Da'da hadda waa supercomputers jeebkeena ku jira. Si kastaba ha ahaatee, inkasta oo la isticmaalo qalabka ugu wanaagsan ee amniga, dambiilayaasha waxay sii wadaan inay weeraraan ilaha internetka. Boostada waa in lagu baro jawaabta Dhacdada (IR)^{(Incident Response (IR))} , sharaxo marxaladaha kala duwan ee IR, ka dibna taxdo saddex software il furan oo bilaash ah oo ka caawiya IR.

Waa maxay Jawaabta Dhacdada

Waa maxay Dhacdo^(Incident) ? Waxay noqon kartaa dambiilayaal internetka ah ama malware kasta oo la wareegaya kombuyuutarkaaga. Waa inaadan iska indhatirin IR sababtoo ah waxay ku dhici kartaa qof kasta. Haddii aad u malaynayso in aan lagu saamayn doonin, waxa laga yaabaa inaad saxan tahay. Laakin ma dheera sababtoo ah ma jirto dammaanad qaadka wax kasta oo ku xiran internetka^(Internet) . Wax kasta oo artifact ah, waxaa laga yaabaa inuu dhaco oo ku rakibo malware ama u oggolaado dambiilaha internetka inuu si toos ah u galo xogtaada.

Waa in aad haysatid Qaabka Jawaabta Dhacdada^{(Incident Response Template)} si aad uga jawaabto haddii uu dhaco weerar. Si kale haddii loo dhigo, IR kuma saabsana HADDII,^(IF,) laakiin waxay khusaysaa GOORMA^(WHEN) iyo SIDA^(HOW) cilmiga macluumaadka.

Jawaabta Dhacdada^{(Incident Response)} waxay sidoo kale khuseysaa masiibooyinka dabiiciga ah. Waxaad ogtihiin in dhammaan dawlad iyo dadba ay u diyaar garoobaan marka ay musiibo dhacdo. Ma awoodaan inay qiyaasaan inay mar walba ammaan yihiin. Dhacdadan dabiiciga ah, dawlad, ciidan, iyo ururo badan oo aan dawli ahayn ( NGOs ). Sidoo kale^(Likewise) , adiguba ma awoodid inaad iska indhotirto Jawaabta Dhacdada^{(Incident Response)} (IR) ee IT-ga.

Asal ahaan, IR macnaheedu waa u diyaargarow weerarka internetka oo jooji ka hor inta uusan waxyeello u geysan.

Jawaabta Dhacdada - Lix Marxalad

Inta badan IT Gurus waxay ku andacoonayaan inay jiraan lix marxaladood oo ka jawaabaya dhacdada^{(Incident Response)} . Qaar kale waxay ku hayaan da'da 5. Laakiin lix way fiican yihiin maadaama ay fududahay in la sharaxo. Waa kuwan marxaladaha IR ee ay tahay in diiradda la saaro marka la qorsheynayo qaabeynta jawaabta Dhacdada^{(Incident Response)} .

1. Diyaarinta
2. Aqoonsiga
3. Kasbashada
4. Ciribtirka
5. Soo kabashada, iyo
6. Duruusta Laga Bartay

1] Jawaabta Dhacdada - Diyaarinta^{(1] Incident Response – Preparation)}

Waxaad u baahan tahay inaad u diyaargarowdo inaad ogaato oo aad wax ka qabato weerar kasta oo internetka ah. Taas macnaheedu waa in aad qorshe leedahay. Waa inay sidoo kale ku jiraan dad leh xirfado gaar ah. Waxa laga yaabaa inay ku jiraan dad ka socda hay'ado dibadda ah haddii aad ka gaabsato kartida shirkaddaada. Way fiicantahay in la haysto template IR oo qeexaya waxa la samaynayo haddii uu dhaco weerar internet. Adiga laftaadu mid ayaad samaysan kartaa ama ka soo dejisan kartaa internetka^(Internet) . Waxaa jira qaabab badan oo ka jawaabida dhacdada^{(Incident Response)} oo laga heli karo internetka^(Internet) . Laakiin way fiicantahay in aad kooxdaada IT-ga kala qaybgeliso qaab-dhismeedka maadaama ay si fiican uga ogyihiin xaaladaha shabakadaada.

