Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
62 Cards in this Set
- Front
- Back
|
After a network is fully integrated and operational |
a Security Test and Evaluation (ST&E) is performed. |
|
|
Penetration testing |
Network penetration tests, or pen testing, simulate attacks from malicious sources. |
|
|
Network scanning |
Includes software that can ping computers, scan for listening TCP ports and display which types of resources are available on the network. can also detect user names, groups and shared resources |
|
|
Vulnerability scanning |
Includes software that can detect potential weaknesses in the tested systems. weaknesses can include misconfiguration, blank or default passwords, or potential targets for DoS attacks |
|
|
Password cracking |
Includes software that is used to test and detect weak passwords that should be changed. |
|
|
Log review |
System administrators should review security logs to identify potential security threats |
|
|
Integrity checkers |
An integrity checking system detects and reports on changes in the system |
|
|
Virus detection |
Virus detection software can be used to identify and remove computer viruses and other malware. |
|
|
Nmap/Zenmap |
Discovers computers and services on a computer network, thus creating a map of the network |
|
|
SuperScan |
Port scanning software designed to detect open TCP and UDP ports, determine what services are running on those ports, and to run queries, such as whois, ping, traceroute, and hostname lookups |
|
|
SIEM (Security Information Event Management) |
A technology used in enterprise organizations to provide real time reporting and long-term analysis of security events |
|
|
GFI LANguard |
Network and security scanner which detects vulnerabilities |
|
|
Tripwire |
Assesses and validates IT configurations against internal policies, compliance standards, and security best practices |
|
|
Nessus |
Vulnerability scanning software, focusing on remote access, misconfigurations, and DoS against the TCP/IP stack |
|
|
L0phtCrack |
Password auditing and recovery application |
|
|
Metasploit |
Provides information about vulnerabilities and aids in penetration testing and IDS signature development |
|
|
Nmap task Classic TCP and UDP port scanning |
Searches for different services on one host. |
|
|
Nmap task Classic TCP and UDP port sweeping |
Searches for the same service on multiple hosts. |
|
|
Nmap task Stealth TCP and UDP port scans and sweeps |
Similar to classic scans and sweeps, but harder to detect by the target host or IPS. |
|
|
Nmap task Remote operating system identification |
This is also known as OS fingerprinting. |
|
|
Advanced features of Nmap include |
protocol scanning, known as Layer 3 port scanning |
|
|
SuperScan While Service Pack 2 for Windows XP increased the security aspect of this tool by removing certain features, some functionality can be restored by entering the __________________ command at the Windows command prompt. |
net stop Shared Access |
|
|
Security Information Event Management (SIEM) |
a technology used in enterprise organizations to provide real time reporting and long-term analysis of security events. |
|
|
SIEM Forensic analysis |
The ability to search logs and event records from sources throughout the organization provides more complete information for forensic analysis. |
|
|
SIEM Correlation |
Examines logs and events from disparate systems or applications, speeding detection of and reaction to security threats. |
|
|
SIEM Aggregation |
Aggregation reduces the volume of event data by consolidating duplicate event records. |
|
|
SIEM Retention |
Reporting presents the correlated and aggregated event data in real-time monitoring and long-term summaries. |
|
|
SIEM provides details on the source of suspicious activity, including: |
User Info Device Info Posture Info |
|
|
Security policy Identification and authentication policies |
Specifies authorized persons that can have access to network resources and outlines verification procedures. |
|
|
Security policy Password policies |
Ensures passwords meet minimum requirements and are changed regularly. |
|
|
Security policy Acceptable use policies |
Identifies network resources and usages that are acceptable to the organization. It may also identify ramifications if this policy is violated. |
|
|
Security policy Remote access policies |
Identifies how remote users can access a network and what is accessible via remote connectivity. |
|
|
Security policy Network maintenance policies |
Specifies network device operating systems and end user application update procedures. |
|
|
Security policy Incident handling policies |
Describes how security incidents are handled. |
|
|
One of the most common security policy components is an |
acceptable use policy (AUP). |
|
|
Security Policy Hierarchy Governing policy |
High-level treatment of the security guidelines that are important to the entire company. Managers and technical staff are the intended audience. |
|
|
Security Policy Hierarchy Technical policy |
Used by security staff members as they carry out security responsibilities for the system. |
|
|
Security Policy Hierarchy End user policy |
