Tuesday, February 15, 2011

Security+ Exam Objectives 4.4

4.4 Use monitoring tools on systems and networks and detect security-related anomalies.

Penetration testing and vulnerability scanning are only a few ways to keep up to date on the system’s status. However, to continue on a path to true security, more companies have began to use other tools such as performance and systems monitors. These tools enable the security to observe and develop trends in down time, the changes in job focus, and the need for infrastructure upgrades.

Monitoring tools vary in usage and purpose, though the end result is to have a more secure network and system. You want to be aware of each of the tools and know exactly how and what they are used for.

  • Performance monitor – A tool used to watch and correlate data from the activity of system metrics to known baselines, malicious anomalies, and problem trends. Constant observation using a performance monitor is imperative to a security admin, as deviations from the policies can be spotted whilst using this tool.
  • Systems monitor – A systems monitor oversees CPU usage, memory consumption, free hard drive space and various other important functions. Systems and Performance monitors are very similar in the way they track activity but they differ in what they’re used to observe. Performance monitors are used to track user interactions while system monitors are used to observe the physical side of the system.

  • Performance baseline – This is the comparison point used in the above systems, the baseline is established in accordance to a policy or by group approval and then serves as the starting point in monitoring the system.

Protocol analyzers –These tools are used to target network traffic and examine the contents. By capturing packets the information can be stored onto a storage device or into memory. Protocol analyzers can be utilized in detecting communication problems in software and hardware.  

To save on your IT Certification of for questions about getting certified visit GetCertify4Less or GetCertified4Less

No comments: