The following question is related to IT course IT409- IT Security and Policies a
ID: 3574083 • Letter: T
Question
The following question is related to IT course IT409- IT Security and Policies
a) Document what type of identification is issued to students, faculty, staff, and visitors at your school. If possible, include pictures of these types of documentation.
b) What are the different types of malware and how it is controlled?
Define the following access control management terminology:
1. Access control:
2. Cognitive-password:
3. Default deny:
4. Default allow:
5. Least privilege:
b) Provide 3 parameters that form the basis of internet communications used by firewall device.
c) Describe the four types of IDS/IPS.
Question 4 Important :
Log data offer clues about activities that have unexpected and possibly harmful consequences. The following parsed and normalized firewall log entries indicate a possible malware infection and data exfiltration. The entries show a workstation making connections to Internet address 93.177.168.141 and receiving and sending data over TCP port 16115.
id=firewall sn=xxxxxxxxxxxx time=”2013-04-02 11:53:12 UTC” fw=255.255.255.1 pri=6 c=262144 m=98 msg=”Connection Opened” n=404916 src=10.1.1.1 (workstation) :49427:X0 dst=93.177.168.141 :16115:X1 proto=tcp/16115
id=firewall sn=xxxxxxxxxxxx time=”2013-04-02 11:53:29 UTC” fw=255.255.255.1 pri=6 c=1024 m=537 msg=”Connection Closed” n=539640 src=10.1.1.1 (workstation) :49427:X0 dst=93.177.168.141 :16115:X1 proto=tcp/16115 sent=735 rcvd=442
id=firewall sn=xxxxxxxxxxxx time=”2013-04-02 11:53:42 UTC” fw=255.255.255.1 pri=6 c=262144 m=98 msg=”Connection Opened” n=404949 src=10.1.1.1 (workstation) :49430:X0 dst=93.177.168.141 :16115:X1 proto=tcp/16115
id=firewall sn=xxxxxxxxxxxx time=”2013-04-02 11:54:30 UTC” fw=255.255.255.1 pri=6 c=1024 m=537 msg=”Connection Closed” n=539720 src=10.1.1.1 (workstation) :49430:X0 dst=93.177.168.141 :16115:X1 proto=tcp/16115 sent=9925 rcvd=639
a) Describe what is happening.
b) Is the log information useful? Why or why not?
c) Research the destination IP address (dst) and the protocol/port (proto) used for
communication.
d) Can you find any information that substantiates a malware infection and data exfiltration?
e) What would you recommend as next steps?
Explanation / Answer
1. Access control: It is a method by which a system permits or cancels the right to access some data, or carry out some action. Generally, a user must first Login to a system by using some verification system. Next, the Access Control method controls what actions the user may or may not make by comparing the User ID to an Access Control database.
2 Cognitive-password: A cognitive password is a type of knowledge based verification that needs a user to answer a question, most likely something they essentially know, to verify their identity.
3 Default deny: It is one of the way of firewall management program. The firewall administrator lists the permitted network services, and denies all the others.
4 Default allow: The firewall administrator lists network services which are not permitted, and everything else is received.
c) Intrusion detection systems, IDS can be divided into different ways. The main classifications are Active and passive IDS, Network Intrusion detection systems and host Intrusion detection systems
There are two types of IPSs that are same in nature to IDS. They consist of host-based intrusion prevention systems products and network-based intrusion prevention systems.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.