Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FSDA > Chapter_9_LAN Communication Profiler (LAN CP) > Flashcards

Chapter_9_LAN Communication Profiler (LAN CP) Flashcards

1
Q

What is LAN CP?

A
  • Network Communications Baselining Engine
  • The LAN Communication Profiler tracks and analyzes communication patterns among network devices, protocols used and message types (e.g. read andwrite commands)
  • Used to baseline the network communications within a LAN environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 2 LAN CP operating modes?

A

Learning

-The initial state of the Profile upon creation
-Automatically learns all communications seen by the sensor to create abaseline
-Should stay in learning mode for 2-3 weeks (depending on networkcomplexity)
#Detection
-Can be set after the Profile has learned the network behaviorAll communications deviating from the baseline generate an Alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some best practices for LAN CP?

A
  • Make sure all malicious/abnormal rules inside the profile areremoved
  • Keep the scope of rules to low granularity (entire subnetworks)
  • Used named ports/IP ranges
  • Use description field for documentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When do you switch to detecting mode?

A

Done after concluding the learning and tuning phase Time depends on the complexity of the network Average period is around 2-3 weeks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

FSDA (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions