Prohibited Activity and End-user Policies

Question 1

Incident response: First response - Prohibited Activity and End-user Policies

Answer 1

• Identify the issue - Logs, in person, monitoring data
• Report to proper channels - Don’t delay
• Collect and protect information relating to an event
• Many different data sources and protection mechanisms

Question 2

Incident response: Documentation - Prohibited Activity and End-user Policies

Answer 2

• Security policy - An ongoing challenge
• Documentation must be available - No questions
• Documentation always changes - Constant updating
• Have a process in place - Use the wiki model

Question 3

Incident response: Chain of custody - Prohibited Activity and End-user Policies

Answer 3

• Control evidence - Maintain integrity
• Everyone who contacts the evidence - Use hashes
• Label and catalog everything - Seal, store, and protect

Question 4

Content policies - Prohibited Activity and End-user Policies

Answer 4

• A security policy - Every organization has a different philosophy
• Block policies - URL, application, user name / group
• Block everything, only allow certain traffic types
• Allow everything, block only certain traffic types

Question 5

Licensing / EULA - Prohibited Activity and End-user Policies

Answer 5

• Closed source / Commercial - Source code is private
  
  • End user gets compiled executable
• Free and Open Source (FOSS) - Source code is freely available
  
  • End user can compile their own executable
• End User Licensing Agreement
  
  • Determines how the software can be used
• Digital Rights Management (DRM)
  
  • Used to manage the use of software
• Personal license - Designed for the home user
  
  • Usually associated with a single device or small group of devices owned by the same person
  • Perpetual (one time) purchase
• Enterprise license - Per-seat purchase / Site license
  
  • The software may be installed everywhere
  • Annual renewals