Chapter 4. Monitoring Activity and Intrusion Detection
THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
1.4 Carry out the appropriate procedures to establish application security.
Instant messaging
1.5 Implement security applications.
HIDS
Personal software firewalls
2.3 Determine the appropriate use of network security tools to facilitate network security.
NIDS
NIPS
Firewalls
Honeypot
Protocol analyzers
2.4 Apply the appropriate network tools to facilitate network security.
NIDS
Firewalls
Protocol analyzers
2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation
War driving
SSID broadcast
Blue jacking
Bluesnarfing
Rogue access points
Weak encryption
4.2 Carry out vulnerability assessments using common tools.
Port scanners
Vulnerability scanners
Protocol analyzers
Network mappers
4.4 Use monitoring tools on systems and networks and detect security-related anomalies.
Protocol analyzers
4.5 Compare and contrast various types of monitoring methodologies.
Behavior-based
Signature-based
Anomaly-based
4.6 Execute proper logging procedures and evaluate the results.
Security application
DNS
System
Performance
Access
Firewall
Antivirus
6.3 Differentiate between and execute appropriate response procedures.
Forensics
Chain of custody
First responders
Damage and loss control
Reporting—disclosure of
If it were not for the need to provide a connection path to share data, resources, and services, no one would ever install a network. This very connectivity—this need for convenience—forms the basis of the problems we face in providing a secure environment for our systems. This chapter deals with a number of faculties, including intrusion detection, detection methods, wireless technologies, and instant messaging. Additionally, this chapter discusses signal analysis and network monitoring.