219 terms

security plus

STUDY
PLAY

Terms in this set (...)

demilitarized zone (DMZ)
is a pair of firewalls that segregate web-facing server traffic from the internal network.
Web Application Firewall (WAF)
_____ blocks attacks and provide security at Layer 7 of the OSI
model. A _____ can protect a web server from cross-site scripting attacks.
Routers
_______ connect networks generally based on network addresses, usually IP network addresses. They can be used to create subnets which isolate broadcast domains, and to some extent isolate security zones with access control lists (ACLs).
Switches
______ connect hosts on a LAN by MAC address. They reduce or eliminate collisions. VLANs are connected by routers or multilayer switches. Client access should be
VPN concentrators
_______ allow scalable secure remote access by being able to handle the load of multiple heavily utilized VPN connections.
Load Balancers
________ distribute the load among multiple Web servers, increasing performance, and reliability, while eliminating a single point of failure by providing redundancy
Sniffers; protocol analyzer
______ capture network packets. They are usually integrated with a ________ that understands and analyses the content of the packets.
Honeypots, honeynet
_____ are single fake systems meant to divert attackers away from a production network and to study hacker tools and techniques. A ____ emulates a set of servers.
Network
____ based Intrusion Prevention systems take the next step in that they also neutralize attacks.
Signature
_______ based NIDS/NIPS (also HIDS/HIPS) need updates. They are best for known attacks
Anomaly
_____ based NIDS/NIPS (also HIDS/HIPS) look for unusual events. They are best for zero day attacks
Behavior
______based NIDS/NIPS (also HIDS/ HIPS) match traffic patterns. To kill connections NIPS do shunning, and blocking on attackers, and TCP resets on victims
web security gateway/content filter
a ______ often implemented on a proxy server, blocks web sites by URL.
Unified Threat Management (UTM)
_____ and block traffic based on URL, malware, buffer overflows, cross-site scripting (XSS), cross site request forgery (XSRF), and injection attacks.
proxy server
a ______ caches web pages, while a reverse Proxy can have sophisticated filters. A SPAM filter is typically incorporated in Email. An all-in-one security appliance integrates many of these functions.
Spanning Tree Protocol (STP)
A type of protocol that stops switching loops.
802.1x
this standard features port-based extensible authentication protocol (EAP). It the most secure way to implement network access control (NAC) for contractors, or wireless network access. ______ is associated with RADIUS.
Implicit deny
means that any connection not explicitly allowed is denied by default.
Flood guards
______ should be used to protect against SYN flood attacks, trace the source, generate alerts, and block attack traffic.
Loop protection
_____ prevents network disruption if both ends of a network cable are connected to different switch ports.
Log analysis
____ Logs from multiple sources should account for incident time offsets. The security log would show when a user attempted to log-in at various times of the day.
Subnets and VLANs
subnets
vlans
____ and ____ separate broadcast and security domains. ____ are on routers. ____ are created on switches.
Static NAT
_______ has a one-to-one mapping between internal and external addresses.
Dynamic NAT
_____ allows the mapping to change dynamically.
Port Address Translation (PAT)
______ allows multiple hosts to connect at the same time
Remote access policy; SSH
______ sets rules for remote access. Remote access should use a secure protocol such as ____ . A VPN concentrator provides remote access for large numbers of users.
Network Access Control (NAC)
_______ Examines and remediates foreign hosts that attempt to connect to a network. It also updates patches and antivirus definitions and performs a virus scan before granting access.
virtualization, hypervisor
In _______ physical servers host multiple virtual servers. This cuts down on the
footprint. The specialized operating system that hosts the virtual machines is the
________.
VM escape
______ is the term for an attack that affects more than one virtual machine and/or the hypervisor
Cloud computing
_______ utilizes virtualization to provision guests on demand.
Platform
In ______ as a Service (PaaS), developers create applications on a provider's platform.
Software
In ____ as a Service (SaaS), the vendor supplies the software product.
Infrastructure
In _____ as a Service (IaaS), users can start, stop and configure virtual servers.
IPSec
was originally developed for IPv6. It can be used as the encryption piece of a VPN with L2TP setting up the tunnel, or it can do both.
ESP, AH and IKE.
IPSec protocols include ___, _____, and ____
SNMP
SNMPv1
SNMPv2
SNMPv3
____ is used to manage network devices including printers, servers, routers and
switches. ____ and _____ are insecure
protocols. ______ is secure and provides data integrity, authentication, confidentiality and protection
SSH
____ is a secure replacement for Telnet and FTP.
Slogin
_____ replaces Telnet.
SCP and SFTP
___ and ____ replace FTP.
SSH
FTPS is another secure version of FTP, but it is not based on ____
DNS
____ resolves a host name to an IP address.
DNS
_____ attacks include spoofing and cache poisoning.
DNSSEC and TSIG
DNS security measures include _____ and
_____ which use certificates for authentication of DNS servers.
HTTP, HTTPS
______ transfers Web pages. _____ does this securely using certificates.
SSL
_____ is the underlying protocol for HTTPS. It can also be used in SSTP to set up a VPN that does not require a VPN client setup.
TLS
_____ is more secure than SSL because it checks that a certificate belongs to the web site; it does mutual authentication. It can also can be used to secure traffic between SMTP servers.
IP, IP
TCP
Man-in-the-Middle
SYN Flood
___ provides addressing and routing. An attacker can forge the source ____ address. ___ provides reliability through sequence numbers. An attacker might monitor network transmissions to predict a sequence number and forge an acceptable response. This is a _______ attack. The three-way TCP handshake can be exploited in a _____ attack.
UDP
____ is faster than TCP but unacknowledged. It is used in videocasting and VoIP.
Fraggle
______ is a UDP Denial of Service (DOS) attack.
ICMP (Internet Control Message Protocol)
_____ provides network reachability and diagnostics. It supports ping, tracert, and router messages such as source routing.
ICMP (Internet Control Message Protocol)
_____ attacks include Ping of Death, Smurf Attack and bogus source routing updates.
Internet Control Message Protocol
IPv4
IPv6
100
___ has a 32 bit address space that is depleted. ____ has a 128 bit address, enough for ____ IP addresses for every square inch on the earth.
Storage Area Network (SAN) Protocols.
Fiber Channel over Ethernet (FCoE) and iSCSI leverage your production network to create a SAN. Attacks on the production network affect FCoE and iSCSI.
Fiber Channel (FC)
_____ is an isolated network. Deploying a FC fabric provides multi-pathing which increases bandwidth and fault-tolerance.
OSI Relevance
_____ has decreased as newer protocols do not adhere to it
WEP
WPA
____ is weak. It has a 24 bit initialization vector. It should not be used.
_____ is much stronger as it uses EAP, TKIP, and RC4.
WPA2
802.11i
___ replaces RC4 with AES. ______ is better than WPA2 as it replaces TKIP with CCMP which changes the whole encryption key on a minute by minute basis, while TKIP changes only part of the encryption key.
WPA/WPA2 Enterprise

EAP-TLS
EAP is Extensible Authentication Protocol.

______ use EAP.


______ uses certificates.
PEAP (Protected EAP)
___ encapsulates EAP in an encrypted and authenticated TLS tunnel
LEAP (Lightweight EAP)
______ uses MS-CHAPv2 to protect authentication credentials and provide mutual authentication.
Technical risk controls
____ would use specific hardware or software. They include screen lock, firewalls, IDSs/ IPSs, ACLs, proximity locks and mantraps.
Management controls
____would avoid single points of failure, include security policy, fault-tolerant measures and recovery procedures.
Operational risk controls
_____ are daily controls including a security guard, auditing, user rights review and background investigations.
false positive
A _____ is a false alarm.
false negative
A ____ is where an attack is not identified. It is more serious than a false positive. In Biometrics a false acceptance is more serious that a false rejection.
