1. Trang chủ
  2. » Tất cả

Module 001 essential security terminologies

12 125 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 12
Dung lượng 632 KB

Nội dung

Engineered by Hackers. Presented by Professionals. Essential Security Terminologies Module 00 H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Authentication: is the process of determining “who are you ?”  Access Control: ensures that resources are only granted to those users who are entitled to them.  Access Control List (ACL): A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource  Single Sign-On: allow users to get access to multiple computers and applications without learning many different passwords H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Authorization: Authentication asks the question of "Who are you?" whereas Authorization addresses the question of "Are you allowed to do that?“  Availability: Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it. H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Confidentiality: Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.  Encryption: Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used.  Decryption: Decryption is the process of transforming an encrypted message into its original plaintext.  Security Policy: A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.  Auditing: Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities. H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Integrity: Integrity is the need to ensure that information has not been changed accidentally  Certification Authority (CA): A Certificate Authority (CA) is an organization that issues and manages security credentials and public keys for message encryption and decryption • This is an essential part of a public key infrastructure (PKI) H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Vulnerability: is a weakness which allows an attacker to reduce a system's information assurance  Threat: A potential for violation of security, which exists that could breach security and cause harm. H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Attack  Reconnaissance: Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific hosts, exploitable vulnerabilities.  Packet sniffers: simply captures all of the packets of data that pass through a given network interface  Ping sweeps: An attack that sends ICMP echo requests ("pings") to a range of IP addresses  Port scans: A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number  Internet information queries: can be used to gather information for future attacks H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Attack  Access Attacks: Access attacks exploit known vulnerabilities in services as FTP services, and web services… to gain entry to web accounts, confidential databases, and other sensitive information  Password attack: refers to repeated attempts to identify a user account, password, or both  Trust exploitation: An attacker uses privileges granted to a system in an unauthorized way  Port redirection: that uses a compromised host to pass traffic through a firewall that would otherwise be blocked H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Attack  Access Attacks: Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information  Man-in-the-middle attack: An attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties  Buffer overflow: A program writes data beyond the allocated buffer memory. H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Attack • Denial of Service Attacks  DOS: intentionally overload computers and/or networks with garbage traffic for the purpose of preventing legitimate traffic from reaching its destination  DDOS: are DoS attacks from multiple sources at the same time. [...]... to give an attacker easier access to the compromised system around any security mechanisms that are in place  Trojan: allow hackers to obtain sensitive data as well as cause harm to your machine  Malware: A generic term for a number of different types of malicious code Học viện Công Nghệ Thông Tin Bách Khoa Essential Security Terminologies  Risk: threat with the level of vulnerability It establishes...Học viện Công Nghệ Thông Tin Bách Khoa Essential Security Terminologies  Attack • Malicious software Attacks  Virus: is malicious software to execute a specific unwanted function on a computer  Worm: Worm executes arbitrary code and installs copies... system or group of systems that enforces an access control policy between two networks  IDS: An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches  IPS: identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity . Engineered by Hackers. Presented by Professionals. Essential Security Terminologies Module 00 H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Authentication: is the process. resource  Single Sign-On: allow users to get access to multiple computers and applications without learning many different passwords H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies . to ensure such things as policy compliance and security from vulnerabilities. H c vi n Công Ngh Thông Tin Bách ọ ệ ệ Khoa Essential Security Terminologies  Integrity: Integrity is the need

Ngày đăng: 14/12/2021, 18:44

TỪ KHÓA LIÊN QUAN