Chapter 7

Black-box Testing

A method of security testing that isn't based directly on knowledge of a program's architecture.

Hardening

A process of changing hardware and software configurations to make computers and devices as secure as possible.

Vulnerability Testing

A process of finding the weaknesses in a system and determining which places may be attack points.

Operating System Fingerprinting

A reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version is running on a computer.

Stateful matching

A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

Penetration Testing

A testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it.

Zone Transfer

A unique query of a DNS server that asks it for the contents of its zone.

Clipping Level

A value used in security monitoring that tells the security operations personnel to ignore activity that falls below a stated value.

Covert Act

An act carried out in secrecy.

Overt Act

An act carried out in the open or easily viewed by others.

Anomaly-based IDS

An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.

Pattern / Signature Based IDS

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

Real-Time Monitoring

Analysis of activity as it is happening.

Mitigation Activities

Any activities designed to reduce the severity of a vulnerability or remove it altogether.

False Negative

Incorrectly identifying abnormal activity as normal.

False Positive

Incorrectly identifying normal activity as abnormal.

White-box Testing

Security testing that is based on knowledge of the application's design and source code.

Gray-box Testing

Security testing that is based on limited knowledge of an application's design.

(SIEM) Security Information and Event Management System

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

Reconnaissance

The process of gathering information.

Benchmark

The standard by which your computer or device is compared to determine if it's securely configured.

Hardened Configuration

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

Network Mapping

Using tools to determine the layout and services running on an organization's systems and networks.