Upload
gerard-lawrence
View
218
Download
0
Embed Size (px)
Citation preview
Controls
Chapter 9: Identifying and Analyzing RiskMitigation Controls
Identifying and Analyzing Risk Mitigation Controls
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
https://web.nvd.nist.gov/view/800-53/Rev4/home
Review with Class
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
http://csrc.nist.gov/publications/nistpubs/800-53-rev4/sp800-53r4_summary.pdf
Procedural Controls
Identifying and Analyzing Risk Mitigation Controls
Policies
Identifying and Analyzing Risk Mitigation Controls
Procedures
Plans
Identifying and Analyzing Risk Mitigation Controls
Technical Controls
Identifying and Analyzing Risk Mitigation Controls
12
Port Numbers
13
Port Numbers
The port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151.
The Dynamic and/or Private Ports are those from 49152 through
65535
14
Well-Known Ports
The Well Known Ports are those from 0 through 1023
The Well Known Ports are controlled and assigned by the IANA and
typically can only be used by system (or root) processes or by programs
executed by privileged users.
Ports are defined in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations.
For the purpose of providing services to unknown callers, a service contact
port is defined.
To the extent possible, these same port assignments are used with the
UDP [RFC768].
15
Registered Ports
The Registered Ports are those from 1024 through 49151
The Registered Ports are not controlled by the IANA and on most systems
can be used by ordinary user processes or programs executed by ordinary
users.
16
Dynamic/Private Ports
The Dynamic and/or Private Ports are those from 49152 through 65535
17
Port Number References
TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.iana.org/assignments/port-numbers
Well Known Port Numbers http://www.stengel.net/tcpports.htm
Private IP Addresses TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.iana.org/assignments/port-numbers
Well Known Port Numbers http://www.stengel.net/tcpports.htm
RFC1918 name
IP address range
number of addresses
classful descriptio
n
largest CIDR block
(subnet mask)
host id size mask bits
24-bit block
10.0.0.0 - 10.255.255.255
16,777,216
single class A network
10.0.0.0/8 (255.0.0.0)
24 bits 8 bits
20-bit block
172.16.0.0 - 172.31.255.255
1,048,57616 contiguous class B networks
172.16.0.0/12 (255.240.0.0)
20 bits 12 bits
16-bit block
192.168.0.0 - 192.168.255.255
65,536256 contiguous class C networks
192.168.0.0/16 (255.255.0.0)
16 bits 16 bits
The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks, as published in RFC 1918