4.1 Network and Server Profiling

network baseline element: session duration

this is the time between the establishment of a data flow and it’s termination

network baseline element: total throughput

this is the amount of data passing from a given source to a given destination in a given period of time

network baseline element: ports used

this is a list of TCP or UDP processes tat are available to accept data

network baseline element: critical asset address space

these are the IP addresses or the logical location of essential systems or data

server baseline element: listening ports

these are the TCP and UDP daemons and ports that are normally allowed to be open on the server

server baseline element: logged in users and accounts

these are the parameters defining user access and behavior

server baseline element: service accounts

these are the definitions of the type of service that an application is allowed to run

server baseline element: software environment

these are the tasks, processes, and applications that are permitted to run on the server

network behavior analysis (NBA)

this entails the use of sophisticated statistical and machine learning techniques to compare normal performance baselines with network performance at a given time

risk analysis

individuals conduct comprehensive analysis of impacts of attacks on core company assets and functioning

vulnerability management

patch management, host scans, port scanning, other vulnerability scans and services

penetration testing

use of hacking techniques and tools to penetrate network defenses and identify depth of potential penetration

internal or external consultants and risk management frameworks

what tools are used in risk analysis?

openvas, microsoft baseline analyzer, nessus, qualys, nmap

what tools are used in vulnerability assessment

metasploit, core impact, ethiical hackers

what tools are used in penetration testing?