CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [20]
Response Response refers to developing strategies and techniques to deal with an attack or loss. Developing an appropriate response to an incident involves several factors. If the incident was a probe, the attacker may have done no actual harm but may be gathering intelligence about your network or systems. These types of attacks may be random or targeted, and they usually cause little damage. Occasionally, an attack will be successful. When that happens, it is helpful to have a well-thought-out and tested plan you can use to respond, restore operation, and neutralize the threat. It’s always better to have a set of procedures and methods in place to recover from an incident than to try to create those processes on-the-fly.
These goals are an important part of setting benchmarks for an organization. You can’t allow these policies or goals to become insignificant. If you do, you and your organization are setting yourselves up for a surprise. Unfortunately, the surprise won’t be pleasant, and it may be very costly to deal with.
Comprehending the Security Process
It helps to think of security as a combination of three Ps: processes, procedures, and policies. The security of information involves both human and technical factors. The human factors are addressed by the policies that are enforced in the organization as well as the processes and procedures your organization has in place. The technology components include the tools you install on the systems you work with. There are several parts to this process, and each is described in the following sections.
Appreciating Antivirus Software
Computer viruses—applications that carry out malicious actions—are among the most annoying trends happening today. It seems that almost every day someone invents a new virus. Some of these viruses do nothing more than give you a big “gotcha.” Others contaminate networks and wreak havoc on computer systems. A virus may act on your data or your operating system, but it’s intent on doing harm—and doing so without your consent. Viruses often include replication as a primary objective and try to infect as many machines as they can, as quickly as possible.
The business of providing software to computer users to protect them from viruses has become a huge industry. Several very good and well-established suppliers of antivirus software exist, and new virus-protection methods come on the scene almost as fast as new viruses. Antivirus software scans a computer’s memory, disk files, and incoming and outgoing e-mail. The software typically uses a virus definition file that is updated regularly by the manufacturer. If these files are kept up-to-date, the computer system will be relatively secure. Unfortunately, most people don’t keep their virus definition files up-to-date. Users will exclaim that a new virus has come out, because they just got it. Upon examination, you’ll often discover that their virus definition file is months out-of-date. As you can see, the software part of the system will break down if the definition files aren’t updated on a regular basis.
Implementing Access Control
The process of implementing access control is critical. Access control defines how users and systems communicate and in what manner. In other words, it limits—or controls—access to system resources, including data, and thus protects information from unauthorized access. Three basic models are used to explain access control.
The Mandatory Access Control Method
The Mandatory Access Control (MAC) model is a static model