click below
click below
Normal Size Small Size show me how
Winters Exam 2
Term | Definition |
---|---|
Policy | A ________ is a plan that conveys instructions from an organization's senior management to those who make decisions |
Standards | ________ are more detailed statements of what must be done to comply with policy |
Mission | The ________ of an organization is a written statement of an organization's purpose |
Vision | The ________ of an organization is a written statement about the organization's goals |
Enterprise Information Security Policy (EISP) | A/n ________ is known as a general security policy |
Issue Specific Security Policy (ISSP) | The ________ instructs employees on the proper use of technology and processes |
Access Control Lists | ________ consist of the use of access lists, matrices, and capacity tables that govern the rights and privileges of users. |
System Specific Policy (SSP) | ________ often function as standards or procedures to be used when configuring or maintaining system |
Security Blueprint | The ________ is the basis for the design, selection, and implementation of all security program elements. |
Defense in Depth | The layered approach to security is ________ |
Security Perimeter | A/n ________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world |
Firewall | A/n ________ is a device that selectively discriminates against information flowing into or out of the organization |
Demilitarized Zone | A buffer against outside attacks is considered a/n ________ |
Proxy | A/n ________ server performs services on behalf of another system |
SETA - Security, Education, Training, and Awareness | The ________ program is a control measure designed to reduce the incidences of accidental security breach by employees |
Incident Response | A/n ________ plan addresses the identification, classification, response, and recovery from an incident |
Disaster Recovery | A/n ________ plan addresses the preparation from and recovery from a disaster |
Business Continuity | A/n ________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs |
Identification | Risk ________ is the examination and documentation of the security posture of an organization and the risk it faces |
Assessment | Risk ________ is the determination of the extent to which the organization's information assets are exposed or at risk |
Control | Risk ________ is the application of controls to reduce the risk |
Risk | Each threat must be examined to assess the potential to endanger an organization. This examination is known as a ________ assessment. |
Vulnerabilities | ________ are specific avenues that threat agents can exploit to attack an asset. |
Likelihood | ________ is the probability that a specific vulnerability will be the object of a successful attack |
Residual | ________ risk is the risk that remains even after the application of controls |
Policies | ________ are documents that specify an organization's approach to security. |
Cost Benefit | The analysis used to evaluate the worth of the information asset to be protected and the loss in value if those assets are compromised is ________ analysis |
Benefit | ________ is the value that an organization realizes by using controls to prevent loss |
Asset Valuation | ________ is the process of assigning financial value to each information asset |
Single Loss Expectancy | A ________ is the calculation of the value associated with the most likely loss from an attack |
Annualized Rate of Occurence | The ________ is how often you expect a specific type of attack to occur |
Annualized Loss Expectancy | The ________ is the overall loss potential per risk |
Benchmarking | ________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate |
Standard of Due Care | The ________ is the concept that an organization has done what any prudent organization would do in similar circumstances |
Due Diligence | ________ is the demonstration that the organization is diligent in ensuring that they implemented standards continue to provide the required level of protection |
Risk Appetite | ________ defines the amount of risk an organization is willing to accept. |
Mandatory Access Controls | ________ give users and data owners limited control over access to information |
Role-Based Controls | ________ are tied to the role a user performs in an organization |
Task-Based Controls | ________ are tied to the assignment of responsibility of the user |
Identification | ________ is the process of mapping a supplicant to an entity within the security domain |
Auditability | Another word for accountability is ________ |
Firewall | A/n ________ is an information security program that prevents specific types of information from moving between the outside world and the inside world |
Packet-Filtering | A/n ________ firewall examines the header information of data packets |
Stateful Inspection | ________ firewalls keep track of each network connection between internal and external systems using a state table |
Application | A/n ________ firewall is also known as a proxy server |
Circuit Gateway | The ________ firewall operates at the transport layer |
MAC layer | The ________ firewall allows it to consider the specific host computer's identity |
