Gain insights into effective security techniques including patching, cryptography, and phishing prevention. Explore practices to make systems resistant and vulnerabilities more detectable, enhancing defense against attacks.

docker.tar.gz

network-commands

node

It seems like hardly a week goes by without a high-profile computer breach. Why do these happen? How can you prevent them? This course doesn’t have all the answers, but it does outline practices that make life harder for attackers and that will help tide you over until you get a full-time security team in place.

In this course, you will learn 5 simple, yet effective, techniques for preventing attackers from getting into your system. These techniques are related to: patching, software vulnerabilities, cryptography, windows security, and phishing. Within each chapter you will learn the best practices for preventing vulnerabilities and how to make them more detectable. 

This course is based on the Pragmatic Programmers’ book, Practical Security, and is aimed at developers, admins, team leads, architects, technology generalists, and all others who stand guard against the things that disrupt the network.

Practical Security: Simple Practices for Defending Your Systems

# Got phished. Now what?

So what should we do if one of our colleagues gets phished? The first thing to reemphasize is to not tease or punish them. It’s an easy mistake to make. The rest of the company will be watching, and the more scared they get, the less helpful they’ll be in future incidents.

If you think an attack has taken place, contact your legal department right away. They’ll coordinate communication with law enforcement.

You’ll want to bring in an incident response company to help with the aftermath. Recovering from an attack like this is outside the scope of this course.

That said, there are some things that you can expect that an incident response company would want to be able to do as part of an incident response. To start with, they’ll want to figure out what the phisher was after and how the attack was carried out. Generally, this will mean finding out what malicious website(s) the phisher used. Once you find this out, you’ll want to block all access to that site at your firewall. Phishing is a numbers game, and it’s likely that other members of your organization were targeted as well. You’ll also want to find out whether any other members of your organization also clicked on the link. Hopefully you’ll be able to find that out by looking at your firewall logs. Though if you have people who work remotely, you most likely won’t be able to block their access to the malicious site and won’t be able to know whether or not they went to that site.

Once you know who’s visited the malicious site, you’ll know whose accounts could have been compromised. Have them rotate their passwords. Next, you’ll want to see what their account has done since they visited the malicious site. It can also help to find out if any accounts have recently logged in from IP addresses they haven’t logged in from before. You’ll also want to see who has logged in from the same IP as those used by the accounts of the people who visited the malicious site. This can provide another clue as to whose accounts have been compromised. If you have a single-sign-on provider, you’ll have a much easier time finding this out.

The last couple of paragraphs assumed a lot of infrastructure was already in place. If you don’t have these tools in place, set aside some time to think about how you’d carry out an investigation without them. If the answer is that you wouldn’t be able to do much of an investigation if you didn’t have them, then you’ll probably want to budget some time and money to get those tools in place before an attack happens, rather than afterward.

For more on responding to phishing incidents, read Ryan McGeehan’s essay “[Phishing Incident 101](https://medium.com/starting-up-security/phishing-incident-101-863cbd4c1676)” at his website, [Starting Up Security](https://scrty.io/). You’ll find many other useful essays there as well.


<center> <font size="6"> <b>One last quiz!</b> </font> </center>


Here are a few last insights in phishing attacks. 

Introduction

Patching

Vulnerabilities

Cryptography

Windows

Phishing

Wrapping up!

Got phished. Now what?