1 Flashcards
to set a limit on the amount of data we expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
Bounds Checking
A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions
Race Conditions
a type of attack that can occur when we fail to validate the input to our applications or take steps to filter out unexpected or undesirable content
Input Validation
a type of input validation attacks in which certain print functions within a programming language can be used to manipulate or view the internal memory of an application
Format String Attack
A type of attack that can occur when we fail to use strong authentication mechanisms for our applications
Authentication Attack
A type of attack that can occur when we fail to use authorization best practices for our applications
Authorization Attack
A type of attack that takes advantage of weaknesses in the software loaded on client machines or one that uses social engineering techniques to trick us into going along with the attack
Cryptographic Attack
A type of attack that takes advantage of weaknesses in the software loaded on client machines or one that uses social engineering techniques to trick us into going along with the attack
Client-Side Attack
an attack carried out by placing code in the form of a scripting language into a web page or other media that is interpreted by a client browser
XSS (Cross Site Scripting)
an attack in which the attacker places a link on a web page in such a way that it will be automatically executed to initiate a particular activity on another web page or application where the user is currently authenticated
XSRF (cross-site request forgery)
An attack that takes advantage of the graphical display capabilities of our browser to trick us into clicking on something we might not otherwise
Clickjacking
A type of attack on the web server that can target vulnerabilities such as lack of input validation, improper or inadequate permissions, or extraneous files left on the server from the development process
server-side attack
Name the 4 main categories of database security issues
- Protocol issues
- unauthenticated access
- arbitrary code execution
- privilege escalation
A type of tool that analyzes web pages or web-based applications and searches for common flaws such as XSS or SQL injection flaws, and improperly set permissions, extraneous files, outdated software versions, and many more such items
web application analysis tool
unauthenticated flaws in network protocols, authenticated flaws in network protocols, flaws in authentication protocols
protocol issues
An attack that exploits an applications vulnerability into allowing the attacker to execute commands on a user’s computer.
* arbitrary code execution in intrinsic or securable SQL elements
arbitrary code execution
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.
* via SQL injection or local issues
Privilege Escalation
a security best practice for all software
* the most effective way of mitigating SQL injection attacks
validating user inputs
A web server analysis tool that performs checks for many common server-side vulnerabilities & creates an index of all the files and directories it can see on the target web server (a process known as spidering)
Nikto (and Wikto)
A well-known GUI web analysis tool that offers a free and professional version; the pro version includes advanced tools for conducting more in-depth attacks
burp suite
A type of tool that works by bombarding our applications with all manner of data and inputs from a wide variety of sources, in the hope that we can cause the application to fail or to perform in unexpected ways
fuzzer
A tool developed by Microsoft to find flaws in file-handling source code
MiniFuzz File Fuzzer
A tool developed by Microsoft to examine source code for general good practices
BinScope Binary Analyzer
A tool developed by Microsoft for testing certain pattern-matching expressions for potential vulnerabilities
SDL Regex Fuzzer
CERT, NIST 800, BSI, an organization’s internal coding guidelines
good sources of secure coding guidelines
the process of reducing the number of available avenues through which our OS might be attacked
OS hardening
The total of the areas through which our operating system might be attacked
attack surface
- Removing unnecessary software
- Removing or turning off unessential services
- Making alterations to common accounts
- Applying the principle of least privilege
- Applying software updates in a timely manner
- Making use of logging and auditing functions
6 main hardening categories
states we should only allow a party the absolute minimum permission needed for it to carry out its function
Principle of Least Privilege
A particularly complex and impactful item of malware that targeted the Supervisory Control and Data Acquisition (SCADA) systems that run various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive
Stuxnet
A type of tool that uses signature matching or anomaly detection (heuristics) to detect malware threats, either in real-time or by performing scans of files and processes
anti-malware tool
the process of anomaly detection used by anti-malware tools to detect malware without signatures
heuristics
A hardware and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code
executable space protection
The act of inputting more data than an application is expecting from a particular input, creating the possibility of executing commands by specifically crafting the excess data
buffer overflow (overrun)
a security method that involves shifting the contents of memory around to make tampering difficult
ASLR (Address Space Layout Randomization)
This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities
software firewall
a system used to analyze the activities on or directed at the network interface of a particular host.
