49
Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols, 31–32 abstraction object-oriented programming, 512 in security, 211 software development, 317–318 abuse in voice communications, 187–188 acceptable use policies, 182, 222 acceptance, risk, 255 access aggregation attacks, 53 access control, 1 AAA protocols, 31–32 attacks, 47 access aggregation, 53 asset valuation, 49–50 denial of service, 62 exam essentials, 80–82 overview, 48 password, 54–58, 58 preventing, 62–64 review questions, 83–86 risk elements, 49 smart cards, 61–62 social engineering, 59–61 spoofing, 58–59 summary, 79 threat modeling, 50–52 vulnerability analysis, 53 written lab, 82 authentication. See authentication authorization, 33–34 centralized vs. decentralized, 26–27 CIA Triad, 3–4 content-dependent, 288–289 defense-in-depth strategy, 7–8, 8 Diameter, 32–33 discretionary access controls, 22 elements, 8–11 email, 182 exam essentials, 39–41 federated identity management, 30–31 identification. See identification identity and access provisioning life cycle, 35–38 Kerberos, 28–29 lattice-based, 23, 23, 445 mandatory access controls, 24–25 monitoring. See monitoring nondiscretionary access controls, 22 overview, 2–3 permissions, rights, and privileges, 4–5 policies, 4 RADIUS, 32 review questions, 42–45 role-based, 25–26 rule-based, 22–23 security operations principles, 21–22 single sign-on, 27–28, 30–31 summary, 38–39 TACACS+, 32 technical controls, 761 types, 5–7 users, owners, and custodians, 3 written lab, 41 access control lists (ACLs) access control matrices, 443 DACs, 22 firewalls, 33, 115 access control matrices, 33, 443–444 access control triples, 448 access points in wireless networks, 132–137 access review audits, 75 COPYRIGHTED MATERIAL

Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

  • Upload
    others

  • View
    12

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

IndexNote to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

AAAA protocols, 31–32abstraction

object-oriented programming, 512in security, 211software development, 317–318

abuse in voice communications, 187–188acceptable use policies, 182, 222acceptance, risk, 255access aggregation attacks, 53access control, 1

AAA protocols, 31–32attacks, 47

access aggregation, 53asset valuation, 49–50denial of service, 62exam essentials, 80–82overview, 48password, 54–58, 58preventing, 62–64review questions, 83–86risk elements, 49smart cards, 61–62social engineering, 59–61spoofing, 58–59summary, 79threat modeling, 50–52vulnerability analysis, 53written lab, 82

authentication. See authenticationauthorization, 33–34centralized vs. decentralized, 26–27CIA Triad, 3–4content-dependent, 288–289defense-in-depth strategy, 7–8, 8Diameter, 32–33

discretionary access controls, 22elements, 8–11email, 182exam essentials, 39–41federated identity management, 30–31identification. See identificationidentity and access provisioning life cycle,

35–38Kerberos, 28–29lattice-based, 23, 23, 445mandatory access controls, 24–25monitoring. See monitoringnondiscretionary access controls, 22overview, 2–3permissions, rights, and privileges, 4–5policies, 4RADIUS, 32review questions, 42–45role-based, 25–26rule-based, 22–23security operations principles, 21–22single sign-on, 27–28, 30–31summary, 38–39TACACS+, 32technical controls, 761types, 5–7users, owners, and custodians, 3written lab, 41

access control lists (ACLs)access control matrices, 443DACs, 22firewalls, 33, 115

access control matrices, 33, 443–444access control triples, 448access points in wireless networks, 132–137access review audits, 75

bindex.indd 833bindex.indd 833 30/05/12 6:44 PM30/05/12 6:44 PM

COPYRIG

HTED M

ATERIAL

Page 2: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

834 accessibility security in site design – annexes in Common Criteria

accessibility security in site design, 750accountability

access control, 11description, 515monitoring, 71–72security governance, 220

accountsdual administrator, 76–77lockout controls, 63managing, 64reviews, 36revocation, 37–38

accreditation in evaluation models, 466–468

ACID model, 286–287acknowledge (ACK) packets, 102, 104–105ACLs (access control lists)

access control matrices, 443DACs, 22firewalls, 33, 115

ACTA (Anti-Counterfeiting Trade Agreement), 692

acting phase in IDEAL model, 311, 311active content in malicious code, 339active IDS responses, 594ActiveX controls

signing, 340vulnerabilities, 281, 506–507

actual cash value (ACV) clause, 654–655ad hoc networks, 133Adams, Douglas, 122Address Resolution Protocol (ARP)

cache poisoning, 109description, 109purpose, 94spoofing, 194

addressesIP. See IP (Internet Protocol)MAC, 94, 112

addressing memory, 494Adleman, Leonard, 406administrative access controls, 7, 8administrative law, 684–685

administrative physical security controls, 747

Administrator group audits, 76admissible evidence, 715Advanced Encryption Standard (AES), 135,

