Term
| Prevents Undesirable traffic from entering prescribed areas within a network |
|
Definition
|
|
Term
| Provides real-time detection of certain types of attacks while they are in progress |
|
Definition
|
|
Term
| Protect information or processes from unauthorized or accidental modification |
|
Definition
|
|
Term
| Able to detect malicious activity and automatically block the attack in real-time |
|
Definition
|
|
Term
| Prevent the unauthorized disclosure of sensitive information |
|
Definition
|
|
Term
| Attack in which one device poses as another by falsifying data |
|
Definition
|
|
Term
| Hiding communications from anyone other than the intended user |
|
Definition
|
|
Term
| Attacks that make computer resources unavailable to intended users |
|
Definition
|
|
Term
| Information is accessible by authorized users when needed |
|
Definition
|
|
Term
| Document that describes the restrictions on member behaviors and what info may be accessed by whom |
|
Definition
|
|
Term
| Security related to people joining moving and leaving an org |
|
Definition
|
|
Term
| Inventory and classification scheme for information assets |
|
Definition
|
|
Term
| Restriction of access rights to the organizations assets |
|
Definition
|
|
Term
| Protection of the computer facilities in an org |
|
Definition
| Physical and Environmental Security |
|
|
Term
| Managing the security controls in systems and networks |
|
Definition
| Communications and Operations Mgmt |
|
|
Term
| The governance model for information security |
|
Definition
| Organization of Information Security |
|
|
Term
| How to anticipate and respond to information security breaches |
|
Definition
| Information Security Incident Mgmt |
|
|
Term
| Ensuring conformance with information security policies standards and regulations |
|
Definition
|
|
Term
| Integrating security into applications |
|
Definition
| Information Systems Acquisition, Development, and Maintenance |
|
|
Term
| Determine the quantitative and qualitative value of risk |
|
Definition
|
|
Term
| Protection, maintenance and recovery of business-critical processes and systems |
|
Definition
|
|
Term
| Software which attaches to another program to execute a specific unwanted function on a computer |
|
Definition
|
|
Term
| An application written to look like something else. When it is opened it attacks the end-user computer from within |
|
Definition
|
|
Term
| Executes code which installs copies of itself in the memory fo the infected computer, which in turn infects other hosts |
|
Definition
|
|
Term
| Any malicious code that results in some action |
|
Definition
|
|
Term
| The method by which the code replicates itself and locates new targets |
|
Definition
|
|
Term
| A vulnerability on a system that the worm exploits |
|
Definition
|
|
Term
| 5 phases of attach in proper order (5 P's) |
|
Definition
Probe
Penetrate
Persist
Propagate
Paralyze |
|
|
Term
| Most attacks take advantage of what type of vulnerability? |
|
Definition
| Overflow of a fixed memory allocation size for a particular purpose |
|
|
Term
| Antivirus software will prevent viruses from entering the network? T/F |
|
Definition
|
|
Term
| Compartmentalization and segmentation of the network to slow down or stop the work and prevent further infections |
|
Definition
|
|
Term
| Identifying and isolating infected machines within the contained areas |
|
Definition
|
|
Term
| Disinfecting of worm from infected systems |
|
Definition
|
|
Term
| All uninfected systems are patched with appropriate vendor patch |
|
Definition
|
|
Term
| Exploit known vulnerabilities to gain entry to web accounts, databases, etc.. |
|
Definition
|
|
Term
| Unauthorized mapping and discovery of systems, services, or vulnerabilities |
|
Definition
|
|
Term
| Send extremely large numbers of requests, slowing or crashing a device |
|
Definition
|
|
Term
Ping Sweep
Port Scan
Packet Sniffer
Internet Information Queries |
|
Definition
|
|
Term
Password Attack
Man-in-the-Middle
Trust exploitation
Port Redirection
Buffer Overflow |
|
Definition
|
|
Term
Ping of Death
TCP SYN flood
Smurf Attack
Poisonous Packet
Continuous Stream of Packets |
|
Definition
|
|
Term
Use Authentication
Use a switched infrastructure
Use anti-sniffer tools |
|
Definition
|
|
Term
Minimize trust relationships
Use strong passwords
Apply OS and application patches |
|
Definition
|
|
Term
Implement QoS and traffic policing
Anti-spoofing techniques |
|
Definition
|
|
Term
| Name a primary mitigation technique useful in both recon and DoS attacks. |
|
Definition
|
|
Term
| Name a primary mitigation techinque useful for both recon and access attacks |
|
Definition
|
|
