Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
securityCHPT 4
terms
| Question | Answer |
|---|---|
| vulnerability assessment | systematic evaluation of asset exposure |
| asset | an item that has positive value |
| asset identification | process of inventorying items |
| common threat agents | natural disasters |
| common threat agents | compromise of intellectual property |
| common threat agents | espionage |
| common threat agents | hardware failure or errors |
| common threat agents | sabotage or vandalism |
| common threat agents | software attacks |
| common threat agents | software failure or errors |
| common threat agents | technical obsolescence |
| common threat agents | theft |
| common threat agents | utility interruption |
| aspects of vulnerability assessment | asset identification |
| aspects of vulnerability assessment | threat evaluation |
| aspects of vulnerability assessment | vulnerability appraisal |
| aspects of vulnerability assessment | risk assessment |
| threat evaluation | pressures are against assets |
| identify what needs to be protected | asset identification |
| how susceptible is the current protection | vulnerability appraisal |
| what damages could result from the threats | risk assessment |
| what to do about it | risk mitagation |
| common assests | people |
| common assests | physical assets |
| common assests | data |
| common assests | hardware |
| common assests | software |
| after the inventory of assets | determine each items relative value |
| threat agents | any person or thing with the power to carry out a threat against an asset |
| threat modeling | understand attackers and their methods often done by constructing scenarios |
| attack tree | provides a visual representation of potential attacks an inverted tree structure |
| vulnerability appraisal | where are our weak spots |
| risk assessment | determining the damage that would come from an attack |
| vulnerability appraisal | take a snapshot of the current security of the organization |
| vulnerability appraisal | catalog each vulnerability |
| risk assessment | assess that that vulnerability is a risk to the organization |
| outsourcing | transfer the risk to a third party |
| three options when confronted with a risk | diminsh,transfer, accept the risk |
| vulnerability impact scale | no impact |
| vulnerability impact scale | small impact |
| vulnerability impact scale | significant |
| vulnerability impact scale | major |
| vulnerability impact scale | catastrophic |
| single loss expectancy | expected monetary loss every time a risk occurs |
| annualized loss expectancy | expected monetary loss that can be expected for an asset due to a risk over a one year period |
| annualized rate of occurence | probability that a risk will occur in a particular year |
| ALE | SLE * ARO |
| SLE | AV * EF |
| risk mitagation | what to do about the risks |
| risk identification steps | asset identification |
| risk identification steps | threat identification |
| risk identification steps | vulnerability appraisal |
| risk identification steps | risk assessment |
| risk identification steps | risk mitagation |
| baseline | imaginary line by which an element is measured or compared |
| baseline reporting | comparison of the present state of a system compared to its baseline |
| architectural design | |
| design review | |
| code review | |
| attack surface | |
| software development process | requirements |
| software development process | design |
| software development process | implementation |
| software development process | verification |
| software development process | release |
| software development process | support |
| assessment tools | help personnel identify security weakness |
| assessment tools | port scanners |
| assessment tools | protocol analyzers |
| assessment tools | vulnerability scanners |
| assessment tools | honeypots |
| assessment tools | honeynets |
| port numbers | sixteen bits in length |
| well known ports | 0 - 1023 |
| registered ports | 1024 - 49151 |
| dynamic ports | 49152 - 65535 |
| private ports | dynamic ports |
| open port | application or service assigned to that port is listening for instructions |
| closed port | no process is listening at this port |
| blocked port | the host system does not reply to any inquiries |
| protocol analyzer | sniffer |
| port 20 | ftp |
| port 22 | ssh |
| port 23 | telnet |
| port 69 | tftp |
| port 80 | http |
| port 139 | netbios |
| port 443 | https |
| port 989 | ftps |
| well known port number | reserved for the most universal applications |
| registered port numbers | other applications that are not widely used |
| dynamic ports | available for use by any application |
| process | program running on one system |
| ip address | used to uniquely identify each network device |
| port number | tcp/ip uses a numeric value as an identifier to applications and services on these systems |
| protocol analyzer | hardware or software that captures packets to decode and analyze its contents |
| protocol analyzers | can fully decode application layer protocols http ftp |
| promiscuous mode | the strength of a protocol analyzer is that it places the computers nic adapter |
| port scanner software | searches system for port vulnerabilities |
| tcp connect scanning | |
| tcp syn scanning | |
| tcp fin scanning | |
| stealth scans | |
| xmas tree port scans | |
| vulnerability scanners | maintains a database that categorizes and describes the vulnerabilities it detects |
| vulnerability scanners | intended to identify vulnerabilities and alert network admins |
| honeypot | pc typically located in an area with limited security and loaded with software and data files that appear to be authentic yet they are actually imitations of real data files |
| honeynet | network setup with intentional vulnerabilities |
| assessment tool problem | no standard for collecting,analyzing,and reporting vulnerabilities |
| oval | open vulnerability and assessment language |
| oval | common language for the exchange of info regarding security vulnerabilities |
| oval vulnerability definitions are recorded in | xml |
| oval vulnerability queries are accessed in | sql |
| vulnerability assessment procedures | scanning |
| vulnerability assessment procedures | penetration testing |
| penetration testing | pentest |
| pentest | designed to exploit any weakness in systems that are vulnerable |
| vulnerability scanning | inside the building |
| penetration testing | outside the building |
| penetration testing | purposely trying to break into the network from outside the building.trying to do damage. |
| different penetration testing techniques | black box test |
| different penetration testing techniques | white box test |
| different penetration testing techniques | gray box test |
| security posture | an approach,philosophy or strategy regarding security |
| elements that makeup a security posture | initial baseline configuration |
| elements that makeup a security posture | continuous security monitoring |
| elements that makeup a security posture | remediation |
| standards in mitagating and deterring attacks | security posture |
| standards in mitagating and deterring attacks | configuring controls |
| standards in mitagating and deterring attacks | hardening |
| standards in mitagating and deterring attacks | reporting |
| reporting | alarms alerts trends |
| types of hardening techniques | protect accounts with passwords |
| types of hardening techniques | disabling unnecessary accounts |
| types of hardening techniques | disabling unnecessary services |
| types of hardening techniques | protecting management interfaces and applications |
| configuring controls | detection,cameras |
| configuring controls | prevention,locked doors |
| configuring controls | firewalls |
| purpose of hardening | eliminate as many security risks as possible |
Created by:
cgeaski
Popular Computers sets