Security Assessment Flashcards
What is a posture assessment
It is a thorough examination of each aspect to determine gow it might be compromised
-try to complete annually
What is a security audit?
Assessment performed orginaization accreddited by an agency that has security standards
What is a hacker?
Person who gains unauthorized access to systems
What is vulnerability?
Weakness of a system, process, or architecture
What is exploiting
Means of taking advantate of a vulnerability
What is ‘zero-day exploit/attack’
Taking advantage of an undiscovered vulnerabilty
Most are well known
What are human associated security risks?
Consists of half of security vreaches
Eg, omission, ignorance, or error
Easiest way to circumvent network securty
What is social engineering?
Strategy yo gain access/ credentials
What is phishing?
Gaining sensitive info by posing as a trusted person in the organziation
What are layer 1 and 2 security risks?
- Wirless jamming
- RF emanation on a private wireless and copper media communications
- eaves dropping on connections to internet
- sniffing data on public wireless networks
- access to unused and unsecure ports
- arp table poisioning
- computes eith sensitive data connected to a publically accessable network
What are layer 3 -7 risks?
- Banner grabbing attack -malicuous use of network monitoring tools to inventory services running on servers
- session jacking - “man in the middle”
-invalid trust relationship, dhcp snooping - nos backdoors
Buffer overflows
What are internet access risks
- Web browsing configured to permit scripts to access system
- ip snooping
- access sites
- use of insecure plug ins
- incompatibility with secure client software
Denial of service attack
What is distributes dos
Orchestrated through many sources called zombies
Denial of service attack
What is distributed reflection of dos
Drdos
Bounced off of uninfected computers at the target
Many requests sent to comp with source ip spoofed to attack the target
Denial of service attack
What is permanent dos
Replaces the device firmware to permanently damage it
Whatbis a security policy
Minimizes exploits by communicating with, and managing users via a throughly planned policy
What is a policy?
- Identifies security goals, risks, authority levels, coordination and team members
- Define responsibility of each user and team member
And how to address security breaches
What are malware risks and infections
- malware software designed to intrudr upon or harm system
What are viruses
Replicated code that attaches to an existing code or data
What is Trojan horse
Disguises itself as something useful, but harms the system
What is a worm?
Runs independently, travelling b/w computers over the network