Chapter 2 - Monitoring Networks Flashcards
Rene
What were originally introduced to help troubleshoot network problems?
page 46.
Network Monitors, AKA sniffers
Rene
What is Promiscuous Mode?
page 46.
Simply means that the network card looks at any packet that it sees on the network, even if that packet is not addressed to the network.
Rene
What log contains various events logged by applications or programs.
page 47.
Application Log
Rene
Which Log has successful and unsuccessful logon attempts and records events related to resource use, such as creating, opening or deleting file or other objects.
page 47.
Security Log
Rene
What are the options in Event Viewer that allow you to perform certain actions?
page 51.
Saving the Log file in (evt, txt or csv format), opening saved logs, filtering the log file and viewing or changing properties.
Rene
What is Hardening?
page 52.
A general process of making certain that the operating system itself is as secure as it can be.
Rene
True or False
Part of OS Hardening is disabling unneccessary services.
page 53
True
Rene
What is RPC
page 53
Remote Procedure Call
Is a programming interface that allows a remote computer to run programs on a local machine.
Rene
True or False
It is considered a security best practice to remove unneeded software
page 55
True
Rene
What is a patch?
page 56
Is an update to a system, sometimes a patch adds new functionality; in other cases, it corrects a bug in the software
Rene
What are the three types of patches?
page 57
Service Pack
Updates
Security Updates
Rene
What is IDS?
page 64
Intrusions Detection System
Focused on detecting intrusion
Rene
What is IPS?
page 64
Intrusion Prevention System
Focused in preventing intrusions
Rene
How does a “Honeypot” work?
page 64
Draw attackers away from higher-value system or allows administrators to gain intelligence about an attack strategy.
Rene
How does a “Honeynet” work?
page 64
Creates a synthetic network that can be run on a single computer system and is attached to a network using a normal Network Interface Card (NIC)
Rene
What is the process of luring someone into your plan or trap, by using free stuff or a challenge?
page 65
Enticement
Rene
What is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
page 65
Entrapment
Rene
True or False
Enticement and Entrapment are both legal in the US, but not legal in Canada.
page 65
False
Rene
What are Alarms?
page 63
Are indications that there is an ongoing CURRENT problem.
Rene
What are Alerts?
page 63
Are issues to which you need to pay attention, but are not about to bring the system down at any moment.
Rene
What are Trends?
page 63
Trends in threats, example;
Last month, spear phishing attacks been increasing.
Rene
What are Security Audits and what do they include?
page 62
An integral part of continuous security monitoring. they include;
* Review of security logs
* Review of policies and compliance with policies
* A check of security device configuration
* Review of incident response reports
Rene
What are the settings for Remediation Policy?
page 62
- Minor
- Serious
- Critical
Rene
What are methods of Security the Network?
page 60 Using the following concepts; * MAC Limiting and Filtering * 802.1X * Disable Unused Ports * Rogue Machine Detection
Rene
What types of accounts should you disable?
page 58
- Employees who have left the company
- Temporary Employees
- Default Guest Accounts
