Secure Operations 4.9

Question 1

Firewall log

Answer 1

Traffic Flows through the firewall. Source/Destination IP. Port Numbers, dispositions.

Question 2

Application Logs

Answer 2

Records events set to it by applications or programs running on the system. Any application has the capability of writing events in the application log. This includes, warnings, errors and routine messages.

Question 3

Endpoint logs

Answer 3

A lot of data which can be seen on the endpoint. Log on events, Policy changes, System events.

Question 4

OS-specific security logs

Answer 4

Monitoring Apps. Brute force, file changes, Authentication details. Find problems before they happen. Brute force attacks, May require filtering.

Question 5

IPS/IDS Logs

Answer 5

Provide information on known vulnerabilities. Common data point, Time stamp, Type or class of attack, Source and destination IP, Source and destination port.

Question 6

Network Logs

Answer 6

Switches, routers, access points, VPNS concentrators.

Question 7

Metadata

Answer 7

Information which describes an other data sources.

Question 8

Vulnerability scans

Answer 8

Will identify lack of security controls.
Misconfigurations will be identified.

Question 9

Packet captures.

Answer 9

Analyse every bit and bite which is sent over the network.