Network endpoints and network devices have different security considerations and implications. A user workstation implies certain security issues that remain in the User Domain while network implications remain part of the LAN or LAN-to-WAN Domain. However, during the course of investigating an intrusion, you may have to source data from logs kept in routing devices and end-user systems. Suppose an attacker intrudes upon one of your servers. How do you reconstruct the events of a crime? Log files are the first place to check for administrative issues and security activity. Log files help you put together a timeline of events surrounding everything from a performance problem to a security incident. You can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Testing ensures that your control and monitoring facilities work as intended and maintain proper operation. Monitoring ensures that you capture evidence when your testing procedures fail to examine all possibilities or legitimate behavior permits unauthorized activity.

2. Given the following list of end-user policy violations and security breaches, select three and identify strategies to control and monitor each event to mitigate risk and minimize exposure. A user made unauthorized use of network resources by attacking network entities.

Open network drive shares allow storage privileges to outside users.

Sensitive laptop data is unencrypted and susceptible to physical theft.

Remote users do not have recent patches or current updates.

Legitimate traffic bearing a malicious payload exploits network services.

An invalid protocol header disrupts a critical network service.

Removable storage drives introduce malware filtered only when crossing the network.

Predictable passwords meet minimum length requirements but remain easily guessable.

Bad router permissions allow attackers to modify configurations or disrupt traffic.