Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Chapter 6 Checklist

Practice

Step Number

Step Description

Yes

Partial

No

P6.2: Ensure

S6.2.1

Policy considerations That the Software Used to Examine Systems Has Not Been Compromised

 

 

 

P6.3: Monitor

S6.3.1

Notify usersand Inspect Network Activities

 

 

 

S6.3.2

Review network alerts

 

 

 

S6.3.3

Review network error reports

 

 

 

S6.3.4

Review network performance

 

 

 

S6.3.5

Review network traffic

 

 

 

S6.3.6

Policy considerations

 

 

 

P6.4: Monitor

S6.4.1

Notify usersand Inspect System Activities

 

 

 

S6.4.2

Review system alerts

 

 

 

S6.4.3

Review system error reports

 

 

 

S6.4.4

Review system performance statistics

 

 

 

S6.4.5

Monitor process activity and behavior

 

 

 

S6.4.6

Monitor user behavior

 

 

 

S6.4.7

Monitor for the presence of network sniffers

 

 

 

S6.4.8

Run network mapping and scanning tools

 

 

 

S6.4.9

Run vulnerability scanning tools on all systems

 

 

 

S6.4.10

Policy considerations

 

 

 

P6.5: Inspect

S6.5.1

Verify integrityFiles and Directories for Unexpected Changes

 

 

 

S6.5.2

Identify unexpected changes and their implications

 

 

 

S6.5.3

Policy considerations

 

 

 

P6.6: Investigate

S6.6.1

Audit all systems and peripherals Unauthorized attached to the network Hardware infrastructureAttached to the Network

 

 

 

S6.6.2

Probe for unauthorized modems

 

 

 

S6.6.3

Probe all internal network segments to identify unauthorized hardware

 

 

 

S6.6.4

Look for unexpected routes between the organization's network and external networks

 

 

 

S6.6.5

Policy considerations

 

 

 

P6.7: Look for

S6.7.1

Check all physical means of Signs of entrance or exitUnauthorized Access to Physical Resources

 

 

 

S6.7.2

Check physical resources for signs of tampering

 

 

 

S6.7.3

Perform a physical audit of all movable media

 

 

 

S6.7.4

Report all signs of unauthorized physical access

 

 

 

S6.7.5

Policy considerations

 

 

 

P6.8: Review

S6.8.1

Perform "triage" upon receipt of Reports of a reportSuspicious System and Network Behavior and Events

 

 

 

S6.8.2

Evaluate, correlate, and prioritize each report

 

 

 

S6.8.3

Investigate each report or set of related reports

 

 

 

S6.8.4

Policy considerations

 

 

 

P6.9: Take

S6.9.1

Document any unusual behavior Appropriate or activity that you discoverActions

 

 

 

S6.9.2

Investigate each documented anomaly

 

 

 

S6.9.3

Recognize the iterative nature of analysis and investigation

 

 

 

S6.9.4

Initiate your intrusion response procedures

 

 

 

S6.9.5

Update the configuration of alert mechanisms

 

 

 

S6.9.6

Update all characterization information

 

 

 

S6.9.7

Update logging and data collection mechanisms configurations

 

 

 

S6.9.8

Dispose of every reported event

 

 

 

S6.9.9

Policy considerations

 

 

 


  • + Share This
  • 🔖 Save To Your Account