1.7 Summarize the techniques used in security assessments Flashcards
The activity of security professionals to seek out and identity new threats. It is a proactive search through IoCs, log files, or other observables to locate malware or intruders lurking on a system. It often involves intelligence fusion, use of threat feeds, reviewing advisories and bulletins, and implementing relevant maneuvers.
Threat Hunting
Used to discover weaknesses in deployed security systems to improve or repair them before a breach occurs.
Vulnerability Scanning
A tool used to scan a target system for known holes, weaknesses, or vulnerabilities.
Vulnerability Scanner
Occurs when an alarm or alert is triggered by benign or normal events. It is an alarm without a malicious event.
False positive
occurs when an alarm or alert is not triggered by malicious or abnormal events. A false negative is a malicious event without an alarm.
False negative
A scan where the logon credentials of a user are provided to the scanner for it to perform its work. Usually less aggressive.
Credentialed scan
A scan where no user accounts are provided to the scanning tool, so only those vulnerabilities that don’t require credentials are discovered. Usually more aggressive.
Non credentialed scan
A scan that attempts to exploit any flaws or vulnerabilities detected.
Intrusive vulnerability scan (active evaluation or aggressive scanning)
Only discovers the symptoms of flaws and vulnerabilities and doesn’t attempt to exploit them.
Non-intrusive vulnerability scan (a.k.a. passive evaluation)
An effort led by the NIST in an effort to establish a standardized means to define and communicate security related events and issue information
Security Content Automation Protocol (SCAP)
Assigns identifiers to publicly known system vulnerabilities to be used for cross-link and cross-referencing purposes.
Common Vulnerabilities and Exposures (CVE)
An open framework for communicating the characteristics and severity of software vulnerabilities.
Common Vulnerability Scoring System (CVSS)
When vulnerability scanners can determine whether you have improper, poor, or misconfigured systems and protections.
Configuration review
Enables the real-time cloning of logs from their primary origin point to a secondary system, typically the syslog server itself.
Syslog
A centralized application to automate the monitoring of network systems. It can use triggers or thresholds that oversee specific features, elements, or events that will send alerts or initiate alarms when specific values or levels are breached.
Security Information and Event Management (SIEM)
