Assessment Techniques Next we examine Assessment Techniques for monitoring baseline network operations. In this lesson we learn why it's important to have a team establishing a real time, consistent snapshot of what your network performance is, and now you can use assessment techniques to identify trends, anomalies, potential problems, peak periods...
Assessment Techniques Next we examine Assessment Techniques for monitoring baseline network operations. In this lesson we learn why it's important to have a team establishing a real time, consistent snapshot of what your network performance is, and now you can use assessment techniques to identify trends, anomalies, potential problems, peak periods, any evaluator factor that could be used hide sneak attacks and other potential exposures. [toggle_content title="Transcript"] Next we look at assessment techniques. In looking at assessment techniques we talk about baseline reporting. In any network environment security administrators need to gather the base lines for their system configuration, application, and their operating systems. Collect all established baselines and these baselines will be the basis for monitoring the network operations. Security within the network environment will be compared to the baseline. Continuously over time we can monitor the base line to see are there any deviations from the baseline or are all the systems meeting the baseline that we established. This will stop as the reporting medium by looking at all the metrics we can have a reporting medium to feed management that all systems are working as to the established baselines and if so, that means we are meeting the required security level. If there is any deviation from the baseline, we need to know why. Why are some systems deviating from the baseline? Are these approved deviations or malicious deviations. And should remediation be put in place or do we just have to monitor them and watch how things take place. We also need to do code review. This is very important in any network environment where programmers are involved and they have to write codes that are executed on the database or on servers. The programmers should not be the same persons implementing the code on the systems. We follow the principal of separation of duties. Where the programmers write the code another team should be responsible to review the code. This is to ensure that malicious lines of codes are not put in there, codes that could allow for buffer overflow, codes that would allow for logging bombs or codes that would allow mantraps or maintenance hooks. Maintenance hooks can be put in place by programmers to easily by-pass can put maintenance hooks in place the logging on authentication mechanism so that they can quickly review the software. We do not want that going into production, so if we do proper code review we can find these codes and they could be taken out before the software is migrated to production. We also need to determine the tax office, if we determine their tax office, we know all ports of possible entry or exit of data or packets or malicious content. So by determining their tax office we can quickly address or focus our control to mitigate the effects of the attack. We should also review the architecture. In reviewing the architecture see the entire network as a whole we want to see what devices are where, are they working, are they performing as they are planned to perform and are they doing what they really need to do. Sometimes the network architecture could be wrong and this could create bottle necks on the networks. It could also create opportunities for other threats in that people can possibly by-pass certain controls, because the architecture is poor. We also need to review the network design. The design is very important because, the design will determine where we place objects, where we place controls. Do we want detect or are we just monitoring the network traffic. So a poor design will mean that controls can easily be by-passed, controls can be compromised because malicious persons will not want to trigger any alerts. But a very low boast design will ensure a lot of principles maybe defense in debts whereby we've multiple layers of security around our assets, thereby malicious persons with only one technique cannot compromise the different layers. It will require much more technologies, skills and knowledge to easily compromise our network design. So the network design is also very important in reviewing the assessment of the network. [/toggle_content]
Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response