X hits on this document

161 views

0 shares

0 downloads

0 comments

2 / 47

Orion Incident Response Live CD

GIAC (GCIH) Gold Certification

Author: John Jarocki, john.jarocki@gmail.com Advisor: Rodney Caudle

Accepted: April 24th 2010

Abstract

Computer intrusion response often requires working in hostile environments. In an ideal situation, the defender would work on trusted systems, with trusted – even out-of-band –

communications channels. This paper assumes a non-ideal situation that more likely matches the norm. In this environment, everything is suspect: servers might be

compromised, clients might be hostile, and the network itself could be suspect. The

proposed solution is a custom-built, persistent Live CD pre-installed with incident

response and analysis tools on a platform that allows strong authentication and encrypted communication with other defenders in the line of fire.

Orion is a prototype Live CD-based system intended to provide a self-contained, trusted

platform for incident response team members to use for analysis, communication, and

collaboration. Orion is currently based on the BackTrack Linux distribution from Offensive Security. While BackTrack is focused on Penetration Testing, Orion is focused

on incident response and defense. In security parlance, BackTrack is built for Red Team,

while Orion is built for Blue Team.

Document info
Document views161
Page views162
Page last viewedSun Dec 11 08:50:18 UTC 2016
Pages47
Paragraphs864
Words8806

Comments