Chapter 2 Monitoring and Diagnosing Networks Flashcards
Network Monitors (sniffers)
A machine that watches network traffic and collects data. Nowadays all you need to have is a computer with an NIC in promiscuous mode (picking up all packets that run past it).
Application Log (event viewer)
-Events logged by applications or programs
Security Logs (event viewer)
- Successful and unsuccessful login attempts
- Events related to creating, opening, and deleting files
- By default, both successes and failures are not logged. You should change this.
Hardening
Locking down the operating system or your software’s code as much as you practically can
Services
Programs that run on startup, and often are in the background. You should carefully disable any you don’t need.
File and Print Server Security Risks
- Very vulnerable to DoS and access attacks
- Deactivate all ports and protocols you don’t need to use
Directory Sharing
Should be limited to what’s essential to performing system functions
-Hide root directories from browsing
Service Pack
Patches that address issues in the operating system that needed major reworking
Updates
General fixes with program code
Security updates
Fix various vulnerabilities that may be found on an operating system. These should be deployed within 30 days of their release
User Account Control
- Disable, but don’t delete, all unneccesary accounts
- Pay attention not only to domain accounts, but to local accounts as well
- Make sure set passwords meet the company’s minimum requirements
Principle of Least Privilege
Give employees access to the bare minimum of resources they need to successfully do their jobs
802.11x
Use MAC Filtering and port authentication together for exponential security increase
Remember, all ports you’re not using can be a security risk
Security Posture
Make sure your security posture baselines are in compliance with HIPAA, ICI, or whoever is setting your standards.
Security Audits
Scheduled, in-depth checks of security
- Review security logs and compliance
- Check security device configuration
Remediation Policy
When a security gap is found, take note of it and develop a remediation plan.
- Sample threat classification:
- Minor: not an immediate threat
- Serious: Could pose a threat, but that’s very unlikely/difficult
- Critical: It needs to be taken care of ASAP
Alarms
An indication of an ongoing current problem
-Good for an issue that should be looked at right away
Alert
You should pay attention to an alert, but it isn’t an indication of impending doom.
Trends
Trends in threats you observe, either to your company, or to the networking world at large. These can be used to help you be proactive in your security planning.
Enticement vs. Entrapment
Enticement: You lure someone into a trap you setup, like a honeypot
Entrapment: Encouraging someone to break the law and reporting them for it.
Port 21
File Transfer Protocol (FTP)
Port 22
SSH, SCP and SFTP
Port 23
Telnet
Port 25
Port 110
Port 143
Port 995
SMTP
POP3
IMAP
Secure POP3
Port 53
Domain Name Services (DNS)
Port 80
Port 443
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
Port 161
Simple Network Management Protocol (SNMP)
Port 631
Internet Printing Protocol (IPP)
Port 139
Network Basic Input/output System (NetBIOS)
Technical Security Controls
Controls implemented using systems
Operating system controls
Hardware based
Administrative Security Controls
Controls that determine how people act
Security Policies
Standard operating procedures
