suttonjs2's version from 2016-05-03 14:57
|Multipart virus||Can infect both executable files and boot sectors of hard disk drives. The multipart virus resides in the memory and then infects boot sectors and executable files of the computer system.|
|ICMP packet spoofing|
|Network address hijacking|
Risk Related Concepts
|Vulnerability||A flaw, loophole, or weakness in the system, software, or hardware. Can be exploited by a threat agent and can lead to a potential risk of loss.|
|Risk||The likelihood of occurrence of threat and the corresponding loss potential. The probability of a threat agent to exploit vulnerability.|
|Threat agent||The component that exploits vulnerability (such as a virus).|
|Exposure factor||Refers to the percentage or portion of an asset that is lost or destroyed when exposed to a threat.|
|Threat vector||A path or a tool that a threat agent uses to attack the target.|
|Vulnerability analysis||Involves identifying and quantifying the possible threats and vulnerabilities in the system that can be exploited by a threat agent, which is an objective of risk analysis and is part of risk management. Provides either a qualitative or quantitative analysis of the vulnerabilities and threats.|
Steps for Designing an Audit Policy1. Develop the company's security policy.
2. Plan the audit strategy.
3. Conduct the audit.
4. Evaluate the audit results.
5. Report the audit results to management.
6. Conduct follow-up.
Steps in Incident Response1. Prepare - Ensure that the organization is ready for an incident by documenting and adopting formal incident response procedures.
2. Detect - Analyze events to identify an incident or data breach. If the first responder is not the person responsible for detecting the incident, the person who detects the incident should notify the first responder.
3. Contain - Stop the incident as it occurs and preserve all evidence. Notify personnel of the incident. Escalate the incident if necessary. Containing the incident involves isolating the system or device by either quarantine or device removal. This step also involves ensuring that data loss is minimized by using the appropriate data and loss control procedures.
4. Remediate - Fix the system or device that is affected by the incident. Formal recovery/reconstitution procedures should be documented and followed during this step of incident response.
5. Resolve - Ensure that the system or device is repaired. Return the system or device to production.
6. Review and close - Perform a root cause analysis, and document any lessons learned. Report the incident resolution to the appropriate personnel.
|FTP Data (active)||TCP 20 (Layer 7)|
|FTP Control (passive)||TCP 21 (Layer 7)|
|SSH||TCP 22 (Layer 7)|
|SCP (uses SSH)||TCP 22 (Layer 7)|
|SFTP (uses SSH)||TCP 22 (Layer 7)|
|Telnet||TCP 23 (Layer 7)|
|SMTP||TCP 25 (Layer 7)|
|TACACS+||TCP 49 (Layer 5)|
|DNS Name Queries||UDP 53 (Layer 7)|
|DNS Zone Transfers||TCP 53 (Layer 7)|
|DHCP||UDP 67/68 (Layer 7)|
|TFTP||UDP 69 (Layer 7)|
|HTTP||TCP 80 (Layer 7)|
|Kerberos||TCP/UDP 88 (Layer 5)|
|POP3||TCP 110 (Layer 7)|
|NetBIOS||UDP 138/TCP 139 (Layer 5)|
|IMAP4||TCP 143 (Layer 7)|
|SNMP||UDP 161 (Layer 7)|
|SNMP Trap||UDP 162 (Layer 7)|
|LDAP||TCP 389 (Layer 7)|
|HTTPS||TCP 443 (Layer 7)|
|SMB||TCP 445 (Layer 7)|
|SMTP SSL/TLS||TCP 465 (Layer 7)|
|IPsec (for VPN with IKE)||UDP 500 (Layer 3)|
|LDAP SSL/TLS||TCP 636 (Layer 7)|
|FTPS SSL/TLS||TCP 989/990 (Layer 7)|
|IMAP SSL/TLS||TCP 993 (Layer 7)|
|POP SSL/TLS||TCP 995 (Layer 7)|
|MS SQL Server||TCP 1433 (Layer 5)|
|L2TP||UDP 1701 (Layer 2)|
|PPTP||TCP 1723 (Layer 5)|
|RADIUS||UDP 1812/1813 (Layer 7)|
|RDP||TCP/UDP 3389 (Layer 7)|