Chapter 2 Monitoring and Diagnosing Networks

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

load balancer

A device that distributes traffic intelligently among multiple computers.

Honeypot

A fake system desinged to divert attacker from your real system. Can be setup to logg and track information of attackers. This is a seperate system.

Packet Filter Firewalls

A firewall operating as a packet filter passes or blocks traffic based on the type of application. It doesnt examine the packet, it decides whether to pass it based on the packets addressing info

Air-Gap

A network security measure employed on one or more computers to ensure that a secure network is physically isolated. The name discribes a network that is physically seperated ( with a conceptual air gap) from all other networks.

Honeynet

A network that functions in the same manner as a honeypot. This is a fake network segment

service pack

A periodically released update to software from a manufacturer, consisting of requested enhancements and fixes for known bugs.

Zones

A zone is an individual area of the network that has been configured with a specific trust level. Furthermore, if a given zone is breached only that zone is affected, the entire network is not necessarily vulnerable.

Port mirroring

Ability to send a copy of inbound/outbound traffic to a monitoring server with IDSs or IPSs.

DMZ

Demilitarized Zone - A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to internal network.

Segmentation

Dividing your network into zones based on security needs. Can segment using routers/switches, or by using virtual local area networks (VLANs)

Placing Security devices

Firewalls are placed at the networks perimeter, and also at every junction of a network segment. Must also place correlation engines within the network which analyze firwall logs.

Deployment of systems / hardware concepts

For applications the first step is a development enviornment, seperate from the operational enviornment. Used for desktop apps and web apps, where you can perform testing. For operating systems, and devices there should be a test enviornment (mini network). Next is staging, normally any addition to a network is deployed in stages, not just put out in the entire network. This is a best practice.

VPN / Tunneling

For the purpose of the exam only associate VPN with encryption and that it only allows authorized remote users. Virtual Private Network - is a private network that connects through a public network such as the internet, using a secure link / tunnel. Typically uses protocols such as layer 2 Tunneling Protocol, IPSec, or Point-to-Point Protocol (PPTP).

Administration Controls

Include all policies, procedures, and processes in place to support security.

Technical Controls

Include software and hardware; such as firewalls, VLANs, antimalware, IDSs, and IPSs.

ISMS

Information Security Management System - A broad term, used to describe a wide range of systems used to manage information security.

ISO

International Organization for Standardization - scource for international standards. Popular standards listed below: *ISO/IEC 2700:2013 - specifies requirements for establishing, implementing, maintaining and improving security management system. *ISO 27002 - recomends best practices for initiating, implementing, and maintaining information security management sytems (ISMSs). *ISO 27017 - Is a guidance for cloud security CLD.6.3.1 - This is an agreement on shared or devided security responsibilities between the customer and cloud provider. CLD.8.1.5 - This control addresses how assets are returned or removed fro mthe cloud when the contract is terminated. CLD.9.5.1 - This control states that the cloud provider must separate the customers virtual environment from other customers. CLD.9.5.2 - This control states that the customer and the cloud provider bothe must ensure the virtual machines are hardened. CLD.12.1.5 - It is solely the customers responsibility to define and manage administrative operations. CLD.12.4.5 - The cloud providers capabilities must enable the customer to monitor their own cloud environment CLD.13.1.4 - The virtual network environment must be configured so that it at least meets the security polocies of the physical environment.

IDS

Intrusion Detection System - A system that monitors the network for possible intrusions and logs that activity.

IPS

Intrusion Prevention System - A system that monitors the network for possilbe intrusions and logs that activity and then blocks the traffic that is suspected of being an attack.

NIST

National Institute of Standards and Technology - Is the source for many national standards in the United States. *NIST 800-12 provides broad overview of computer security (emphasizes system security throughout the system life cycle). NIST 800-14 describes common security principles that should be addressed within security policies.

NERC

North American Electric Reliability Corporation - Publishes standards for electrical power companies. *NERC CIP (Critical Infrastructure Protection) 007-6 : addresses patching of all systems. requires all registered entities to check for patches every 35 days (not like computer desktop systems).

OWASP

Open Web Application Security Project- An organization that maintains a list of the top 10 errors found in web applications.

PCI DSS

Payment Card Industry Data Security Standard -Set of standards that companies involved with debit and credit cards transactions must meet.

PII

Personally Identifiable Information - An info that could indentify a particular individual.

defense in depth

Security should never be completely focused on the networks borders. Should be using multiple layers of security to defend your assets.

ISA/IEC-62443

Series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACSs).

SDN

Software Defined Network - The entire network, including all security devices, is virtualized. Allows easy segmentation of the network.

Correlation Engines

Software application that programmatically understands relationships, and can be used to analyze data logs of firewalls or other event logs.

SPI

Stateful Packet Inspection - A firewall that not only examines each packet but also remembers the recent previous packets.

SPI

Stateful Packet Inspection - The entire conversation between client and server is examined. This is a more sophisticated firewall that remembers what the recent previous packets from the same client contained.

Secure Baseline

The process of finding a baseline for any system, application, or service that is considered secure. Therefore if you make changes to the network you can compare it to the baseline in order to see if it measures up.

Control Diversity

This means you should not use one control method to address a security concer. Use multiple security controls.

Proxy Firewalls

Used to process requests from an outside network and any other network. It examines the data and makes rule based decisions. Can also hide the IP addresses.

Vendor Diversity

Using different vendors for seperate components within the network will help prevent attacks. Example, if you use the same vender for all computers and servers they will typically use the same security algorithm software. If you diversify then you have multiple security software protection on your network.

Intranets

Websites eccessible only within the company network. Examples: human resource info, company policies, and online training sites.

Extranets

allow authorized suppliers, customers, and other outsiders to access the firm's intranet

Distrubuted DoS (a security device)

detects DDoS attacks and stops them, or at least mitigates them.

VPN concentrator

hardware device used to create remote access VPNs; creates encrypted tunnel sessions between hosts

Operating system hardening

making the OS as secure as possible before adding antiviruses, firewalls, and sor forth. Includes patching the system, shutting down unneeded services, and remove unneeded software.

Sandbox

test enviornment that is completly isolated from the rest of the network.


Set pelajaran terkait

Ap Government: Chapter 3 (grants)

View Set

الحضارة وحاضر العالم الإسلامي

View Set

Ch 37: Immunodeficiency, HIV Infection, and AIDS - PrepU

View Set

Environmental Science Quiz 1 Ecology

View Set

Instrucciones en la clase / Class instructions

View Set