2. Exam Essentials for Access Control Attacks and Monitoring

Understand basic risk elements

Risk is the likelihood that a threat can exploit a vulnerability and cause damage to assets.

Asset valuation identifies the value of assets

Threat modeling identifies threats against these assets

Vulnerability analysis identifies weaknesses in an organization’s valuable assets.

Access aggregation is a type of attack that combines, or aggregates, nonsensitive information to learn sensitive information that is used in reconnaissance attacks.

Brute vs dictionary attacks.

brute force uses keyboard combinations, dictionary uses a list.

Strong Passwords

Password policies ensure users make complex passwords, which make password crackers less successful.

Increase strength by adding one of the factors (see authentication factors here).

Spoofing

Spoofing is pretending to be someone or something else. Spoofing attacks can include email, phone, IP.

Sniffing

A packet capturing program reads and stores data that is sent over a network medium in cleartext.

Social Engineering

Convince someone to do something they wouldn’t normally do, usually by pretending to be someone else and asking for help.

Phishing

Trying to get a user to give up personal information, spear phishing targets specific groups of users and whaling targets high-level executives. Vishing uses VoIP.

Log Types

Security Logs, System Logs, Application Logs, Firewall Logs, Proxy Logs and Change Management Logs. Logs should be protected and should be read only.

Monitoring

Basically, monitoring is a form of auditing that focuses on active review of log file data. It holds subjects accountable for their actions, and detects abnormal or malicious activities. IDSs and SIEMs automate monitoring and provide real-time analysis of events.

Accountability

Accountability is maintained by auditing subjects. This promotes good user behavior and compliance.

Audit trails

Records created by recording information about events and occurrences into logs are used to reconstruct an event.

Sampling

Sampling or data extraction, is extracting elements from a large body of data to construct a meaningful representation or summary of the whole. Statistical sampling uses precise mathematical functions to extract meaningful information from a large volume of data.

Clipping is a form of nonstatistical sampling that only records events that exceed a threshold. e.g. bad login attempts over 10 times.

 

 

This entry was posted in CISSP-Study and tagged , , . Bookmark the permalink.