Cyber Security Lexicon
Total Page:16
File Type:pdf, Size:1020Kb
CYBER SECURITY LEXICON DEFENSE READINESS DMZ’s help to enable the layered security model in STRATEGIES that they provide subnetwork segmentation based on security requirements or policy. DMZ’s provide either a transit mechanism from a secure source to an insecure SECURITY AUDIT destination or from an insecure source to a more secure Security audits measure an information system’s destination. In some cases, a screened subnet which is performance against a list of criteria. used for servers accessible from the outside is referred to as a DMZ. VULNERABILITY ASSESSMENT A vulnerability assessment involves a comprehensive FAIL-CLOSED study of an entire information system, seeking potential A condition in which a firewall blocks all incoming and security weaknesses. outgoing network traffic in the event of a firewall failure. This is the opposite of fail-open mode, in which a firewall crash opens all traffic in both directions. PENETRATION TESTING Penetration testing is a covert operation, in which a security expert tries a number of attacks to ascertain HARDENING whether or not a system could withstand the same Hardening is the process of identifying and fixing types of attacks from a malicious hacker. In penetration vulnerabilities on a system. testing, the feigned attack can include anything a real attacker might try, such as social engineering. HONEY POT Programs that simulate one or more network services DEFENSIVE that you designate on your computer’s ports. An attacker assumes you’re running vulnerable services TECHNIQUES/SERVICES that can be used to break into the machine. A honey pot can be used to log access attempts to those ports DATA AGGREGATION including the attacker’s keystrokes. This could give you Data Aggregation is the ability to get a more complete advanced warning of a more concerted attack. picture of the information by analyzing several different types of records at once. HOST-BASED ID Host-based intrusion detection systems use information DEFENSE IN-DEPTH from the operating system audit records to watch all Defense In-Depth is the approach of using multiple operations occurring on the host that the intrusion layers of security to guard against failure of a single detection software has been installed upon. These security component. operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the DEMILITARIZED ZONE (DMZ) system because of the increased amount of processing In computer security, in general a demilitarized zone power which must be utilized by the intrusion detection (DMZ) or perimeter network is a network area (a system. Depending on the size of the audit trail and the subnetwork) that sits between an organization’s internal processing ability of the system, the review of audit data network and an external network, usually the Internet. could result in the loss of a real-time analysis capability. © 2014 NORTH STAR GROUP, LLC NORTHSTARGROUPLLC.COM 1 CYBER SECURITY LEXICON INCIDENT HANDLING ROLE BASED ACCESS CONTROL An incident as an adverse network event in an Role based access control assigns users to roles based information system or network or the threat of the on their organizational functions and determines occurrence of such an event. authorization based on those roles. INTRUSION DETECTION RULE SET BASED ACCESS CONTROL (RSBAC) A security management system for computers and Rule Set Based Access Control targets actions based on networks. An IDS gathers and analyzes information rules for entities operating on objects. from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and SECURITY POLICY misuse (attacks from within the organization). A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. ISSUE-SPECIFIC POLICY An Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy. SEPARATION OF DUTIES Separation of duties is the principle of splitting privileges among multiple individuals or systems. NETWORK-BASED IDS A network-based IDS system monitors the traffic on its network segment as a data source. This is generally SHADOW PASSWORD FILES accomplished by placing the network interface card in A system file in which encrypted user passwords are promiscuous mode to capture all network traffic that stored so that they aren’t available to people who try crosses its network segment. Network traffic on other to break into the system. segments and traffic on other means of communication (like phone lines) can’t be monitored. Network-based IDS involves looking at the packets on the network SIGNATURE as they pass by some sensor. The sensor can only see A Signature is a distinct pattern in network traffic that the packets that happen to be carried on the network can be identified to a specific tool or exploit. segment it’s attached to. Packets are considered to be of interest if they match a signature. Network-based intrusion detection passively monitors network activity SNIFFER for indications of attacks. Network monitoring offers several advantages over traditional host-based A sniffer is a tool that monitors network traffic as it intrusion detection systems. Because many intrusions received in a network interface. occur over networks at some point, and because networks are increasingly becoming the targets of SYSTEM SECURITY OFFICER (SSO) attack, these techniques are an excellent method of detecting many attacks which may be missed by A person responsible for enforcement or administration host-based intrusion detection mechanisms. of the security policy that applies to the system. © 2014 NORTH STAR GROUP, LLC NORTHSTARGROUPLLC.COM 2 CYBER SECURITY LEXICON SYSTEM-SPECIFIC POLICY COMPLIANCE A System-specific policy is a policy written for a specific system or device. AdvANCED ENCRYPTION STANDARD (AES) An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, THREAT ASSESSMENT symmetric encryption algorithm. A threat assessment is the identification of types of threats that an organization might be exposed to. CHAIN OF CUSTODY Chain of Custody is the important application of the THREAT MODEL Federal rules of evidence and its handling. A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability. COMPUTER EMERGENCY RESPONSE TEAM (CERT) An organization that studies computer and network THREAT VECTOR INFOSEC in order to provide incident response The method a threat uses to get to the target. services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. TOPOLOGY The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. INTERNET PROTOCOL SECURITY (IPSEC) The specific physical, i.e., real, or logical, i.e., virtual, A developing standard for security at the network or arrangement of the elements of a network. Note 1: packet processing layer of network communication. Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between ISO nodes, transmission rates, and/or signal types. Note 2: International Organization for Standardization, a The common types of network topology are illustrated. voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations USER CONTINGENCY PLAN and non-voting observer organizations. User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) National Institute of Standards and Technology, a unit VOICE INTRUSION PREVENTION SYSTEM (IPS) of the US Commerce Department. Formerly known as Voice IPS is a security management system for voice the National Bureau of Standards, NIST promotes and networks which monitors voice traffic for multiple calling maintains measurement standards. It also has active patterns or attack/abuse signatures to proactively detect programs for encouraging and assisting industry and and prevent toll fraud, Denial of Service, telecom science to develop and use these standards. attacks, service abuse, and other anomalous activity. © 2014 NORTH STAR GROUP, LLC NORTHSTARGROUPLLC.COM 3 CYBER SECURITY LEXICON PROGRAM POLICY BOTNET A program policy is a high-level policy that sets the A botnet is a large number of compromised computers overall tone of an organization’s security approach. that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. COMMON ATTACK/ BRUTE FORCE DELIVERY TYPES A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries ACCOUNT HARVESTING: all possibilities, one-by-one. Account Harvesting is the process of collecting all the legitimate account names on a system. CACHE CRAMMING Cache Cramming is the technique of tricking a browser ACK PIGGYBACKING to run cached Java code from the local disk, instead ACK piggybacking is the practice of sending an ACK of the internet zone, so it runs with less restrictive inside another packet going to the same destination. permissions.