Читаем CISSP Practice полностью

An adversary with sophisticated levels of expertise and significant resources use multiple different attacks vectors repeatedly (e.g., cyber, physical, and deception) to generate attack opportunities to achieve its objective.

Agent

(1) A program used in distributed denial denial-of-service (DDoS) attacks that send malicious traffic to hosts based on the instructions of a handler, also known as a bot. (2) A host-based intrusion detection and prevention program that monitors and analyzes activity and may also perform prevention actions.

Aggregation

The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at lower sensitivity level may result in the total data being designated at a higher sensitivity level.

Aggressive mode

Mode used in Internet Protocol security (IPsec) phase 1 to negotiate the establishment of the Internet key exchange security association (IKESA).

Agile defense

Agile defense can handle serious cyber attacks and supply chain attacks as it employs the concept of information system resilience. Information system resilience is the ability of systems to operate while under attack, even in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack.

Alarm reporting

An open system interconnection (OSI) term that refers to the communication of information about a possible detected fault. This information generally includes the identification of the network device or network resource in which the fault was detected, the type of the fault, its severity, and its probable cause.

Alarm surveillance

The set of functions that enable (1) the monitoring of the communications network to detect faults and fault-related events or conditions, (2) the logging of this information for future use in fault detection and other network management activities, and (3) the analysis and control of alarms, notifications, and other information about faults to ensure that resources of network management are directed toward faults affecting the operation of the communications network. Analysis of alarms consists of alarm filtering, alarm correlation, and fault prediction. This is a management and detective control.

Alert

(1) A notice of specific attack directed at an organization’s IT resources. (2) A notification of an important observed event.

Amplifier attack

Like a reflector attack, an amplifier attack involves sending requests with a spoofed source address to an intermediate host. However, an amplifier attack does not use a single intermediate host; instead, its goal is to use a whole network of intermediate hosts. It attempts to accomplish this action by sending an ICMP or UDP request to an expected broadcast address, hoping that many hosts will receive the broadcast and respond to it. Because the attacker’s request uses a spoofed source address, the responses are all sent to the spoofed address, which may cause a DoS for that host or the host’s network. Network administrators block amplifier attacks by configuring border routers to not forward directed-broadcasts, but some still permit them, which is a countermeasure.

Analog signal

A continuous electrical signal whose amplitude varies in direct correlation with the original input.

Anomaly

Any condition that departs from the expected. This expectation can come from documentation (e.g., requirements specifications, design documents, and user documents) or from perceptions or experiences. An anomaly is not necessarily a problem in the software but a deviation from the expected so that errors, defects, faults, and failures are considered anomalies.

Anomaly-based detection

The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.

Anti-jam

Countermeasures ensuring that transmitted information can be received despite deliberate jamming attempts.

Anti-spoof

Countermeasures taken to prevent the unauthorized use of legitimate identification & authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker.

Anti-virus software

A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.

Applets

Small applications written in various programming languages automatically downloaded and executed by applet-enabled World Wide Web (WWW) browsers. Examples include Active-X and Java applets, both of which have security concerns.

Applicant

A party undergoing the processes of registration and identity proofing.

Application

The use of information resources (information and information technology) to satisfy a specific set of user requirements.