Objective 3d Flashcards
Defined as a weakness in an information system, cryptographic system, or components that could be exploited
Vulnerabilities
Using common, well-known code, software, operating systems, or hardware increases probability an attacker can exploit
Familiarity
Using weak passwords can be easily discovered using brute force
Password Management Flaws
Programs that do not check user input can allow for unintended or direct execution of commands or SQL statements
Unchecked User Inputs
Software packages that scan systems or networks for weaknesses
AF Vulnerability Assessment Tools (VATs)
Automatically identifies configuration vulnerabilities threatening the security of DoD’s computer systems
Assured Compliance Assessment Solutions (ACAS)
Single Console access used by ACAS to manage Nessus scans at the enterprise network level, provides real-time detection of anomalies and critical events
Security Center
Comprehensive vulnerability scanner which performs configuration scans of servers, network devices, and databases to test for specific policy settings and compliance
Nessus
Monitors the network in real-time, searches out new hosts, applications, and vulnerabilities
Passive Vulnerability Scanner (PVS)
DoD information system used to record, track, and disseminate critical vulnerability information
Vulnerability Management System (VMS)
Provide system and network administrators with proactive tools that can be used to identify vulnerabilities before an adversary can find them
Security Scans
Can detect out-of-date software, validate compliance, deviation from security policies.
Scanning
Piece of software designed to update or fix problems with a computer program or its supporting data
Patch
Applied to stand alone machine; time consuming, tedius
Local Patch
Uses an automated means to apply patches or
security fixes. Most efficient
Remote Patch
