5.2.4: understand methods of identifying vulnerabilities including penetration testing, ethical hacking, commercial analysis tools and review of network and user policies
Keyword | Definition |
---|---|
Ethical hacking | getting permission to carry out penetration testing on a network or computer system and then reporting any vulnerabilities found so that they can be fixed |
Exploit | taking advantage of a vulnerability in a computer system or network to gain unauthorised access |
Network policies | set of rules that determine how data is encrypted, stored and secured (e.g. backup frequency and blocking USB devices) |
Penetration testing | identifying vulnerabilities in a computer system or network by attempting to hack in to it, testing for known exploits or weak passwords |
Unauthorised access | Viewing or changing data on a computer system or network when you don't have permission to do so |
User policies | a set of rules that determine what happens when new people need access to a computer system or when they no longer need access (e.g. if they leave or get fired) |
Vulnerability | a weakness in a computer system or network that could be exploited to gain unauthorised access |
Vulnerability scanners | automated software which can test a computer system or network for common security weaknesses |