Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Network endpoints and network devices have different security considerations and

ID: 3593722 • Letter: N

Question

Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the user domain while network implications remain part of the LAN or LAN-to-WAN domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems.

Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident.

You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity.

Always consider that even legitimate traffic can be used in illegitimate ways, and sometimes, legitimate traffic can appear illegitimate. Protected services can be attacked from the inside or accessed externally through loopholes in firewall rules. Vulnerabilities may remain unidentified by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection. Monitoring helps you capture pieces of the puzzle that creates a timeline of events.

View the following resources to help you understand more:

http://www.webopedia.com/TERM/N/network_baselining.html

http://www.cisco.com/c/en/us/support/docs/availability/high-availability/15112-HAS-baseline.html

http://blog.colasoft.com/how-to-baseline-network-throughput-and-performance/

Answer the following questions:

How do you obtain a baseline of system or network behavior?

What is an anomaly in relation to baseline behavior?

What do log files help you learn that filtering systems overlook?

Why can legitimate traffic sometimes seem suspicious?

Explanation / Answer

** How do you obtain a baseline of system or network behavior?

We can obtain a baseline of system or network behavior by identifing the activities which are bad and effective.

We must observe the if we any malfunctioning occurs during the run-time and we must take necessary suspicious actions.

We must maintain the proper actions and functionality and we must monitor all the functional things and issues we have faced so far. By that we can identify the fult and we can ensure that we can test and resolve the issue accordingly.

We must try all the possibilities and we must obtain the evidence of the issue.



** What is an anomaly in relation to baseline behavior?

An anomaly is the thing which can deviate the amount of particular baseline like standard deviations and percentages and set values.

By which we can monitors the performance and baseline behavior by which we can also notify multiple ways to direct action.

By the help of baseline behavior we can identify the critical issues occurs in the network and the issues can defined by the control or data plane resources.


** What do log files help you learn that filtering systems overlook?

As we all know that by help of the Log files we can easily identify the issues and we can also check for administrative issues and security activity.

The main purpose of the Log files is for keeping all the issues and events in one place together.

And we will show the users to have a look on all the performance problem so that they can raise a security incident.

So with help of the log we can filter the whole system and we can identify all the working logs and their issues.

We can make sure that our system is secure by help of the logs and resolving the issues.


** Why can legitimate traffic sometimes seem suspicious?

The legitimate traffic sometimes seem suspicious because with the help of services and by Protecting the services we can be attacked the loopholes in firewall rules.

So there will be alot more malfunctions and Vulnerabilities in the systems. And we must remain unidentified malfunctions and Vulnerabilities by intrusion detection system (IDS) or intrusion prevention system (IPS) signatures and evade detection.

So by which we can monitor the legitimate traffic and the capture pieces of timeline events.

Related Questions

Nettle Corporation sold $100,000 par value, 10-year first mortgage bonds to Timb
Question #2333633
Nettle Corporation sold $140,000 par value, 10-year first mortgage bonds to Timb
Question #2333634
Network + Guide to Networks Sixth Edition: Case Project 11-1: As an experienced
Question #3761170
Network /Propagation delay Suppose two hosts, A and B, are separated by 20,000 k
Question #3887131
Network A uses a Slotted Aloha protocol. The slot size and the packet length are
Question #3852658
Network Access Control (NAC) is a relatively new development in the field of net
Question #3606225
Network Address Interface 164.64.0.0/10 164.128.0.0/13 164.0.0.0/6 164.0.0.0/10
Question #2266605
Network Address Port Translation. Residential Network connections via Cable or D
Question #3939131
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Network delay and throughput (Computer Networking) Consider an unreliable transm
Next
Network engineer problems. Please explain all the solutions. 1)How many subnets

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.