Deck 12: Security Through Monitoring and Auditing

Network-based intrusion-detection software is categorized as host wrappers or host-based agents.

In Red Hat Linux 9.x, by default, each log file has four rotation levels, to enable the retention of up to four weeks of information.

In Windows Server 2003 event viewer, an informational message such as a notice that a service has been started is prefaced by a black "!" (exclamation point) that appears on a yellow caution symbol.

The device log records information about system-related events such as hardware errors, driver problems, and hard drive errors.

At minimum, active intrusion detection alerts a server or network administrator about an attack or intrusion, so the administrator can take action.

In Mac OS X, the FTP Log keeps track of file uploads, downloads, and communications with FTP servers.

If % Network utilization is frequently over 90 percent, that means the network is experiencing collisions and there may be bottlenecks due to the network design, possibly indicating the need to create more or different subnets.

The Netware 6.x Console Log enables you to trace information, such as NLMs that have been loaded or unloaded, and to trace other activities that have been performed from the console.

Network Monitor is a utility which comes with Windows 2000 Server and Windows Server 2003.

In Red Hat Linux, the Emacs and vi editors can be used to configure the syslog.conf file.

SNMP enables network agents to gather information about network performance and send that information to a network management station.

An inspector is an IDS that tracks a full range of data and events related to an operating system or network.

Active intrusion detection is effective as long as the server or network administrator regularly checks the logs and recorded information for possible intrusion attempts.

In Network Monitor the capture store is the amount of RAM and virtual memory that is used to store captured data.

The default folder for saved Network Monitor capture information in Windows Server 2003 is \WINNT\system32\NETMON\CAPTURES .

Understanding the normal conditions for operating systems and a network is accomplished by establishing baselines .

File locks are open communication links between two processes on the server or between the server and a client.

The who command provides information about who is logged on to Red Hat Linux 9.x.

Network Monitor supports event management , which enables a server administrator to set up filters to capture a certain event or type of network activity.

Does the Netware 6.x Console log contain error information recorded for the NetWare server?

Are the Mac OS X logs located in the /var/log directory?

Is the System Log in Mac OS X contained in the file messages.x?

Are the Server logs for Mac OS X automatically rotated?

In Window Server 2003, does the print$ share enable you to view the number of clients currently using the server as a print server?

At minimum, ____________________ intrusion detection alerts a server or network administrator about an attack or intrusion, so the administrator can take action.

Does the Netware Remote Manager allow you to send messages to a particular user or to all users?

In Windows 2000 Server, is it necessary to install Network Monitor and Network Monitor Driver separately?

In Red Hat Linux, the ____________________ Log provides information about jobs that are scheduled to run or that have already run, such as information about the number of minutes until a specific job will run.

List five third-party passive intrusion-detection tools.

List four third-party active intrusion-detection tools.

In Windows Server 2003, the ____________________ log records information about logon accesses and file, folder, and system policy changes.

List eight different types of information that might be found in a log created by an auditor.

What five activities are typically encompassed by host-based IDS?

What five things do inspectors typically look for?

Typically, an IDS ____________________ is software that automatically records information to a log.

Can Network Monitor filter frames and packets on the basis of SAP or ETYPE?

Is the Process Viewer used by Linux Red Hat 9.x to display a listing of processes and the users who are running those processes?

Can the version of Network Monitor that comes with Windows Server 2003 capture and read the contents of any frames transported on the network segment to which the host computer is connected?

Network-based intrusion-detection software is used on a computer or network device and typically places the NIC on that device in ____________________ mode.

In Red Hat Linux, log files are managed through a process called ____________________ .

Host wrapper software, which may also be called a(n) ____________________, monitors network activity into or out of the computer, including protocols, packets, broadcasts, remote logon attempts, dial-in attempts, port scanning, and other activities.

A(n) ____________________ is a command-line string issued remotely that is intended to weaken the security or to alter an operating system.

A(n) ____________________ can be acquired by using performance monitoring to establish slow, average, and peak periods for a network, and keeping records on these periods.

In Windows Server 2003, the ____________________ log records information about how software applications are performing.