Deck 14: On-Going Security Management

Change management should be used before making changes to firewall or IDPS rules that affect users.

One of the events you should continually monitor is logins.

Since system intrusions take place over a very short period of time,there is no need to maintain IDPS log data for more than a few hours.

An IDPS must have enough memory to maintain connection state information.

Security auditing is the process of documenting countermeasures put in place due to attacks on the network.

In centralized data collection,data from sensors go to security managers at each corporate office.

Most IDPSs use random ports to transfer security data,thereby making it difficult for attackers to exploit.

Nonrepudiation is the use of encryption methods to ensure the confidentiality of data.

Network protection is something you should implement initially and then only make changes if there is a serious security breach.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which data from security devices goes to a management console on its own local network

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit in which an outside firm inspects audit logs to ensure that an organization is collecting the information it needs

With ___________________ data collection,data from security devices goes to a management console on its own local network.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a technique of tricking employees into divulging passwords or other information

A(n)____________________ audit should look for accounts assigned to employees who have left the company or user group.

The ________________ command reviews the current connections and reports which ports a server is listening to.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit by an organization's own staff that examines system and security logs

You should review the logs and alerts created by your security devices,a process called _________ monitoring.

Each IDPS has _____________ that gather data passing through the gateway.

To manage the security information from the devices in a large network,you should establish a security incident _________________ team.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program that gathers and consolidates events from multiple sources so that the information can be analyzed to improve network security

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which an organization's event and security data is funneled to a management console in the main office

You monitor and evaluate network traffic to gather evidence that indicates whether your IDPS _________________ are working well or need to be updated.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program in which network connections are scanned and alerts are generated when logons are attempted from a suspicious IDPS

Groups known as ______________ teams are assembled to actively test a network.

_______________ management involves modifying equipment,systems,software,or procedures in a sequential,planned way.

One way to consolidate the data from several network and security devices is to transfer the information to a central _______________.

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the process of magnetically erasing an electronic device,such as a monitor or a disk

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a strong implementation of the DiD concept in which security personnel expect that attacks will occur and try to anticipate them

MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the number of target computers on a network managed by a single command console

How does distributed data collection work when collecting data from multiple sensors?

Discuss the process of IDPS signature evaluation.

How can change adversely affect your network?

List three types of changes for which you should use change management.

Discuss operational auditing.Include in your discussion what should be looked for in an operational audit and what methods might be used in the audit.

If you determine that a Trojan program has been installed and is initiating a connection to a remote host and you suspect passwords have been compromised,what steps should you take? List three of them.

What is security auditing and what type of information should be analyzed?

List and define the areas for which DiD calls for maintenance.

List the advantages of centralized data collection.

List four type of events you should monitor as part of a security event management program.