Chapter 8 Flashcards
Using Risk Management Tools
Threat
Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability
Compare with risk and vulnerability
Malicious Human threats
Filler
Accidental Human Threats
Filler
Environmental Threats
Filler
Threat Assessment
An evaluation of potential threats
Some common types of threat assessments are environmental, man made, internal, and external
Environmental
Filler
Manmade
Filler
Internal
Filler
External
Filler
Vulnerability
A weakness
It can be a weakness in the hardware, the software, the configuration, or even the users operating the system
Compare with Risk and Threat
Risk Management
The practice of identifying, monitoring, and limiting risks to a manageable level
It includes risk response techniques, qualitative risk assessments, and quantitative risk assessments
Risk Response Techniques
Methods used to manage risks
Common risk response techniques are accept, transfer, avoid, and mitigate
Risk Assessment
A process used to identify and prioritize risks
It includes quantitative risk assessments and qualitative risk assessments
Asset Value
An element of a risk assessment
It identifies the value of an asset and can include any product, system, resource, or process
The value can be a specific monetary value or a subjective value
Quantitative Risk Assessment
A risk assessment that uses specific monetary amounts to identify cost and asset value
It then uses the SLE and ARO to calculate the ALE
SLE
Single loss expectancy
The monetary value of any single loss
It is used to measure risk with ALE and ARO in a quantitative risk assessment
The calculation is SLE x ARO = ALE
ARO
Annual (or annulaized) rate of occurance
The number of times a loss is expected to occur in a year
It is used to measure risk with ALE and SLE in a quantitative risk assessment
ALE
Annual (or annualized) loss expectancy
The expected loss for a year
It is used to measure risk with ARO and SLE in a quantitative risk assessment
The calculation is SLE x ARO = ALE
Qualitative Risk Assessment
A risk assessment that uses judgement to categorize risks
It is based on impact and likelihood of occurrence
Likelihood of Occurence
The probability that something will occur
It is used with impact in a qualitative risk assessment
Compare with Impact
Impact
The magnitude of harm related to a risk
It is the negative result of an event, such as the loss of confidentiality, integrity, or availability of a system or data
Compare with likelihood of occurrence
Web Server
Filler
Library Computer
Filler
Risk Register
A document listing information about risks
It typically includes risk scores along with recommended security controls to reduce the risk scores
Supply Chain Assessment
An evaluation of the supply chain needed to produce and sell a product
It includes raw materials and all the processes required to create and distribute a finished product
Password Cracker
A tool used to discover passwords
Network Scanner
A tool used to discover devices on a network, including their IP addresses, their operating system, along with services and protocols running on the devices
Ping Scan
Filler
ARP Ping Scan
Filler
SYN Stealth Scan
Filler
Port Scan
Filler
Service Scan
Filler
OS Detection
Filler
Network Mapping
A process used to discover devices on a network, including how they are connected
Wireless Scanners
A network scanner that scans wireless frequency bands
Scanners can help discover rogue APs and crack passwords used by wireless APs
SSIDs
Service set identifier is the name of a wireless network
SSIDs can be set to broadcast so users can easily see it
Disabling SSID broadcast hides it from casual users
MAC Addresses
Filler
Signal Strength
Filler
Channels
Filler
Channel Widths
Filler
Security
Filler
Vulnerability Scanner
A tool used to detect vulnerabilities
A scan typically identifies vulnerabilities, misconfigurations, and a lack of security controls
It passively tests security controls
Open Ports
Filler
Weak Passwords
Filler
Default Accounts and Passwords
Filler
Sensitive Data
Filler
Security and Configuration Errors
Filler
Configuration Compliance Scanner
A type of vulnerability scanner that verifies systems are configures correctly
It will often use a file that identifies the proper configuration for systems
Penetration Testing
A method of testing targeted systems to determine if vulnerabilities can be exploited
Penetration tests are intrusive
Compare with Vulnerability Scanner
Passive Reconnaissance
A penetration testing method used to collect information
It typically uses open-source intelligence
Compare with Active Reconnaissance
Active Reconnaissance
A penetration testing method used to collect information
It sends data to system and analyzes responses to gain information on the target
Compare with passive reconnaissance
Pivot
One of the steps in penetration testing
After escalating privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network
Black Box Testing
A type of penetration test
Testers have zero knowledge of the environment prior to starting the test
Compare with gray box test and white box test
White Box Testing
A type of penetration test
Testers have full knowledge of the environment prior to starting the test
Compare with black box test and gray box test
Gray Box Testing
A type of penetration test
Testers have some knowledge of the environment prior to starting the test
Compare with black box test and white box test
Exploitation Frameworks
Tools used to store information about security vulnerabilities
They are often used by penetration testers (and attackers) to detect and exploit software
Protocol Analyzer
A tool used to capture network traffic
Both professionals and attackers use protocol analyzers to examine packets
A protocol analyzer can be used to view data sent in clear text
Nmap
A command-line tool used to scan networks
It is a type of network scanner
Netcat
A command-line tool used to connect to remote systems
Transferring Files
Filler
Port scanner
Filler
Application
Filler
System
Filler
Antivirus Logs
Filler
Application Logs
Filler
Performance Logs
Filler
SIEM
Security information and event management
A security system that attempts to look at security events throughout the organization
Aggregation
Filler
Correlation Engine
Filler
Automated Alerting
Filler
Automated Triggers
Filler
Time Synchronization
Filler
Event Deduplication
Filler
Logs/WORM
** Worm is a Self-replicating malware that travels through a network
Worms do not need user interaction to execute
Permission Auditing Review
An audit that analyzes user privileges
It identifies the privileges (rights and permissions) granted to users, and compares them against what the users need