04- Vulnerability Assessment Flashcards
Common Vulnerabilities and Exposures (CVE)
a reference of common names, or CVE Identifiers; CVE contains publicly known information on security vulnerabilities
provides a universal open and standardized method for rating IT vulnerabilities
Common Vulnerability Scoring System (CVSS)
Defense-in-depth
the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.
Fully Loaded Risk Factor
the value generated by multiplying Criticality times Vulnerability times Complexity Value
HFNetChk
tool built upon the industry standard of HFNetChk patch scanning engine which is used by Microsoft for its popular Microsoft Baseline Security Analyzer; developed by Shavlik Technologies
IBM Security AppScan
enables you to identify security vulnerabilities and generate reports and fix recommendations; improves application security program management and strengthens regulatory compliance
iScanOnline
identifies and locates unprotected sensitive data at rest before a data breach happens; continuously assesses servers, laptops, smartphones, and tablets for known vulnerabilities and security threats
LanGuard 2014
allow automation of patching from a single console for the entire network; including Windows, Mac OS X, and major Linux distributions such as, Red Hat Enterprise Linux, Ubuntu, Suse, CentOS, and Debian
Microsoft Baseline Security Analyzer (MBSA)
determines security status by assessing missing security updates and less-secure security settings within Microsoft Windows and Windows components
Mitigation
using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization
National Vulnerability Database (NVD)
the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance; includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics
Nessus
is the world?s most widely used vulnerability scanner, with extensive management and collaboration functions; uses powerful detection, scanning, and auditing features
Patch
a fix to a vulnerability
Patch management
an important area of systems management; this involves acquiring, testing, and installing multiple patches to your computer system
Pen testers
Penetration testers; people who perform penetration testing, also called Ethical Hackers