2] IR - Aqoonsiga^{(2] IR – Identification)}

Tani waxa ay tilmaamaysaa in la aqoonsado taraafikada shabakadaada ganacsiga wixii khaladaad ah Haddii aad hesho cillado, ku bilow inaad ku dhaqanto qorshahaaga IR. Waxaa laga yaabaa inaad mar hore meel dhigtay qalabka amniga iyo software-ka si weerarada looga ilaaliyo.

3] IR - Kasbashada^{(3] IR – Containment)}

Ujeedada ugu weyn ee habka saddexaad waa in la xakameeyo saameynta weerarka. Halkan, ka koobnaantu waxay ka dhigan tahay dhimista saamaynta iyo ka hortagga weerarka internetka ka hor inta uusan wax yeelin.

Haysashada Jawaabta Dhacdada^{(Incident Response)} waxay tusinaysaa qorshayaasha dhaw iyo kuwa fogba (iyada oo loo malaynayo inaad haysatid template ama qorshe aad kaga hortagayso shilalka).

4] IR - Ciribtirka^{(4] IR – Eradication)}

Ciribtirka, jawaabta dhacdada lixda marxaladood, waxay la macno tahay soo celinta shabakadii uu saameeyay weerarku. Waxay noqon kartaa mid fudud sida sawirka shabakadda ee lagu kaydiyo server gaar ah oo aan ku xidhnayn shabakad ama internet . Waxaa loo isticmaali karaa in lagu soo celiyo shabakada.

5] IR - Soo kabashada^{(5] IR – Recovery)}

Marxaladda shanaad ee Jawaabta Dhacdada^{(Incident Response)} waa in la nadiifiyo shabakada si looga saaro wax kasta oo laga yaabo inay ka tageen ciribtirka ka dib. Waxa kale oo ay tilmaamaysaa soo celinta shabakada nolosha. Halkaa marka ay marayso, waxaad wali la socon doontaa dhaqdhaqaaq kasta oo aan caadi ahayn oo ka socda shabakada.

6] Jawaabta Dhacdada - Casharradii La Bartay^{(6] Incident Response – Lessons Learned)}

Marxaladda ugu danbeysa ee lixda marxaladood ee ka jawaabida dhacdada waxay ku saabsan tahay in la eego dhacdada iyo in la xuso waxyaabihii khaladka ahaa. Dadku inta badan waxay ku seegaan marxaladan, laakiin waa lagama maarmaan in la barto wixii khaldamay iyo sida aad uga fogaan karto mustaqbalka.

Isha Furan software^{(Open Source Software)} si loo maareeyo Jawaabta Dhacdada^{(Incident Response)}

1] CimSweep waa qalab aan wakiil lahayn oo kaa caawinaya jawaabta Dhacdada^{(Incident Response)} . Waxaad sidoo kale sameyn kartaa meel fog haddii aadan joogi karin goobta ay ka dhacday. Qolkan waxa uu ka kooban yahay qalabka lagu garto khatarta iyo jawaabta fog. Waxa kale oo ay bixisaa qalab forensic ah oo kaa caawinaya inaad hubiso diiwaanka dhacdooyinka, adeegyada, iyo hababka firfircoon, iwm Faahfaahin dheeraad ah halkan^{(More details here)} .

2] GRR Qalabka Jawaabta Degdegga ah^{(2] GRR Rapid Response Tool)} ayaa laga heli karaa GitHub wuxuuna kaa caawinayaa inaad sameyso jeegag kala duwan shabakadaada ( Guriga^(Home) ama Xafiiska^(Office) ) si aad u aragto haddii ay jiraan wax dayacan ah. Waxay leedahay qalab loogu talagalay falanqaynta xusuusta waqtiga-dhabta ah, raadinta diiwaanka, iwm. Waxay ku dhisan tahay Python si ay ula jaanqaado dhammaan Windows OS - XP iyo noocyada dambe, oo ay ku jiraan Windows 10. Ka hubi Github^{(Check it out on Github)} .

