Explore topic-wise InterviewSolutions in .

In addition to identifying the critical business systems and processes, it is important to IDENTIFY the possible threats to those systems as well as the organization as a whole. You should CONSIDER both external and internal threats and attacks using various entry points (wireless, malicious code, subverting the FIREWALL, ETC.). Once again, this will assist in implementing the appropriate security protections and creating business continuity and disaster recovery plans

In addition to identifying the critical business systems and processes, it is important to identify the possible threats to those systems as well as the organization as a whole. You should consider both external and internal threats and attacks using various entry points (wireless, malicious code, subverting the firewall, etc.). Once again, this will assist in implementing the appropriate security protections and creating business continuity and disaster recovery plans

One of the basic themes of IA is that it is COMPOSED of three principles - which have the MEMORABLE acronym CIA. C = confidentiality: only those who should be able to see the data can see it. I = INTEGRITY: the data is only changed by those authorized to change it and is not being CORRUPTED accidentally or INTENTIONALLY. A = availability: users can access the data when they want to or need to.

One of the basic themes of IA is that it is composed of three principles - which have the memorable acronym CIA. C = confidentiality: only those who should be able to see the data can see it. I = integrity: the data is only changed by those authorized to change it and is not being corrupted accidentally or intentionally. A = availability: users can access the data when they want to or need to.

SYSTEMS should be patched every time a new PATCH is released. MANY organizations don’t patch regularly and tend to not patch critical systems because they don’t want to risk downtime. However, critical systems are the most important to patch. You must SCHEDULE regular maintenance downtime to patch systems. As vulnerabilities are discovered, ATTACKERS often release exploits even before system patches are available. Therefore, it is imperative to patch systems as soon as possible.

Systems should be patched every time a new patch is released. Many organizations don’t patch regularly and tend to not patch critical systems because they don’t want to risk downtime. However, critical systems are the most important to patch. You must schedule regular maintenance downtime to patch systems. As vulnerabilities are discovered, attackers often release exploits even before system patches are available. Therefore, it is imperative to patch systems as soon as possible.

because it CONTAINS TOP SECRET INFORMATION.

because it contains top secret information.

An organization should be performing vulnerability scanning as often as possible, depending on the SIZE of the network. The scanning should be scheduled to allow adequate time to review the REPORTS, DISCOVER anything that has CHANGED, and mitigate the vulnerability.

An organization should be performing vulnerability scanning as often as possible, depending on the size of the network. The scanning should be scheduled to allow adequate time to review the reports, discover anything that has changed, and mitigate the vulnerability.

To Abe able to manage and control a network properly, your computer would have to have server preferences. Server Operating Systems such as Microsoft Server 2008 can be used for security management over a network, but requires a fair bit of insight to OPERATE and are mostly used by IT professionals only. Group Policy CONTROLS, an Advanced FIREWALL with by the minute updates, Network Access Protection, Network Policy and access System. Windows 7 has a few network security CAPABILITIES built in...

To Abe able to manage and control a network properly, your computer would have to have server preferences. Server Operating Systems such as Microsoft Server 2008 can be used for security management over a network, but requires a fair bit of insight to operate and are mostly used by IT professionals only. Group Policy Controls, an Advanced firewall with by the minute updates, Network Access Protection, Network Policy and access System. Windows 7 has a few network security capabilities built in...

One of the key objectives of computer security is confidentiality - information is only AVAILABLE to those who are supposed to have access to it. Encryption helps protect confidentiality of information transmitted over a NETWORK by (if it works as intended) making it difficult or impossible for someone who is not AUTHORIZED to have the information to make sense of it if they intercept the information in transit. In cases of data STORED on a network, if it is stored in encrypted form, it can make it difficult or impossible for an attacker to get anything useful from the encrypted file.

One of the key objectives of computer security is confidentiality - information is only available to those who are supposed to have access to it. Encryption helps protect confidentiality of information transmitted over a network by (if it works as intended) making it difficult or impossible for someone who is not authorized to have the information to make sense of it if they intercept the information in transit. In cases of data stored on a network, if it is stored in encrypted form, it can make it difficult or impossible for an attacker to get anything useful from the encrypted file.

To PROVIDE the BEST level of detection, an organization should use a combination of both signature-based and anomaly-based intrusion detection systems. This allows both known and unknown attacks to be detected. The IDSs should be distributed throughout the network, INCLUDING areas such as the Internet connection, the DMZ, and INTERNAL networks.