Mandatory vacation
______ checking an employee's work while they are on vacation to discover fraud and collusion
Job Rotation
Two software developers switching roles to eliminate a single point of failure caused by a singular skill set is an example of ______
Least privilege
_____ would be violated if the accounting manager could be accounts payable and accounts receivable work. Rather, the accounting manager should just be able to approve work.
Quantitative
qualitative
______ is based on hard numbers while ____ is based on subjective ranking.
Quantitative
____ is based on asset value and exposure, so risks are mitigated based on cost.
maximum tolerable downtime (MTD)
The _______ is what a business can accept after a disaster
mean time to repair (MTTR)
The ______ should be less than the MTD.
recovery point objective (RPO)
The ____ is how much critical data and/or critical systems must be restored after a disaster
recovery time objective (RTO)
The _____ should be shorter than the MTD. The RTO is the target time when critical systems should be back up and running after a disaster.
business impact analysis (BIA)
A _____ is a high level analysis that identifies a company's exposure to the sudden loss of critical business functions.
Responses to Risk
Most mission impacting risks should be mitigated. However, risks cannot be eliminated.
Mitigation.
Risks can be accepted if the cost to mitigate the risk is more than the cost of the asset
avoided
Risks can be ____ if the loss of the asset is unacceptable.
Cloud computing
_____ uses virtualization to provision guests on demand. Security drawbacks of cloud computing are loss of physical control over data and blended systems and data
interconnection security agreement (ISA)
An ______ is between organizations that own and operate connected IT systems to document the technical and security requirements of necessary data flows
Change management
_____ is a part of configuration management. It handles system upgrades and modifications so they do not impact security.
Incident Management
________ ensures that the proper configurations are reapplied to systems and attacks are contained.
Order of Volatility
Collect the most perishable
material first: CPU cache, RAM, swap file, hard drive, remote logs. Create an image of the hard drive. Perform a hash before and after the image and hash the imaged hard drive.
Record Time Offset
Can be correlated to see the chain of event if the record time offset is correct
Chain of custody
_____ is continuously documenting the state and location of data and hardware from collection to Disposition.
Big Data Analysis
______ can discover the locus of attacks by correlating attacks against multiple companies
Collect Evidence In Order of Volatility
▪ CPU Registers
▪ CPU Cache
▪ Memory
▪ ARP Cache
▪ Swap File
▪ Optical Media
▪ Remote Logs
Incident Response
P-Preparation
I- Identification
R- RFID
R- Routine auditing
C- Containment
L- Lessons learned
Preparation
is where general measures are taken against malware.
Identification
is the first response in incident management to clients reporting spikes in malware infections.
RFID
can provide automated notification of item removal.
Routine auditing
is the auditing or reviewing an organization's security systems (both physical and logical) on a regular basis.
Containment
Consistent with collecting evidence; contain the incident.
Lessons learned
is where the team analyses the incident and determines steps against future occurrence.
Security policy training
_____ should be customized by the role of the user.
Shoulder Surfing, Clean Desk Policy and Sanitization.
Training should include protection from shoulder surfing. It also includes a clean desk policy, data sanitization, data labeling and protection by classification.
Social Networking and P2P File Sharing.
Users should be educated to avoid disclosing information via social networking sites and/or P2P file sharing
Fire Suppression
HVAC systems should be should be integrated into the fire alarm systems to help prevent a fire from spreading and should shut down when a fire is detected in the datacenter. FM200 is the best suppression method.
EMI Shielding
EMI is Electro Magnetic Interference while RMI is Radio Magnetic Interference
Hot and cold aisles
____ regulate cooling within a datacenter to maximize airflow, and increase HVAC efficiency.
Video Monitoring
It is a detective security control that could determine if confidential or equipment is being removed.
Guards
____ provide access based on facial recognition among other factors.
mantrap
A _____ is a confined space that only one user can enter at a time. An outer door locks when the user enters. To leave the mantrap, and gain access to the protected area, the user must successfully authenticate to the inner door.
business impact analysis (BIA)
A ___ defines recovery point objectives (RPO) and recovery time objectives (RTO).
service level agreement (SLA)
A _____ is a formal contract between two companies that is more enforceable than an informal memorandum of understanding (MOU).
business practice agreement (BPA)
A _____ lists what contractors should and shouldn't do.
interconnection security agreement (ISA)
An ______ is between organizations that own and operate connected IT systems to document the technical and security requirements of necessary data flows.
single points of failure
Measures that remove include _____ RAID, clustered servers, redundant power supplies, and redundant ISPs.
Backup Execution and Frequency
Backup types include full, differential, and incremental.
▪ Data deduplication reduces the size of backups, the time to backup and restore time.
▪ One copy of a backup should be stored onsite for quick recovery. Another copy of a backup should be stored offsite, away from the main site for disaster recovery.
Backup/Backout Contingency Plans
In the event that Plan A fails, have a pre- conceived and viable Plan B. In the event the weekend datacenter upgrades fail, have a backout plan to undo any changes
Redundant measures
____ includes redundant circuits, RAID, clustered servers, network load balancing, mirrored memory, redundant power supplies and redundant ISPs.
cold site
A ___ is an alternate location with no data or equipment.
warm site
A ______ describes a semi-operational site. It provides a building and network equipment, but not current application data
Hot site
The highest level of availability is provided because the site has full equipment and current data
confidentiality, integrity, and availability.
The parts of CIA are ____, ______, and _____
Confidentiality
is protection from unwanted disclosure
is the primary concern of governments in terms of data security
is preserved by strong authentication, strong encryption, ACLs, least privilege, need to know and sanitization of retired computer systems.
Items that could compromise confidentiality include USB drives and spyware.
Availability
is the continuous operation of computing systems and networks.
- Redundancy and fault tolerant measures such as RAID and clustered servers increase availability.
- A virtualization farm increases availability.
Integrity
____ is the concept that addresses the threat of data being modified without authorization. Integrity is provided by a hash and input validation.
▪ A forensic image of a computer's memory or hard drive should be run through a hash such as SHA256 or SHA512.
▪ Kerberos centralizes file integrity protection.
Safety
___ is provided by fencing, lighting, locks, CCTV, guards, fire alarms, fire drills, and alternate escape routes.
Virus
___ are often attached to executable files. Their primary goal is replication by spreading from file to file. An act as simple as opening an attachment can infect a system. Effects can include data deletion, file corruption, file alteration, data theft and DoS.
▪ Cell phones with network access and the ability to store data files are susceptible to viruses. include data deletion,
▪ corruption, alteration, and theft.
▪ An armored virus hides its location and is difficult to reverse engineer in a lab.
polymorphic virus
A ___ continually changes to prevent signature-based detection.
Worms
_____ are self-contained programs. They can spread by network shares with no user interaction. As a result, worms spread faster than viruses. They can email a copy of themselves to everyone in the address book of an infected computer.
Rootkits
____ are suspicious system-level kernel modules which modify file system operations. They are characterized by hooking processes and erasing logs. Hooking processes hide themselves from discovery
Trojans
____ disguise themselves as harmless or "friendly" files.
Backdoor
A ____ makes an alternate/unsecured entry point to an application or computer.
logic bomb
A ____ is malicious code that is triggered by a time, date or event. For example, a disgruntled employee inserts additional code into the payroll system which will activate only if he is dismissed.
botnet
A ____ is a large group of infected computers/bots/zombies that have been taken over by hackers. An indication is several PCs that are running extremely slow, and are opening many connections to the same unknown destination.
Adware
____ are pop-up advertisements, often targeted based on browser history. Adware is often bundled with freely downloaded software.