3] TheHive weli waa il furan oo kale oo ah qalab ka jawaab celin Dhacdada . ^{(Incident Response)}Waxay ogolanaysaa in lala shaqeeyo koox. Wadashaqeynta kooxdu waxay sahlaysa ka hortagga weerarrada internetka maadaama shaqada (waajibaadka) la dhimay dad kala duwan, karti leh. Markaa, waxay ka caawisaa la socodka wakhtiga dhabta ah ee IR. Qalabku wuxuu bixiyaa API ay kooxda IT isticmaali karaan. Marka lagu isticmaalo software kale, TheHive waxay la socon kartaa ilaa boqol doorsoomayaasha markiiba - si weerar kasta isla markiiba loo ogaado, oo jawaabta dhacdada^{(Incident Response)} si degdeg ah u bilaabato. Macluumaad dheeraad ah halkan^{(More information here)} .

Midda kore waxay si kooban u sharraxaysaa Jawaabta Dhacdada, waxay eegtaa lixda marxaladood ee Jawaabta Dhacdada, waxayna magacawday saddex qalab oo lagu caawinayo wax ka qabashada Dhacdooyinka. Haddii aad hayso wax aad ku darto, fadlan ku samee qaybta faallooyinka ee hoose.^{(The above explains Incident Response in brief, checks out the six stages of Incident Response, and names three tools for help in dealing with Incidents. If you have anything to add, please do so in the comments section below.)}

Incident Response Explained: Stages and Open Source software

The current age is of suрercomputers in our pockets. However, despite using thе best security tools, criminals keep on attacking online resources. This post is to introduce you to Incident Response (IR), explain the different stages of IR, and then lists three free open source software that helps with IR.

What is Incident Response

What is an Incident? It could be a cybercriminal or any malware taking over your computer. You should not ignore IR because it can happen to anyone. If you think you won’t be affected, you may be right. But not for long because there is no guarantee of anything connected to the Internet as such. Any artifact there, may go rogue and install some malware or allow a cybercriminal to directly access your data.

You should have an Incident Response Template so that you can respond in case of an attack. In other words, IR is not about IF, but it is concerned with WHEN and HOW of the information science.

Incident Response also applies to natural disasters. You know that all governments and people are prepared when any disaster strikes. They can’t afford to imagine that they are always safe. In such a natural incident, government, army, and plenty of non-government organizations (NGOs). Likewise, you too cannot afford to overlook Incident Response (IR) in IT.

Basically, IR means being ready for a cyber attack and stop it before it does any harm.

Incident Response – Six Stages

Most IT Gurus claim that there are six stages of Incident Response. Some others keep it at 5. But six are good as they are easier to explain. Here are the IR stages that should be kept in focus while planning an Incident Response Template.

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery, and
6. Lessons Learned

1] Incident Response – Preparation

You need to be prepared to detect and deal with any cyberattack. That means you should have a plan. It should also include people with certain skills. It may include people from external organizations if you fall short of talent in your company. It is better to have an IR template that spells out what to do in case of a cyber attack attack. You can create one yourself or download one from the Internet. There are many Incident Response templates available on the Internet. But it is better to engage your IT team with the template as they know better about the conditions of your network.

2] IR – Identification

This refers to identifying your business network traffic for any irregularities. If you find any anomalies, start acting per your IR plan. You might have already placed security equipment and software in place to keep attacks away.

3] IR – Containment

The main aim of the third process is to contain the attack impact. Here, containing means reducing the impact and prevent the cyberattack before it can damage anything.

Containment of Incident Response indicates both short- and long-term plans (assuming that you have a template or plan to counter incidents).

4] IR – Eradication

Eradication, in Incident Response’s six stages, means restoring the network that was affected by the attack. It can be as simple as the network’s image stored on a separate server that is not connected to any network or Internet. It can be used to restore the network.

5] IR – Recovery

The fifth stage in Incident Response is to clean the network to remove anything that might have left behind after eradication. It also refers to bringing back the network to life. At this point, you’d still be monitoring any abnormal activity on the network.

6] Incident Response – Lessons Learned

The last stage of Incident Response’s six stages is about looking into the incident and noting down the things that were at fault. People often give a miss this stage, but it is necessary to learn what went wrong and how you can avoid it in the future.

Open Source Software for managing Incident Response

1] CimSweep is an agentless suite of tools that helps you with Incident Response. You can do it remotely too if you can’t be present at the place where it happened. This suite contains tools for threat identification and remote response. It also offers forensic tools that help you check out event logs, services, and active processes, etc. More details here.

2] GRR Rapid Response Tool is available on the GitHub and helps you perform different checks on your network (Home or Office) to see if there are any vulnerabilities. It has tools for real-time memory analysis, registry search, etc. It is built in Python so is compatible with all Windows OS – XP and later versions, including Windows 10. Check it out on Github.

3] TheHive is yet another open source free Incident Response tool. It allows working with a team. Teamwork makes it easier to counter cyber attacks as work (duties) are mitigated to different, talented people. Thus, it helps in real-time monitoring of IR. The tool offers an API that the IT team can use. When used with other software, TheHive can monitor up to a hundred variables at a time – so that any attack is immediately detected, and Incident Response begins quick. More information here.

The above explains Incident Response in brief, checks out the six stages of Incident Response, and names three tools for help in dealing with Incidents. If you have anything to add, please do so in the comments section below.

Related posts

• OnionShare wuxuu kuu ogolaanayaa inaad si badbaado leh oo qarsoodi ah u wadaagto fayl cabbir kasta ah

• Sida loo soo dejiyo oo loogu rakibo Git gudaha Windows 10

• Sida loo isticmaalo PowerToys Run iyo Maamulaha Kiiboodhka PowerToy

• Praat software falanqaynta hadalka ee Windows 10 ayaa caawin doona Phoneticians

• Macaamiisha Git GUI ee ugu fiican Windows 11/10

• Sawirka Dekadaha Furan oo ku qiimee amniga nidaamkaaga Nmap

• Bedelka GitHub ee ugu wanaagsan martigelinta mashruuca ishaada furan

• Maqaalka Amniga Internetka iyo talooyinka isticmaalayaasha Windows

• 10ka Habayn Soo Dhawayn ee ugu Wanaagsan ee Amniga iyo Qarsoonaanta

• Quful calaamadaha miiska ama erayga sirta ah ayaa ilaaliya abka gudaha Windows - DeskLock

• Browser-yada ugu wanaagsan ee furan ee loogu talagalay Windows 10

• Sida loo ilaaliyo badbaadada mareegaha: hanjabaadaha iyo la tacaalida dayacanka

• Software-ka tifaftiraha maqalka il furan ee ugu fiican ee bilaashka ah ee Windows 11/10

• Tirtir faylalka si joogto ah adigoo isticmaalaya barnaamijka File Shredder ee bilaashka ah ee Windows

• Dami Su'aalaha Amniga gudaha Windows 11/10 adoo isticmaalaya qoraalka PowerShell

• Hubinta Ammaanka Khibradda Daalacanka: Sidee buu ammaan u yahay browserkaagu?

• Isha Furan ee ugu Fiican ee Macaamiisha XMPP ee Windows 11/10

• Dib u eegista OpenDNS - DNS bilaashka ah oo leh xakameynta iyo xawaaraha waalidka

• Waa maxay faylka Gitignore ee GitHub iyo sida loo sameeyo mid fudud

• Nidaamyada Hawlgelinta Isha Xorta ah ee caanka ah