Security Technology Placement 3.2 Flashcards
Sensors and Collectors
Gathers information from network devices. They are built-in sensors integrated into switches, routers, servers, firewalls etc.
Sensors
Sensors collect raw data. Intrusion prevention systems, firewall logs, authentication logs, etc, will all be very different.
Collectors
Collectors job is to bring all that raw data to once place to make sense of all the data. There are a variety of ways/systems to collect the data. Many SIEM’s include a correlation engine to compare diverse data.
DDoS Mitigation
There are ways to resist DDoS and minimize the impact. Cloud-based internet provider. All your users connect to a reverse proxy to determine if traffic is legit or not. On-site IPS rules that recognize popular DDoS attacks. DDoS filtering on firewall.
Taps and Port Mirrors
If you work in IT, at some point you will need to capture packets for analysis. In order to do this, you have some options.
Physical Tap
A physical tap can be placed in the middle of a physical connection. It can be an active or passive tap. Active tap allows you to switch to many different connections. Passive tap takes a small sample of the signal and sending it to the analysis tool
Port Mirror
Port redirection, SPAN (Switched Port ANalyzer). It’s a software based tap with limited functionality but can work well in a pinch.