Monitoring and Auditing Flashcards
Network traffic is analyzed for predetermined attack patterns
Signature-based
A baseline is established and any network traffic that is outside of the
baseline is evaluated
Anomoly-based
Activity is evaluated based on the previous behavior of applications,
executables, and the operating system in comparison to the current
activity of the system
Behavior Based
Process of measuring changes in networking, hardware, software, and
applications
Baselining
Documenting and reporting on the changes in a baseline
Baseline Reporting
Risk level to which a system or other technology element is exposed
Security Posture
Network adapter is able to capture all of the packets on the network,
regardless of the destination MAC address of the frames carrying them
Promiscuous Mode
Network adapter can only capture the packets directly addressed to itself
Non-promiscuous Mode
One or more switch ports are configured to forward all of their packets to
another port on the switch
Port Mirroring
A physical device that allows you to intercept the traffic between
two points on the network
Network Tap
A TCP/IP protocol that aids in monitoring network-attached devices and
computers
Simple Network Management Protocol (SNMP)
Computers and other network-attached devices monitored through the
use of agents by a network management system
Managed Devices
Software that is loaded on a managed device to redirect information to
the network management system
Agents
Software running on one or more servers to control the monitoring of
network-attached devices and computers
Network Management System (NMS)
Version of SNMP that provides integrity, authentication, and encryption
of the messages being sent over the network
SNMP v3