* may communicate with management device by sending regular beacons
HIDS (host-based intrusion detection system)
a type of tool that can detect various security flaws when examining hosts
scanner
A tool that is aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities
vulnerability assessment tool
A well-known vulnerability assessment tool that includes a port scanner
Nessus
A group of tools that can include network mapping tools, sniffers, and exploits
exploit framework
small bits of software that take advantage of flaws in software/applications in order to cause them to behave in ways that were not intended by their creators
exploits
Name 3 examples of exploit frameworks
Metasploit, Immunity CANVAS, Core Impact
This method of security involves a well-configured and patched network, and incorporating elements such as network segmentation, choke points, and redundancy
security in network design
The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet)
network segmentation
certain points in the network, such as routers, firewalls, or proxies, where we can inspect, filter, and control network traffic
choke points
a method of security that involves designing a network to always have another route if something fails or loses connection
redundancy
a mechanism for maintaining control over the traffic that flows into and out of our networks
firewall
A firewall technology that inspects the contents of each packet in network traffic individually and makes a gross determination (based on source and destination IP address, port number, and the protocol being used) of whether the traffic should be allowed to pass
packet filtering
a firewall that can watch packets and monitor the traffic from a given connection
SPI (Stateful Packet Inspection)
a firewall technology that can analyze the actual content of the traffic that is flowing through
DPI (Deep Packet Inspection)
a specialized type of firewall that can serve as a choke point, log traffic for later inspection, and provides a layer of security by serving as a single source of requests for the devices behind it
proxy server
a combination of a network design feature and a protective device such as a firewall.
Often used for systems that need to be exposed to external networks but are connected to our own network (such as a web server)
DMZ (demilitarized zone)
A system that monitors network traffic and alerts for unauthorized activity
NIDS (Network intrusion detection system)
An IDS that maintains a database of signatures that might signal a particular type of attack and compares incoming traffic to those signatures
signature-based IDS
an IDS that takes a baseline of normal network traffic and activity and measures current traffic against this baseline to detect unusual events
anomaly-based IDS
an encrypted connection between two points
VPN (Virtual Private Network)
protocol used to secure traffic in a variety of ways, including file transfers and terminal access. uses RSA encryption (asymmetric encryption)
SSH (Secure Shell)
a phrase that refers to an organization’s strategy and policies regarding the use of personal vs. corporate devices
BYOD (bring your own device)
a solution that manages security elements for mobile devices in the workplace
MDM (mobile device management)
a well-known Linux sniffing tool used to detect wireless access points
kismet
A Windows tool used to detect wireless access points
NetStumbler
A well-known port scanner that can also search for hosts on a network, identify the operating systems those hosts are running, detect the version of the services running on any open ports, and more
nmap
this type of tool can intercept traffic on a network; listens for any traffic that the network interface of our computer or device can see
packet sniffer (aka network or protocol analyzer)
classic, command-line sniffing tool that monitors network activities, filters traffic, and more
runs on UNIX systems
tcpdump (WinDump for Windows)
a graphical interface protocol sniffing tool that is capable of filtering, sorting, & analyzing both wired and wireless traffic - popular troubleshooting tool
Wireshark
A type of tool that deliberately displays vulnerabilities or attractive data so it can detect, monitor, and sometimes tamper with the activities of an attacker
honeypot
A tool used to test the security of firewalls and map network topology.
- constructs specially crafted ICMP packets to evade measures to hide devices behind firewall
- scripting functionality to test firewall/IDS
hping3
A type of security that is concerned with the protection of people, equipment, and data
physical security
the plans we put in place to ensure that critical business functions can continue operations in the event of an emergency
BCP (Business Continuity Plan)
the plans we put in place in preparation for a potential disaster, and what exactly we will do during and after
DRP (Disaster Recovery Plan)
extreme temperature, gases, living organisms, projectiles, movement, energy anomalies, people, toxins, smoke, and fire
major categories of physical threats
The devices, systems, people, and other methods we put in place to ensure our security in a physical sense
physical security controls
name the 3 main types of physical controls
- deterrent
- detective
- preventive
Controls designed to discourage those who might seek to violate our security controls
deterrent controls
controls designed to detect and report undesirable events that are taking place
detective controls
Controls designed to physically prevent unauthorized entities from breaching our physical security
preventive controls
Data that is unintentionally left behind on a storage device
residual data
Name the 3 main considerations for protecting people
- Safety
- evacuation plans
- administrative controls
Name the 3 main considerations for protecting data
- availability
- residual data
- backups
Name the considerations for protecting equipment
equipment, facility repair/replacement
storage media that is least sensitive to temperature, humidity, magnetic fields, and impacts
flash media
a data storage virtualization technology that combines multiple physical disk drive components into a single logical unit for the purposes of data redundancy, performance improvement, or both.