391–392Advanced Persistent Threat (APT), 52advisory policies, 222adware, 339AES (Advanced Encryption Standard), 135,

391–392agents

DoS attacks, 191overview, 279–280relay, 181

aggregationaccess aggregation attacks, 53databases, 290–291

agile software development, 308–309AHs (Authentication Headers), 159, 426alarms, 758, 761ALE (annualized loss expectancy)

impact assessment, 629threat/risk calculations, 249–251

algorithms, defined, 367alternate processing sites, 657

cold sites, 657–658continuity planning, 632hot sites, 658–659mobile sites, 659–660multiple, 661service bureaus, 660warm sites, 659

alternative systems, 632ALUs (arithmetic-logical units), 494American Civil War, cryptography in, 363amplifiers, 120analog communications in LANs,

141–142analysis of incidents, 732analytic attacks, 428AND operation, 369annexes in Common Criteria, 463

bindex.indd 834bindex.indd 834 30/05/12 6:44 PM30/05/12 6:44 PM

Page 3: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

annualized loss expectancy (ALE)impact assessment, 629threat/risk calculations, 249–251

annualized rate of occurrence (ARO)likelihood assessment, 627, 629threat/risk calculations, 249–250

anomaly detection, 592Anti-Counterfeiting Trade Agreement

(ACTA), 692antivirus (AV) mechanisms, 332–333, 581APIPA (Automatic Private IP

Addressing), 169applets

hostile, 330vulnerabilities, 280–281, 505–506

application attacks, 344back doors, 346buffer overflows, 344–345exam essentials, 354–355masquerading, 352–353privilege escalation attacks, 346reconnaissance attacks, 350–352review questions, 356–359summary, 353–354TOCTTOU issue, 345Web applications, 346–350, 348written lab, 355

application issues, 276distributed computing, 278–281local/nondistributed computing,

276–277logs, 66

Application layerOSI model, 98–99TCP/IP model, 99–100, 100–101, 109–110

application-level gateway firewalls, 116approval in continuity planning, 633APT (Advanced Persistent Threat), 52arc radius of cable, 124arithmetic-logical units (ALUs), 494ARO (annualized rate of occurrence)

likelihood assessment, 627, 629threat/risk calculations, 249–250

ARP (Address Resolution Protocol)cache poisoning, 109description, 109purpose, 94spoofing, 194

arpspoof tool, 194“Arrangement on the Recognition of

Common Criteria Certificates in the Field of IT Security”, 461

ASs (authentication services), 28assembly code, 300assembly language, 300assessments

BIA. See business impact assessment (BIA)

recovery plan development, 665vulnerability, 554–555

asset valuationattacks, 49–50defined, 243risk, 245–248

asset value (AV) in BIA, 626, 628assets

defined, 242managing, 549–550in threat modeling, 51

assignment of risk, 255assurance

evaluation assurance levels, 463–464overview, 454software development security, 298

asymmetric cryptography, 365, 405El Gamal, 408elliptic curve, 408–409hash functions, 409–412keys

algorithms, 383–386, 384managing, 419–420public and private, 405–406

RSA, 406–407asynchronous communications

in LANs, 142asynchronous dynamic password tokens, 16

annualized loss expectancy (ALE) – asynchronous dynamic password tokens 835

bindex.indd 835bindex.indd 835 30/05/12 6:44 PM30/05/12 6:44 PM

Page 4: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

836 asynchronous tokens – backups

asynchronous tokens, 15–16asynchronous transfer mode (ATM), 177ATO (authorization to operate), 241atomicity in ACID model, 286attachments, email, 184–185attackers

defined, 48threat modeling, 51

attacksaccess control. See access controlapplication. See application attackscryptography, 428–430defined, 244incremental, 519network. See networkspassword. See passwordspreventive measures. See preventive

measures for attackswireless communications, 136

attenuation, cable, 127attributes in relational databases, 283auction sniping, 280audio streaming, 692audit trails, 11

physical access, 761purpose, 68–69

auditors, 73, 210audits and auditing, 73–74

access controls, 64access review, 75configuration, 314entitlement, 75external, 78inspection, 74–75privileged groups, 75–77report handling, 77–78security, 561–562security governance, 219

authenticationaccess control, 9–10biometric factors, 17–20, 19configuration, 314cryptography for, 365–366, 366

Diameter, 32–33Kerberos, 28–29multifactor, 20–21, 63overview, 11–12passwords, 12–14protocols, 154RADIUS, 32remote access, 163security governance, 218–219smart cards, 14–15tokens, 15–16

Authentication Headers (AHs), 159, 426authentication services (ASs), 28authorization

access control, 10–11mechanisms, 33–34security governance, 219

authorization to operate (ATO), 241automated provisioning systems, 35automated recovery, 608automated recovery without undue loss, 608Automatic Private IP Addressing

(APIPA), 169automatic rollover, 502auxiliary alarm systems, 758AV (antivirus) mechanisms, 332–333, 581AV (asset value) in BIA, 626, 628availability

CIA Triad, 3–4, 217–218techniques for, 452–453

AVG function, 290awareness training, 263–264

Bback doors, 346, 516, 518back up keys, 420background checks, 259backups, 666–667

best practices, 668–669disk-to-disk, 668neglecting, 667

bindex.indd 836bindex.indd 836 30/05/12 6:44 PM30/05/12 6:44 PM

Page 5: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

badges – brouters (bridge routers) 837

tapesformats, 667–668protecting, 547–548rotating, 669sensitive information, 541–542

badges, 757bandwidth on demand, 176base+offset addressing, 494baseband cable, 124–125baseband technology, 142baselines, 556, 557

images, 557–558, 557security governance, 222–223

Basic Input/Output System (BIOS), 500–501

basic preventive measures, 579Basic Rate Interface (BRI), 174basic service set identifiers (BSSIDs), 133bastion hosts, 117batch processing, 501battery backup power, 606, 764BCI Good Practices Guide, 664BCP. See business continuity planning (BCP)beacon frames, 134behavior-based detection, 591–593behavioral biometric methods, 17behaviors in object-oriented

programming, 302Bell-LaPadula model, 441, 444–446, 446best-effort communications protocol, 106best evidence rule, 715BIA. See business impact assessment (BIA)Biba models, 441–442, 446–448, 447binary code, 300biometric factors

error ratings, 19–20, 19types, 17–19

biometric registration, 20BIOS (Basic Input/Output System),

500–501birthday attacks, 56, 430bit size in cryptography, 367BitLocker technology, 421

black-box approacheskey management, 420object-oriented programming, 512

black-box testing, 315, 600–601black boxes in phreaking, 189blackouts, 652, 764block ciphers, 380blocking attachments, 184–185Blowfish block cipher, 390blue boxes, 189Blue Screen of Death (BSOD), 299bluebugging, 132bluejacking, 132bluesnarfing, 132Bluetooth standard, 132Boca Ciega High School, 18Boehm, Barry, 306, 308Boeing record retention case, 545bombings, 650book ciphers, 379–380Boolean mathematics, 368–371boot sectors, 330Bootstrap Protocol (BootP), 110botmasters, 336botnets, 336, 587bots, 191, 279–280bottom-up management approach, 206boundaries, security, 190bounds, 452–453breaches

defined, 244Sony, 50

Brewer and Nash model, 449BRI (Basic Rate Interface), 174bridge mode infrastructure, 133bridge routers (brouters), 96, 121bridges, 120–121broadband cable, 124–125broadband LAN technology, 142broadcast domains, 120, 140broadcast messages, 140broadcast technology, 140, 142brouters (bridge routers), 96, 121

bindex.indd 837bindex.indd 837 30/05/12 6:44 PM30/05/12 6:44 PM

Page 6: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

838 brownouts – CDDI (Copper Distributed Data Interface)

brownouts, 606, 764–765brute-force attacks

cryptographic, 428password, 55–56

BSOD (Blue Screen of Death), 299BSSIDs (basic service set identifiers), 133buffer overflows

