Security+ Guide to Network Security Fundamentals, Third Edition
9-1
Chapter 9
Performing Vulnerability Assessments
Additional Resources
1. SATAN - Security Administrator's Tool for Analyzing Networks
http://www.swtech.com/net/security/satan/
2. Storing Passwords - done right!
http://www.aspheute.com/english/20040105.asp
3. Rainbow table
http://en.wikipedia.org/wiki/Rainbow_table
4. RFC792 - Internet Control Message Protocol
http://www.faqs.org/rfcs/rfc792.html
5. Attack tree
http://en.wikipedia.org/wiki/Attack_tree
Key Terms
 Annualized Loss Expectancy (ALE) The expected monetary loss that can be expected
for an asset due to a risk over a one year period.
 Annualized Rate of Occurrence (ARO) The probability that a risk will occur in a
particular year.
 asset identification The process of inventorying and managing items of value.
 attack tree A visual image of the attacks that may occur against an asset.
 blocked port A TCP/IP port in which the host system does not reply to any inquiries.
 closed port A TCP/IP port in which no process is listening at the port.
 Exposure Factor (EF) The proportion of an asset’s value that is likely to be destroyed
by a particular risk (expressed as a percentage).
 Internet Control Message Protocol (ICMP) A TCP/IP protocol that provides support
to IP in the form of ICMP messages that allow different types of communication to
occur between IP devices.
 network mappers Software tools that can identify all the systems connected to a
network.
 open port A TCP/IP port in which an application or service assigned to that port is
listening.
 Open Vulnerability and Assessment Language (OVAL) An international information
security standard to promote open and publicly available security content, and to
standardize the transfer of this information across the spectrum of security tools and
services.
Security+ Guide to Network Security Fundamentals, Third Edition
9-2
 outsourcing Contracting with an outside company to provide a service or product
instead of providing it from within the organization.
 password cracker A program that uses the file of hashed passwords and then attempts
to break the hashed passwords offline.
 penetration testing A method of evaluating the security of a computer system or
network by simulating an attack by a malicious hacker instead of just scanning for
vulnerabilities.
 ping An Internet Control Message Protocol (ICMP) echo request packet.
 port number A numeric value used as an identifier to applications and services on
TCP/IP systems.
 port scanner Software used to search a system for port vulnerabilities that could be
used in an attack.
 process A program running on a device.
 promiscuous mode A mode on an interface card (NIC) adapter that does not ignore
packets intended for other systems but shows all network traffic.
 retained risk The potential loss that exceeds the amount covered by insurance.
 risk assessment Determining the damage that would result from an attack and the
likelihood that the vulnerability is a risk to the organization.
 risk management A systematic and structured approach to managing the potential for
loss that is related to a threat.
 risk retention pool A means of spreading risk over a group. No premium is paid by
members of the group but losses are assessed across all members of the group.
 shadow password A defense against password cracker programs for UNIX and Linux
systems by creating a second file without password hashes.
 Single Loss Expectancy (SLE) The expected monetary loss every time a risk occurs.
 threat modeling A process for constructing scenarios of the types of threats that assets
can face.
 vulnerability appraisal A current snapshot of the security of an organization.
 vulnerability scanner A generic term that refers to products that look for
vulnerabilities in networks or systems.