Chapter 2 Monitoring and Diagnosing Networks

Question 1

Network Monitors (sniffers)

Answer 1

A machine that watches network traffic and collects data. Nowadays all you need to have is a computer with an NIC in promiscuous mode (picking up all packets that run past it).

Question 2

Application Log (event viewer)

Answer 2

-Events logged by applications or programs

Question 3

Security Logs (event viewer)

Answer 3

• Successful and unsuccessful login attempts
• Events related to creating, opening, and deleting files
• By default, both successes and failures are not logged. You should change this.

Question 4

Hardening

Answer 4

Locking down the operating system or your software’s code as much as you practically can

Question 5

Services

Answer 5

Programs that run on startup, and often are in the background. You should carefully disable any you don’t need.

Question 6

File and Print Server Security Risks

Answer 6

• Very vulnerable to DoS and access attacks

- Deactivate all ports and protocols you don’t need to use

Question 7

Directory Sharing

Answer 7

Should be limited to what’s essential to performing system functions
-Hide root directories from browsing

Question 8

Service Pack

Answer 8

Patches that address issues in the operating system that needed major reworking

Question 9

Updates

Answer 9

General fixes with program code

Question 10

Security updates

Answer 10

Fix various vulnerabilities that may be found on an operating system. These should be deployed within 30 days of their release

Question 11

User Account Control

Answer 11

• Disable, but don’t delete, all unneccesary accounts
• Pay attention not only to domain accounts, but to local accounts as well
• Make sure set passwords meet the company’s minimum requirements

Question 12

Principle of Least Privilege

Answer 12

Give employees access to the bare minimum of resources they need to successfully do their jobs

Question 13

802.11x

Answer 13

Use MAC Filtering and port authentication together for exponential security increase

Remember, all ports you’re not using can be a security risk

Question 14

Security Posture

Answer 14

Make sure your security posture baselines are in compliance with HIPAA, ICI, or whoever is setting your standards.

Question 15

Security Audits

Answer 15

Scheduled, in-depth checks of security

• Review security logs and compliance
• Check security device configuration

Question 16

Remediation Policy

Answer 16

When a security gap is found, take note of it and develop a remediation plan.

• Sample threat classification:
  
  • Minor: not an immediate threat
  • Serious: Could pose a threat, but that’s very unlikely/difficult
  • Critical: It needs to be taken care of ASAP

Question 17

Alarms

Answer 17

An indication of an ongoing current problem

-Good for an issue that should be looked at right away

Question 18

Alert

Answer 18

You should pay attention to an alert, but it isn’t an indication of impending doom.

Question 19

Trends

Answer 19

Trends in threats you observe, either to your company, or to the networking world at large. These can be used to help you be proactive in your security planning.

Question 20

Enticement vs. Entrapment

Answer 20

Enticement: You lure someone into a trap you setup, like a honeypot

Entrapment: Encouraging someone to break the law and reporting them for it.

Question 21

Port 21

Answer 21

File Transfer Protocol (FTP)

Question 22

Port 22

Answer 22

SSH, SCP and SFTP

Question 23

Port 23

Answer 23

Telnet

Question 24

Port 25
Port 110
Port 143
Port 995

Answer 24

SMTP
POP3
IMAP
Secure POP3

Question 25

Port 53

Answer 25

Domain Name Services (DNS)

Question 26

Port 80

Port 443

Answer 26

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol Secure (HTTPS)

Question 27

Port 161

Answer 27

Simple Network Management Protocol (SNMP)

Question 28

Port 631

Answer 28

Internet Printing Protocol (IPP)

Question 29

Port 139

Answer 29

Network Basic Input/output System (NetBIOS)

Question 30

Technical Security Controls

Answer 30

Controls implemented using systems
Operating system controls
Hardware based

Question 31

Administrative Security Controls

Answer 31

Controls that determine how people act
Security Policies
Standard operating procedures