Testing and Monitoring Security Controls Essay
Unit 5 Assignment 1 Testing and Monitoring Security Controls Testing and Monitoring Security Controls Different traffic patterns can be a red flag when it comes to identifying different types of suspicious activities. There are multiple ways traffic can change to point out the activities: First is an unexpected increase in overall traffic. This may just mean that your web site has been talk about on a popular news site, or it may mean that someone is up to no good. Another would be a sudden jump in the number of bad or malformed packets.
Some routers collect packet-level statistics; you can also use a software network scanner like Observer or Network Monitor to track them. Also large numbers of packets caught by your router or firewall’s egress filters. Remember that egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because that’s a clear sign that machines on your network have been compromised. Unscheduled reboots of server machines may sometimes signify that they are compromised as well.
You should already be watching the event logs of your servers for failed logons and other security-related events. Log Files encompass complete records of all security events (logon events, resource access, attempted violations of policy, and changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, system warnings) that can allow an administrator to quickly discover the root cause of any issues. When remote users do not have recent patches or updates, the system administrator should set up group policies such as, forcing updates to install right away.
Rather than having the users restart the systems themselves, squandering the companies and users time, but at the same time safe guarding what goes in and out of the network. Removable storage drives introduce malware filtered only when crossing the network. The system administrator should close all USB ports clients and servers on the network. This should solve the problem, from the start. Bad router permissions allow attackers to modify configurations and/or disrupt traffic. First of all, the permissions should be set up so that attackers cannot get into them in the first place.
If the routers are already attacked, the administrator would have to go into the router and change them back and should put up firewalls and change the permissions as well. Solutions: The solution requirements are; to identify attackers overlapped with those required to Identify internal threats. These requirements include: ? A defense-in-depth approach to security implementation. ? Effective security audit logs. ? Reliable centralized collection of security logs. ? Automated analysis of the security logs to identify attack signatures.
The solution requirements to detect malicious applications share some of the requirements to identify internal threats. These solution requirements include: ? Effective procedures to audit any unauthorized software on the network. ? properly configured security audit logs. ? Reliable centralized collection and filters of security logs. ? Automated analysis of the security logs to identify suspicious behavior, with use of Third-party programs where necessary. Sources: Boritz, J. E. (2013, April 8). Information security.
Retrieved from Wikipedia: http://en. wikipedia. org/wiki/Information_security Easttom, C. (2013, April 12). Information security. Retrieved from Wikipedia: http://en. wikipedia. org/wiki/Information_security Kim, D. , & Solomon, M. (2012). Fundamentals of Information Systems Security. Burlington, MA: Jones & Bartlett Learning. Mah, P. (2012, Febuary 23). How to Build Multiple Layers of Security for Your Small Business. Retrieved from CIO. com: http://www. cio. com/article/700694/How_to_Build_Multiple_Layers_of_Security_for_Your_Small_Business