Shared Flashcard Set

Details

Security+ 3ed - Chapter 9
Mark Ciampa's Security+ text 3rd edition - Chapter 9 Key Terms
27
Computer Networking
10/10/2010

Additional Computer Networking Flashcards

 


 

Cards

Term
Annualized Loss Expectancy (ALE)
Definition
The expected monetary loss that can he expected for an asset due to a risk over a one year period.
Term
Annualized Rate of Occurrence (ARO)
Definition
The probability that a risk will occur in a particular year.
Term
asset identification
Definition
The process of inventorying and maintaining items of value.
Term
attack tree
Definition
A visual image of the attacks that may occur against an asset.
Term
blocked port
Definition
A TCP/IP port in which the host system does not reply to any inquiries.
Term
closed port
Definition
A TCP/IP port in which no process is listening at the port.
Term
Exposure Factor (EF)
Definition
The pproportion of an assest's valuethat is likelyto be destroyed by a particular risk (expressed as a percentage).
Term
Internet Control Message Protocol (IcMP)
Definition
A TCP/IP protocol that provides support to IP to the form of ICMP messages that allow different types of communication to occur between IP devices.
Term
network mappers
Definition
Software tools that can identify all the systems connected to a network.
Term
open port
Definition
A TCP/IP port in which an application or service assigned to that port is listening.
Term
Open Vulnerability and Assessment Language (OVAL)
Definition
An international information security standard to promote open and publicily available securiy content and to standardize the transfer of this information across the spectrum of security tools and services.
Term
outsourcing
Definition
Contracting with an outside company to provide a service or a product instead of providing it from within the organization.
Term
password cracker
Definition
A program that uses the file of hashed passwords and then attempts to break the bashed passwords offline.
Term
penetration testing
Definition
A method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of just scanning for vulnerabiliries.
Term
ping
Definition
An Internet Control Message Protocol (ICMP) echo request packet.
Term
port number
Definition
A numeric value used as an identifier to applications and services on TCP/IP systems.
Term
port scanner
Definition
Software used to search a system for port vulnerabilities that could be used in an attack.
Term
process
Definition
A program running on a device.
Term
promiscuous mode
Definition
A mode on an interface card (NIC) adapter that does not ignore packets intended for other systems but shows all network traffic.
Term
retained risk
Definition
The potential loss that exceeds the amount covered by insurance.
Term
risk assessment
Definition
Determining the damage that would result from in attack and the likelihood that the vulnerability is a risk to the organization.
Term
risk management
Definition
A sysatematic and structured approach to managing the potential for loss that is related to a threat.
Term
risk retention pool
Definition
A means of spreading risk over a group. No premium is paid by members of the group but losses are assessed across all members of the group.
Term
shadow password
Definition
A defense against password cracker programs for UNIX and Linux systems by creating a second file without password hashes.
Term
threat modeling
Definition
a process for constructing scenarios of the types of threats that assets can face.
Term
vulnerability appraisal
Definition
A current snapshot of the security of an organization.
Term
vulnerability scanner
Definition
A generic term that refers to products that look for vulnerabilities in networks or systems.