3.3 Flashcards
Whats log management?
It’s a very diverse log sources which usually are sent via syslog and it requires a massive storage which also makes data rollup important.
Whats port scanning?
It’s finding devices and identify ports(Nmap).
Whats vulnerability scanning?
By using a vulnerability scanner, we can poke around and see whats open, identify systems and security devices. This is done from the inside and the outside.
What does a vulnerability scan result help with?
- Shows the lack of security control(no firewall, no anti-virus, no anti-spyware)
- Shows misconfigurations (open shares and guest access)
Whats patch management?
It helps with system stability and security fixes which are incredibly important and if its more than one patch at a time, we get them in service packs all at once like windows monthly updates(incremental).
Whats rollback option?
The reverse of patch management (helps with going back to normal if one of the patches cause problems.)
Whats baseline review?
Reviewing baseline helps you to understand what the normal operation of your network might be over time.
What is protocol analyzer used for?
It helps to solve complex application issues since it can get into the details by gathering packets on the network and they view traffic patterns.
Whats interface monitoring?
It’s used to see if a device is up or down.
Whats alerting in interface monitoring?
It’s a basic automated function we create to warn the user about the malfunction and sent to them via email or sms.
Whats SIEM?
(Security Information and Event Management)
- It helps with real-time info and security alerts.
- It also helps with log aggregation and lon-term storage.
- We can create data correlation.
- It helps with Forensic analysis by gathering details after an event.
Whats syslog?
It’s the standards for message logging that works on different systems and they use syslog protocols to send data to the SIEM and that means a lot of disk space.
Whats the difference between SIEM dashboard and SIEM logs?
SIEM logs show a lot of details while SIEM dashboard gives you a broader view.
Whats SNMP?
(Simple Network Management Protocol) Another way to monitor the network and all of the devices is to proactively query those devices for more information.
Whats MIB?
(Management Information Base) It’s a collection database of data
Whats error rate?
We can monitor interfaces for errors. We can look at those error rates over time, and we can see exactly the specific error that may be occurring.
Whats utilization?
another good monitoring statistic is to evaluate how much traffic is going through a particular interface and gather utilization details on every single interface on our network.
What are packet drops?
These errors occur when the problem isn’t associated with the packet, but instead is associated with the system’s ability to process that packet.
Whats the difference between bandwidth and throughput?
Throughput is an actual measure of how much data is successfully transferred from source to destination, and bandwidth is a theoretical measure of how much data could be transferred from source to destination.