RAID (redundant array of inexpensive disks)
protecting data, passwords, social engineering, network usage, malware, the use of personal equipment, clean desk, policy knowledge
most common security awareness issues
a security awareness issue that is concerned with the criticality of carefully handling data from the perspectives of compliance, as well as reputation and customer retention
protecting data
a security awareness issue that involves educating users of the importance of strong passwords and password handling best practices
passwords
techniques used by an attacker that rely on the willingness of people to help others
social engineering
A technique involving a fake identity & a believable scenario that elicits the target to give out sensitive information or perform some action which they would not normally do for a stranger
pretexting
a social engineering technique that uses electronic communications (email, text, phone calls) to convince a potential victim to give out sensitive information or perform some action
phishing
a social engineering techniqe that targets a specific company, organization, or person, and involves knowing specifics about the target to appear valid
spearphishing
a method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating
tailgating (piggybacking)
a security awareness issue that involves educating users about security issues around connecting devices to networks, such as connecting outside devices to the corporate network, and connecting corporate resources to a public network
network usage
a security awareness issue that involves educating users about malicious software and how to avoid it
malware
security awareness issue that is concerned with protecting a company’s assets
use of personal equipment
a security awareness issue that requires users to protect sensitive information at all times, even when away from one’s desk
clean desk policy
a security awareness issue that is necessary to maintain compliance throughout the organization
policy and regulatory knowledge
a program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts
SATE (Security Awareness, Training and Education)
the process we use to protect our information
OPSEC (Operations Security)
A Chinese military general from 6th century BC who wrote The Art of War, a text that shows early examples of operations security principles
Sun Tzu
The codename of a study conducted to discover the cause of an information leak during the Vietnam War; is now a symbol of OPSEC
Purple Dragon
the process of intelligence gathering and analysis in order to support business decisions
competitive intelligence
5 steps of the operations security process (OPSEC)
1.Identification of critical information
2.Analysis of threats
3.Analysis of vulnerabilities
4.Assessment of risks
5.Application of countermeasures
If you don’t know the threat, how do you know what to protect?
The 1st Law of Haas’ Laws of Operations Security
If you don’t know what to protect, how do you know you are protecting it?
The 2nd Law of Haas’ Laws of Operations Security
If you are not protecting it, the dragon wins!
The 3rd Law of Haas’ Laws of Operations Security
services that are hosted, often over the Internet, for the purposes of delivering easily scaled computing services or resources
cloud computing
1st step in the OPSEC process, arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed
identification of critical information
2nd step in the OPSEC process: to look at the potential harm or financial impact that might be caused by critical information being exposed, and who might exploit that exposure
analysis of threats
3rd step in the OPSEC process: to look at the weaknesses that can be used to harm us
analysis of vulnerabilities
4th step in the OPSEC process: to determine what issues we really need to be concerned about (areas with matching threats and vulnerabilities)
assessment of risks
5th step in the OPSEC process: to put measures in place to mitigate risks
appliance of countermeasures
this law provides a framework for ensuring the effectiveness of information security controls in federal government - changed from Management (2002) to Modernization in 2014
FISMA (Federal Information Security Modernization Act)
this law improves the efficiency and effectiveness of the health care system and protects patient privacy
HIPAA (Health Insurance Portability and Accountability Act)
this law protects the privacy of students and their parents
FERPA (Family Educational Rights and Privacy Act)
this law regulates the financial practice and governance of corporations
SOX (Sarbanes-Oxley Act)
this law protects the customers of financial institutions
GLBA (Gramm-Leach-Bliley Act)
relating to an organization’s adherence to laws, regulations, and standards
compliance
Regulations mandated by law usually requiring regular audits and assessments
regulatory compliance
Regulations or standards designed for specific industries that may impact ability to conduct business (e.g. PCI DSS)
industry compliance
the state or condition of being free from being observed or disturbed by other people
privacy
This act safeguards privacy through the establishment of procedural and substantive rights in personal data
The Federal Privacy Act of 1974
Rights relating to the protection of an individual’s personal information
privacy rights
Information that can be used to identify an individual, and should be protected as sensitive data and monitored for compliance
PII (Personally Identifiable Information)
the science of keeping information secure
cryptography
The science of breaking through the encryption used to create ciphertext
Cryptanalysis
The overarching field of study that covers cryptography and cryptanalysis
cryptology
The specifics of the process used to encrypt plaintext or decrypt ciphertext
cryptographic algorithm (cipher)
unencrypted data
plaintext (cleartext)
encrypted data
ciphertext
an ancient cryptographic technique based on transposition; involves shifting each letter of a plaintext message by a certain number of letters (historically 3)
Caesar cipher
a more recent cipher that uses the same mechanism as the Caesar cipher but moves each letter 13 places forward
ROT13 cipher
uses a single key for both encryption of the plaintext and decryption of the ciphertext
symmetric key cryptography (private key cryptography)
A type of cipher that takes a predetermined number of bits in the plaintext message (commonly 64 bits) and encrypts that block
block cipher
A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time
