On Incident Handling and Response: A state-of-the-art approach

Adams

Allen, 2001, CERT guide to system and network security practices, Addison-Wesley

Baba, 2002, Tracing network attacks to their sources, IEEE Internet Computing, 6

Bellovin, 1989, Security problems in the TCP/IP protocol suite, Computer Communication Review, 19, 32, 10.1145/378444.378449

Bellovin SM. ICMP traceback messages, Internet draft (work in progress); February 2003.

Berghel, 2003, The discipline of Internet forensics, Communications of the ACM, 46, 10.1145/859670.859687

BSI. Information security management, BS7799, part 1: code of practice for information security management; 1999.

CERT/CC

Council of Europe. Convention on cyber crime. In: European treaty series – no. 185, Budapest; 2001.

Feiertag

Global Reach

Harris Interactive. Identity theft new survey & trend report. Commissioned by Privacy & American Business; August 2003.

Hiltz SR, Han HJ, Briller V. Public attitudes towards a national identity “Smart Card:” privacy and security concerns. In: Proceedings of the 36th Hawaii international conference on system sciences (HICSS'03). Hilton Waikoloa Village, Island of Hawaii, January 6–9; 2003.

Information Security Team, DePaul University

International Standards Organization, 2000

Internet Engineering Task Force, Request for Comments (RFC) 1305

Internet Engineering Task Force, Request for Comments (RFC) 2350

Jung HT, Kim HL, Seo YM, Choe G, Min SL, Kim CS, et al. Caller identification system in the Internet environment. In: Proceedings of fourth USENIX security symposium; 1993.

Kent

Killcrece, 2003

Kossakowski, 1999

Kruse, 2002

Lemos

Mandia, 2002

Mankin A, Massey D, Wu CL, Zhang L. On design and evaluation of intention-driven ICMP traceback. In: IEEE international conference on computer communications and networks (ICCCN); October 2001.

McClure, 2001

McGraw, 1999

Microsoft Corporation

National Institute of Standards and Technology, 2004

Nong Y, Giordano J, Feldman J, Zhong Q. Information fusion techniques for network intrusion detection. In: IEEE information technology conference, information environment for the future, Syracuse, NY, USA; September 1998

OMB's Circular No. A-130

Park K, Lee H. On the effectiveness of probabilistic packet marking for IP traceback. In: Proceedings of 2001 conference on applications, technologies, architectures and protocols for computer communication, ACM SIGCOMM'01. San Francisco, US; August 2001.

Patsos D. A strategic approach to incident response, M.Sc. thesis. London: Department of Mathematics/Information Security Group, Royal Holloway University of London; 2002.

Postel

Rekhter

Savage S, Wetherall D, Karlin A, Anderson T. Practical network support for IP traceback. In: Proceedings of SIGCOMM'00. Stockholm, Sweden; August 2000.

Schnackenberg D, Djahandari K, Reid T, Wilson B. Cooperative intrusion traceback and response architecture (CITRA), Boeing Phantom Works and NAI Labs, prepared under contract N66001-01-C-8048 for Space and Naval Warfare System Center (SSC), San Diego; February 2002.

Schultz, 2004, Incident response teams need to change, Computers and Security Journal, 23, 87, 10.1016/j.cose.2004.01.009

Solove DJ. The legal construction of identity theft. In: Symposium: digital cops in a virtual environment Yale law school; March 26–28, 2004.

Song DX, Perrig A. Advanced and authenticated marking schemes for IP traceback. In: Proceeding of the IEEE INFOCOM01. Anchorage, Alaska; April 2001.

Spafford EH, Weeber SA. Software forensics: can we track code to its authors? Purdue Technical Report CSD–TR 92–010; February 1992.

Staniford-Chen S, Heberlein LT. Holding intruders accountable on the Internet. In: Proceedings of IEEE symposium on security and privacy; 1995.

Stoll C. The cuckoo's egg, pocket; reprint edition; November 1, 1990.

Stone R. CenterTrack: an IP overlay network for tracking DoS floods. In: Proceedings of 9th Usenix security symposium; August 2000.

United States Code, Chapter 35 of Title 44, Subchapter III – Information Security, Federal Information Security Management Act (FISMA) of 2002.

US Department of Commerce. Federal Information Processing Standards Publication 198, The Keyed-Hash Message Authentication Code (HMAC); March 6, 2002.

Van Wyk, 2001

Wang XY, Reeves DS, Wu SF, Yuill J. Sleepy watermark tracing: an active intrusion response framework. In: Proceedings of the 16th international information security conference (IFIP/Sec'01); June 2001.

West-Brown, 1998

Whalen

Yasincac, 2001, Policies to enhance computer and network forensics

Zhang Y, Paxson V. Detecting stepping stones. In: Proceedings of the 9th USENIX security symposium. Denver, Colorado, August 14–17; 2000.