An important consideration under firewall and site system administration is incident handling assistance and contacts. NIST recommends that organizations develop incident handling capabilities that can deal with suspicious activity and intrusions, and that can keep an organization up to date with computer security threat and vulnerability information. Because of the changing nature of Internet threats and risks, it is important that those maintaining firewalls be part of the incident handling process. Firewall administrators need to be aware of new vulnerabilities in products they are using, or if intruder activity is on-going and can be detected using prescribed techniques. [Cur92], [Garf92], and [RFC1244], contain information on developing incident response teams and contacts. NIST has produced a publication specifically on creating incident response capabilities [NIST91b].
See Appendix A for more information on incident response team contacts and the Forum of Incident Response and Security Teams (FIRST).