NIST states, Vulnerability analysis is an assessment to determine whether vulnerabilities identified during the evaluation of the construction and anticipated operation of the TOE (Target Of Evaluation) or by other methods (e.g. by flaw hypotheses) could allow users to violate the TSP (TOE Security Policy)461.
Vulnerabilities are weaknesses in the computer/network hardware or software used on the network, which can be taken advantage of.
These would include things like systems relying on inadequate or non-existent passwords, software bugs allowing for buffer overflow exploits, networks that can be sniffed for confidential data, etc. The previous chapters have gone into great detail as to types of vulnerabilities that exist, and why they exist, so we dont have to repeat that information here.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.