Packet-Filtering | First generation firewall are ________ firewalls |
Application-Level | Second generation firewall are ________ firewalls |
Stateful Inspection | Third generation firewall are ________ firewalls |
Dynamic Packet-Filtering | Fourth generation firewall are ________ firewalls |
Kernel Proxy | Fifth generation firewall include ________ firewalls |
Screened Host | ________ firewalls combine a packet-filtering router with an application proxy server |
Dual-Homed Host | With ________ firewalls the bastion host contains two NICs. One for the external and one for the inside network |
Rules | Firewall ________ operate on the principle of "that which is not permitted is prohibited" |
Content Filter | A/n ________ is a software filter that allows administrators to restrict access within a network |
VPN | A/n ________ is used to securely extend an organization's internal network connections to remote locations |
Transport | In ________ mode, the data within an IP packet is encrypted but not the header information |
Tunnel | In ________ mode, the entire client packet is encrypted |
Intrusion | A/n ________ occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system |
Intrusion Detection System | A/n ________ works like a burglar alarm to detect an attempt to break into your computer system |
Intrusion Prevention System | A/n ________ can detect an intrusion and prevent that intrusion |
Attack Alarm | An indication that a system has just been attacked or is under attack |
False Negative | The failure of an IDPS to react to an actual attack event is considered a/n ________ |
False Positive | An alert that occurs in the absense of an actual attack is a/n ________ |
False Attack Stimulus | An event that triggers an alarm when no actual attack is in progress is a/n ________ |
Tuning | The process of adjusting an IDPS to maximize its efficiency is called ________ |
Confidence Value | The measure of an IDPS's ability to correctly detect and identify attacks is a/n ________ |
Alarm Filtering | The process of classifying IDPS alerts so they can be effectively managed is ________ |
Alarm Clustering | The process of grouping almost identical alarms that happen at close to the same time is ________ |
Footprinting | ________ are activities that gather information about the organization about its network activities and assets |
Fingerprinting | ________ are activities that scan network locales for active systems and identify network services offered by the host systems |
Network-based IDPS | An ________ IDPS resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that segment |
Application | In ________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use |
Host-based IDPS | A ________ IDPS resides on a particular computer or server, known as the host, and monitors activity only on that system |
System integrity verifiers | HIDPSs are also known as ________ |
Signature-based IDPS | A/n ________ IDPS examines network traffic in search of patterns that match known signatures |
Statistical anomaly-based IDPS | The ________ IDPS collects statistical summaries by observing traffic that known to be normal |
Stateful protocol analysis | The ________ protocol analysis is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations |
Deep packet | ________ inspection examines packets at the application layer for information that indicates a possible intrusion |
Log file monitor | A/n ________ IDPS reviews the log files look for patterns and signatures that may indicate that an attack or intrusion is in process or has already occurred |
Centralized | In a/n ________ IDPS control strategy, all IDPS control functions are implemented and managed in a central locations |
Fully distributed | In a/n ________ IDPS control strategy, all control functions are applied at the physical location of each IDPS component |
Partially distributed | In a/n ________ IDPS controls strategy individual agents can still analyze and respond to local threats and report to a hierarchical central facility to detect widespread attacks |
Honeypots | ________ are decoy systems designed to lure potential attackers away from critical systems |
Padded | A/n ________ cell is a honeypot that has been protected so it cannot be easily compromised |
Trap-and-trace | ________ applications use a combination of techniques to detect an intrusion and then trace it back to its source |
Port scanners | ________ are tools used by both attackers and defenders to identify the computer that are active on a network, as well as, the ports and services active on those computers |
Active vulnerability | ________ scanners scan networks for highly detailed information |
Vulnerability | ________ scanners are used to find and document holes in a system |
Passive vulnerability | A/n ________ scanner is one that listens in on the network and determines vulnerable versions of both server and client software |
Packet sniffer | A/n ________ is a network tool that collects copies of packets from the network and analyzes them |
Biometric access control | ________ is based on the use of some measurable human characteristic |
Minutiae | ________ are unique points of reference that are digitized and stored in an encryped format when the user's system access credentials are created |
