iT邦幫忙

2025 iThome 鐵人賽

DAY 17
0
Security

30 工挑戰 CompTIA Security SY0—701系列 第 17

Day 17 Security alerting and monitoring concepts and tools

  • 分享至 

  • xImage
  •  

1. Monitoring Computing Resources

包括繼續監視系統、應用程式佮基礎設施,來辨識佮回應可能會出現威脅。

  • Log files:文字檔,紀錄發生過的事件。
  • Security logs:紀錄所有授權佮無授權的 access。
  • Systems monitors
  • Application monitors
  • Infrastructure monitors:Infrastructure 包括網路、資料庫、雲端服務。
    Simple Network Management Protocol(SNMP)
    • SNMP agents
    • SNMP managers
    • SNMP traps
    • Network Management System(NMS)
      其他監視裝置有 Network Intrusion Detection Systems(NIDSs)Network Intrusion Prevention Systems(NIPSs)
    • Network Intrusion Detection Systems(NIDSs)
      • Traffic analysis
      • Alerts and notifications
      • Passive role
    • Network Intrusion Prevention Systems(NIPSs)
      • Real-time analysis and action
      • Blocking threats
      • Policy enforcement
      • Reducing attack surface
      • Alerts and reporting

2. Activies

五个 alerting and monitoring 的基本 Activies:

  • Log aggregation
    Security Information and Even Management(SIEM) system
  • Alerting
  • Scanning
  • Reporting
    主要元素:
    • Customizable dashboards
      • SolarWinds Network Performance Monitor(NPM)
      • The Cisco Digital Network Architecture Center(Cisco DNA Center)
    • Compliance reporting
    • Executive summaries
  • Archiving

3. Alert Response and Remediation/Validation

  • Quarantine
    • Automated response
    • Manual intervention
    • Isolation duration
  • Alert tuning

4. Tools

  • Security Content Automation Protocol(SCAP)
    • Open Vulnerability and Assessment Language(OVAL)
    • Extensible Configuration Checklist Description Format(XCCDF)
  • Benchmarks
  • Agents/Agentless
  • Security Information and Event Management(SIEM)
    重要功能:
    • Data collection
    • Data aggregation
    • SIEM correlation
    • Alerting and reporting
  • Antivirus
  • Data Loss Prevention(DLP)
  • Simple Network Management Protocol(SNMP) Traps
  • NetFlow
  • Vulnerability Scanners

上一篇
Day 16 - Various Activities Associated with Vulnerability management
下一篇
Day 18 Modifying enterprise capabilities to enhance security
系列文
30 工挑戰 CompTIA Security SY0—70119
圖片
  熱門推薦
圖片
{{ item.channelVendor }} | {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言