Encryption and decryption
AJAX XHR weaknesses
DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
Forensics, White box testing, Log correlation, HIDS, and SSO
Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
EGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
In front of the Internet firewall and in front of the DMZs
In front of the Internet firewall and in front of the internal firewall
In front of the Internet firewall and behind the internal firewall
Behind the Internet firewall and in front of the DMZs
Disable remote access capabilities on manufacturing SCADA systems.
Require a NIPS for all communications to and from manufacturing SCADA systems.
Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.
Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
Develop a network traffic baseline for each of the physical security systems.
Air gap the physical security networks from the administrative and operational networks.
Require separate non-VLANed networks and NIPS for each physical security system network.
Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.
Implement H.235 extensions with DES to secure the audio and video transport.
Recommend moving to SIP and RTP as those protocols are inherently secure.
Recommend implementing G.711 for the audio channel and H.264 for the video.
Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
The Rehabilitation Area
The Reception Area
The Boiler Room
The Finance Area
Single Sign On
DENY needs to be changed to ACCEPT on one line.
A line needs to be added.
A line needs to be removed.
Fix the typo in one line.
Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.
Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.
Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.
The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.
The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.
The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.
Emerging business requirements led to the de-perimiterization of the network.
Emerging security threats rendered the existing architecture obsolete.
The single firewall port was oversaturated with network packets.
The shrinking of an overall attack surface due to the additional access.
Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate data center on average.
Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network.
Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.
Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.
Never mount the /tmp directory over NFS
Stop the rpcidmapd service from running
Mount all tmp directories nosuid, noexec
Restrict access to the /tmp directory
Buffer Overflow Attack
Storage Consumption Attack
Denial of Service Attack
Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.
Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.
Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server Gateway, use remote installation services to standardize application on user’s laptops.
Answer: You need to check the hash value of download software with md5 utility.
188.8.131.52/24 any 192.168.20.0/24 3389 any
Answer: Follow the Steps as 1) Click on the server and find the SQL Server then Note the ip address of the server 2)click on the host machine and find the attacker then note the ip adddress of the host 3)check the host machine ip address in router ac source field and SQL Server ip in destination field and check the deny and uncheck the permit
Answer: Following steps need to do as 8 then 2 replace 6 with 3, 7,11 same segment replace 2 with 1 , put 6 same segment replace 9 with 10 replace 3 with 5 replace 1 with 4
All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.
All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.
Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.
Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.
Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
Implement server virtualization and move the application from the desktop to the server.
Implement VDI and disable hardware and storage mapping from the thin client.
Move the critical applications to a private cloud and disable VPN and tunneling.
The email system may become unavailable due to overload.
Compliance may not be supported by all smartphones.
Equipment loss, theft, and data leakage.
Smartphone radios can interfere with health equipment.
Data usage cost could significantly increase.
Not all smartphones natively support encryption.
Smartphones may be used as rogue access points.
The company data privacy policies
The company backup logs and archives
The company data retention policies and guidelines
The company data retention procedures