Entry into or disrupt the normal operations | An intrusion occurs when an attacker attempts to gain ________ or ________ an information system, almost always with the intent to do harm. |
Intrusion prevention | ________ consists of activities that deter an intrustion. |
Intrusion detection | ________ consists of procedures and systems that identify system intrusions |
Intrusion reaction | ________ encompasses the actions an organization takes when an intrusion is detexted |
Intrusion correction | ________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again-thus reinitiating intrusion prevention |
Intrusion detection systems | ________ became commercially available in the late 1990s |
IDPS alerts and alarms | ________ take the form of audible signals, email messages, pager notifications, or pop-up windows |
Evasion | ________ is the process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS |
Noise | ________ is/are alarm events that are accurate and noteworthy but that do not pose significant threats to information security |
Site policy | ________ is/are the rules and configuration guidelines governing the implementation and operation of IDPSs within the organization |
Site policy awareness | ________ is an IDPS's ability to dynamically modify its configuration in response to environmental activity |
True attack stimulus | ________ is an event that triggers alarms and causes an IDPS to react as if a real attack is in progress |
Hub | Now outdated technology, a ________ receives traffic from one node and retransmit it to all other nodes |
Protocol Stack | The elements of these protocols (IP, TCP, UDP, and application layers such as HTTP) are combined in a complete set called the |
Application Protocol Verification | In ________, the higher-order protocols are examined for unexpected packet behavior |
Wireless IDPS | A ________ monitors and analyzes wireless network traffic, looking for potential problems with the wireless protocol |
Physical security | ________ is an issue associated with the implementation of wireless IDPSs concerning many wireless sensors are located in public areas |
Sensor range | ________ is an issue associated with the implementation of wireless IDPSs concerning a wireless device's reach can be affected by atmospheric conditions |
Access point and wireless switch locations | ________ is an issue associated with the implementation of wireless IDPSs concerning wireless components with bundled IDPS capabilities must be carefully deployed |
Wired network connections | ________ is an issue associated with the implementation of wireless IDPSs concerning how these components work independently of the wired network when sending and receiving between stations |
Cost | ________ is an issue because the more sensors deployed, the more expensive the configuration |
Wireless IDPSs | ________ are unable to detect certain passive wireless protocol attacks, in which the attacker monitors network traffic without active scanning or probing |
Anomaly Detection | NBA systems examine network traffic in order to identify problems related to the flow of traffic. They use a version of ________ method to identify excessive packet flows |
Host-based IDPS | ________ resides on a particular computer, known as the host, and monitors activity only on that system |
HIDPS | -classifies files into various categories -monitor multiple computers simultaneously -provide only a few general levels of alerts |
Signature-based IDPS | |
Statistical anomaly-based IDPS | The ________ collects statistical summaries by observing traffic that is known to be normal |
Clipping level | When the measured activity is outside the baseline parameters, exceeding the ________, the IDPS sends an alert |
Stateful protocol analysis | ________ is a process of comparing predetermined profiles of generally accepted definitions of benign activity to identify deviations |
Active; Passive | ________ acts. ________ reports. |
Failsafe | ________ features protect an IDPS from being circumvented or defeated by an attacker |
Control Strategy | A ________ determines how an organization supervises and maintains the configuration of an IDPS |
Threshold | A ________ is a value that sets the limit between normal and abnormal behavior |
Blacklist | A ________ is a list of discrete entities, such as hosts, that have been associated with malicious activity |
Code viewing and editing | ________ is an IDPS technology that permits administrators to see some or all of the detection-related code |
Port scanners | ________ are tools used by both attackers and defenders to identify the computers that are active on a network |
Blackbox | There is a class of vulnerability scanners called ________ |
False reject rate | The ________ is the percentage of identification instances in which authorized users are denied access as a result of a failure in the biometric device |
False accept rate | The ________ is the percentage of identification instances in which unauthorized users are allowed access to systems as a result of failure in the biometric device |
Crossover error rate | The ________ is the level at which the number of false rejections equals the false acceptances |