CSCI 412 Ch. 7 Vocab

Vulnerability Management

Involves identifying and managing risks to a network, including the operating system, applications, and other IT components of an organization.

Vulnerability Scan

Utilizes automated scanning processes to identify and evaluate potential issues in a computer system, network, or application.

Threat Feed

Real-time, continuously updated sources of information about potential threats and vulnerabilities.

Penetration Testing

Ethical hacking to test systems for vulnerabilities and ensure security against malicious attacks.

Vulnerability

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Vulnerability scan

A security assessment technique used to identify and evaluate potential weaknesses or vulnerabilities in a computer system, network, or application.

Vulnerability scanner

Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application.

Vulnerability assessment

The results of vulnerability scanning that identifies missing patches, deviations from baseline configuration templates, and other related vulnerabilities each of which is categorized and prioritized using an assigned impact warning.

Network monitors

Collects data about network infrastructure appliances, such as switches, access points, routers, firewalls. This is used to monitor load status for CPU/memory, state tables, disk capacity, fan speeds/temperature, network link utilization/error statistics, and so on.

Netflow

A Cisco-developed means of reporting network flow information to a structured database.

System monitors

A system monitor implements the same functionality as a network monitor for a computer host. Like switches and routers, server hosts can report health status using SNMP traps.

System logs

Logs function both as an audit trail of actions and (if monitored regularly) provide a warning of intrusion attempts. Log review is a critical part of security assurance.

Vulnerability scanners

will report the total number of unmitigated vulnerabilities for each host. Consolidating these results can show the status of hosts across the whole network and highlight issues with a particular patch or configuration issue.

Antivirus

software detects malware by signature regardless of type, though detection rates can vary quite widely from product to product.

Data loss prevention

mediates the copying of tagged data to restrict it to authorized media and services.

Security information and event management (SIEM)

Software designed to manage security data inputs and provide reporting and alerting. The core function of this tool is to collect and correlate data from network sensors and appliance/host/application logs.

Reporting

A managerial control that provides insight into the security system's status.

Alert tuning

Correlation rules that reduce the incidence of false positive alerts and alarms.

White box test

Penetration test in which the ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Black box test

Penetration test in which the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.

Gray box test

Penetration test in which the ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat.

Bug bounty

These unique tests are setup by organizations such as Google, Facebook, and others. Ethical hackers can receive compensation by reporting bugs and vulnerabilities they discover.

Scope of work

A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.