Network Security Terminology Flashcards
Asset
A person, device, location, or information that SecOps aims to protect from attack
Attack
An action taken by a threat that exploits a vulnerability that attmpts to block authorized access to an asset, or to gain unauthorized access to an asset
Risk
The potential of a threat to exploit a vulnerability via an attack
SecOps
- abbreviation for IT security operations
- a discipline within IT responsible for protecting assets by reducing the risk of attacks
Threat
Something or someone that can explot a vulnerability to attack an asset
Vulnerability
A weakness in software, hardware, facilities, or humans that can be exploited by a threat
Red team
attempts to compromise the security
Blue team
defends against the red team’s attacks
white team
neutral team that observes
may server as referee
purple team
- Red and blue tema engage, and then when certain criteria are met, the teams debrief, cross-train each other and repeat
- also known the iterate and improve model
White hat
IT professionals who specialize in penetrating or compromising network security, but only to help an organization improve its security posture.
Only performs attacks when authorized to do so
Remain in compliance with any and all laws governing such behavior
Black hat
- May or may not be IT professionals, but possess the knowledge and will to reach systems for profit.
- Profit may be monetary, “street credibility”, or just a source of entertainment
- Black hats do not ask permission and are not interested in helping their targets
Gray hat
- Group of people who may or may not be IT professionals
- May or may not choose to break laws in pursuit of their hacking goals
- Unlike Black Hats, have no malicious intent in their actions
- Unlike White hats, they may not have obtained permission to perform the attack
CIA Triad
- Confidentiality
- Integrity
- Availability
Confidentiality
