Unit 5 Assignment 1: testing & monitoring security controls.
Identify types of security events and baseline anomalies that might indicate suspicious activity.
I. Unscheduled reboots on machines and servers that aren’t updates.
II. non-business related websites.
III. jump in packets.
IV. passwords entered wrong to many times.

Policy violations and security breaches:
I. Watching the event logs of your servers for failed logons and other security-related events. Logs can tell an Admin a lot about the root of the issue and makes it easier to fix or manage from happening again.
II. Best way to get rid of the traffic to certain web sites is to make a block list or outsource a company to make a block list for you.
III. Use a software network scanner to monitor or track them.
IV. User passwords are probably one of the most vulnerable ways to have a security breach. A proper password should consist of 8 characters or more, capital, number, system, and never a word, or date. Next best thing is ACS.

Given the following list of end-user policy violations and security breaches, select three breaches and identify strategies to control and monitor each event to mitigate the risk and minimize exposer:
1.A user made unauthorized use of network resources by attacking network entities. Fire the employee or put employee on probation with limited access.
2.Open network drive shares allow storage privileges to outside users.
3.Sensitive laptop data is unencrypted and susceptible to physical theft. Monitor for port scanning and malware and Encrypt the data
4.Remote users do not have recent patches or currant updates.
5.Legitimate traffic bearing a malicious payload exploits network services.
6.An invalid protocol header disrupts a critical network service.
7.Removable storage drives introduce malware filtered only when crossing the network.
8. Predictable