Spyware
_____ secretly collects information about users. Spyware negatively affects confidentiality. It can slow down a PC. Used to Track cookies and browser history
Ransonware
_____ is malware that extorts users to pay a ransom to decrypt their data, hard drive or source code. For example, an attacker that encrypts a user's documents and demands payment to decrypt them.
typo squatting
Users that mistype a URL and end up at a web site that infects them with malware have been victims of ______
Attack Types
Major attack types include man-in-the-middle, DDoS, DoS, replay, smurf attack, spoofing, spam, phishing, spim, vishing, spear phishing, Xmas attack, pharming, privilege escalation, DNS poisoning and ARP poisoning.
Vlan tagging standard
802.1Q
...
Q in Q
DoS (Denial of Service)
A _____ attack originates from one computer
DDoS (Distributed Denial of Service)
A _____ attack originates from multiple computers and attempts to make a computer or network unavailable to legitimate users by consuming resources such as network connections.
DDoS (Distributed Denial of Service)
An example of a ____ would be a large amount of transmissions from multiple external computers to the web server, which is now inaccessible to users.
Fraggle
A ___ attack is a DDoS attack that uses UDP packets.
SYN Flood
___ is a DDoS attack in which multiple external hosts start but do not finish the three way TCP handshake; exhausting the half open connection queue.
Smurf attacks
____ are a DoS attack in which the attacker impersonates the IP address of the victim and pings the subnet broadcast address.
Xmas tree
_____ s set every option for the protocol in use, lighting it up like a Xmas tree. This consumes resources and can be used in a DoS; or it can be used to do stack fingerprinting in which the target OS is identified.
...
Attackers can spoof the source IP address, the MAC address or a Web site. URL spoofing is phishing.
man-in-the middle
If the IP address is spoofed for the purpose of impersonation, then this is a _____ attack. The attacker monitors the packets, guesses the sequence number, knocks out the victim with a SYN attack and injects his own packets, claiming to have the address of the victim.
Replay attacks
Man-in-the-middle
______ capture and then replay the authentication credentials at a later time or date. ______ attacks take place in real-time. SSL certificate warnings might indicate a man-in-the-middle attack. A replay attack might capture valid wireless traffic for later retransmission to discover the encryption key. The attacking computer will have large network traffic dump files.
DNS cache poisoning
_____ inserts false information in a DNS name server's cache.
Pharming
redirects Web site traffic to a spoofed Web site, by changing the DNS records, DNS cache or the hosts file.
ARP poisoning
In ___ , an attacker responds to an ARP broadcast for the victims MAC
Phishing
_____ attempts to gain sensitive information by masquerading as trustworthy.
Spear phishing
______ targets select groups of people with something in common.
Whaling
_______ is targeted phishing of senior executives and other high profile targets.
Vishing
______ is phishing over the phone.
SPAM
_____ is unsolicited advertising via email.
SPIM
______ is SPAM over Instant Messenger
SPIT
_____ is SPAM over Instant Texting.
mail relay server
The best location for a spam filter is in front of the _____ . The SPAM folder settings should be checked if a user is not able to receive email from a specific user.
Insiders
______ often do more damage than outside hackers. WikiLeaks is an example of this. Intrusion Detection/Prevention Systems also monitor/block inside attacks. Auditing is also helpful.
privilege escalation
In _____ an attacker with access to a user account exploits a bug or configuration error to gain elevated privileges.
transitive trust
In ______ attacks the hacker probes for and attempts to compromise the weakest link in a chain of trust. For instance, if a small supplier has access to an extranet for a large company, the attacker will attempt to socially engineer the weakest employee at the small supplier.
Web client-side
_____ attacks target web browsers. A modern and patched browser should be used.
Server-side input validation
______ is more secure than client-side input validation.
Watering hole attack
______ hackers infect web sites of interest to their targets.
Shoulder surfing
______ is looking over someone's shoulder to view confidential information.
Dumpster diving
_____ involves sorting through the trash to discover information to be used in a subsequent attack.
Tailgating
_____ is following closely behind an authorized user to gain unauthorized access to a secured area before the door is closed. Countermeasures to tailgating include mantraps, security guards and user education.
