3.3 Explain common scanning, monitoring and patching processes and summarize their expected outputs.

Question 1

Log management

Answer 1

Very diverse log sources
Usually sent via syslog
Massive storage requirement
Data rollup becomes important

Question 2

Data graphing

Answer 2

Many different data sources
Usually managed through a SIEM
Graphing can require extensive resource utilization
Can use built-in graphs

Question 3

Port scanning

Answer 3

Nmap
Port scan
Operating system scan
Service scan
Additional scripts

Question 4

Nmap - Network mapper

Answer 4

Find and learn more about network devices

Question 5

Port scan

Answer 5

Find devices and identify open ports

Question 6

Operating system scan

Answer 6

Discover the OS without logging in to a device

Question 7

Service scan

Answer 7

What service is available on a device? Name, version, details

Question 8

Additional scripts

Answer 8

Nmap Scripting Engine (NSE) - extend capabilities, vulnerability scans

Question 9

Vulnerability scanning

Answer 9

Usually minimally invasive
Run a vulnerability scanner
Identify systems and security devices
Test from the outside and inside
Gather as much information as possible

Question 10

Vulnerability scan results

Answer 10

Lack of security controls
Misconfigurations
Real vulnerabilities

Question 11

Patch management

Answer 11

Incredibly important
Service packs - All at once
Monthly updates
Emergency out-of-band updates

Question 12

Protocol analyzers

Answer 12

Solve complex application issues
Gathers packets on the network
View traffic patterns
Large scale storage

Question 13

Interface monitoring

Answer 13

Up or down
Alarming and alerting
Short-term and long-term reporting
Not focused on additional details

Question 14

SIEM

Answer 14

Security Information and Event Management
Security alerts
Log aggregation and long-term storage
Data correlation
Forensic analysis

Question 15

SNMP

Answer 15

Simple Network Management Protocol

Access should be very limited

Question 16

SNMP v1 - The original

Answer 16

Structured tables, in-the-clear

Question 17

SNMP v2 – A good step ahead

Answer 17

Data type enhancements, bulk transfers, still in-the-clear

Question 18

SNMP v3 - The new standard

Answer 18

Message integrity, authentication, encryption

Question 19

Syslog

Answer 19

Standard for message logging
Usually a central logging receiver
You’re going to need a lot of disk space

Question 20

Monitoring the interface

Answer 20

Often your first sign of trouble
Can sometimes indicate a bigger issue
View in the operating system
Monitor with SNMP

Question 21

Interface monitoring

Answer 21

Link status - link up, or link down?
Error rate - Problems with the signal - CRC error, runt, giant
Utilization
Discards, packet drops
Interface resets
Speed and duplex - These should match on both sides