CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [96]
20. B. Smart cards are used for access control, and they can contain a small amount of information. Smart cards are replacing magnetic cards, in many instances because they can store additional personal information and are harder to copy or counterfeit.
Chapter 4
Monitoring Activity and Intrusion Detection
THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
✓ 1.4 Carry out the appropriate procedures to establish application security.
■ Instant messaging
✓ 1.5 Implement security applications.
■ HIDS
■ Personal software firewalls
✓ 2.3 Determine the appropriate use of network security tools to facilitate network security.
■ NIDS
■ NIPS
■ Firewalls
■ Honeypot
■ Protocol analyzers
✓ 2.4 Apply the appropriate network tools to facilitate network security.
■ NIDS
■ Firewalls
■ Protocol analyzers
✓ 2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
■ Data emanation
■ War driving
■ SSID broadcast
■ Blue jacking
■ Bluesnarfing
■ Rogue access points
■ Weak encryption
✓ 4.2 Carry out vulnerability assessments using common tools.
■ Port scanners
■ Vulnerability scanners
■ Protocol analyzers
■ Network mappers
✓ 4.4 Use monitoring tools on systems and networks and detect security-related anomalies.
■ Protocol analyzers
✓ 4.5 Compare and contrast various types of monitoring methodologies.
■ Behavior-based
■ Signature-based
■ Anomaly-based
✓ 4.6 Execute proper logging procedures and evaluate the results.
■ Security application
■ DNS
■ System
■ Performance
■ Access
■ Firewall
■ Antivirus
✓ 6.3 Differentiate between and execute appropriate response procedures.
■ Forensics
■ Chain of custody
■ First responders
■ Damage and loss control
■ Reporting—disclosure of
If it were not for the need to provide a connection path to share data, resources, and services, no one would ever install a network. This very connectivity—this need for convenience—forms the basis of the problems we face in providing a secure environment for our systems. This chapter deals with a number of faculties, including intrusion detection, detection methods, wireless technologies, and instant messaging. Additionally, this chapter discusses signal analysis and network monitoring.
Monitoring the Network
The basics of network monitoring were introduced earlier (in Chapter 2). This chapter picks up that topic and examines more of the specifics and details of network monitoring.
Your network is vulnerable to all sorts of attacks and penetration efforts. Network-monitoring techniques help you track what is happening in your network. Monitoring can occur in real time (for example, when using a network sniffer) or by following events using log files and security systems (a task made simpler by using an intrusion detection system [IDS]).
More than likely, the building you occupy has a perimeter security system. This system might not keep a determined burglar from breaking in, but it will keep out most people. Most office buildings also have video cameras, motion detectors, and other devices to detect intruders and notify authorities about a break-in. In addition, your building probably has fire and smoke detectors, water sensors, and any number of other safety and security devices installed. All of this equipment, working together, provides a reasonably safe work environment. Your computers and network need the same sorts of things.
Network monitoring helps ensure a safe environment. You can help secure your computer’s environment by installing tools to automatically monitor it and report unusual events that occur. You can monitor your network by reviewing system logs on a regular basis or by installing complex software that performs these activities for you and then