controls. chapter 9: identifying and analyzing risk mitigation controls

Controls

Chapter 9: Identifying and Analyzing RiskMitigation Controls

Identifying and Analyzing Risk Mitigation Controls

Overview of Control Families

Identifying and Analyzing Risk Mitigation Controls

https://web.nvd.nist.gov/view/800-53/Rev4/home

Review with Class

Overview of Control Families

Identifying and Analyzing Risk Mitigation Controls

Overview of Control Families

Identifying and Analyzing Risk Mitigation Controls

Overview of Control Families

Identifying and Analyzing Risk Mitigation Controls

http://csrc.nist.gov/publications/nistpubs/800-53-rev4/sp800-53r4_summary.pdf

Procedural Controls

Identifying and Analyzing Risk Mitigation Controls

Policies

Identifying and Analyzing Risk Mitigation Controls

Procedures

Plans

Identifying and Analyzing Risk Mitigation Controls

Technical Controls

Identifying and Analyzing Risk Mitigation Controls

12

Port Numbers

13

Port Numbers

The port numbers are divided into three ranges:

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151.

The Dynamic and/or Private Ports are those from 49152 through

65535

14

Well-Known Ports

The Well Known Ports are those from 0 through 1023

The Well Known Ports are controlled and assigned by the IANA and

typically can only be used by system (or root) processes or by programs

executed by privileged users.

Ports are defined in the TCP [RFC793] to name the ends of logical

connections which carry long term conversations.

For the purpose of providing services to unknown callers, a service contact

port is defined.

To the extent possible, these same port assignments are used with the

UDP [RFC768].

15

Registered Ports

The Registered Ports are those from 1024 through 49151

The Registered Ports are not controlled by the IANA and on most systems

can be used by ordinary user processes or programs executed by ordinary

users.

16

Dynamic/Private Ports

The Dynamic and/or Private Ports are those from 49152 through 65535

17

Port Number References

TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

http://www.iana.org/assignments/port-numbers

Well Known Port Numbers http://www.stengel.net/tcpports.htm

Private IP Addresses TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

http://www.iana.org/assignments/port-numbers

Well Known Port Numbers http://www.stengel.net/tcpports.htm

RFC1918 name

IP address range

number of addresses

classful descriptio

n

largest CIDR block

(subnet mask)

host id size mask bits

24-bit block

10.0.0.0 - 10.255.255.255

16,777,216

single class A network

10.0.0.0/8 (255.0.0.0)

24 bits 8 bits

20-bit block

172.16.0.0 - 172.31.255.255

1,048,57616 contiguous class B networks

172.16.0.0/12 (255.240.0.0)

20 bits 12 bits

16-bit block

192.168.0.0 - 192.168.255.255

65,536256 contiguous class C networks

192.168.0.0/16 (255.255.0.0)

16 bits 16 bits

The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks, as published in RFC 1918