Flashcards in Chapter 2 - Monitoring & Diagnosing Networks Deck (28)
Network monitors are also called what?
What do they do to your NIC?
put it in promiscuous mode
Tell me the 2 most important logs for security purposes
Linux has 2 logs that are important to security. What are their names and how do they help you?
faillog - this has the failed user logins, use this when you're looking for attempts to crack into the system.
apport.log - records application crashes, can reveal attempts to compromise the system, virus or spyware
Where do you view the event logs?
go to the Event Viewer
Your event viewer is recording logs and the maximum has been reached for space allotted for those logs. It still needs more space for the new logs. What will happen?
Older log files will be overwritten.
Explain the basic concept of "hardening".
It means you're doing everything you can do make your system secure. Don't have unnecessary applications running, keep things updated, keep your user accounts secure, etc.
Why is it important to turn off the unnecessary services?
Because services can provide an attack vector.
File and Print Servers are vulnerable to what kind of attack?
What can you do to defend against this?
Denial of Service and access attacks
Only run the necessary protocols on your servers.
For a PC-based system, some attacks are targeted at NetBIOS servers. What ports will these attacks happen on?
What 2 things can you do to combat this?
If you're on a Unix system, what port should you close?
135, 137, 138, and 139
You can disable the NetBIOS services on servers OR put a robust firewall between the server and the Internet.
111, the RPC (remote procedure call)
What is a good practice for hardening the root directories?
Keep them hidden from browsing.
Tell me 3 things you can configure from the System and Security applet in Control Panel.
If you suspect that your workstation has been compromised, what is something in Performance Monitor that might tip you off?
look at the CPU usage
True of False: According to the book, it is better to have one role per server instead of multiple roles on one server.
Tell me the appropriate way to deal with patches on your machines.
Test it on one to make sure everything is okay instead of just blindly applying across the whole network at once.
There are 3 kinds of patches. Explain what they are and tell me which ones don't need to be installed immediately.
service pack - provides new tools and extends functionality
updates - code fixes when there's no available workaround
security updates - mandatory addressing of security vulnerability
security update is immediate. the others aren't
Tell me 3 types of accounts you should disable.
employees who left the company
default guest accounts
Going chronologically, tell me 4 file system types.
FAT - File Allocation Table
FAT16 - first upgrade to FAT
FAT32 - designed for large disk systems
NTFS - New Technology File System, handles larger disk sizes, more security, added file stability
Which file system should you use to establish your network shares?
Tell me the command to see the NTFS version on your workstation.
from administrative command prompt, type
fsutil fsinfo ntfsinfo C:
You have a wireless network and need port based security. Which wireless standard defines this?
Tell me 4 things you can do to heighten the security of your network.
Disable unused ports
scan for rogue machines
What is a security audit?
a thorough evaluation of your security
When you perform a security audit, what 4 things should you be searching through?
policies and compliance with policies
security device configuration
incident response reports
You are looking at discrepancies between the current security state of your system and where it should be. What are the 3 categories for the discrepancies?
minor - no immediate threat
serious - nasty threat, but highly unlikely
critical - you need to deal with this ASAP
System events are classified as one of three things in the Event Viewer. What are they?
What is the value of observing trends?
It can help you take action to avoid a major catastrophe.
Honeypot systems are used to draw attackers away from your true system and to learn their methods for their attacks. What is the process of luring someone into your trap called?