Hoaxes
_____ are falsehoods that convince a user to harm their, or their organization's, computer or security posture. Suspected hoax emails to users should be forwarded to administrators and not to other users.
Whaling
_____ is phishing directed against an organization's hierarchy. An example of whaling is a convincing, well-researched email attack sent to the company's Chief Executive Officer (CEO).
Spear phishing
_____ is phishing directed against a particular, high-value group
Vishing
_____is voice phishing. It leverages VoIP phone calls.
Social Engineering Principles of Attack.
These attacks include authority, intimidation, consensus/social proof, scarcity, urgency, familiarity/liking and trust
scarcity
If users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular smartphone, it is an example of _____ .
Rogue access
____ points are unauthorized wireless access points that are used to gain access to a secure network.
Evil twins
_____ are duplicate access points that has been created to allow a hacker to conduct a man-in-the-middle attack.
RFI and EMI
___ and ___ is eliminated by fiber optic cabling.
RFI and EMI
___ and ___ are mitigated by shielding, coaxial and STP cabling, and using conduits.
Bluejacking, Bluesnarfing, and Bluebugging.
These exploits use Bluetooth. Bluejacking pops up unwanted messages on a smart phone. Bluesnarfing is more serious because it allows total access to a smart phone including any data such as an address book and emails. In Bluebugging the attacker can also monitor a smart phone user's conversation and camera.
War Dialing
In ____ a hacker attacks a dial-up site.
war chalking
In _____ the location and specifics of wireless access points are documented by nearby chalk marks. It involves randomly attempting to connect to wireless network access points and documenting the locations.
war driving
In _____ a driver searches for Wi-Fi networks using a portable computer or smart phone. War driving is a reason why wireless access points should not be placed near a building's perimeter.
IV Attacks and Packet Sniffing.
The initialization vector (IV) is a semi-random value factored with the encryption key. Longer and more random IVs provide more security. WEP only uses a 24 bit IV. WEP uses an RC4 key that can be discovered by packet sniffing on plain text initialization vectors. Packet sniffing can also discover passwords and other data sent in cleartext by protocols such as FTP, Telnet, PAP, SNMPv1 and v2.
Noop sled
▪ A buffer stores data and instructions. An early buffer attack is a _____.
▪ Measures to protect against buffer overflows include input validation, patching, and the no-execute bit of Data Execution Prevention.
▪ DLP is a feature of modern CPUs that segregates areas of memory into data and code
SQL/DLL injection
____ is insertion of bogus information into a database. Stored procedures can be used for SQL injection.
XML injection
compromises the logic of an XML application or service
LDAP Injection
exploits web based applications that construct LDAP statements based on user input
injection techniques
Input validation, secure coding practices and patching are defenses for ____ .
directory traversal
A ____ exploits insufficient validation of user supplied file names so that characters representing "traverse to parent directory" are parsed. The goal is to access a file that is not intended to be accessible, such as a password file or other confidential data.
command injection
In _____ , an attacker modifies dynamically generated content on a Web page by entering HTML code into an input mechanism, such as a form field. Commands are executed with the same privileges and as those of the application.
zero-day
A ___ attack exploits computer vulnerabilities that are hereto unknown so that a patch does not exist. Anomaly based IDS/IPS and antivirus programs are best are detecting/preventing zero day attacks.
Cookies
____ are small text files that pass information between Web pages, such as a shopping cart. Tracking cookies and browser history are used by adware. Third party cookies are from advertisers and should be blocked.
Flash cookies/Locally Shared Objects (LSOs)
contain cookie-like data that a web site running Adobe Flash can place on your hard drive
Malicious add-ons
_____ are browser helpers that may include adware or spyware. Often they not removed by anti-spyware programs. Unsigned browser helpers should be removed.