stream cipher
A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode
AES (Advanced Encryption Standard)
this method uses 2 keys, a public key and a private key
asymmetric key cryptography (public key cryptography)
a protocol that uses the RSA algorithm (an asymmetric algorithm) to secure web and email traffic
SSL (secure sockets layer)
keyless cryptography that creates a largely unique and fixed-length hash value based on the original mesage
hash function (message digest)
used to determine whether the message has changed; provides integrity (but not confidentiality)
hash
a method of securing a message that involves generating a hash and encrypting it using a private key
digital signature
created to link a public key to a particular individual;
used as a form of electronic identification for that person
certificate
a trusted entity that handles digital certificates
CA (certificate authority)
infrastructure that includes the CAs that issue and verify certificates and the RAs that verify the identity of the individuals associated with the certificates
PKI (public key infrastructure)
An authority in a PKI that verifies the identity of the individual associated with the certificate
RA (registration authority)
a public list that holds all the revoked certifications for a certain period of time
CRL (Certificate Revocation List)
Data that is on a storage device of some kind and is not moving
data at rest
Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways
data in motion
This type of data is protected using data security (encryption) and physical security
data at rest
This type of data is the hardest to protect
data in use
a subset of cryptography that refers specifically to the transformation of unencrypted data into its encrypted form
encryption
decryption
The process of recovering the plaintext message from the ciphertext
decryption
a set of methods we use to establish a claim of identity as being true - corroborates the identity of an entity, whether it is the sender, the sender’s computer, some device, or some information
authentication
An asymmetric encryption algorithm that uses smaller key sizes and requires less processing power than many other encryption methods.
commonly used in smaller wireless devices
ECC (Elliptic Curve Cryptography)
this provides us with the means to trace activities in our environment back to their source
accountability
Refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action
nonrepudiation
refers to elements that discourage or prevent misbehavior in our environments
deterrence
a tool that alarms and takes actions when malicious events occur
IDS (intrusion detection system)
a methodical examination and review that ensures accountability through technical means;
ensures compliance with applicable laws, policies, and other bodies of administrative control, and detects misuse
auditing
A process that provides a history of the activities that have taken place in the environment
logging
a subset of auditing that focuses on observing information about the environment in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends
monitoring
An activity involving the careful examination of our environment using vulnerability scanning tools in order to discover vulnerabilities
vulnerability assessment
A more active method of finding security holes that includes using the kinds of tools attackers use to mimic an attack on our environment
penetration testing
a record of where evidence was and how it was passed and protected;
required by courts for admissibility of records
chain of custody
enables us to determine what users are allowed to do
authorization
States that we should allow only the bare minimum access required in order for a given party (person, user account, or process) to perform a needed functionality
principle of least privilege
the act of doing something that is prohibited by law or rule
violation
An act that grants a particular party access to a given resource
allowing access
an act that prevents a party from accessing something, such as logging on to a machine or entering the lobby of our building after hours
denying access
An act that allows some access to a given resource, but only up to a certain point
limiting access
A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate
sandbox
the ability to remove access from a resource at any point in time
revocation
typically built to a certain resource, these contain the identifiers of the party allowed to access the resource and what that party is allowed to do
ACL (Access Control List)
in this method of security, a person’s capabilities are oriented around the use of a token that controls their access (e.g. a personal badge)
capability-based security
A type of attack that is more common in systems that use ACLs rather than capabilities;
- when software has greater permissions than user, the user can trick the software into misusing authority
confused deputy problem
a type of attack that misuses the authority of the browser on the user’s computer
CSRF (Cross Site Request Forgery)
client-side attack that involves the attacker placing an invisible layer over something on a website that the user would normally click on in order to execute a command differing from what a user thinks they are performing
- takes advantage of some of the page rendering features that are available in newer browsers
clickjacking (user interface redressing)
access control model in which access is determined by the owner of the resource in question
- e.g. network share permissions
DAC (Discretionary Access Control)
access control model in which access is based on attributes (of a person, a resource, or an environment)
ABAC (attribute-based access control)
access is based on the role the individual is performing
- similar to MAC in that access controls are set by an authority responsible for doing so, rather than by the owner of the resource
RBAC (Role Based Access Control)
Attributes of a particular individual, such as height
subject attributes
Attributes that relate to a particular resource, such as operating system or application
resource attributes
Attributes that relate to environmental conditions, such as time of day or length of time
environmental attributes
- Designed to prevent conflicts of interest
- commonly used in industries that handle sensitive data
- 3 main resources classes are considered in this model: objects, company groups, and conflict classes
Brewer and Nash model
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource.