application attacks, 344–345coding issues, 517–518

buildings in continuity planning, 632burglar alarms, 761bus topologies, 138business attacks, 722business continuity planning (BCP), 617–618

benefits, 623business impact assessment, 625–630, 628business organization analysis, 620continuity planning, 630–633documentation, 634–637exam essentials, 637–638legal and regulatory requirements, 624planning, 618–619resource requirements, 622–623review questions, 639–642senior management, 622summary, 637team selection, 620–621written lab, 638

business impact assessment (BIA), 625–626impact assessment, 628–629likelihood assessment, 627–628, 628priorities, 626recovery strategy, 655resource prioritization, 629–630risk identification, 626–627

business organization analysis, 620business units in recovery strategy, 655

CC++ language, 300C3 cipher, 363cable, 123

baseband and broadband, 124–125coaxial, 123–124conductors, 126–127shielding, 521twisted-pair, 125–126

cache poisoning, 109cache RAM, 493CACs (common access cards), 15Caesar cipher, 362–363, 375–376, 378Cain & Abel tool, 56, 194CALEA (Communications Assistance for

Law Enforcement Act), 131, 698callback mechanism, 164Caller ID, 162, 164cameras, 759Candidate Information Bulletin (CIB), 591candidate keys in relational databases, 284canons, 736capabilities lists, 439, 443Capability Maturity Model, 306capacitance motion detectors, 757cardinality in relational databases,

283–284carrier network communications, 173Carrier-Sense Multiple Access (CSMA), 143Carrier-Sense Multiple Access with Collision

Avoidance (CSMA/CA), 143Carrier-Sense Multiple Access with Collision

Detection (CSMA/CD), 143–144CAs (certificate authorities), 416–417cascading composition theory, 442categories

access control, 6computer crime, 721–725data, 225–229

CBC (Cipher Block Chaining) mode, 388

CBK (Common Body of Knowledge), 206CCMP (Counter Mode with Cipher Block

Chaining Message Authentication Code Protocol), 135

CCTV, 759CDDI (Copper Distributed Data Interface),

141

bindex.indd 838bindex.indd 838 30/05/12 6:44 PM30/05/12 6:44 PM

Page 7: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

CDIs (constrained data items) – Clark-Wilson model 839

CDIs (constrained data items), 449cell phones, 129–131cell suppression, 289central processing units (CPUs).

See processorscentral station systems, 758centralized access control, 26–27centralized remote authentication

services, 165CER (crossover error rate), 19–20, 19certificate authorities (CAs), 416–417certificate path validation (CPV), 417certificate practice statement (CPS), 419certificate revocation lists (CRLs),

418–419certificates

enrollment, 418PKI, 415–416revoking, 419verifying, 418

certification in evaluation models, 466–468

CFAA (Computer Fraud and Abuse Act), 686–687

CFB (Cipher Feedback) mode, 388CFR (Code of Federal Regulations),

685chain of evidence, 716Challenge Handshake Authentication

Protocol (CHAP), 154challenge-response authentication,

365–366, 366change logs, 66change management, 224–225

overview, 559–560, 559process, 560–561software development, 306,

313–314versioning, 561

channel service unit/data service unit (CSU/DSU), 175

channelscovert, 515–516wireless networks, 133–134

CHAP (Challenge Handshake Authentication Protocol), 154

Chapple, Mike, 292Chauvaud, Pascal, 411checklists, 665, 672–673checksums for hash totals, 180Children’s Online Privacy Protection Act

(COPPA), 699Chinese Wall model, 449chipping codes, 129chosen ciphertext attacks, 429chosen plain-text attacks, 429CIA Triad, 3–4

availability, 217–218confidentiality, 214–215integrity, 215–216priorities, 216–217

CIB (Candidate Information Bulletin), 591CIDR (Classless Inter-Domain Routing)

notation, 107Cipher Block Chaining (CBC) mode, 388Cipher Feedback (CFB) mode, 388ciphers, 374

block, 380vs. codes, 374–375one-time pads, 377–379running key, 379–380stream, 380substitution, 375–377transposition, 375

ciphertext messages, 366ciphertext only attacks, 429CIR (Committed Information Rate), 176circuit encryption in networks, 425circuit-level gateway firewalls, 116circuit proxies, 116circuit switching, 170–171CIRTs (computer incident response teams),

