{"id":196,"date":"2009-03-25T09:15:49","date_gmt":"2009-03-25T14:15:49","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=196"},"modified":"2009-03-31T10:07:59","modified_gmt":"2009-03-31T15:07:59","slug":"anatomy-of-an-attack-from-incident-to-expedient-resolution","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/","title":{"rendered":"Anatomy of an Attack: From Incident to Expedient Resolution"},"content":{"rendered":"<p>For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &#8220;Anatomy of an Attack: From Incident to Expedient Resolution&#8221; talk by Chris Smithee, a Systems Engineer at Lancope.\u00a0 He talked about the different types of attacks that you see on your network and how using FLOW data can be used to monitor and eliminate some of these types of threats.\u00a0 My notes from the session are below:<!--more--><br \/>\n<span style=\"text-decoration: underline;\">Types of Attacks<\/span><\/p>\n<ul>\n<li> Barbarian Horde\n<ul>\n<li>Our castle walls must keep us safe\n<ul>\n<li>Script kiddies and DDoS<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li> Ninjas\n<ul>\n<li>Knowledgeable \u201cHaxx0rs\u201d with deliberate intent\n<ul>\n<li>Social engineering to exploits<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Vampires\n<ul>\n<li>Generally have to be \u201cinvited\u201d in\n<ul>\n<li>Convert others to their side<\/li>\n<li>Malware, worms, and botnets<\/li>\n<\/ul>\n<\/li>\n<li>Vampires are social creatures<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\">Problems with Traditional Mechanisms<\/span><\/p>\n<ul>\n<li> The Barbarian Horde\n<ul>\n<li>How do we know its working?<\/li>\n<\/ul>\n<\/li>\n<li>Ninjas\n<ul>\n<li>Ninjas are stealthy and think outside the box<\/li>\n<li>Social Engineering can grant all manner of access<\/li>\n<\/ul>\n<\/li>\n<li>Vampires\n<ul>\n<li>What happens if you\u2019re the first one bit?<\/li>\n<li>Where do you have your safeguards?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"> How can Flow Data help? (Packet level logging for network devices \u2013 Ex: NetFlow)<\/span><\/p>\n<ul>\n<li> Global Accounting\n<ul>\n<li>Who, what, where, when, how<\/li>\n<\/ul>\n<\/li>\n<li>Barbarians\n<ul>\n<li>Who made it through the castle wall?<\/li>\n<\/ul>\n<\/li>\n<li>Ninjas\n<ul>\n<li>Forensic data<\/li>\n<li>\u201cSoft-Firewall\u201d like rules<\/li>\n<\/ul>\n<\/li>\n<li>Vampires\n<ul>\n<li>Containment is key \u2013 one hop away<\/li>\n<li>Policy verification<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"> Why Flow?<\/span><\/p>\n<ul>\n<li> Leverage your existing network infrastructure to quickly, accurately detect, contain and remediate incidents.<\/li>\n<li>Anywhere from a 3-10% impact on processor.\u00a0 Memory impact is even smaller.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"> Freeware flow data<\/span><\/p>\n<ul>\n<li> FLOW-TOOLS<\/li>\n<li>NMon<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"> Behavioral Analysis?<\/span><\/p>\n<ul>\n<li> Flow data is awesome.\u00a0 Why the expert system?\n<ul>\n<li>Flow data is plentiful \u2013 drinking from the firehose can hurt<\/li>\n<\/ul>\n<\/li>\n<li>The problem of context\n<ul>\n<li>Signatures and rules may not always be appropriate<\/li>\n<\/ul>\n<\/li>\n<li>Bobby Sue doesn\u2019t normally upload this many files to the Net<\/li>\n<li>Who has staff available to constantly scrub files and graphs?<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &#8220;Anatomy of an Attack: From Incident to Expedient Resolution&#8221; talk by Chris Smithee, a Systems Engineer at Lancope.\u00a0 He talked about the different types of attacks that you see on your network and how [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[222],"tags":[223,148,125,226,224,225,227],"class_list":["post-196","post","type-post","status-publish","format-standard","hentry","category-texas-regional-infrastructure-security-conference-2009","tag-anatomy","tag-attack","tag-data","tag-flow","tag-incident","tag-resolution","tag-tools"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &quot;Anatomy of an Attack: From Incident to Expedient Resolution&quot; talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Josh\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Web Admin Blog | Real Web Admins.  Real World Experience.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog\" \/>\n\t\t<meta property=\"og:description\" content=\"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &quot;Anatomy of an Attack: From Incident to Expedient Resolution&quot; talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2009-03-25T14:15:49+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2009-03-31T15:07:59+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog\" \/>\n\t\t<meta name=\"twitter:description\" content=\"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &quot;Anatomy of an Attack: From Incident to Expedient Resolution&quot; talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#article\",\"name\":\"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog\",\"headline\":\"Anatomy of an Attack: From Incident to Expedient Resolution\",\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"},\"datePublished\":\"2009-03-25T09:15:49-05:00\",\"dateModified\":\"2009-03-31T10:07:59-05:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#webpage\"},\"articleSection\":\"TRISC 2009, anatomy, attack, data, flow, incident, resolution, tools\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.webadminblog.