Week 8 Posting - Incident Response

Within Chapter 12 the biggest thing that I took away was the need for incident response. Any network on the face of the planet that is connected to the world wide web is at risk of being compromised, the best way to manage the risk is to configure a firewall, DMZ, and response plan. When an attack happens there are typically indicators such as multiple failed login attempts, additional system utilization, or systems failing. There should be an SOP or standard operating procedure that is set on what the goal is to minimize the overall impact of an attack, if a single system is a target that system may be isolated or removed network connections. Having account lockout timers can prevent a hacker from using brute-force attacks.