THREAT
In computer security a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm
A potential cause of an incident, that may result in harm of systems and organization
Threats
are potentials for vulnerabilities to turn into attacks on computer
systems, networks, and more. They can put individuals’ computer systems
and business computers at risk, so vulnerabilities have to be fixed so
that attackers cannot infiltrate the system and cause damage.
Threats
can include everything from viruses, trojans, back doors to outright
attacks from hackers. Often, the term blended threat is more accurate,
as the majority of threats involve multiple exploits. For example, a
hacker might use a phishing attack to gain information about a network
and break into a network
VULNERABILITY
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements: a system
susceptibility or flaw, attacker access to the flaw, and attacker
capability to exploit the flaw. To
exploit a vulnerability, an attacker must have at least one applicable
tool or technique that can connect to a system weakness. In this frame,
vulnerability is also known as the attack surface.
Definitions
A weakness of an asset or group of assets that can be exploited by one or more threats
EXPLOIT
In computing, an exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Used as a verb, the term refers to the act of successfully making such an attack.
Many crackers (or hackers,
if you prefer that term) take pride in keeping tabs of such exploits
and post their exploits (and discovered vulnerabilities) on a Web site
to share with others.
Where
an exploit takes advantage of a weakness in an operating system or
vended application program, the owners of the system or application
issue a "fix" or patch in response. Users of the system or application
are responsible for obtaining the patch, which can usually be downloaded
from the Web. Failure to install a patch for a given problem exposes
the user to a security breach.
PENETRATION TESTING
What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, "network penetration testing" or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or penteste
TOOLS
Popular penetration testing OS:
- Kali Linux (which replaced BackTrack in December 2012) based on Debian Linux
- Parrot Security OS based on Debian and made by Frozenbox network*
- BlackArch based on ArchLinux (having more than 1840 packages)
- BackBox based on Ubuntu
- Pentoo based on Gentoo Linux
- WHAX based on Slackware Linux
Comments
Post a Comment