4.5 Monitoring Data

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

File Integrity Monitoring (FIM)

Watch for unexpected changes to important system and application files—especially those that shouldn’t change unless there’s an update.

  • If these files are modified can trigger alerts or take action.

  • Windows uses the System File Checker (SFC) to check and repair system files.

  • On Linux, tools like Tripwire offer real-time file monitoring

  • Are also built into many host-based intrusion prevention systems (HIPS)

2
New cards

Data Loss Prevention (DLP)

Monitor for sensitive information—like Social Security numbers or medical data—being transmitted across the network.

  • Can block this data in real time as it moves across the network

  • Some monitor network traffic directly, while others run on individual devices as software.

3
New cards

On-computer DLP

Something that will monitor data in use, which means the data is in the active memory of that system

  • Or we’ll refer to it as an endpoint DLP, the endpoint being that individual system

4
New cards

Monitoring data in motion

DLP solution is connected to the network and it’s monitoring packets in real time

  • May be integrated into a next-generation firewall or it might be a standalone DLP appliance.

5
New cards

Monitor data at rest.

DLP that monitors files that are stored in the file system of an operating system.

  • A DLP solution that usually runs as software directly on that server or operating system itself.

6
New cards

USB Blocking

DLP software on endpoints can restrict data transfers through USB ports to prevent data theft or malware introduction.

  • USB drives are small and portable, making them easy tools for exfiltration or infection.

  • In 2008, the U.S. Department of Defense experienced a major breach when a worm, agent.btz, spread via a USB drive. Led to a complete ban on USB storage devices across the DoD.

  • Ban was enforced through local DLP agents, and lifted in 2010 after strict usage guidelines were introduced.

7
New cards

Cloud-Based DLP

Works like local or network DLP systems but monitors data flowing into and out of cloud applications.

  • Many also include protection against malware, viruses, and other threats, acting as a security layer for cloud storage and SaaS platforms.

  • As more applications move to the cloud, DLP solutions must also extend to cloud environments.

8
New cards

DLP & Email

Email is a major channel for data leaks, making it a key focus for DLP systems.

  • Email-based DLP scans both inbound and outbound messages for sensitive content.

  • Outbound DLP can block attempts to send Social Security numbers, W-2 forms, or fake wire transfers

  • Inbound DLP checks for suspicious keywords, spoofed addresses, or imposter emails, quarantining them before they reach users.

  • These solutions work whether your email is hosted locally or in the cloud,

9
New cards

Emailing A Spreadsheet Template

In November 2016, a Boeing employee accidentally emailed a spreadsheet to their spouse that appeared blank but actually contained hidden sensitive data for 36,000 employees, including Social Security numbers and birth dates.

  • An email-based DLP solution would have blocked this data leak.

  • Ironically, Boeing offers its own DLP software, which was not used internally at the time of the incident, though it is deployed on customer networks handling classified information.

Explore top notes

Explore top flashcards