Increase the virtual RAM allocation to high I/O servers.
Install a management NIC and dedicated virtual switch.
Configure the high I/O virtual servers to use FCoE rather than iSCSI.
Move the guest web server to another dedicated host.
Data Storage Policy
Data Retention Policy
Corporate Confidentiality Policy
Data Breach Mitigation Policy
A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.
An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.
A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.
A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.
A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.
Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organization’s strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the company’s internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.
There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.
Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.
One of the companies may use an outdated VDI.
Corporate websites may be optimized for different web browsers.
Industry security standards and regulations may be in conflict.
Data loss prevention standards in one company may be less stringent.
During the product selection phase
When testing the appliance
When writing the RFP for the purchase process
During the network traffic analysis phase
Delete files and email exceeding policy thresholds and turn over the remaining files and email.
Delete email over the policy threshold and hand over the remaining emails and all of the files.
Provide the 1Tb of files on the network and the 300Mb of email files regardless of age.
Provide the first 200Mb of e-mail and the first 500Mb of files as per policy.
Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.
Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP
Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.
Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.
Create an IP camera network and deploy NIPS to prevent unauthorized access.
Create an IP camera network and only allow SSL access to the cameras.
Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
Create an IP camera network and restrict access to cameras from a single management host.
Implement WS-Security for services authentication and XACML for service authorization.
Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
Implement WS-Security as a federated single sign-on solution for authentication authorization of users.
Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.
Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
Ensure appropriate auditing is enabled to capture the required information.
Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
Risk reduction, risk sharing, risk retention, and risk acceptance.
Avoid, transfer, mitigate, and accept.
Risk likelihood, asset value, and threat level.
Calculate risk by determining technical likelihood and potential business impact.
Patch the known issues and provide the patch to customers. Make a company announcement to customers on the main website to reduce the perceived exposure of the application to alleviate customer concerns. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that any defects have been resolved.
Patch the known issues and provide the patch to customers. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that the defects have been resolved. Introduce periodic code review and penetration testing of the product in question and consider including all relevant future projects going forward.
Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects.
Stop active support of the product. Bring forward end-of-life dates for the product so that it can be decommissioned. Start a new project to develop a replacement product and ensure that an SSDLC / SDL overlay on top of the SDLC is formed. Train BAs, architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases.
Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.
Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.
Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with an ACL of allow 443 destination ANY.
Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one. "Pass Any Exam. Any Time." - www.actualtests.com 154 Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and 1443 destination ANY.
Address the security concerns through the network design and security controls.
Implement mitigations to the security risks and address the poor communications on the team with the project manager.
Document mitigations to the security concerns and facilitate a meeting between the architects and the project manager.
Develop a proposal for an alternative architecture that does not leverage cloud computing and present it to the lead architect.
Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines.
Delay the donation until all storage media on the computers can be sanitized.
Reload the machines with an open source operating system and then donate the machines.
Move forward with the donation, but remove all software license keys from the machines.
Only security related alerts should be forwarded to the network team for resolution.
All logs must be centrally managed and access to the logs restricted only to data storage staff.
Logging must be set appropriately and alerts delivered to security staff in a timely manner.
Critical logs must be monitored hourly and adequate staff must be assigned to the network team.
Work with the department head to find an acceptable way to change the business needs so the department no longer violates the corporate security policy.
Draft an RFP for the purchase of a COTS product or consulting services to solve the problem through implementation of technical controls.
Work with the CISO and department head to create an SLA specifying the response times of the IT security department when incidents are reported.
Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.
Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior.
Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline.
Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic.
Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline.
Change the IDS to use a heuristic anomaly filter.
Adjust IDS filters to decrease the number of false positives.
Change the IDS filter to data mine the false positives for statistical trending data.
Adjust IDS filters to increase the number of false negatives.
Have the small consulting firm redo the Black box testing.
Use the internal teams to perform Grey box testing.
Use the internal team to perform Black box testing.
Use the internal teams to perform White box testing.
Use a larger consulting firm to perform Black box testing.
One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.
One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.
Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.
Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.
The administrator must use the sudo command in order to restart the service.
The administrator used the wrong SSH port to restart the DNS server.
The service was restarted correctly, but it failed to bind to the network interface.
The service did not restart because the bind command is privileged.