- 2 security properties define how information can flow to and from the resource: the simple security property and the * property
Bell-LaPadula Model
Primarily concerned with protecting the integrity of data, even at the expense of confidentiality.
- 2 security rules: the simple integrity axiom and the * integrity axiom
Biba model
A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating
Tailgating
Access controls that regulate movement into and out of building or facilities
Physical access controls
An access control model that includes many tiers of security and is used extensively by military and government organizations and those that handle data of a very sensitive nature
Multilevel access control model
Access control model in which access is decided by a group or individual who has the authority to set access on resources
MAC (Mandatory Access Control)
Something that supports our claim to identity, either in our personal interactions or in computer systems, e.g. social security cards
identity verification
the claim of what someone or something is
identification
Authentication requirements help prevent this crime
Falsifying Identification
A password is an example of this type of factor
Something you know
An iris scan is an example of this type of factor
something you are
A swipe card is an example of this type of factor
something you have
The time delay between your keystrokes is an example of this type of factor
something you do
Being at a specific terminal is an example of this type of factor
where you are
An authentication mechanism in which both parties authenticate each other
-can prevent a man-in-the-middle attack
multifactor authentication
a password that is a combination of uppercase letters, lowercase letters, numbers, and symbols, such as punctuation marks
elements of a complex password
Unique physical characteristics of an individual, such as the color patterns in an iris, fingerprints, or handprints
biometrics
a stipulation that our chosen biometric characteristic should be present in the majority of people we expect to enroll in the system
universality
a measure of the differences of a particular characteristic among a group of individuals
uniqueness
how well a particular characteristic resists change over time and with advancing age
permanence
How easy it is to acquire a characteristic that we can later use to authenticate a user
collectability
A set of metrics that judge how well a given system functions
performance measurement
A measure of how agreeable a particular characteristic is to the users of a system
acceptability
Describes the ease with which a system can be tricked by a falsified biometric identifier
circumvention
the rate at which we accept users whom we should actually have rejected
FAR (false acceptance rate)
the rate at which we reject legitimate users when we should have accepted them
FRR (false rejection rate)
protects information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
Information Security
companies that process credit card payments must comply with this set of standards
PCI DSS (Payment Card Industry Data Security Standard)
the act of holding information in confidence, not to be released to unauthorized individuals
-a necessary component of privacy
Confidentiality
refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner
integrity
refers to the ability to access our data when we need it
availability
a type of attack, primarily against confidentiality
interception
something that has the potential to cause harm to our assets
threat
a weakness that can be used to harm us
vulnerability
the likelihood that something bad will happen
risk
involves considering the value of the asset being threatened to assess risk
-sometimes added to the threat/vulnerability/risk equation
impact
An attack that causes our assets to become unusable or unavailable for our use, on a temporary or permanent basis
-primarily affects availability
-can affect integrity
interruption attack
A model that adds three more principles to the CIA triad: possession or control, utility, and authenticity
Parkerian hexad
the physical disposition of the media on which the data is stored
possession/control
allows for attribution as to the owner or creator of the data in question
authenticity
refers to how useful the data is to us
utility
An attack that involves generating data, processes, communications, or other similar activities with a system;
- affects primarily integrity and availability
fabrication attack
One of the first and most important steps of the risk management process
identify assets
A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail
defense in depth
based on rules, laws, policies, procedures, guidelines, and other items that are “paper” in nature
administrative controls
controls that protect the systems, networks, and environments that process, transmit, and store our data
logical controls (technical controls)
Controls that protect the physical environment in which our systems sit, or where our data is stored
physical controls
Involves putting measures in place to help ensure that a given type of threat is accounted for
mitigating risk
The risk management phase that consists of all of the activities that we can perform in advance of the incident itself, in order to better enable us to handle it
preparation phase
The risk management phase where we detect the occurrence of an issue and decide whether it is actually an incident so that we can respond to it appropriately
detection and analysis phase
The risk management phase where we determine specifically what happened, why it happened, and what we can do to keep it from happening again
post-incident activity phase
to completely remove the effects of the issue from our environment
eradication
taking steps to ensure that the situation does not cause any more damage than it already has, or at the very least, lessen any ongoing harm
containment
restore to a better state (either the state prior to the incident, or if we did not detect the problem immediately, prior to when the issue started)
recovery
EU regulation that safeguards personally identifiable information
EU Directive 95/46/EC
Detects wireless access points and analyzes network traffic. Useful for surveying a network to understand its wireless security footprint.
