In: Other Topics

Submitted By sikorafarrelly
Words 478
Pages 2
Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the user domain while network implications remain part of the LAN or LAN-to-WAN domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems.

Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident.

You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity.

Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.

Always consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

Think on the following lines to answer this assignment: ▪ How do you obtain a baseline of system or network behavior? ▪ What is an anomaly in relation to baseline behavior?…...

Similar Documents

Nt2580 Unit 1

...NT2580 Unit 1 Assignment 1 Multiple Choice 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. B. Apply file transfer monitoring, scanning, and alarming for unknown......

Words: 366 - Pages: 2

Nt2580 Definitions

...NT2580 Unit 1Assign 1 Crystal Johnson 1. Violation of a security policy by a user… (C) Place an employee on a probation, review acceptable use policy (AUP) and the employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage…(I) Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the Internet to an employer-owned computer…..(A) Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop…. (L) Use workstation antivirus and malicious code policies, standards, procedures, and guidelines.Enable an automated antivirus protection solution that scans and updates individual workstation with proper protection. 5. Unauthorized physical access to the LAN…..(N) Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities….. (F) Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users…. (B) Apply file transfer monitoring, scanning, and alarming for unknown file types and...

Words: 372 - Pages: 2

Nt2580 Week2 Unit2 Homework.Pdf

...Barrero, Carlos Sat morning NT2580 Unit 1 Assignment 2 Impact of a Data Classification Standard The user domain is the first layer of the IT infrastructure I will discuss that is affected by the “internal use only” standard. It is the first layer and what some believe to be the weakest in the infrastructure. The user domain is where personal information is created and obtained for internal use only. Each person will have set permissions on what they can and cannot do. This way no one person can mess up or delete anything that doesn’t need to be (Jones and Bartlett Learning). The work station domain is the second layer of the infrastructure that I will discuss. This is also affected by the “internal use only” standard. This layer is where the user can access the network and any applications or information on the system. This requires a user to login with a password or authentication of some kind. This has to be done before this person can get to this information. This will help keep people out that aren’t supposed to be accessing the information (Jones and Bartlett Learning). The LAN to WAN domain is the third layer of the infrastructure I will discuss. I feel this is also affected by the “internal use only” standard. The TCP and UDP are not safe due the fact these are the enter and exit points of the network. This allows all the private information on the network at Richman Investments easy accessible for others outside of the network (Solomon). These are what I......

Words: 313 - Pages: 2


...NT2580 DEREK GRASSER LAB 7 1. Describe the differences between symmetric key cryptography and Asymmetric key cryptography. Ans: Symmetric key cryptography is older and only uses one key to encrypt and decrypt. Asymmetric key cryptography is newer than symmetric and uses two different keys to decrypt and decrypt, a public key and a private key. 2. How can public key cryptography be used for nonrepudation? Ans: The cryptography will be able to tell who it came from and what time it happened. Gives all the information needed. 3. How do digital signatures ensure the integrity of a message and verify who wrote it? Ans: Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file. 4. What is a Certificate authority? (CA) Ans: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital... Certificate_authority. 5. What are the fields and their purpose that make up distinguished name of an X.509 certificate? Ans: is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation......

Words: 262 - Pages: 2


...NT2580 UNIT 1 ASSIGNMENT 2 IMPACT OF DATA CLASSIFICATION STANDARD 1.) User Domain This Domain is where only one user will have access to it.   This can be configured to internal use only.   By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point.   The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to.   Also, every user on the company is responsible for the security of the environment. 2.) Workstation Domain Workstation Domain is where all the users work.   Before a user can log into the machine, he/she will need to be verified in order to gain access.   At Richman Investments, we provide very secure access for the employee workstations with a username and password.   A security protocol requires the password to be changed every 30 days.   All computers maintain regular updates and continuous antivirus protection for monitoring.   Additionally, no personal devices are allowed on the network. 3.) LAN Domain The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain.   The LAN Domain is a collection of computers connected to one another or to a common medium.   All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by......

