CSCI 412 Ch. 7 Vocab
Vulnerability management | Identifying and managing the risks to a network, including the operating system, applications, and other components of an organization's IT operations. |
Vulnerability scan | Utilizes automated scanning processes to identify and evaluate potential issues. |
Threat feed | Real-time, continuously updated sources of information about potential threats and vulnerabilities. |
Penetration testing | We pay you to hack into systems to make sure people can't hack into systems |
Vulnerability | A weakness that could be triggered accidentally or exploited intentionally to cause a security breach. |
Vulnerability scan | A security assessment technique used to identify and evaluate potential weaknesses or vulnerabilities in a computer system, network, or application. |
Vulnerability scanner | Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application. |
Vulnerability assessment | The results of vulnerability scanning that identifies missing patches, deviations from baseline configuration templates, and other related vulnerabilities each of which is categorized and prioritized using an assigned impact warning. |
White box test | Penetration test in which the ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic. |
Black box test | Penetration test in which the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats. |
Gray box test | Penetration test in which the ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat. |
Bug bounty | These unique tests are setup by organizations such as Google, Facebook, and others. Ethical hackers can receive compensation by reporting bugs and vulnerabilities they discover. |
Scope of work | A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work. |
Rules of engagement | A document that defines exactly how the penetration test will be carried out. |
Network monitors | Collects data about network infrastructure appliances, such as switches, access points, routers, firewalls. This is used to monitor load status for CPU/memory, state tables, disk capacity, fan speeds/temperature, network link utilization/error statistics, and so on. |
Netflow | A Cisco-developed means of reporting network flow information to a structured database. |
System monitors | A system monitor implements the same functionality as a network monitor for a computer host. Like switches and routers, server hosts can report health status using SNMP traps. |
System logs | Logs function both as an audit trail of actions and (if monitored regularly) provide a warning of intrusion attempts. Log review is a critical part of security assurance. |
Vulnerability scanners | A vulnerability scanner will report the total number of unmitigated vulnerabilities for each host. Consolidating these results can show the status of hosts across the whole network and highlight issues with a particular patch or configuration issue. |
Antivirus | Antivirus software detects malware by signature regardless of type, though detection rates can vary quite widely from product to product. |
Data loss prevention | Data loss prevention (DLP) mediates the copying of tagged data to restrict it to authorized media and services. |
Security information and event management (SIEM) | Software designed to manage security data inputs and provide reporting and alerting. The core function of a SIEM tool is to collect and correlate data from network sensors and appliance/host/application logs. |
Reporting | A managerial control that provides insight into the security system's status. |
Alert tuning | Correlation rules that reduce the incidence of false positive alerts and alarms. |