Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT292 Ch 10 and 11

CIT292 Network Security Terms for Chapters 10 and 11

TermDefinition
Access Control Model methodologies in which admission to physical areas and more important computer systems, is managed and organized
Discretionary access control (DAC) An access control policy generally determined by the owner
Trusted Computer System Evaluation Criteria (TCSEC) A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as the Orange Book
Mandatory access control (MAC) An access control policy determined by a computer system, not by a user or owner as it is in DAC
Role-based access control (RBAC) An access model that works with sets of permissions instead of individual permissions that are label based. Roles are created for various job function in an organization
Implicit deny denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource
Job rotation When users are cycled through various assignments
Separation of Duties (SoD) When more than one person is required to complete a particular task or operation
Least privilege When a user is given only the amount of privileges needed to do his job
Account expiration The date when users’ accounts they use to log on to the network expires
Permissions File system permissions control what resources a person can access on the network
Time-of-day restriction When a user’s logon hours are configured to restrict access to the network during certain times of the day and week.
Access control list (ACL) A list of permissions attached to an object. Specify level of access a user, users, group have to an object. When dealing with firewall, rules that apply to networks, IP addresses, or ports to permit or deny traffic.
Policy Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer
Vulnerability Weakness in your computer network design and individual host configuration
Risk The possibility of a malicious attack or other threat causing damage or downtime to a computer system
Risk management The identification, assessment,, and prioritization of risks, and the mitigating and monitoring of those risks.
Information assurance (IA) The practice of managing risks that are related to computer hardware and software systems
Residual risk The risk that is left after a security and disaster recovery plan has been implemented
Risk assessment The attempt to determine the amount of threats that could possibly occur in a given amount of time to your computers and networks
Qualitative risk assessment Assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network
Quantitative risk assessment Assessment that measures risk by using exact monetary values
Risk mitigation When risk is reduced or eliminated altogether
Risk transference The transfer or outsourcing of risk to a third party. Also known as risk sharing
Risk avoidance When an organization avoids risk because the risk factor is too great
Risk reduction When an organization mitigates risk to an acceptable level
Risk acceptance The amount of risk an organization is will to accept. Also known as risk retention
Vulnerability management The practice of finding and mitigating software vulnerabilities in computers and networks
Vulnerability assessment Baselining of the network to access the current security state of computers, servers, network devices, and the entire network in general
Penetration testing A method of evaluating the security of a system by simulating one or more attacks on that system
Open Vulnerability and Assessment Language (OVAL) A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available
Network mapping The study of physical and logical connectivity of networks
Vulnerability scanning The act of scanning for weaknesses and susceptibilities in the network and on individual systems.
Port scanner Software used to decipher which ports are open on a host
Protocol analyzer Software tool used to capture and analyze packets
Password cracker Software tool used to recover passwords from hosts or to discover weak passwords
Dictionary attack A password attack that uses a prearranged list of likely word, trying each of them one at a time
Brute force attack A password attack where every possible password is attempted
Cryptanalysis attack A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table
Rainbow tables In password cracking, a set of precalculated encrypted passwords located in a lookup table
Salting Randomization of the hashing process to defend against cryptanalysis password attacks and rainbow tables
Created by: Leisac