3D053 Vol 2

Can analyze any encrypted data if it is decrypted before reaching the target host

Consumes resources on the host resides on and slows the device down

Monitors log files for inadvisable settings or passwords

Monitors traffic on the host which it is installed

Sidewinder

Death Star

Blue Coat

Viper

0-1023

1024-23535

23536-49151

49152-65535

Firewalls

Information condition (INFOCON)

Security tools

Defense in depth

Private

Public

Secure

Unsecure

Address Resolution Protocol (ARP)

Getroute

Ping host

Traceroute

Strobe

Sweep

Stealth

Vanilla

Domain.admin

Administrator

Postmaster

Mail-host

Currency

Freshness

Timeliness

Authenticity

Unix

McAfee

Microsoft

SecureLogix

Use access control lists on SNMP agents to accept SNMP messages from all SNMP managers

Keep devices requiring SNMP together with those that do not through VLANs

Disable all SNMP devices/services if not required

Enable the set community strings if possible

Firewalls

Internet Security Scanner

Security tools

Defense in depth

Port Access Control (PACL)

Router Access Control List (RACL)

Virtual Local Area Network Access Control List (VACL)

Firewall Access Control List (FACL)

Local servers

Non-internet server

Internal sendmail server

External sendmail server

Presentation

Transport

Network

Session

NSlookup

Server

Yype

Dig

View telecom resource use

Track phone network usage

Provide conversation transcripts

Report on service performance and call quality

A network stack

A security policy

A set of one or more interfaces

A particular installation of a firewall

Observer regular network traffic and look for anomalies

Review logs and network statistics at least annually

Set triggers for unique intrusions

Use a single master intrusion detection system (IDS) product

Named

Cache-Only

Master/Primary

Slave/Secondary

Is the act of sporadically scanning a computer's ports

Sends out a request to connect to any computer

Notes which ports responded to the scan

Is always malicious in nature

Integrated network operation security center (INOSC)

Air Force network operating center (AFNOC)

Based-level

Major command (MAJCOM)

Domain name server (DNS)

Burbs

Proxies

Fast path sessions

Named

Cache-Only

Master/Primary

Slave/Secondary

President's National Security Telecommunications Advisory Committee

Air Force Information Warfare Battlelab

Air Force Network Integration Center

Cryptographic Systems Group

Active IDS

Passive IDS

Host-based IDS

Network-based IDS

Snort

Open source security (OSSEC)

Host based security system (HBSS)

Intruder alert (ITA)

Active IDS

Passive IDS

Hosted-based IDS

Network-based IDS

Update IDS signatures periodically

Deploy one IDS for the entire network

Use a centralized management console for system management

Consider using either a network -based IDS or host-based IDS

WU_PingProPackage

SolarWinds

SNMPutil

Security Mapper (SMAP)

Network-level

Application-level

Corporate/enterprise

Personal/small office home office (SOHO)

Configure the shared cluster address

Specify or sending and receiving heartbeats

Handle the fastest network traffic on your appliance

Isolate the cluster address from the domain name server (DNS) and default routers

Split

Dual

Secure

Generic

Main sole administrative privileges on the firewall

Standardize, configure, back up, and otherwise the firewall

Maintain a single naming/configuration standard for boundary devices

Install patches or perform any upgrade provided by the AF Enterprise Network

Switches

Firewalls

Routers

Servers

Block unwanted or malicious downloads

Protect copyrighted media and intellectual property

Prevent organizations from obtaining visibility of users

Block webmail and instant messaging (IM) virus propagation

Snort

Automatic Security Incident Measurement (ASIM)

Enterprise Security Manager (ESM)

Internet Security Scanner (ISS)

Consolidating your voice with your data using virtual local area network (VLAN)

Enabling access control lists (ACL) on firewalls, routers, an switches.

Deploying protection from dynamic host configuration protocol (DHCP) spoofing

Enabling port security access to only allow the required devices needed by the client.

Message attachment filtering

Destination address filtering

Command filtering

Header filtering

Halt system

Power down system

Reboot to operational kernel

Shutdown to emergency maintenance mode

Resource records

Pointer (PTR) records

Zone records

Root cache

User

PUBLIC

SecureLogix

Administrators

Active IDS

Passive IDS

Host-based IDS

Network-base IDS

Network-level

Application-level

Corporate/enterprise

Personal/small office home office (SOHO)

Air Force Network Operations Command (AFNetOps/CC)

Air Force Information Warfare Center/Information Operations Directorate (AFIWC/IO)

Air Force Network Operations Center (AFNOC)

23 Information Operations Squadron (IOS)

Performance Manager

Directory Manager

System Console

Usage Manager

Active IDS

Passive IDS

Host-based IDS

Network-based IDS

Control center

Admin console

Command center

Command-line interface (CLI)