Risk, Threat, Vulnerability

 

•"Risk" is the likelihood that a specific threat will exploit a certain vulnerability, & the resulting impact

•"Threat" is something or someone that can intentionally or accidentally exploit a vulnerability

•"Vulnerability" is a flaw or weakness in system security procedures, design, implementation, or internal controls that can be exploited by a threat and result in misuse or abuse protected information

•"Risk" is the potential for some unwanted event to occur
•"Threat"is the capability and intention of an adversary to undertake actions that are detrimental
•"Vulnerability" is any weakness in an asset or countermeasures that can be exploited by an adversary to cause damage to an org’s interests  

•"Risk" is the probability that a disaster will occur in light of the conditions

•"Threat"is an external security issue represented by a natural or man-made attack.

•"Vulnerability" is a specific degree of weakness of an individual computer or network exposed to the influence of a threat.

一个很好的网站“Top 100 Network Security Tools” at: http://sectools.org/

Top 100 Network Security Tools

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also biases the list slightly toward “attack” hacking tools rather than defensive ones.

一个很好的练习安全的操作系统，KNOPPIX，http://www.knopper.net/knoppix/index-en.html。

What is KNOPPIX^®?

KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 8GB on the DVD "Maxi" edition).