CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

c

d

a

d

b

b,e

b,d

c

d

c

e

c

What does a good network security policy allow?

A good network security policy allows the network administrators or security personnel to deploy security systems and software throughout the infrastructure, which includes providing to the administrative personnel the capacity to deploy IDSs, antivirus software, and other technologies in order to mitigate both existing threats and potential threats.

What does the network security policy define?

The security policy defines the procedures that are used and the suggested guidelines to be implemented by security personnel and network administrators.

How does a "defense-in-depth" approach work in network security?

A "defense-in-depth" approach involves the deployment of security as several layers within the network. If an attacker bypasses one layer, she still faces additional layers before she reaches critical network resources. This layered defense approach maximizes the security around critical resources.

What is an OOB network used for in SAFE?

An OOB network is a network that carries only management traffic on it. It is completely separate from the network that carries the normal enterprise traffic.

What can be used in place of an OOB network?

Encrypted communication can be used in place of an OOB network as long as both endpoints of the communication channel are secure.

What is authentication?

Authentication is the determination that a user or administrator has the necessary credentials to access a device or system.

What is authorization?

Authorization is the determination that a user or administrator has sufficient privileges to execute a command or a process.

How does a NIDS work?

A NIDS works by monitoring network traffic for patterns of attack. Once an attack has been detected, the NIDS may simply raise an alarm on a management console, execute a block by inserting a new rule into a router's or firewall's ACL, or execute a TCP reset (for TCP connections only).

How does a host-based IPS work?

A host-based IPS works by monitoring the host and attempting to detect illegal actions such as the replacement of a critical file or the execution of an illegal instruction in computer memory.

Why is deployment critical to the success of the IDS?

As networks have grown tremendously over the past few years, the amount of traffic traversing the network wire has also increased. This results in the need to properly place the IDS at strategic locations throughout the network to maximize its effectiveness.

How is SAFE able to accommodate emerging network applications?

SAFE accommodates emerging applications through the flexibility of the blueprint design. The deployment of new applications does not require a significant re-engineering of the network security state; rather, minor modifications can be made to provide access to these applications.

What are the four types of threats faced by a network?

Internal threats, external threats, structured threats, and unstructured threats

What are internal threats?

Internal threats are structured or unstructured threats from within the network, such as attacks initiated by disgruntled former or current employees.

What are external threats?

External threats are structured or unstructured threats from outside the enterprise network, such as attacks initiated by "script kiddies."

What are structured threats?

Structured threats are created by a lone attacker or a small group of attackers who are highly motivated and technically competent. Such threats typically involve sophisticated hacking techniques to bypass all security measures in order to penetrate the network.

What are unstructured threats?

Unstructured threats primarily consist of random attackers using various common tools, such as malicious shell scripts, password crackers, credit card number generators, and dialer daemons.