To provide the best level of detection, an organization should use a combination of both signature-based and anomaly-based intrusion detection systems. This allows both known and unknown attacks to be detected. The IDSs should be distributed throughout the network, including areas such as the Internet connection, the DMZ, and internal networks.

In addition to periodic vulnerability scanning, outgoing TRAFFIC should be INSPECTED before it leaves the network, looking for potentially compromised systems. Organizations OFTEN FOCUS on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially MALICIOUS or inappropriate insider activity.

In addition to periodic vulnerability scanning, outgoing traffic should be inspected before it leaves the network, looking for potentially compromised systems. Organizations often focus on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially malicious or inappropriate insider activity.

AR 25-2

Ar 25-2

show ip interface Ethernet 0 The only COMMAND that shows which access LISTS have been applied to an interface is show ip interface Ethernet 0. The command show access-lists displays all configured access lists, and show ip access-lists displays all configured IP access lists, but NEITHER command indicates whether the displayed access lists have been applied to an interface.

show ip interface Ethernet 0 The only command that shows which access lists have been applied to an interface is show ip interface Ethernet 0. The command show access-lists displays all configured access lists, and show ip access-lists displays all configured IP access lists, but neither command indicates whether the displayed access lists have been applied to an interface.

VPNs should be used for remote access and other sensitive communication. IPSEC is a great CHOICE for this purpose. STRONG encryption PROTOCOLS such as 3DES and AES should be used whenever possible. WEB access to sensitive or proprietary INFORMATION should

VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should

In ADDITION to internal web, mail, and DNS SERVERS, your internal network could ALSO INCLUDE databases, application servers, and TEST and development servers.

In addition to internal web, mail, and DNS servers, your internal network could also include databases, application servers, and test and development servers.

Wireless is typically less secure because it uses radio waves for transmission. In other words, you have your data "floating" in airspace which makes it more susceptible to being compromised (HACKED). With a wired connection someone cannot "steal" your data frames (packets) unless they physically connect to the network cabling. Additionally, the level of security built into wireless technology is less ADVANCED than that of wired NETWORKS. This is mainly due to the FACT that 802.11 is a relatively newer protocol standard. Manufacturers (both hardware and software) are developing better security for wireless systems and it is possible to harden the security of a WLAN by using the current security protocols along with using some third-party software. For additional specific information read the RFC standards for 802.11.

Wireless is typically less secure because it uses radio waves for transmission. In other words, you have your data "floating" in airspace which makes it more susceptible to being compromised (hacked). With a wired connection someone cannot "steal" your data frames (packets) unless they physically connect to the network cabling. Additionally, the level of security built into wireless technology is less advanced than that of wired networks. This is mainly due to the fact that 802.11 is a relatively newer protocol standard. Manufacturers (both hardware and software) are developing better security for wireless systems and it is possible to harden the security of a WLAN by using the current security protocols along with using some third-party software. For additional specific information read the RFC standards for 802.11.

Any development that is taking place in house should include SECURITY from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test TEAM to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to SUBCONTRACT development WORK to third PARTIES.

Any development that is taking place in house should include security from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test team to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to subcontract development work to third parties.

The first thing you NEED to know to PROTECT your network and systems is what you are protecting. You must know:

• The physical topologies
• Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
• Types of OPERATING systems
• Perimeter protection MEASURES (firewall and IDS PLACEMENT, etc.)
• Types of devices used (routers, switches, etc.)
• Location of DMZs
• IP address ranges and subnets
• Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made.

The first thing you need to know to protect your network and systems is what you are protecting. You must know:

Subnets improve network security and PERFORMANCE by arranging hosts into different logical groups. Subnetting is required when one network address needs to be distributed across MULTIPLE network segments. Subnetting is required when a company USES two or more TYPES of network technologies like Ethernet and TOKEN Ring.

Subnets improve network security and performance by arranging hosts into different logical groups. Subnetting is required when one network address needs to be distributed across multiple network segments. Subnetting is required when a company uses two or more types of network technologies like Ethernet and Token Ring.

An organization must understand how an outage COULD impact the ability to CONTINUE OPERATIONS. For example, you must determine how long SYSTEMS can be down, the impact on cash flow, the impact on service LEVEL agreements, and the key resources that must be kept running.

