Security Assessment and Testing (ANT) Flashcards
Active Security Testing
Security testing that involves direct interaction with a target, such as sending packets to a target
Banner Grabbing
The process of capturing banner information - such as application type and version - that is transmitted by a remote port when a connection is initiated
Computer Security Log Management
Log management for computer security log data only
Covert Testing
Testing performed using covert methods and without the knowledge of the organization’s IT staff, but with full knowledge and permission of upper management
Event
Something that occurs within a system or network
Event Aggregation
The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event
Event Correlation
Finding relationships between two or more log entries
Event Filtering
The suppression of log entries from analysis, reporting, or long-term storage because their characteristics indicate that they are unlikely to contain information of interest
Event Reduction
Removing unneeded data fields from all log entries to create a new log that is smaller
External Security Testing
Security testing conducted from outside the organization’s security perimeter
Facility
The message type for a syslog message
False Positive
An alert that incorrectly indicates that a vulnerability is present
File Integrity Checking
Software that generates, stores, and compares message digests for files to detect changes made to the files
Information Security Testing
The process of validating the effective implementation of security controls for information systems and networks, based on the organization’s security requirements
Internal Security Testing
Security testing conducted from inside the organization’s security perimeter
Log
A record of the events occurring within an organization’s systems and network
Log Analysis
Studying log entries to identify events of interest or suppress log entries for insignificant events
Log Archival
Retaining logs for an extended period of time, typically on removable media, a storage area network (SAN), or a specialized log archival appliance or server
Log Clearing
Removing all log entries from a log that precede a certain date and time
Log Compression
Storing a log file in a way that reduces the amount of storage space needed for the file without altering the meaning of its contents
Log Conversion
Parsing a log in one format and storing its entries in a second format
Log Entry
An individual record within a log
Log File Integrity Checking
Comparing the current message digest for a log file to the original message digest to determine if the log file has been modified
Log Management
The process for generating, transmitting, storing, analyzing and disposing of log data
Log Management Infrastructure
The hardware, software, networks, and media used to generate, transmit, analyze, and dispose of log data
Log Normalization
Converting each log data field to a particular data representation and categorizing it consistently
Log Parsing
Extracting data from a log so that the parsed values can be used as input for another logging process
Log Preservation
Keeping logs that would normally be discarded, because they contain records of activity of particular interest
Log Reduction
Removing unneeded entries from a log to create a new log that is smaller
Log Reporting
Displaying the results of log analysis
Log retention
Archiving logs on a regular basis as part of standard operational activities
Log Rotation
Closing a log file and opening a new log file when the first log file is considered complete
Log Viewing
displaying log entries in a human-readable format
Message Digest
A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated
Network Discovery
The process of discovering active and responding hosts on a network, identifying weaknesses, and learning how the network operates
Network Sniffing
A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. It is both a review technique and a target identification and analysis technique
Operating System Fingerprinting
Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target
Overt Testing
Security testing performed with the knowledge and consent of the organization’s IT staff
Passive Security Testing
Security testing that does not involve any direct interaction with the targets, such as sending packets to a target
Password Cracking
The process of recovering secret passwords stored in a computer system or transmitted over a network
Penetration Testing
Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combination of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.
Phishing
A digital form of social engineering that uses authentic-looking - but bogus - emails to request information from users or direct them to a fake website that requests information
Plan of Actions and Milestones
A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and schedule milestone completion dates.
Port Scanner
A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).
Review Techniques
Passive information security testing techniques, generally conducted manually, that are used to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities. They include documentation, log, ruleset, and system configuration review; network sniffing, and file integrity checking.
Rogue Device
An unauthorized node on a network
Rule-Based Event Correlation
Correlating events by matching multiple log entries from a single source or multiple sources based on logged values, such as timestamps, IP addresses, and event types
Rules of Engagement
Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.
Ruleset
A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take - such as forwarding or rejecting a packet, creating an alert, or allowing a system event.
Security Information and Event Management Software
A program that provides centralized logging capabilities for a variety of log types
Social Engineering
The process of attempting to trick someone into revealing information (e.g., a password)
Syslog
a protocol that specifies a general log entry format and a log entry transport mechanism
Target Identification and Analysis Techniques
Information security testing techniques, mostly active and generally conducted using automated tools, that are used to identify systems, ports, services, and potential vulnerabilities. Target identification and analysis techniques include network discovery, network port and service identification, vulnerability scanning, wireless scanning, and application security testing.
Target Vulnerability Validation Techniques
Active information security testing techniques that corroborate the existence of vulnerabilities. They include password cracking, remote access testing, penetration testing, social engineering, and physical security testing.
Version Scanning
The process of identifying the service application version currently in use
Virtual Machine
Software that allows a single host to run one or more guest operating systems
Vulnerability
Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source
Vulnerability Scanning
a technique used to identify hosts/host attributes and associated vulnerabilities
Code Coverage Report
Information on the functions, statements, branches, and conditions covered in testing
Mutation (Dumb) Fuzzing
Takes previous input values from actual operation of the software and manipulates it to create input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques
Real User Monitoring
Aims to capture and analyze every transaction of a user
Security Testing
Verifies that a control is functioning properly using automated scans, tool-assisted and manual attempts to undermine security controls
STRIDE
Often used in relation to assessing threats against applications or operating systems, threat categorization scheme. Stands for spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege
Synthetic Performance Monitoring
User scripted or recorded data such as traffic capture, database performance, website performance not to be confused with User Session Monitoring
