12.3 Flashcards
AUP
Acceptable use policy
The security policy should consist of these 4 complementary documents/policies
Governing Policy, Technical Policies, End-User Policies; Standards, Guidelines, and Procedures.
Name thee detailed documents that are often contained in a security policy
Standards, Guidelines, Procedures.
3 elements for an effective argument in Incident Response:
Motive, Means, Opportunity.
The preservation of evidence, data, and details is referred to as:
Legal hold
Examples of vulnerability scanners:
Nessus, Nmap
Honey pot/net can be used to…
Act as a distraction or as a system that is extensively monitored to learn what an attacker is attempting to do on the system
ACL + definition
Access Control Lists are rules usually applied to router interfaces that specify permitted and denied traffic
Physical security controls and devices are categorized into these two cats
Detection and Prevention
Detection techniques and devices:
Motion detection, Video surveillance, asset tracking tags, tamper protection.
Prevention techniques and devices:
Badges, Biometics, Smart Cards, Key Fobs, Locks.
Steps in Network Device Hardening:
Changing default credentials, avoiding common passwords, upgrading firmware, patching and updating, file hashing, disabling unnecessary services, using secure protocols, generating new keys, disabling unused ports, changing the native VLAN.
Layer 2 Protections:
Spanning tree protections, DHCP snooping, VLAN segmentation.