Like any other day, Jim pulls into the parking lot at Pixelated Pony Corporation (PPC) for another day of work. While walking across the parking lot, he reminds himself that he needs to back up the final design of the company's top secret project. Just as he is about to open the front door, he notices a USB drive on the ground. Thinking it might be one of his coworker's and that he could possibly identify its owner by looking at its contents, he picks it up and carries it to his desk. Should Jim plug the USB drive into his machine?
Attacks do not always originate at the network level and any machine behind the firewall is a potential target. If attackers are able to access machines physically or trick users into carrying out attacks on their behalf, they can compromise systems. To handle host-based incidents properly, incident response procedures are required.
For this Assignment, write a 4- to 6-page paper that
- Defines incident response procedures for handling an intrusion on a host or host family (e.g., Windows or Linux).
- Explains why your incident response procedures alone are not sufficient to respond to an incident.
- Explains why an incident response procedure for a host-based intrusion must rely on evidence collected from more than one host.