Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the User Domain while network implications remain part of the LAN or LAN-to-WAN Domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems. Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident. You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity. Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Before you respond, consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the User Domain while network implications remain part of the LAN or LAN-to-WAN Domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems. Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident. You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity. Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Before you respond, consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question
100%

Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the User Domain while network implications remain part of the LAN or LAN-to-WAN Domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems. Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident. You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity.

Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.

Before you respond, consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Recovery and Performance of Network
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS