Operations Security Flashcards
Define clipping level
define a baseline for normal user activity or an acceptable level of errors
For what 4 purposes can audit trails be used in operations security
to monitor problems
provide individual accountability with records of who took which activities and when
to detect possible system intrusions
to reconstruct events to support investigations
What type of control provides replacement mechanisms for if primary controls are lost?
Compensating control
What type of control is designed to stop users from violating security?
preventative control
What type of control can restore a system to its normal operating state after a fault or incident occurs
Recovery control
What type of control details procedures and guidelines for protecting security?
directive control
4 items involved with maintaining operations security
maintaining operational resilience
protecting valuable assets
controlling system accounts
managing security services
7 types of controls
directive preventative deterrent compensating detective corrective recovery
define directive controls
state rules of acceptable behavior
define preventative controls
designed to prevent any actions that violate a company’s security policy
define deterrent controls
discourage individuals from violating security directives
define compensating controls
serve to provide replacement for the loss of primary controls
define detective controls
identify and warn of incidents of security control breaches
define corrective controls
used to remedy circumstances, mitigate damage, and restore controls
define recovery controls
restore a system to its normal operating state after a security incident.
4 categories of controls
hardware
software
operations
media
6 steps in change management
submit change request approve the change document the change test the change implement the change report the change
4 uses for audit trails
monitor problems
detect intrusions
ensure individual accountability
reconstruct events
What port does SMTP use?
25
What port does POP3 use?
110
define email relaying
involves transferring email messages from 1 mail server to another. Can be used to hide identity.
define smtp relaying
sending email messages from one server to another using smtp. Can be used to hide identity.
What ports does FTP use?
20
21
Define Evasive Sweep
attempt to bypass firewall and IDS without leaving a trace.
2 types of stealth scans
SYN scan
FIN scan