Covers all security topics that are important to end users. End users can include employees, customers, and any other individual user of the network. |
|
|
governing policy includes several areas: |
Statement of the issue that the policy addresses How the policy applies in the environment Roles and responsibilities of those affected by the policy Actions, activities, and processes that are allowed (and not allowed) Consequences of noncompliance |
|
|
Technical Policies General policies |
Includes the AUP, account access request policy, acquisition assessment policy, audit policy, information sensitivity policy, risk assessment policy, and the global web server policy. |
|
|
Technical Policies Telephony policy |
Defines the policy for using the corporate phone and FAX lines. |
|
|
Technical Policies Email and communications policy |
Includes generic email policy and automatically forwarded email policy. |
|
|
Technical Policies Remote access policy |
Includes a VPN policy and may include a dial-in access policy if still supported by the organization. |
|
|
Technical Policies Network policy |
Includes an extranet policy, minimum requirements for network access policy, network access standards, router and switch security policy, and server security policy. |
|
|
Technical Policies Application policy |
Includes an acceptable encryption policy, application service provider (ASP) policy, database credentials coding policy, inter-process communications policy, a project security policy, and a source code protection policy. |
|
|
End User Policies Identity policy |
Defines rules and practices for protecting the organization’s network from unauthorized access. These practices help reduce the potential for identity information getting into the wrong hands. |
|
|
End User Policies Password policy |
Passwords are an important aspect of computer security. A password policy defines the rules that all users must follow when creating and securing their passwords. |
|
|
End User Policies Antivirus policy |
This policy defines standards for protecting an organization’s network from any threat related to viruses, worms, or Trojan horses. |
|
|
Standards documents |
include the technologies that are required for specific uses, hardware and software versioning requirements, program requirements, and any other organizational criteria that must be followed. |
|
|
security policy documents |
include the standards, guidelines, and procedures documents. |
|
|
Guideline Documents |
define how standards are developed and to guarantee adherence to general security policies. |
|
|
Procedure Documents |
include implementation details that usually contain step-by-step instructions and graphics. |
|
|
security policy creation to ensure that the policy is |
comprehensive, cohesive, legally binding. |
|
|
Chief Executive Officer (CEO) |
Ultimately responsible for the success of an organization. All executive positions report to the CEO. |
|
|
Chief Technology Officer (CTO) |
Identifies and evaluates new technologies. Directs any new technology development. Responsible for maintaining and improving existing systems. Provides leadership regarding all technology-related issues that support operations. The CTO is responsible for technology infrastructure. |
|
|
Chief Information Officer (CIO) |
Responsible for all IT and computer systems that support enterprise goals. Directs successful deployment of new technologies and work processes. In small to medium-sized organizations, this role is often combined with the CTO. The CIO provides leadership when processes and practices supporting the flow of information are developed. |
|
|
Chief Security Officer (CSO) |
Develops, implements, and manages the organization’s security strategy and programs. Provides leadership for the development of any processes associated with the business operation, including safeguarding intellectual property. The CSO must limit exposure to liability in all areas of financial, physical, and personal risk. |
|
|
Chief Information Security Officer (CISO) |
The CISO has a specific focus on IT security. The CISO is responsible for developing and implementing the security policy. The CISO may be the primary author of the security policy or provide leadership to other authors. In any case, the CISO is responsible and accountable for the security policy content. |
|
|
security awareness program |
reflects the business needs of an organization tempered by known risks. informs users of their IT security responsibilities and explains the rules of behavior for using the IT systems and data within a company. |
|
|
security awareness program usually has two major components |
Awareness campaigns Training and education |
|
|
several methods of increasing security awareness: |
Lectures, videos Posters, newsletter articles, and bulletins Awards for good security practices Reminders, such as login banners, mouse pads, coffee cups, and notepads |
|
|
The life cycle of a security training course includes several steps: |
Step 1. Identify course scope, goals, and objectives Step 2. Identify and educate training staff Step 3. Identify target audiences Step 4. Motivate management and employees Step 5. Administer the courses Step 6. Maintain the courses Step 7. Evaluate the course effectiveness |
