Home

computer abuse

Configuration Error

Thu, 03/05/2009 - 23:43 — binde

This incident type includes incorrect file permissions, unpatched operating systems, obsolete versions of software and otherwise unhardened operating systems and applications.

Botnet

Thu, 03/05/2009 - 23:39 — binde

A botnet is a a collection of software robots-- software applications that run automated tasks over the internet.

Advice for Specific Incidents

Thu, 03/05/2009 - 23:37 — binde

Information and advice tailored to the Rutgers University environment. These are the Incident Types used in abuse reports distributed by the Rutgers University Computing Incident Response Team (RU CIRT). Other commonly used designations are included for clarity.

Removing Information from Search Engines

Thu, 03/05/2009 - 23:31 — binde

Clearing or removing a web page from the local host is the first step. However, some search engines cache web pages-- copies of entire web pages or portions of them.

Compromise of Confidential or Sensitive Data

Thu, 03/05/2009 - 23:29 — binde

 
 
 

There are essential procedures common to a data breach, although a data breach can occur in many ways. The data loss is discovered in the investigation of an incident that initially presents as theft or loss of equipment, system intrusion or hacking, malware and unintended posting to a web page. Once it has been established that a data compromise has taken place, the loss of data becomes the overriding consideration in the response.
 
 
 
Some example scenarios:
 
  • A laptop containing sensitive information is stolen (physical intrusion or theft).
  • Sensitive information is inadvertently posted on a web site without access restrictions (configuration error). 
  • Access restrictions are inadvertently changed or removed, exposing the data (configuration error).
  • A system compromise raises questions as to the continuing confidentiality of the data (intrusion).  
  • Keylogging software or other spyware is found on a host (malware). 

Recovery advice depends on the particular compromise vector.  Refer to advice on the presenting incident as well as responding to the data exposure issue.
 

  • Preserve any log files that show access to the sensitive data.
  • Secure all copies of the material from further compromise using the most suitable method(s):
    • Remove the sensitive data from the host or web pages
    • Disconnect the host from the network
    • Physically secure the data in a location with limited (and, if possible, logged) access.   Suggested method:
      • Place the material in an envelope
      • Seal the envelope and sign across the sealed flap
      • Secure the in a locked drawer or cabinet
  • Notify key staff.   This may include:
  • Include information as to the scope of the loss.  Suggested descriptive metrics:
    • the type of data.  Examples include:
      • Social Security Numbers
      • credit card numbers
      • human subject research data
      • protected health information
      • financial records
      • student records
      • other NPPI (Non-public personal information)
      • passwords associated with accessing sensitive data, regardless of the location of the data
    • estimate of the number of records exposed or lost
    • estimate of the number of individuals that may be impacted
  • If the material was on a web site:
    • take steps to remove cached copies from search engines.  
    • identify other departmental or University sites with copies of the information (or similar information). Scanning tools are cited on the NPPI page.

 
 

How do I respond to a computer abuse incident?

Thu, 02/26/2009 - 17:00 — binde

Rutgers University employs a distributed security model. The RU CIRT reviews incident reports and dispatches them to the appropriate departmental computing staff for resolution. In other words, notification and data collection are centralized while execution and resolution are decentralized.

How do I report a computer abuse incident?

Thu, 02/26/2009 - 16:50 — binde

The computer staff in your department can assist you in reviewing and reporting computer abuse incidents, as well as the Help Desks in the Campus Computing Divisions.

Abuse

Sun, 02/22/2009 - 21:14 — binde

The Rutgers University Computing Incident Response Team (RU CIRT) serves the Rutgers computing community. The RU CIRT handles incidents in which Rutgers hosts cause problems. The contact email address is: abuse@rutgers.edu
 

Syndicate content