Chapter 2 Flashcards
Network Monitors
AKA Sniffers
help troubleshoot network problems. Dig much deeper than IPconfig to tell you what’s actually going on on the network.
Today consists of a PC with an NIC
Promiscuous Mode
The network card looks at the packet that it sees on the network even if it is not addressed to that file
Application Log
This log contains various events logged by applications or programs. Many applications will record their errors in the log. Provides clues that someone has been attempting to compromise the database
Security Log
Contains successful/unsuccessful logon attempts. Also records events related to resource use such as creating, opening, or deleting files/objects
Extensions used to save a log file
EVT, TXT, CSV
File/Print Server Vulnerabiliy
DoS attacks and access attacks. Target a specific port and overwhelm the the port
RPC
Remote Procedure Call
programing interface that allows a remote computer to run programs on a local machine. Contains serious vulnerabilities.
Place where common attacks to Networks with PC-Based systems
NetBIOS services: ports 135, 137, 138, and 139
To prevent make sure that NetBIOS services are disabled on servers or that an effective firewall is in place
Place to look for up to date informations on Windows operating system issues
Microsoft Safety and Security Center
Which software should you keep on your computer?
Only relevant software should be kept on the computer
If it isn’t essential, get rid of it!
Patches. What they are and when to get them (not the types)
An update to a system. Can add new functionality or fix a bug in the software. In a business test them first to make sure they won’t mess everything up. In personal use let them auto update.
Also what a pirate wears over his/her eye.
Three types of patches
- Service Pack - corrects problems within a version of the product
- Updates - code fixes for products that are provided in the event of critical problems
- Security Updates - Mandatory updates to make sure that known security problems are fixed
UAC best practices
User Account Control
Disable unnecessary accounts: they allow for a door into the system. These include former employees and guest accounts
Require passwords: you should always require passwords
what does $ denote?
Hidden administrative files. They manage a computer on a network and can only be deleted through Registry edits
Should you use MAC filtering or port authentication?
Why not both? MAC filtering can be circumvented fairly simply unless you authenticate
Four good ideas to Secure a network
MAC Limiting/Filtering
802.1X
Disable Unused Ports
Rogue Machine Detection
Hardening
general process of making sure that the OS itself is as secure as it can be
Hazard of disabling a service and how to avoid it
Other services may be dependent on that service to function. Microsoft Services Console gives information on dependencies.
Which file system does Microsoft recommend network shares are established using?
NTFS
Rogue Machines
Adding an unauthorized machine on to the system. Possibly an intruder or a neighboring office connecting to your wireless
EAP
Extensible Authentication Protocol
authentication framework frequently used in wireless networks and point-to-point connections
Common aspects of security audits
Review security logs
Review policies and compliance
Check security device configuration
Review Incident Response Reports
First two steps after a gap in security posture is detected
- Classify the gap
2. Begin implementing a plan to remmediate it
Three Classifications of threats
Minor - no immediate threat
Serious - possible immediate threat
Critical - total disaster! Respond immediately!
Alerts versus Alarms
Alerts are issues that need to be addressed, but they are not immediate
Alarms are immediate. Fix it.