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"position\":2,\"name\":\"Conferences\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"name\":\"TRISC 2009\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"position\":3,\"name\":\"TRISC 2009\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#listItem\",\"name\":\"Anatomy of an Attack: From Incident to Expedient Resolution\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#listItem\",\"position\":4,\"name\":\"Anatomy of an Attack: From Incident to Expedient Resolution\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"name\":\"TRISC 2009\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/\",\"name\":\"Josh\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg\",\"width\":96,\"height\":96,\"caption\":\"Josh\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#webpage\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/\",\"name\":\"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog\",\"description\":\"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the \\\"Anatomy of an Attack: From Incident to Expedient Resolution\\\" talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/25\\\/anatomy-of-an-attack-from-incident-to-expedient-resolution\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"datePublished\":\"2009-03-25T09:15:49-05:00\",\"dateModified\":\"2009-03-31T10:07:59-05:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog","description":"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the \"Anatomy of an Attack: From Incident to Expedient Resolution\" talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how","canonical_url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#article","name":"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog","headline":"Anatomy of an Attack: From Incident to Expedient Resolution","author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"},"datePublished":"2009-03-25T09:15:49-05:00","dateModified":"2009-03-31T10:07:59-05:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#webpage"},"isPartOf":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#webpage"},"articleSection":"TRISC 2009, anatomy, attack, data, flow, incident, resolution, tools"},{"@type":"BreadcrumbList","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","position":1,"name":"Home","item":"https:\/\/www.webadminblog.com","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","position":2,"name":"Conferences","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","name":"TRISC 2009"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","position":3,"name":"TRISC 2009","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#listItem","name":"Anatomy of an Attack: From Incident to Expedient Resolution"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#listItem","position":4,"name":"Anatomy of an Attack: From Incident to Expedient Resolution","previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","name":"TRISC 2009"}}]},{"@type":"Organization","@id":"https:\/\/www.webadminblog.com\/#organization","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","url":"https:\/\/www.webadminblog.com\/"},{"@type":"Person","@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author","url":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/","name":"Josh","image":{"@type":"ImageObject","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg","width":96,"height":96,"caption":"Josh"}},{"@type":"WebPage","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#webpage","url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/","name":"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog","description":"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the \"Anatomy of an Attack: From Incident to Expedient Resolution\" talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.webadminblog.com\/#website"},"breadcrumb":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/#breadcrumblist"},"author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"creator":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"datePublished":"2009-03-25T09:15:49-05:00","dateModified":"2009-03-31T10:07:59-05:00"},{"@type":"WebSite","@id":"https:\/\/www.webadminblog.com\/#website","url":"https:\/\/www.webadminblog.com\/","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Web Admin Blog | Real Web Admins.  Real World Experience.","og:type":"article","og:title":"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog","og:description":"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &quot;Anatomy of an Attack: From Incident to Expedient Resolution&quot; talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how","og:url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/","article:published_time":"2009-03-25T14:15:49+00:00","article:modified_time":"2009-03-31T15:07:59+00:00","twitter:card":"summary_large_image","twitter:title":"Anatomy of an Attack: From Incident to Expedient Resolution | Web Admin Blog","twitter:description":"For the first session of the morning on the last day of the TRISC 2009 Conference, I decided to attend the &quot;Anatomy of an Attack: From Incident to Expedient Resolution&quot; talk by Chris Smithee, a Systems Engineer at Lancope. He talked about the different types of attacks that you see on your network and how"},"aioseo_meta_data":{"post_id":"196","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-01-03 22:52:41","updated":"2025-07-17 07:12:36","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/\" title=\"Conferences\">Conferences<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/\" title=\"TRISC 2009\">TRISC 2009<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tAnatomy of an Attack: From Incident to Expedient Resolution\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.webadminblog.com"},{"label":"Conferences","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/"},{"label":"TRISC 2009","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/"},{"label":"Anatomy of an Attack: From Incident to Expedient Resolution","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/25\/anatomy-of-an-attack-from-incident-to-expedient-resolution\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-3a","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=196"}],"version-history":[{"count":9,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/196\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/196\/revisions\/205"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}