...It255 Unit5 Assignment TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges to outside users. |...
Words: 258 - Pages: 2
...TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage privileges...
Words: 295 - Pages: 2
...Testing and Monitoring Security Controls & Security Audits and Assessments Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. * Authentication failures are one type of security event. A baseline anomalie that may indicate suspicious activity are unauthorized access attempts that can be found within log files. The log files contain records of all types of security events such as logon events, changes in system configuration and attempted violations of policy as well as system events like service startups and closures, errors and system warnings. * A second security event could be a sudden increase in overall traffic. It could simply mean that your website has been mentioned by a popular source, or it could mean that someone is trying to cause harm to your site. Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities. * Problem: Removable storage drives introduce malware filtered only when crossing the network. Solution: Limit user privileges that only include those that are required by the duties that are assigned to that individual. This will hopefully make it clear that no removable storage devices are to be connected to the network, no matter the circumstances unless they are screened first. * Problem: Predictable...
Words: 316 - Pages: 2
...NT2580 Unit 5 Assignment 1 Testing and Monitoring Security Controls Jose J Delgado Testing and Monitoring Security Controls A few different types of security events and baseline anomalies that might indicate suspicious activity. Different traffic patterns or influx in bandwidth usage can be considered suspicious activity. Also, services changing port usage, in turn creating variations in normal patterns. All sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or it may mean that someone is up to no good. A sudden jump in the number of bad or malformed packets. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Also large numbers of packets caught by your router or firewall's egress filters. Egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because it is a clear sign that devices on your network have been compromised. Unscheduled reboots of server machines may sometimes signify that they are compromised as well. You should already be watching the event logs of your servers for failed logons and other security-related events. Log Files encompass complete records of all security events (logon events, resource access, attempted violations of policy, and changes...
Words: 524 - Pages: 3
...1.) Two types of security events and baseline anomalies that might indicate suspicious activity. If high numbers of authentication failures are being recorded on the logs or if a large number of unauthorized access attempts are made this might be a red flag to personnel that a security breach is being attempted or has occurred. Establishing a good baseline of your system showing normal everyday activity a IT professional should be able to view the logs and see if any violations or abnormality’s exist. 2.) Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities. a. Removable storage devices that might contain malware, filtered only when passing through the network is a issue that could effectively devastate a system. Solution: Limiting the privileges of users tailoring them to the duties assigned to the individual, this while taking more time on the part of the IT personnel will have a dramatic impact on security. Banning personal storage devices for all personnel is another more drastic step, however by making it clear that if a device is essential place screening steps to ensure the device is clean of any possible malicious software. b. Passwords minimum requirements are another area that is commonly attacked. Easley guessed or common passwords pose a huge security risk to any network...
Words: 380 - Pages: 2
...Unit 5 Assignment 1: testing & monitoring security controls. Identify types of security events and baseline anomalies that might indicate suspicious activity. I. Unscheduled reboots on machines and servers that aren’t updates. II. non-business related websites. III. jump in packets. IV. passwords entered wrong to many times. Policy violations and security breaches: I. Watching the event logs of your servers for failed logons and other security-related events. Logs can tell an Admin a lot about the root of the issue and makes it easier to fix or manage from happening again. II. Best way to get rid of the traffic to certain web sites is to make a block list or outsource a company to make a block list for you. III. Use a software network scanner to monitor or track them. IV. User passwords are probably one of the most vulnerable ways to have a security breach. A proper password should consist of 8 characters or more, capital, number, system, and never a word, or date. Next best thing is ACS. Given the following list of end-user policy violations and security breaches, select three breaches and identify strategies to control and monitor each event to mitigate the risk and minimize exposer: 1.A user made unauthorized use of network resources by attacking network entities. Fire the employee or put employee on probation with limited access. 2.Open network drive shares allow storage privileges to outside users. 3.Sensitive laptop data is unencrypted and susceptible...
Words: 328 - Pages: 2
...conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. Therefore, in this term paper, I will emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. I propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Mine mechanism also integrates two techniques namely, Anomaly Detection (AD) and Signature Detection (SD) that can work in cooperation to detect various numbers of attacks and stop them through the capability of IPS. 2. What is IDS? An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting...
Words: 1673 - Pages: 7
...The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction ..................................................................................................................................................................... 3 CSC 1: Inventory of Authorized and Unauthorized Devices ............................................................................ 8 CSC 2: Inventory of Authorized and Unauthorized Software ....................................................................... 14 CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers ....................................................................................................................................... 19 CSC 4: Continuous Vulnerability Assessment and Remediation ................................................................. 27 CSC 5: Malware Defenses .......................................................................................................................................... 33 CSC 6: Application Software...
Words: 31673 - Pages: 127
...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...
Words: 125224 - Pages: 501
...a report to congressional committees. Why GAO Did This Study What GAO Found Since 2010, the United States has suffered grave damage to national security and an increased risk to the lives of U.S. personnel due to unauthorized disclosures of classified information by individuals with authorized access to defense information systems. Congress and the President have issued requirements for structural reforms and a new program to address insider threats. The Department of Defense (DOD) components GAO selected for review have begun implementing insider-threat programs that incorporate the six minimum standards called for in Executive Order 13587 to protect classified information and systems. For example, the components have begun to provide insider-threat awareness training to all personnel with security clearances. In addition, the components have incorporated some of the actions associated with a framework of key elements that GAO developed from a White House report, an executive order, DOD guidance and reports, national security systems guidance, and leading practices recommended by the National Insider Threat Task Force. However, the components have not consistently incorporated all recommended key elements. For example, three of the six components have developed a baseline of normal activity—a key element that could mitigate insider threats. DOD components have not consistently incorporated these key elements because DOD has not issued guidance...
Words: 17616 - Pages: 71
...Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures Version 3.2 April 2016 Document Changes Date October 2008 Version 1.2 Description Pages To introduce PCI DSS v1.2 as “PCI DSS Requirements and Security Assessment Procedures,” eliminating redundancy between documents, and make both general and specific changes from PCI DSS Security Audit Procedures v1.1. For complete information, see PCI Data Security Standard Summary of Changes from PCI DSS Version 1.1 to 1.2. Add sentence that was incorrectly deleted between PCI DSS v1.1 and v1.2. Correct “then” to “than” in testing procedures 6.3.7.a and 6.3.7.b. 1.2.1 32 Remove grayed-out marking for “in place” and “not in place” columns in testing procedure 6.5.b. 33 For Compensating Controls Worksheet – Completed Example, correct wording at top of page to say “Use this worksheet to define compensating controls for any requirement noted as ‘in place’ via compensating controls.” July 2009 5 64 October 2010 2.0 Update and implement changes from v1.2.1. See PCI DSS – Summary of Changes from PCI DSS Version 1.2.1 to 2.0. November 2013 3.0 Update from v2.0. See PCI DSS – Summary of Changes from PCI DSS Version 2.0 to 3.0. April 2015 3.1 Update from PCI DSS v3.0. See PCI DSS – Summary of Changes from PCI DSS Version 3.0 to 3.1 for details of changes. April 2016 3.2 Update from PCI DSS v3.1. See PCI DSS...