Words: 332 - Pages: 2

Nt2580 Project 1

...Running head: Solution to multi-layered security Solution to multi-layered security Chris Condon NT2580 09/28/2013 Abstract We will research the concept of a multi-layered security plan and Include several applicable layers for the plan, and describe at least one layer of security for each of the seven domains. Outline of a multi-layered Security plan User Domain - Security policy violations – Place employee on probation, review AUP and employee manual, discuss during performance reviews. Workstation Domain - Unauthorized access to workstation – Enable password protection on workstations for access. Enable auto screen lockout for inactive times. LAN Domain - LAN server application software vulnerabilities and software patch updates – Define a strict software vulnerability window policy requiring quick software patching. LAN-to-WAN Domain - Local users lose productivity surfing the web and not focusing on work tasks – Apply domain-name content filtering at the Internet entry/access point. WAN Domain - Vulnerable to corruption of information and data – Encrypt IP data transmissions with VPNs. Back up and store data in off-site data vaults (online or physical data backup) with tested recovery procedures. Remote Access Domain - Brute-force user ID and password attacks – Establish user ID and password policies requiring periodic changes (i.e., ever 30 or......

Words: 395 - Pages: 2


...Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2 Access control model/ policy: This model would support Role based access controls and allow mandatory access control to be governed by remote access. The IS Dept. is responsible for maintaining the access and access rights and prividgles and restricted as needed by user roles in the organization. All data is encrypted and transmitted via remote and encrypted and used by the vpn tunnel. VPN access will be terminated on a 3 month basis and must be renewed by revisiting based on your access role and permissions. [continues] Read full essay Cite This Essay APA (2013, 07). Nt2580 unit 3 assignment 1 remote access control policy def. StudyMode.com. Retrieved 07, 2013, from http://www.studymode.com/essays/Nt2580-Unit-3-Assignment-1-Remote-1853418.html MLA MLA 7 CHICAGO...

Words: 339 - Pages: 2

Nt2580 Introduction to Information Security

...NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM 30. What does risk management directly affect? a. b. c. d. Company investments Security policy framework Security controls Number of employees 31. Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A? a. b. c. d. Transposition Vigenere Caesar Vernam 32. Identify a security objective that adds value to a business. a. b. c. d. Revocation Authorization Anonymity Message authentication 33. Which of the following is an asymmetric encryption algorithm? a. b. c. d. AES 3DES RSA RC4 34. Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. a. b. c. d. Nonrepudiation Integrity Authorization Access control 35. Which of the following is a mechanism for accomplishing confidentiality, integrity, authentication, and nonrepudiation? a. b. c. d. Cipher text Cryptography Access control Hashing © ITT Educational Services, Inc. All Rights Reserved. -8- 02/12/2012 NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM 36. In which OSI layer do you find FTP, HTTP, and other programs that end users interact with? a. b. c. d. Application Network Physical Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project,......

Words: 658 - Pages: 3

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief......

Words: 530 - Pages: 3

Nt2580 Unit 5.1

...NT2580 Unit 5.1 James Ward Security Events Authentication failures and unauthorized access attempts can be found in the log files. They contain complete records of all security events (logon events, resource access, attempted violations of policy, and changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, system warnings) that can allow an admin to quickly discover the root cause of any issues. A sudden increase in traffic can indicate that either your web site has been mentioned on a popular news site and people are checking it out, or it may mean that someone is up to no good. Security breaches Removable storage devices that might contain malware, filtered only when passing through the network could be a problem. Solution: Limiting the privileges of users adapted to the duties assigned to the individual. Making it clear that no removable storage devices are to be brought into the network under no circumstance unless necessary and properly screened first. Passwords that meet security requirements but remain easily guessable are a hazard and could affect a network. Solution: Implementing a change of password every so often. Implement the strategy that requires a combination of letters and numbers, and a minimum of a 30 day password renewal policy. Information on a laptop that is not encrypted would be a huge security issue. It would be likely that there would be some sort of damage in the event of......

