Follow me on twitter: https://twitter.com/CCNADailyTIPS
1.1.a Describe confidentiality, integrity, availability (CIA)
Confidentiality:
Only authorized person can view the sensitive or classified information. Two types of data:
- In motion, going from point A to Point B. (VPN/UN-PW)
- At rest, is sitting on storage media. (UN-PW)
Integrity:
The data hasn’t been modified by an unauthorized users. Only Authorized user are able to modify the data. Corruption of data is a failure to maintain data integrity. Computer goes on fire whenever the FBI comes in.
availability
The data is available to authorized users when and where they need it. This applies to systems and data. If the network is not available to authorized users, because of a DoS, the impact may be significant. No access to internet or data = companies lose revenue
1.1.b Describe SIEM technology
Security Information and event management is an approach to security management that combines SIM (Security information management) and SEM (Management System). It is a live log and event management of a network
- Solarwinds
- Splunk
1.1.c Identify common security terms
Asset – Property, people, information/data (This is what we want to protect with CIA)
Vulnerability – Weakness in a system or design (Maybe a firewall is unpatched)
Threat – Potential danger to Assets
Risk – Potential for unauthorized access to compromise, destroy, or cause damage (Firewall with no PW, Reset our network devices, no network access)Countermeasure – Mitigates potential RISK. (a Firewall, blocking port and access)
1.1.d Identify common network security zones
Private: The private, trusted network is commonly referred to as the “inside” security zone (controlled by us)
Public : The public, untrusted network is commonly referred to as the “outside” security zone (cannot control)
DMZ: This zone usually contains a relatively small number of systems whose services are made available to systems residing in the outside zone. The DMZ devices, such as web servers, are owned and controlled by the organization, but they are accessed by systems outside of the organization’s control. (Proxy Server, DNS, FTP, and VoIP)
The Implementing Cisco Network Security (IINS) exam (210-260) is a 90-minute assessment with 60-70 questions. This exam tests the candidate’s knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, and endpoint security. This exam validates skills for installation, troubleshooting, and monitoring of a secure network to maintain integrity, confidentiality, and availability of data and devices. This exam also shows competency in the technologies that Cisco uses in its security infrastructure. Candidates can prepare for this exam by taking the Implementing Cisco Network Security (IINS) course.