04- Vulnerability Assessment Flashcards
Common Vulnerabilities and Exposures (CVE)
a reference of common names, or CVE Identifiers; CVE contains publicly known information on security vulnerabilities
provides a universal open and standardized method for rating IT vulnerabilities
Common Vulnerability Scoring System (CVSS)
Defense-in-depth
the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.
Fully Loaded Risk Factor
the value generated by multiplying Criticality times Vulnerability times Complexity Value
HFNetChk
tool built upon the industry standard of HFNetChk patch scanning engine which is used by Microsoft for its popular Microsoft Baseline Security Analyzer; developed by Shavlik Technologies
IBM Security AppScan
enables you to identify security vulnerabilities and generate reports and fix recommendations; improves application security program management and strengthens regulatory compliance
iScanOnline
identifies and locates unprotected sensitive data at rest before a data breach happens; continuously assesses servers, laptops, smartphones, and tablets for known vulnerabilities and security threats
LanGuard 2014
allow automation of patching from a single console for the entire network; including Windows, Mac OS X, and major Linux distributions such as, Red Hat Enterprise Linux, Ubuntu, Suse, CentOS, and Debian
Microsoft Baseline Security Analyzer (MBSA)
determines security status by assessing missing security updates and less-secure security settings within Microsoft Windows and Windows components
Mitigation
using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization
National Vulnerability Database (NVD)
the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance; includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics
Nessus
is the world?s most widely used vulnerability scanner, with extensive management and collaboration functions; uses powerful detection, scanning, and auditing features
Patch
a fix to a vulnerability
Patch management
an important area of systems management; this involves acquiring, testing, and installing multiple patches to your computer system
Pen testers
Penetration testers; people who perform penetration testing, also called Ethical Hackers
Remediation
the process of correcting a fault or deficiency; the process of fixing vulnerabilities
Report templates
allow you to filter and customize the vulnerability details for a particular scan or set of scans
Reports
Presentation of a meaningful overview of the vulnerabilities found; should have possible remediation suggestions
SANS Top 20 Critical Security Controls
focus first on prioritizing security functions which are successful in producing security controls against the latest Advanced Targeted Threats
Secunia advisories archives page
allow you to get a quick summary of all Secunia advisories and vulnerabilities released. Secunia advisories cover all types of programs and operating systems vulnerabilities
Vulnerability
a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage
Vulnerability analysis
an estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use
Vulnerability Assessment
the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems