Part 8 Flashcards Preview

Information Security Fundamentals > Part 8 > Flashcards

Flashcards in Part 8 Deck (39)
Loading flashcards...
0

Monitor ____

Systems

1

Even with the most robust security tools in place, it is important to ____ your systems.

monitor

2

All security products are ____ and can ____ or be ____.

manmade, fail, compromised

3

As with any other aspect of technology, one should ____on simply one product or tool.

never rely

4

Enabling ____ on your systems is one way to put your organization in a position to identify problem areas.

logging

5

The problem is, ____

what should be logged?

6

Logging mechanisms and the ability to track ____ are critical.

user activities

7

The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without ____:

system activity logs

8

Invalid ____ access attempts

logical

9

Record at least the following ____ for all system components for each event:
● User identification
● Type of event
● Date and time
● Success or failure indication
● Origination of event

audit trail entries

10

____ or name of affected data, system component, or resource

Identity

11

____ for all system components at least daily. ______ must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
Note: Log harvesting, parsing, and alerting tools may
be used to achieve compliance.

Review logs

12

Fortunately, there are tools that will collect and ____ log files from a variety of sources. All these tools have the ability to notify individuals of a particular event.

parse

13

Hire a ____ to Audit Security

Third Party

14

Regardless of how talented your staff is, there is always the possibility that they ___ something or inad- vertently misconfigured a device or setting.

overlooked

15

For this reason it is very important to bring in an extra set of “eyes, ears, and hands” to ____ your organization’s security posture.

review

16

Though some IT professionals will become paranoid having a third party review their work, intelligent staff members will recognize that a security review by outsiders can be a great ____.

learning opportunity

17

The advantage of having a ___review your systems is that the outsiders have experience reviewing a wide range of systems, applications, and devices in a variety of industries.

third party

18

They will know what works well and what might work but cause problems in the future. They are also more likely to be up to speed on new ____ and the latest product updates. Why? Because this is all they do.

vulnerabilities

19

What is heartbleed

Research

20

They are not encumbered by administrative duties, inter- nal politics, and help desk requests. They will be more ____ than in-house staff, and they will be in a position to make recommendations after their analysis.

objective

21

The ---- analysis should involve a two-pronged approach: They should identify how the network appears to attackers and how secure the system is, should attack- ers make it past the perimeter defenses.

third-party

22

Don’t Forget the ____

Basics

23

Many organizations spend a great deal of time and money addressing ____ and overlook some fundamental security mechanisms, as described here.

perimeter defenses

24

Change ____

Default Account Passwords

25

Nearly all network devices come ___ with a password/username combination.

preconfigured

26

If these ____ are not changed upon configu- ration, it becomes a trivial matter for an attacker to get into these systems.

default passwords

27

Use ___ Passwords

Robust

28

Close Unnecessary ____

Ports

29

____ on a computer are logical access points for com- munication over a network.

Ports