575, 728CISSP Certification Common Body

of Knowledge (CBK) Study Guide, 591

civil laws, 684Clark-Wilson model, 448–449

bindex.indd 839bindex.indd 839 30/05/12 6:44 PM30/05/12 6:44 PM

Page 8: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

840 classes – composition passwords

classesIP, 107ITSEC, 460–461object, 301–302, 512TCSEC, 456–457

classification levels in Bell-LaPadula model, 445

classification of data, 225–229classified data, 227Classless Inter-Domain Routing (CIDR)

notation, 107clean power, 765cleaning malicious code, 340clearing sensitive information, 543, 544click-wrap license agreements, 695client systems, malicious code

countermeasures for, 340Clipper chip, 391clipping levels, 69closed head water suppression systems, 770closed systems, 451–452cloud computing

backups, 668concepts, 508–509

clustersdescription, 502failover, 605–606, 605

CMWs (compartmented mode workstations), 489

coaxial cable, 123–124COBIT (Control Objectives for Information

and Related Technology), 213Code of Ethics, 735–736Code of Federal Regulations (CFR), 685Code Red worm, 336–337code review walk-throughs, 305codes vs. ciphers, 374–375coding flaws, 516–520cognitive passwords, 14cohesion in object-oriented programming, 302cold rollover, 502cold sites, 657–658cold-swappable RAID systems, 503collecting evidence, 717–718

collision domains, 119–120, 140collisions

attacks, 430LAN media access, 143–144

collusion, 258, 537columnar transposition, 375combination locks, 756–757COMMIT command, 286Committed Information Rate (CIR), 176common access cards (CACs), 15Common Body of Knowledge (CBK), 206Common Criteria, 456, 461

recognition, 461–462structure, 462–465

common mode noise, 765common routers, 116Common Vulnerability and Exposures

(CVE) database, 555communications

disconnects, 520emergency, 656network segmentation, 114recovery plan development, 664–665switching technologies, 172voice, 186–189wireless. See wireless communications

Communications Assistance for Law Enforcement Act (CALEA), 131, 698

companion viruses, 331comparative password analysis, 55compartmentalized environment, 25compartmented mode systems, 318, 488–489compartmented mode workstations (CMWs),

489compensation access control, 6competent evidence, 715–717compiled languages, 300–301compilers, 300complexity of passwords, 13compliance

issues, 208overview, 703–704privacy requirements, 212–213

composition passwords, 13

bindex.indd 840bindex.indd 840 30/05/12 6:44 PM30/05/12 6:44 PM

Page 9: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

composition theories – cost effective security 841

composition theories, 442computer architecture, 478–479

firmware, 500–501input and output devices, 498–499input/output structures, 499–500memory, 491–496processors. See processorsstorage, 496–498

computer crime, 721business attacks, 722financial attacks, 722–723incidents, 572laws, 685–689military and intelligence attacks, 721–722terrorist attacks, 723thrill attacks, 725

computer export controls, 696–697Computer Fraud and Abuse Act (CFAA),

686–687computer incident response teams (CIRTs),

575, 728Computer Security Act (CSA), 687–688concentrators, 120, 127conceptual definition phase in systems

development, 303–304conclusive evidence, 715concurrency of databases, 288conductors, cable, 126–127conficker vulnerability, 552confidential data classification, 227–228confidentiality

CIA Triad, 3–4, 214–215cryptography for, 364–365techniques, 452–453

configuration management, 555–556baselining, 556–558, 557documentation, 558software development security, 313–314

confinement, 452Confinement Property, 445confusion in cryptography, 380connections in WANs, 174–177consistency in ACID model, 286–287constrained data items (CDIs), 449

constrained interfaces, 34consultants

controls, 261risk, 247

contamination, database, 287content-dependent access controls, 34,

288–289content filters, 340context-dependent access controls, 34continuity planning, 630. See also business

continuity planning (BCP)plan approval, 633plan implementation, 633provisions and processes, 631–632strategy development phase, 630–631training and education, 633

contractorscontrols, 261governance reviews, 704–705

contractual license agreements, 695Control Objectives for Information and

Related Technology (COBIT), 213control zones, 521, 763controlled access protection systems, 457controlled security mode systems, 489controls, 453–454

access. See access controlconfiguration, 314security governance, 213–214software development, 316–318, 316specifications development,

304–305controls gap, 256converting IP addresses, 169COPPA (Children’s Online Privacy

