Friday, May 1, 2020
NT2580 Unit 5 Testing and Monitoring Security Controls free essay sample
A few different types of security events and baseline anomalies that might indicate suspicious activity Different traffic patterns or influx in bandwidth usage can be considered suspicous activity. Or sevices changing port usage, in turn creating variaitons in normal patterns. A sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or it may mean that someone is up to no good. A sudden jump in the number of bad or malformed packets. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Large numbers of packets caught by your router or firewalls egress filters. Recall that egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because thats a clear sign that machines on your network has been compromised. We will write a custom essay sample on NT2580 Unit 5 Testing and Monitoring Security Controls or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Unscheduled reboots of server machines may sometimes indicate their compromise. You should be already be watching the event logs of your servers for failed logons and other security-related events. Log Files contain complete records of all security events (logon events, resource access, attempted violations of policy, changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, system warnings) that can allow a admin to quickly discover the root cause of any issues. Predictable passwords could be an issue too. User passwords are probably one of the most vulnerable ways to have a security breach. It is mostly due to weak passwords. Weak passwords being a minimum or 8 characters and not requiring a number and/or a special character. Ensure you emplement Ã¢â¬Å"stricktÃ¢â¬ password complexity standards. Limit unauthorized use of network resources by allowing access during businiess hours only. Do not allow remote access permitions to anyone, except those that manipulate the data for a living. Identification of malicious applications is of considerable importance to organizations in all sectors, but particularly for those organizations that operate in the financial sector or are constrained by regulations. If the malicious software component is a rootkit or similar program that takes complete control of a computer and then masks the fact that an attacker now controls the computer. It is difficult to be sure that your computers do not have such malicious applications running, because the rootkit might be better at concealment than you are at detecting them. Limit access to important systems (hardware) physical BUS ports. (USB, FIREWIRE, Serial, etc) As network security professionals you cant protect for something that never Ã¢â¬Å"technicallyÃ¢â¬ hits the network. If someone has malware installed to a thumb drive comes into your building and has access to a physical USB port then security has been breached. Solution Requirements The solution requirements to identify attackers overlap with those required to identify internal threats. These requirements include: Ã¢â" A defense-in-depth approach to security implementation. Ã¢â" Effective security audit logs. Ã¢â" Reliable centralized collection of security logs. Ã¢â" Automated analysis of the security logs to identify attack signatures. The solution requirements to detect malicious applications share some of the requirements to identify internal threats. These solution requirements include: Ã¢â" Effective procedures to audit any unauthorized software on the network. Ã¢â" Properly configured security audit logs. Ã¢â" Reliable centralized collection and filters of security logs. Ã¢â" Automated analysis of the security logs to identify suspicious behavior, with use of third-party programs where necessary.