Security Technology Placement 3.2

Question 1

Sensors and Collectors

Answer 1

Gathers information from network devices. They are built-in sensors integrated into switches, routers, servers, firewalls etc.

Question 2

Sensors

Answer 2

Sensors collect raw data. Intrusion prevention systems, firewall logs, authentication logs, etc, will all be very different.

Question 3

Collectors

Answer 3

Collectors job is to bring all that raw data to once place to make sense of all the data. There are a variety of ways/systems to collect the data. Many SIEM’s include a correlation engine to compare diverse data.

Question 4

DDoS Mitigation

Answer 4

There are ways to resist DDoS and minimize the impact. Cloud-based internet provider. All your users connect to a reverse proxy to determine if traffic is legit or not. On-site IPS rules that recognize popular DDoS attacks. DDoS filtering on firewall.

Question 5

Taps and Port Mirrors

Answer 5

If you work in IT, at some point you will need to capture packets for analysis. In order to do this, you have some options.

Question 6

Physical Tap

Answer 6

A physical tap can be placed in the middle of a physical connection. It can be an active or passive tap. Active tap allows you to switch to many different connections. Passive tap takes a small sample of the signal and sending it to the analysis tool

Question 7

Port Mirror

Answer 7

Port redirection, SPAN (Switched Port ANalyzer). It’s a software based tap with limited functionality but can work well in a pinch.