Chapter 7 - Security Operations Flashcards Preview

cd. dvd

flash drive and memory cards

paper, microfiche

should be controlled thru a software librarian

should be conducted to identify unauthorized installations or license violations

maybe deployed out of band - will not affect processes or cause latency, but attacks will likely reach their intended target

in-line, cause some latency and slow down processes, but affected attacks will not likely reach their intended target

matches known attacks

network traffic confirms to the defined standard for that protocol

establish baseline, detect deviations

provides common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient response

need to preserve forensic evidence, availability of services, damage leaving affected component in place, time required for containment strategy to be efective, resources needed to contain

obtain image of ram and hard drive, then determine how to mitigate

Government agaencies must report breach of PII within an hour of discovery

process of identifying and dcoumenting hardware components, software, and the associated settings

focus on failing with a minimum of harm to personnel or systems

focus on failing in a controlled manner to block access while the system is in an inconsistent state

simply store and serve files

block level storage

stripes across multiple disks without parity, fast reading, no redundancy

Creates two indentical drives - data mirroring

not used in practice - data spread across at bit level

Strioing and redundancy in form of parity drive - RAID 3 - byte level - more efficient, RAID 4 - block level - faster

Like RAID4 but parity is striped

2 sets of parity, allows for failure of 2 drives, less performance, not frequently used

backing up system over network - separate location (vault site), sent in real time when implemented as a mirror

provides redundancy for transactions