Chapter 3: Computer Systems Security

Question 1

Statistical Anomaly IDS

Answer 1

Establishes baseline and compares current performance

Question 2

Signature based IDS

Answer 2

Network traffic analyzed to find predetermined patterns

Question 3

Data Loss Prevention

Answer 3

Monitors data in use / in motion / at rest

Prevents unauthorized use and leakage of data

Question 4

Types of DLP

Answer 4

> Endpoint DLP : Runs on single machine, software based
> Network DLP : Software/hardware, installed on network perimeter
> Storage DLP : Installed in data centers/server rooms
Securing Computer Hardware and Peripherals

Question 5

Securing Removable Storage

Answer 5

> Typically prohibits all removable storage besides specific ones
> Removable Media Controls
USB Lockdown (BIOS), limit USB use, malware scans, audits

Question 6

Securing NAS

Answer 6

> Built for high availability (no downtime)
> Commonly implemented as RAID array (levels depend on situation)
> Use encryption, authentication, secure logging etc