Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CIT292 Ch 10 and 11
CIT292 Network Security Terms for Chapters 10 and 11
| Term | Definition |
|---|---|
| Access Control Model | methodologies in which admission to physical areas and more important computer systems, is managed and organized |
| Discretionary access control (DAC) | An access control policy generally determined by the owner |
| Trusted Computer System Evaluation Criteria (TCSEC) | A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as the Orange Book |
| Mandatory access control (MAC) | An access control policy determined by a computer system, not by a user or owner as it is in DAC |
| Role-based access control (RBAC) | An access model that works with sets of permissions instead of individual permissions that are label based. Roles are created for various job function in an organization |
| Implicit deny | denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource |
| Job rotation | When users are cycled through various assignments |
| Separation of Duties (SoD) | When more than one person is required to complete a particular task or operation |
| Least privilege | When a user is given only the amount of privileges needed to do his job |
| Account expiration | The date when users’ accounts they use to log on to the network expires |
| Permissions | File system permissions control what resources a person can access on the network |
| Time-of-day restriction | When a user’s logon hours are configured to restrict access to the network during certain times of the day and week. |
| Access control list (ACL) | A list of permissions attached to an object. Specify level of access a user, users, group have to an object. When dealing with firewall, rules that apply to networks, IP addresses, or ports to permit or deny traffic. |
| Policy | Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer |
| Vulnerability | Weakness in your computer network design and individual host configuration |
| Risk | The possibility of a malicious attack or other threat causing damage or downtime to a computer system |
| Risk management | The identification, assessment,, and prioritization of risks, and the mitigating and monitoring of those risks. |
| Information assurance (IA) | The practice of managing risks that are related to computer hardware and software systems |
| Residual risk | The risk that is left after a security and disaster recovery plan has been implemented |
| Risk assessment | The attempt to determine the amount of threats that could possibly occur in a given amount of time to your computers and networks |
| Qualitative risk assessment | Assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network |
| Quantitative risk assessment | Assessment that measures risk by using exact monetary values |
| Risk mitigation | When risk is reduced or eliminated altogether |
| Risk transference | The transfer or outsourcing of risk to a third party. Also known as risk sharing |
| Risk avoidance | When an organization avoids risk because the risk factor is too great |
| Risk reduction | When an organization mitigates risk to an acceptable level |
| Risk acceptance | The amount of risk an organization is will to accept. Also known as risk retention |
| Vulnerability management | The practice of finding and mitigating software vulnerabilities in computers and networks |
| Vulnerability assessment | Baselining of the network to access the current security state of computers, servers, network devices, and the entire network in general |
| Penetration testing | A method of evaluating the security of a system by simulating one or more attacks on that system |
| Open Vulnerability and Assessment Language (OVAL) | A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available |
| Network mapping | The study of physical and logical connectivity of networks |
| Vulnerability scanning | The act of scanning for weaknesses and susceptibilities in the network and on individual systems. |
| Port scanner | Software used to decipher which ports are open on a host |
| Protocol analyzer | Software tool used to capture and analyze packets |
| Password cracker | Software tool used to recover passwords from hosts or to discover weak passwords |
| Dictionary attack | A password attack that uses a prearranged list of likely word, trying each of them one at a time |
| Brute force attack | A password attack where every possible password is attempted |
| Cryptanalysis attack | A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table |
| Rainbow tables | In password cracking, a set of precalculated encrypted passwords located in a lookup table |
| Salting | Randomization of the hashing process to defend against cryptanalysis password attacks and rainbow tables |
Created by:
Leisac
Popular Computers sets