CCNA Security Notes … A hot based security solution designed to prevent s host being compromised by DoS, Worms, Spyware, Viruses etc.
CSA is not a conventional signature based virus/spyware scanner but functions as a host based IPS (HIPS) to detect anomalies or signs of undesirable behaviour such as Windows registry changing, launching port scans etc. CSA operates by intercepting operating system and application calls using four interceptors which examining the calls against security policies. If a policy of violated an error
message is passed back to the calling application and an alert is generated to be sent to the Management Centre for CSA. The interceptors combines give the following functionality, distributed firewall, HIPS, Application sandbox, network worm prevention and file integrity monitoring.
CCNA Security Notes … Risk Analysis methods
Quantitative – Uses a mathematical model to derive a monetary cost of losses per annum which can then be used to justify countermeasures. Asset Value (AV) – Value of the asset including purchase price, implementation costs, maintenance costs, development costs etc.
Exposure Factor (EF) – An estimated percentage of loss/destruction that would occur in an event.
This could by around 50% for example as provided the software and data is backed up offsite the loss would only be hardware. Single Loss Expectancy (SLE) – This is the expected monetary loss for a single occurrence of a threat. SLE = AV * EF. Annualised Rate of Occurrence (ARO) – The expected annual frequency of the event. Annualised Loss Expectancy (ALE) – Total expected loss per annum. ALE = AV * EF * ARO.
Qualitative – A scenario based model used for large risk assessments where calculating the quantitative risk is impractical due to the quantity of assets…
System Development Life Cycle (SDLC) …
Initiation – Insists of definition of the potential impact should a breach of security occur and an initial risk assessment,
Acquisition and Development – Consists of a more in depth risk assessment, security functional & assurance analysis, cost considerations
Implementation – Inspections, acceptance, system integration, security certification.
Operations and Maintenance – Configuration management & control and continuous monitoring.
Disposition – Information preservation (keep the data stored on the system), media sanitisation
Pour plus d’informations sur la certification –> CCNA Security