Words: 57566 - Pages: 231
...Study Guide for the Certification Examination Fifth Edition ACAMS.org ACAMS.org/español ACAMSToday.org MoneyLaundering.com Study Guide for the Certification Examination Fifth Edition a publication of the association of certified anti-money laundering specialists Study Guide for the Certification Examination Fifth Edition Executive Vice President John J. Byrne, CAMS Editor Robert S. Pasley, CAMS Co-Editor Kevin M. Anderson, CAMS Contributors Joyce Broome, CAMS Heather Brown, CAMS Aub Chapman, CAMS Vasilios Chrisos, CAMS David Clark, CAMS Jurgen Egberink, CAMS Michael D. Kelsey, CAMS Saskia Rietbroek, CAMS Nancy J. Saur, CAMS Mansoor Siddiqi, CAMS Daniel Soto, CAMS Timothy White CAMS Production Assistant Catalina Martinez We would like acknowledge the following individuals for their contributions to the CAMS Exam, and the Online and Live Preparation Seminars: Kevin M. Anderson, CAMS Joyce Broome, CAMS Aub Chapman, CAMS David Clark, CAMS Josue Garcia, CAMS Hoi Luk, CAMS Ira Morales Mickunas, CAMS Robert S. Pasley, CAMS Karim Rajwani, CAMS Mansoor Siddiqi, CAMS Saskia Rietbroek, CAMS Ed Rodriguez, CAMS Nancy J. Saur, CAMS Wendy Steichen, CAMS Brian J. Stoeckert, CAMS Charles Taylor, CAMS Will Voorhees, CAMS Natalie Ware, CAMS Peter Warrack, CAMS Amy Wotapka, CAMS Crispin Yuen, CAMS Copyright © 2012 by the Association of Certified Anti-Money Laundering Specialists (ACAMS). Miami, USA. All rights...
Words: 105184 - Pages: 421
...INFORMATION RESOURCE GUIDE Computer, Internet and Network Systems Security An Introduction to Security i Security Manual Compiled By: S.K.PARMAR, Cst N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522 sunny@seaside.net This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol .........................................
Words: 134858 - Pages: 540
...CORE CONCEPTS OF Accounting Information Systems Twelfth Edition Mark G. Simkin, Ph.D. Professor Department of Accounting and Information Systems University of Nevada Jacob M. Rose, Ph.D. Professor Department of Accounting and Finance University of New Hampshire Carolyn Strand Norman, Ph.D., CPA Professor Department of Accounting Virginia Commonwealth University JOHN WILEY & SONS, INC. VICE PRESIDENT & PUBLISHER SENIOR ACQUISITIONS EDITOR PROJECT EDITOR ASSOCIATE EDITOR SENIOR EDITORIAL ASSISTANT PRODUCTION MANAGER PRODUCTION EDITOR MARKETING MANAGER CREATIVE DIRECTOR SENIOR DESIGNER PRODUCTION MANAGEMENT SERVICES SENIOR ILLUSTRATION EDITOR PHOTO EDITOR MEDIA EDITOR COVER PHOTO George Hoffman Michael McDonald Brian Kamins Sarah Vernon Jacqueline Kepping Dorothy Sinclair Erin Bascom Karolina Zarychta Harry Nolan Wendy Lai Laserwords Maine Anna Melhorn Elle Wagner Greg Chaput Maciej Frolow/Brand X/Getty Images, Inc. This book was set in 10/12pt Garamond by Laserwords Private Limited, and printed and bound by RR Donnelley/Jefferson City. The cover was printed by RR Donnelley/Jefferson City. This book is printed on acid free paper. Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to the...
Words: 241803 - Pages: 968
...CompTIA SY0-301 CompTIA Security+ Version: 20.2 QUESTION NO: 1 A password history value of three means which of the following? A. Three different passwords are used before one can be reused. B. A password cannot be reused once changed for three years. C. After three hours a password must be re-entered to continue. D. The server stores passwords in the database for three days. Answer: A Explanation: QUESTION NO: 2 In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO). A. Subnetting B. NAT C. Firewall D. NAC E. VPN Answer: C,E Explanation: QUESTION NO: 3 Which of the following is the BEST approach to perform risk mitigation of user access control rights? A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks. Answer: B Explanation: 2 QUESTION NO: 4 Which of the following devices is BEST suited for servers that need to store private keys? A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall Answer: A Explanation: QUESTION NO: 5 All of the following are valid cryptographic hash functions...
Words: 14377 - Pages: 58
