Chapter 2: Monitoring and Diagnosing Networks Flashcards
Sniffer
A passive network monitor that listens to the signaling and traffic on the network
Promiscuous Mode
A NIC in promiscuous mode looks at any packet it sees on the network even if it isn’t addressed to that NIC.
Application Log
Where applications log various events such as errors
Security Log
Records events related to resource use, logon attempts, file use, etc.
var/log/faillog
Linux log file containing failed user logins
/var/log/apport.log
Linux log file that records application crashes
Windows tool for viewing log files
Event Viewer
Services
Programs that run when the operating system boots, often running in the background.
File and Print Servers are primarily vulnerable to _______.
DoS attacks
Which service should you disable on a network with PC-based systems?
NetBIOS, ports 135, 137, 138, 139
Which port should you make sure is closed on Unix systems?
Remote Procedure Call (RPC), port 111
Performance Monitor
Can be used to examine activity on any counter.
Service Pack Patch
A periodic update that corrects problems in one version of a product
Update Patch
Code fixes for products that are provided to individual customers
File Allocation Table (FAT)
-Microsoft’s first file system, very unsecure
Two types of FAT privileges
1) Share-level
2) User-level
New Technology Filesystem (NTFS)
-Introduced with Windows NT to address security problems
Command to see version of NTFS
fsutil fsinfo ntfsinfo C:
802.1X
Defines port-based security for wireless network access control
EAPOL
- EAP over LAN
- Another name for 802.1X
How to disable a port?
Disable the service and block the port with a firewall
Security Audit
A scheduled, in-depth check of security
Alarms
- Indications of ongoing current problems
- Address them now
Alerts
-Issues you should pay attention to, but will not bring the system down now
