Talk With an Expert

Computer intrusion response often requires working in hostile environments. In an ideal situation, the defender would work on trusted systems, with trusted - even out-of-band - communications channels. This paper assumes a non-ideal situation that more likely matches the norm. In this environment, everything is suspect: servers might be compromised, clients might be hostile, and the network itself could be suspect. The proposed solution is a custom-built, persistent Live CD pre-installed with incident response and analysis tools on a platform that allows strong authentication and encrypted communication with other defenders in the line of fire.Orion is a prototype Live CD-based system intended to provide a self-contained, trusted platform for incident response team members to use for analysis, communication, and collaboration. Orion is currently based on the BackTrack Linux distribution from Offensive Security. While BackTrack is focused on Penetration Testing, Orion is focused on incident response and defense. In security parlance, BackTrack is built for Red Team, while Orion is built for Blue Team.