What practice assists an incident handler in restoring the network after DoS/DDos events?

In the context of restoring a network after a Denial of Service (DoS) or Distributed Denial of Service (DDoS) event, creating a network traffic baseline is the most relevant practice. This process involves establishing normal patterns of network activity, which allows incident handlers to quickly identify deviations that may indicate an ongoing attack or malicious behavior.

Having a baseline helps in distinguishing legitimate traffic from potentially harmful traffic during a recovery phase. Once the baseline is established, it becomes easier to implement effective measures to mitigate further attacks and restore normal operations. It serves as a reference point to analyze the impact of the attack, understand traffic patterns, and optimize firewall rules or other security configurations for better resilience against future incidents.

This practice directly contributes to ongoing network health and monitoring, ensuring a more robust response and recovery capability after DDoS incidents.