication Plan 746
Security Checklist 746
Activation Checklists 747
Process for Planning an Incident Response Procedure 747
Incident Response Plan 747
Computer Incident Response Team 748
Monitor 749
Alert and Mobilize 749
Assess and Stabilize 749
Resolve 750
Review 750
Other Considerations Regarding Security Incidents 750
Forensics 750
IT Recovery Tasks 751
Training Is Not Optional 752
Summary 753
Solutions Fast Track 753
Frequently Asked Questions 756
Index 758