Network Security Incidents.
A network security incident is any network-related activity with
negative security implications. This usually means that the activity violates an
explicit or implicit security policy (see the section on security policy).
Incidents come in all shapes and sizes. They can come from anywhere on the
Internet, although some attacks must be launched from specific systems or
networks and some require access to special accounts. An intrusion may be a
comparatively minor event involving a single site or a major event in which tens
of thousands of sites are compromised. (When reading accounts of incidents, note
that different groups may use different criteria for determining the bounds of
A typical attack pattern consists of gaining access to a user's account,
gaining privileged access, and using the victim's system as a launch platform
for attacks on other sites. It is possible to accomplish all these steps
manually in as little as 45 seconds; with automation, the time decreases
Internet FAQ top