Part 8 Flashcards
Even with the most robust security tools in place, it is important to ____ your systems.
monitor
Monitor ____
Systems
All security products are ____ and can ____ or be ____.
manmade, fail, compromised
As with any other aspect of technology, one should ____on simply one product or tool.
never rely
Enabling ____ on your systems is one way to put your organization in a position to identify problem areas.
logging
The problem is, ____
what should be logged?
Logging mechanisms and the ability to track ____ are critical.
user activities
The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without ____:
system activity logs
Invalid ____ access attempts
logical
Record at least the following \_\_\_\_ for all system components for each event: ● User identification ● Type of event ● Date and time ● Success or failure indication ● Origination of event
audit trail entries
____ or name of affected data, system component, or resource
Identity
____ for all system components at least daily. ______ must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
Note: Log harvesting, parsing, and alerting tools may
be used to achieve compliance.
Review logs
Fortunately, there are tools that will collect and ____ log files from a variety of sources. All these tools have the ability to notify individuals of a particular event.
parse
Hire a ____ to Audit Security
Third Party
Regardless of how talented your staff is, there is always the possibility that they ___ something or inad- vertently misconfigured a device or setting.
overlooked
For this reason it is very important to bring in an extra set of “eyes, ears, and hands” to ____ your organization’s security posture.
review
Though some IT professionals will become paranoid having a third party review their work, intelligent staff members will recognize that a security review by outsiders can be a great ____.
learning opportunity
The advantage of having a ___review your systems is that the outsiders have experience reviewing a wide range of systems, applications, and devices in a variety of industries.
third party
They will know what works well and what might work but cause problems in the future. They are also more likely to be up to speed on new ____ and the latest product updates. Why? Because this is all they do.
vulnerabilities
What is heartbleed
Research
They are not encumbered by administrative duties, inter- nal politics, and help desk requests. They will be more ____ than in-house staff, and they will be in a position to make recommendations after their analysis.
objective
The —- analysis should involve a two-pronged approach: They should identify how the network appears to attackers and how secure the system is, should attack- ers make it past the perimeter defenses.
third-party
Don’t Forget the ____
Basics
Many organizations spend a great deal of time and money addressing ____ and overlook some fundamental security mechanisms, as described here.
perimeter defenses
