Unit 5 Assignment 1: Testing and Monitoring Security Controls Log files would be the first place one would look to check for suspicious activity in the event of a crime. They can help you understand where something went wrong. Creating a timeline, of before and after the performance problem or incident. The way traffic moves through a network, especially when the computers are only used for certain things, creates baseline behavior. When something is out of place, such anomalies seem suspicious; but legitimate traffic could be used in illegitimate ways and legitimate traffic can at times seem illegitimate. By consistently monitoring the network, and observing all the possibilities, the anomalies of legitimate traffic wont seem that abnormal and one can focus on the real problems. Predictable passwords that meet minimum length requirements but remain easily guessable is a hazard that could affect a network with a weak password. If that is a problem, one should probably change the password every so often. It would be in everyone’s best interest if the password security level was increased, and that they would expire after a certain amount of time. Removable storage devices that might contain malware, filtered only when passing through the network could be a problem but by limiting the privileges of users, adapted to the duties assigned to the individual. Making it clear that no removable storage devices are to be brought into the network under no circumstance unless necessary and properly screened first. If an unencrypted laptop with sensitive information was to fall in the wrong hands, it would be likely that there would be some sort of damage. To prevent that from happening it is important to encrypt the drives and other sensitive information, have a lockout procedure where you had to put the password in again after a certain amount of time or to view critical data, and to make sure that the device could be potentially monitored.