Monitoring Data - CompTIA Security+ SY0-701 - 4.5
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/6
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
7 Terms
FIM (File Integrity Monitoring)
Some files change all the time
- Some files should never change
Monitor important operating system and application files
- Identify when changes occur
Windows - SFC (System File Checker)
Linux - Tripwire
Many host based IPS options
Data Loss Prevention (DLP)
• Where's your data?
• Social Security numbers, credit card numbers,
medical records
• Stop the data before the bad guys get it
• Data "leakage"
• So many sources, so many destinations
• Often requires multiple solutions in different places
Data Loss Prevention (DLP) systems
On your computer
- Data in use
- Endpoint DLP
On your network
- Data in motion
On your server
- Data at rest
USB Blocking
DLP on a workstation
- Allow or deny certain tasks
November 2008 - US Department of Defense
- Worm virus "Agent.btz" replicates using USB storage
- Bans removable flash media and storage devices
All devices had to be updated
- Local DLP agent handled USB blocking
Ban was lifted in February 2010
- Replaced with strict guidelines
Cloud-based DLP
Located between users and the internet
- Watch every byte of network traffic
- No hardware, no software
Block custom defined data strings
- Unique data for your organizations
Manage access to URLs
- Prevent file transfers to cloud storage
Block viruses and malware
- Anything traversing the network
DLP and email
Email continues to be the most critical risk vector
- Inbound threats, outbound data loss
Check every email inbound and outbound
- Internal system or cloud-based
Inbound
- Block keywords, identify impostors, quarantine email messages
Outbound
- Fake wire transfers, W-2 transmissions, employee informations
Emailing a spreadsheet template
• November 2016
• Boeing employee emails spouse a spreadsheet to use as a
template
• Contained the personal information of 36,000
Boeing employees
- In hidden columns
- Social security numbers, date of birth, etc.
• Boeing sells its own DLP software
- But only uses it for classified work
