15 D4 pt2 Flashcards
Last step in Analyze phase is the ___; includes next actions necessary to respond.
Course of Action (COA)
Firewalls:
___ - has 4 layers, provides additional security for servers.
Dual Firewall
Incident handling and Response:
__- detection, analysis, and response to any event or incident.
Incident Handling
__ Attacks can be malicious or non-malicious.
Insider
Incident handling and Response:
__- compilation of incident or intrusion sets with similar characteristics..
Incident Sets
Incident handling and Response:
__- occurrence having actual/potential adverse effects on an IS.
Incident
A __ is a system or group of systems configured to enforce a security policy between 2 networks.
firewall
Incident handling and Response:
__- an occurrence, not yet assessed that may affect performance of an IS.
Event
Incident response categories: Incidents: \_\_ - root intrusion \_\_ - user intrusion \_\_ - DoS \_\_ - Malicious logic
1 root intrusion
2 user intrusion
4 DoS
7 malicious logic
Important principle of the Defense in Depth strategy is focused on these 3 elements:
People
Organizations
Technology
Firewalls:
___ - simple and low cost, if router compromised the entire network is compromised.
Simple Firewall with 1 Choke
For a firewall to be effective the following must be true:
- All traffic must be __
- Only __ __ is allowed to pass through
- the __/__ is highly resistant to penetration
- scanned
- authorized traffic
- system/host
Firewalls:
___ - has 3 layers, if firewall is compromised additional protection exists.
Belt and Suspenders Architecture
Firewall Types:
__ - checks packet header information, does not check packet contents.
Stateless packet filtering
__, __, and __ are 3 tools that can carve files from the network.
Tcpxtract
Xplico
NetworkMiner
Firewall Types:
__ - uses a combination of the other firewall techniques.
Hybrid
Firewalls:
___ - Multiple NICs with one firewall for centralized security policies.
Multi-homed Firewall
A combination of the below concepts represent the defense in depth model:
- __
- __
- __
- __
- deploy robust KMI/PKI
- deploy IDS to detect, evaluate, examine, and act on intrusions
- apply perimeter protection
- apply internal protection
Incident handling and Response:
__- unauthorized access to an IS.
Intrusion
Firewalls:
___ - has 2 layer, if the firewall is compromised the entire network is compromised.
Classic Firewall Architecture
__- The intent of the methodology is to help coordinate, de-conflict, and execute an incident response within minutes or hours as opposed to days or weeks.
Incident Handling Methodology
Firewall Types:
__ - examines both incoming and outgoing packets and has the ability to inspect communication layers and extract relevant data.
Stateful packet filtering
Benefits of an IDS/IPS: \_\_ \_\_ \_\_ \_\_ \_\_ \_\_ \_\_ \_\_ \_\_ \_\_ \_\_
Passive - Requires no modifications - Analyzes data as collected or after - Real time alert notifications - Data gathering upon detection - Replay computer transmissions - Full suite of analytic tools - Can command line or gui - Interface for secure connections - User customizable
Firewall Types:
__ - listens for service requests from internal clients and forwards those requests to the external network; operates in application layer
Application layer gateway/proxy