Words: 265 - Pages: 2

Nt2580 Course Objectives

...ITT Technical Institute NT2580 STUDENT COURSE PACKAGE Bring this with you each week Students are required to complete each assignment and lab in this course package on time whether or not they are in class. Late penalties will be assessed for any assignments or labs handed in past the due date. The student is responsible for replacement of the package if lost. Table of Contents Syllabus 2 Class Policy 15 Unit Assignments 17 Unit 1 17 Unit 2 22 Unit 3 28 Unit 4 34 Unit 5 38 Unit 6 44 Unit 7 51 Unit 8 58 Unit 9 66 Unit 10 71 Course Project 74 Virtual Lab Instructions 79 ITT Technical Institute NT2580 Introduction to Information Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1330 Client-Server Networking II or equivalent, NT1430 Linux Networking or equivalent Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definitions of terms, concepts, elements and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Where Does This Course Belong? This course is required for the associate degree program in Network......

Words: 17829 - Pages: 72


...NT2580 Lab 2 ANSWERS 1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. It’s used for port scanning. It can be used to see what hosts are on the network and to see what services they are running. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Threats and vulnerabilities lead risks, if you don’t have then then you don’t have any risk of anyone getting into your network 3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? That would be Nessus is the application used. 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? You must get written permission 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD. 6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on Yes it can detect what OS are being used. The......

Words: 350 - Pages: 2

Nt2580 Remote Access Policies

...NT2580 Week 2 Essay Create a Remote Access Policy Definition NT2580 The requirements for establishing a secure connection between remote locations vary between organizations. The needs of the organization are based on the type of information and data being transferred, as well as the sensitivity of the information. There are several options available to networks to get their data sent securely and reliably. All seven layers of the OSI model must be taken into account when designing secure Remote Access Control Policies. In order to create a secure remote connection between offices in Atlanta, San Francisco, Chicago, and Dallas, a WAN link would be the best type of connection. A dedicated WAN link would offer the organization a secure, reliable, dedicated P2P type of connection. Wide Area Network links would be monitored by the owners of the lines that connect each location. Leased lines from the providers will allow for scalability with potential growth. The downside to this type of connection is the expense and an internet connection is not necessarily provided by the link. In order to add to the security of the network physical and logical access controls are necessary. Logical implementations added to the network will be Acceptable, Email, and Wireless Use policies, Antivirus and firewall software, as well as Extranet, Interconnection, and Host Security. In order to ensure the physical assets, as well as employees, physical security must also be considered.......

Words: 704 - Pages: 3

Project Part 1 Nt2580

...Michael Williams Nt2580 Project Security Domains and Strategies Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. When developing a multi-layered security plan, you must look at each of the seven domains of the IT infrastructure and increase security on each of those domains. Increasing the security on each of those seven domains will increase the overall security of the system and create a multi-layered security plan. In the user domain, one of the easiest ways for the system to be compromised is through the users. Simplicity of user’s passwords can be a major problem so we need to implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will need to be changed every three months and the same password cannot be used again for one calendar year. This plan will give an overview of the security strategies that will be implemented at each level of the IT infrastructure for Richman Investments. 1) User Domain   a. Use security awareness training to instruct employees of Richman Investments security policies.   b. Audit user activity. 2) Workstation Domain  ......

Words: 470 - Pages: 2

Nt2580 Lab#1 Assesment

...NT2580 Lab#1 – Assessment Worksheet WITH PICTURES ADDED. 1. Name at least five applications and tools used in the lab. Introduction: Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY and Zenmap 2. What is promiscuous mode? Promiscuous mode allows applications to listen to all traffic on given subnets and VLAN. 3. How does Wireshark differ from NetWitness Investigator? Wireshark captures live traffic and displays results at packet level. NetWitness Investigator allows an overview of previously captured traffic which can be used to spot anomalies, compliance issues, and Denial of Service attacks. 4. Why is it important to select the student interface in the Wireshark? It is important to enable the student lab environment. Choosing the Public network will prevent Wireshark from seeing traffic that is related to the lab and cause a lot of clutter. 5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of nmap -T4 -A -v 6. Name at least five different scans that may be performed with Zenmap. Intense scan, Intense scan plus UDP, Intense scan all TCP ports, Intense scan no ping, Ping scan, Quick Scan, Quick Scan Plus, Quick Traceroute, Regular Scan, Slow comprehensive scan 7. How many different tests (i.e., scripts) did your Intense Scan perform? Ping (or Arp Ping), TCP Port Scan (SYN Stealth), Service Scan, Operating System Detection (OS detection), & Traceroute. 8. Based on your......

Words: 356 - Pages: 2