![Page 1: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/1.jpg)
Controls
![Page 2: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/2.jpg)
Chapter 9: Identifying and Analyzing RiskMitigation Controls
![Page 3: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/3.jpg)
Identifying and Analyzing Risk Mitigation Controls
![Page 4: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/4.jpg)
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
https://web.nvd.nist.gov/view/800-53/Rev4/home
Review with Class
![Page 5: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/5.jpg)
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
![Page 6: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/6.jpg)
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
![Page 7: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/7.jpg)
Overview of Control Families
Identifying and Analyzing Risk Mitigation Controls
http://csrc.nist.gov/publications/nistpubs/800-53-rev4/sp800-53r4_summary.pdf
![Page 8: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/8.jpg)
Procedural Controls
Identifying and Analyzing Risk Mitigation Controls
![Page 9: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/9.jpg)
Policies
Identifying and Analyzing Risk Mitigation Controls
Procedures
![Page 10: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/10.jpg)
Plans
Identifying and Analyzing Risk Mitigation Controls
![Page 11: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/11.jpg)
Technical Controls
Identifying and Analyzing Risk Mitigation Controls
![Page 12: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/12.jpg)
12
Port Numbers
![Page 13: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/13.jpg)
13
Port Numbers
The port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151.
The Dynamic and/or Private Ports are those from 49152 through
65535
![Page 14: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/14.jpg)
14
Well-Known Ports
The Well Known Ports are those from 0 through 1023
The Well Known Ports are controlled and assigned by the IANA and
typically can only be used by system (or root) processes or by programs
executed by privileged users.
Ports are defined in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations.
For the purpose of providing services to unknown callers, a service contact
port is defined.
To the extent possible, these same port assignments are used with the
UDP [RFC768].
![Page 15: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/15.jpg)
15
Registered Ports
The Registered Ports are those from 1024 through 49151
The Registered Ports are not controlled by the IANA and on most systems
can be used by ordinary user processes or programs executed by ordinary
users.
![Page 16: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/16.jpg)
16
Dynamic/Private Ports
The Dynamic and/or Private Ports are those from 49152 through 65535
![Page 17: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/17.jpg)
17
Port Number References
TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.iana.org/assignments/port-numbers
Well Known Port Numbers http://www.stengel.net/tcpports.htm
![Page 18: Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls](https://reader035.vdocuments.net/reader035/viewer/2022062804/56649d795503460f94a5c323/html5/thumbnails/18.jpg)
Private IP Addresses TCP/UDP Port Numbers http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.iana.org/assignments/port-numbers
Well Known Port Numbers http://www.stengel.net/tcpports.htm
RFC1918 name
IP address range
number of addresses
classful descriptio
n
largest CIDR block
(subnet mask)
host id size mask bits
24-bit block
10.0.0.0 - 10.255.255.255
16,777,216
single class A network
10.0.0.0/8 (255.0.0.0)
24 bits 8 bits
20-bit block
172.16.0.0 - 172.31.255.255
1,048,57616 contiguous class B networks
172.16.0.0/12 (255.240.0.0)
20 bits 12 bits
16-bit block
192.168.0.0 - 192.168.255.255
65,536256 contiguous class C networks
192.168.0.0/16 (255.255.0.0)
16 bits 16 bits
The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks, as published in RFC 1918