Session hijacking
____ is the hijacking/reuse of a magic cookie used to authenticate a user to a remote server. Authentication cookies are exploited in session hijacking.
Header Manipulation
.TCP and/or HTTP headers are changed in ____ . TCP headers have flags such as URG, ACK, PSH, RST, SYN and FIN. Flags are specific to header manipulation. HTTP headers can also be changed so that malicious data is passed to a vulnerable web application.
Attack mitigation and deterrence measures
______ include monitoring of system logs, strong physical security, host & network hardening, port security and a strong security posture.
Physical detective and preventive systems
______ should updated on a regular basis with the latest countermeasures. Information about protective measures and systems should be kept secret.
Event viewer
______ contains system, security and application logs.
system Log
The ______ contains information on system startup, service startup, time changes and backups
security log
The _____ has auditing and log-on information
application log
The ______ contains events that are logged by applications.
Physical security
______ includes hardware locks, mantraps, video surveillance, fencing, lighting, as well as proximity and badge readers.
Hardening

Hardening
______ includes disabling unnecessary services, protecting management interfaces and applications, password protection, disabling unnecessary accounts and applying the latest patches. Web servers should be placed in a DMZ after _____ the OS.
Reporting
_______ includes alarms, alerts and trends. With a constant system changes, managing IT security for servers, workstations, laptops, firewalls, routers, switches and firewalls is extremely difficult to manage without automation.
Detective
________security controls include CCTV, facial recognition software, sign in logs and routine security audits.
Preventative physical
________ security controls include an access control system, an armed guard, a mantrap and bollards
Security posture
______ includes initial baseline configuration, continuous security monitoring and remediation. An initial baseline allows an anomaly detection system to evaluate traffic properly.
denial-of-service
A ______ attack can be detected by system resource monitors and baselines. The baseline should be updated whenever software is upgraded on a production system. The configuration baseline should be updated after deploying a new service pack. A security template is used to both deploy and reapply baseline security configurations.
vulnerability scanner
A _____is an application that checks computers and networks for weaknesses such as missing patches or misconfiguration. Vulnerability scanners can be used to test the security of a network for a wide range of problems without disrupting operations. Examples of a comprehensive vulnerability scanners include Nessus and the MBSA. Complimentary security assessment tools include port scanners, network mappers and password crackers.
Risk Calculations
Risk is equal to the probability that a threat will exploit a vulnerability times the cost of the asset.
Risk = Threat x Vulnerability x Cost of asset.
quantitative
qualitative
The main difference between qualitative and quantitative risk assessment is that ______ is based on calculations while _____ is based on subjective ranking
Penetration testing
______ is more thorough but more disruptive than vulnerability scanning in that it also includes social engineering, buffer overflows and active testing of physical security.
Penetration testing
Penetration testing
------ actively tests security controls on a system. It's exploiting successive vulnerabilities to bypass security controls. It should only be conducted after obtaining express written authorization as it actively tests security controls and can cause system instability. An advantage of _____ over vulnerability testing is that it proves that a system could be compromised
Vulnerability scanning
_____ is a passive attempt to identify weaknesses.
penetration testing and
Vulnerability scanning
_____ and ______should be used when assessing a network containing resources that require near 100% availability.
Black Box, Gray Box, White Box.
The color of the box is determined by what a penetration tester knows about a network before testing.
black box
In____ penetration testing, the penetration tester has no prior knowledge of the network.
grey box
In ______ penetration testing, the penetration tester knows what a user knows.
white box
In _____ penetration testing, the penetration tester is given administrative access.
fuzzer/fault injector
A ____ is an application that discovers security vulnerabilities by sending random input strings to a program. A vulnerability is discovered if that input results in an exception, crash or server error
Secure Coding Concepts.
Exception handling takes care of special conditions that change the normal flow of program execution. Software testing can catch exceptional conditions such as bad input and data errors.
True
Account lockout is a form of DOS. True or False