An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running.

Before analysis all the captured data NEEDS to be organized in a particular format or pattern for the classification purpose this whole process of organizing data is known as preprocessing. In this process data that is COLLECTED from the IDS or IPS sensors needs to be PUT into some canonical format or a structured database format based on the preprocessing. Once the data is formatted it is further broken down into classifications, which TOTALLY depends on the analysis scheme used. Once the data is CLASSIFIED, it is concatenated and used along with predefined detection templates in which the variables are replaced with real-time data.

Before analysis all the captured data needs to be organized in a particular format or pattern for the classification purpose this whole process of organizing data is known as preprocessing. In this process data that is collected from the IDS or IPS sensors needs to be put into some canonical format or a structured database format based on the preprocessing. Once the data is formatted it is further broken down into classifications, which totally depends on the analysis scheme used. Once the data is classified, it is concatenated and used along with predefined detection templates in which the variables are replaced with real-time data.

The security POLICY anything really, whatever your ADMIN enforces. EVERYTHING from what programs you are allowed to what wallpaper you have can be controlled through GPO's. Usually you will find the common ONE are that every computer has to get updates, every computer has to have an AV

The security policy anything really, whatever your admin enforces. Everything from what programs you are allowed to what wallpaper you have can be controlled through GPO's. Usually you will find the common one are that every computer has to get updates, every computer has to have an AV

There should be an overall policy that establishes the direction of the ORGANIZATION and its security mission as well as roles and responsibilities. There can ALSO be system-specific POLICIES to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a READILY ACCESSIBLE intranet site.

There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site.

There should be a default deny rule on all FIREWALLS to disallow ANYTHING that is not explicitly permitted. This is more secure than explicitly denying CERTAIN TRAFFIC because that can create holes and oversights on some potentially malicious traffic.

There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic.

IDSs come with default rule sets to look for common attacks. These rule sets must also be customized and augmented to look for traffic and activities specific to your organization’s security policy. For example, if your organization’s security policy PROHIBITS peer-to-peer communications, then a rule should be CREATED to watch for that type of activity. In addition, outbound traffic should be WATCHED for POTENTIAL TROJANS and backdoors.

IDSs come with default rule sets to look for common attacks. These rule sets must also be customized and augmented to look for traffic and activities specific to your organization’s security policy. For example, if your organization’s security policy prohibits peer-to-peer communications, then a rule should be created to watch for that type of activity. In addition, outbound traffic should be watched for potential Trojans and backdoors.

WEP security is easily compromised - usually in 60 SECONDS or less. PART of the PROBLEM is that WEP security was DEVELOPED for backward COMPATIBILITY with older devices and is a less strong security measure.

WEP security is easily compromised - usually in 60 seconds or less. Part of the problem is that WEP security was developed for backward compatibility with older devices and is a less strong security measure.

resident

resident

Virtualization

Virtualization

PROM

PROM

GEOMETRIC VARIANCE

Geometric variance

PROXY SERVER

proxy server

redownload spybot.

redownload spybot.

Security is a difficult and sometimes controversial thing to ANALYZE. The only truly "secure" operating systems are those that have no CONTACT with the outside WORLD. The firmware in your DVD player is a good example. Among all MODERN GENERAL purpose op.

Security is a difficult and sometimes controversial thing to analyze. The only truly "secure" operating systems are those that have no contact with the outside world. The firmware in your DVD player is a good example. Among all modern general purpose op.

SQL

SQL

metamorphic

metamorphic

INPUT VALIDATION

Input validation

13

13

Confidentiality

Confidentiality

virus

virus

GIF LAYERING

GIF layering

replay

replay

Trojan

Trojan

server

server

ARP POISONING.

ARP poisoning.

NIPS

NIPS

SQL INJECTION

SQL injection

Its primary function is to PREVENT accesses from untrusted (or UNDESIRED) external systems to INTERNAL systems and services, and to prevent internal users and systems to ACCESS external untrusted or undesired systems and services. More generally, its pur

Its primary function is to prevent accesses from untrusted (or undesired) external systems to internal systems and services, and to prevent internal users and systems to access external untrusted or undesired systems and services. More generally, its pur

EEPROM

EEPROM

NIPS

NIPS

SHARED KEY

Shared key

ciphertext.

ciphertext.

OPERATING SYSTEM

operating system