Chapter 2: Monitoring and Diagnosing Networks Flashcards
A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in this.
Demilitarized Zone (DMZ)
A network that functions in the same manner as a honeypot.
Honeynet
A fake system designed to divert attackers from our real systems. It is often replete with logging and tracking to gather evidence.
Honeypot
A broad term that applies to a wide range of systems used to manage information security.
Information Security Management System (ISMS)
A system that monitors the network for possible intrusions and logs that activity.
Intrusion Detection System (IDS)
Any information that could identify a particular individual.
Personally Identifiable Information (PII)
The entire network, including all security devices, is virtualized.
Software-Defined Network (SDN)
A firewall that not only examines each packet but also remembers the recent previous packets.
Stateful Packet Inspection (SPI)
Which ISO standard is a guidance for cloud security?
ISO 27017
What seven controls does ISO 27017 add to ISO 27002?
- CLD.6.3.1
- CLD.8.1.5
- CLD.9.5.1
- CLD.9.5.2
- CLD.12.1.5
- CLD.12.4.5
- CLD.13.1.4
This is an agreement on shared or divided security responsibilities between the customer and cloud provider.
CLD.6.3.1
This control addresses how assets are returned or removed from the cloud when the contact is terminated.
CLD.8.1.5
This control states that the cloud provider must separate the customers’ virtual environment from other customers or outside parties.
CLD.9.5.1
This control states that the customer and the cloud provider both must ensure the virtual machines are hardened.
CLD.9.5.2
Control that states it is solely the customer’s responsibility to define and manage administrative operations.
CLD.12.1.5
