Flashcards in Chapter 2 - Monitoring Networks Deck (25):
What were originally introduced to help troubleshoot network problems?
Network Monitors, AKA sniffers
What is Promiscuous Mode?
Simply means that the network card looks at any packet that it sees on the network, even if that packet is not addressed to the network.
What log contains various events logged by applications or programs.
Which Log has successful and unsuccessful logon attempts and records events related to resource use, such as creating, opening or deleting file or other objects.
What are the options in Event Viewer that allow you to perform certain actions?
Saving the Log file in (evt, txt or csv format), opening saved logs, filtering the log file and viewing or changing properties.
What is Hardening?
A general process of making certain that the operating system itself is as secure as it can be.
True or False
Part of OS Hardening is disabling unneccessary services.
What is RPC
Remote Procedure Call
Is a programming interface that allows a remote computer to run programs on a local machine.
True or False
It is considered a security best practice to remove unneeded software
What is a patch?
Is an update to a system, sometimes a patch adds new functionality; in other cases, it corrects a bug in the software
What are the three types of patches?
What is IDS?
Intrusions Detection System
Focused on detecting intrusion
What is IPS?
Intrusion Prevention System
Focused in preventing intrusions
How does a "Honeypot" work?
Draw attackers away from higher-value system or allows administrators to gain intelligence about an attack strategy.
How does a "Honeynet" work?
Creates a synthetic network that can be run on a single computer system and is attached to a network using a normal Network Interface Card (NIC)
What is the process of luring someone into your plan or trap, by using free stuff or a challenge?
What is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
True or False
Enticement and Entrapment are both legal in the US, but not legal in Canada.
What are Alarms?
Are indications that there is an ongoing CURRENT problem.
What are Alerts?
Are issues to which you need to pay attention, but are not about to bring the system down at any moment.
What are Trends?
Trends in threats, example;
Last month, spear phishing attacks been increasing.
What are Security Audits and what do they include?
An integral part of continuous security monitoring. they include;
* Review of security logs
* Review of policies and compliance with policies
* A check of security device configuration
* Review of incident response reports
What are the settings for Remediation Policy?
What are methods of Security the Network?
Using the following concepts;
* MAC Limiting and Filtering
* Disable Unused Ports
* Rogue Machine Detection