Network and Server Vulnerability Flashcards
CVSS
Common Vulnerability Scoring System
ISMS
Information Security Management System
Network Profiling
Network profiling is the process of capturing, understanding, and characterising the typical behaviour of a network over time. It involves establishing a baseline, which is a statistical representation of the network’s standard operation at any given point in time. Once this baseline is established, any significant deviation from it might be indicative of potential issues, anomalies, or security threats.
WAN
Wide Area Network
LAN
Local Area Network
Network Profile Elements
- Session duration (The time between the establishment of a data flow and its termination)
- Total Throughput (Amount of data passing from a given source to a given destination in a given period of time)
- Ports Used (A list of TCP or UDP processes that are available to accept data)
- Critical Asset Address Space (The IP addresses or the logical location of essential systems or dat)
TCP
Transmission Control Protocol
UDP
User Datagram Protocol
Server Profiling
Server profiling is used to establish the accepted operating state of servers. A server profile is a security baseline for a given server. It establishes the network, user, and application parameters that are accepted for a specific server.
Server profile Elements
- Listening ports (The TCP and UDP daemons and ports that are allowed to be open on the server)
- Logged-in users and accounts (The parameters defining user access and behaviour)
- Service accounts (The type of services an application is allowed to run)
- Software environment (The tasks, processes and applications that are permitted to run on the server)
NBA
Network Behaviour Analysis
the analysis of this diverse, unstructured data using Big Data analytics techniques to detect network attacks