Kismet/Netstumbler
Scans networks to identify active hosts and open ports. Employed for initial network reconnaissance and security auditing.
NMAP
A packet sniffer and protocol analyzer for real-time network monitoring. Ideal for diagnosing network issues or analyzing security incidents.
WireShark
A Unix/Linux command-line packet capture tool. Helpful for real-time network troubleshooting and capturing packets for later analysis.
TCPDump
Decoy systems to lure attackers away from legitimate targets. Useful for studying attacker behaviors and tactics.
Honeypots
Crafts custom ICMP, UDP, and TCP packets to test firewalls. Employed to identify vulnerabilities or misconfigurations in firewall rules.
Hping3
Provides hardware-level buffer overflow protection in Intel chipsets. Useful for preventing malicious code execution at the system level.
Intel Executable Disable (XD)
Randomizes memory locations for process execution, offering buffer overflow protection. Effective against exploits aiming to predict memory addresses.
Address Space Layout Randomization (ASLR)
Offers chipset-level buffer overflow protection for AMD processors. Acts as a hardware-level security feature against certain types of attacks.
AMD Enhanced Virus Protection
A Tenable product for vulnerability assessment, it scans networks to identify security risks. Ideal for regular security audits.
Nessus
Vulnerability assessment tool by Immunity, designed for identifying network and system weaknesses. Useful for enterprise security audits.
CANVAS
A penetration testing framework that includes tools and exploits for security assessments. Can be used to simulate cyber-attacks to test network resilience
Metasploit
Analyzes web servers and identifies security issues like outdated software and misconfigurations. Effective for hardening web servers before deployment.
Nikto and Wikto
A web security testing platform for web application vulnerabilities. Ideal for security assessments of web-based applications.
Burp Suite
Automated tools for identifying vulnerabilities by inputting unexpected data. Helpful for discovering unknown issues like crashes or security flaws in software.
Fuzzers (MiniFuzz, Binscope, Regex Fuzzer)
Open-source vulnerability scanning and management software. Useful for detecting vulnerabilities in your network before they can be exploited.
OpenVAS
Intrusion Detection System (IDS) that monitors network traffic in real-time for malicious activities. Employed for real-time threat detection and prevention.
Snort
Advanced password recovery and cracking tool. Useful for assessing the strength of passwords by attempting to crack hashed password files.
Hashcat
Password cracking software designed to identify weak passwords by using various attack methods. Effective for security audits to improve password policies.
John the Ripper
Cuckoo Sandbox
Malware analysis tool that isolates suspicious files in a secure environment. Useful for understanding the behavior of unknown or potentially harmful files.
Federal Information Security Management Act: Mandates a comprehensive framework to protect government information, operations, and assets.
FISMA
Health Insurance Portability and Accountability Act: Regulates the use and disclosure of sensitive patient health information.
HIPAA
Family Educational Rights and Privacy Act: Governs the protection of student education records and grants specific rights to students.
FERPA
The Sarbanes-Oxley Act: Imposes regulations on financial reporting to improve the accuracy and integrity of corporate disclosures.
SOX
The Gramm-Leach-Bliley Act: Requires financial institutions to explain their data-sharing practices and safeguard sensitive data.
GLBA