Protection Act), 699copper conductors, 126Copper Distributed Data Interface

(CDDI), 141copyrights, 690–692cordless phones, 132corporate property, 748corrective access control, 5–6cost effective security, 265

bindex.indd 841bindex.indd 841 30/05/12 6:44 PM30/05/12 6:44 PM

Page 10: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

842 cost functions in quantitative risk analysis – custodians

cost functions in quantitative risk analysis, 248–249

COUNT function, 290Counter (CTR) mode, 388Counter Mode with Cipher Block Chaining

Message Authentication Code Protocol (CCMP), 135

countermeasuresdefined, 244malicious code, 339–341password attacks, 344TEMPEST, 762–763

coupling in object-oriented programming, 303

covert channels, 515–516CPS (certificate practice statement), 419CPTED (crime prevention through

environmental design), 750CPUs (central processing units).

See processorsCPV (certificate path validation), 417Crack program, 342crackers, 48Creating Defensible Space, 750credentials, logon, 16creeping privileges, 37crime prevention through environmental

design (CPTED), 750criminal law, 682–684crisis management, 656critical path analysis, 747criticality prioritization, 626CRLs (certificate revocation lists),

418–419cross-site scripting (XSS) attacks, 347cross-training, 538crossover error rate (CER), 19–20, 19cryptanalysis, 367cryptography, 361

asymmetric. See asymmetric cryptography

attacks, 428–430cipher systems, 374–380

concepts, 366–368digital signature systems, 413–415email, 421–424, 424exam essentials, 396–398, 431–432goals, 364–366, 366history, 362–364keys, 381–382

asymmetric, 383–386, 384, 405–406, 419–420

hashing algorithms, 386requirements, 384static tokens, 16symmetric, 382–383, 382

life cycle, 395–396mathematics, 368

Boolean, 368–371modulo function, 371nonces, 372one-way functions, 371–372zero-knowledge proof, 372–373, 373

networks, 425–428PKI, 415–419portable devices, 420–421review questions, 399–402, 433–436split knowledge, 373summary, 396, 430–431symmetric. See symmetric cryptographywork function, 374written lab, 398, 432

cryptology, 367cryptosystems, 367cryptovariables, 367CSA (Computer Security Act), 687–688CSC-STD-003-85, 318CSMA (Carrier-Sense Multiple Access), 143CSMA/CA (Carrier-Sense Multiple Access

with Collision Avoidance), 143CSMA/CD (Carrier-Sense Multiple Access

with Collision Detection), 143–144CSU/DSU (channel service unit/data service

unit), 175CTR (Counter) mode, 388custodians, 3

bindex.indd 842bindex.indd 842 30/05/12 6:44 PM30/05/12 6:44 PM

Page 11: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

customer goodwill – Delphi technique 843

customer goodwill, 49CVE (Common Vulnerability and

Exposures) database, 555CWR flag, 104–105CyberTrust third party, 455

DD2D (disk-to-disk) backup, 668DACs (discretionary access controls), 22damage from fire, 771darknets, 598DARPA model. See TCP/IP modeldata at rest, cryptography for, 365data breaches

defined, 244Sony, 50

data center security, 751–752data classification, 225–229data custodian role, 209–210Data Definition Language (DDL), 285data diddling, 519Data Encryption Standard (DES), 382,

387–388data extraction, 69data flow control, 505data hiding, 211, 318, 512data in motion, cryptography for, 365data/information storage, 293–294Data Link layer in OSI model, 93–95Data Manipulation Language

(DML), 285data marts, 292data mining, 291–292data owners role, 209Data Protection Directive, 212data remanence, 497, 543data streams in OSI model, 91, 92data terminal equipment/data circuit-

terminating equipment (DTE/DCE), 175–176

database contamination, 287

database management system (DBMS) architectures, 282–285, 282, 284

database recovery, 662electronic vaulting, 662remote journaling, 662–663remote mirroring, 663

databases and data warehousing, 282aggregation, 290–291data mining, 291–292DBMS, 282–285, 282, 284multilevel, 287–289ODBC, 289, 290shadowing, 502transactions, 286–287

datagrams in OSI model, 91, 92DBMS (database management system)

architectures, 282–285, 282, 284DDL (Data Definition Language), 285DDoS (distributed denial of service) attacks,

62, 191–192decentralized access control, 26–27decision making types, 625decision support systems (DSSs), 297declassification of sensitive information, 544decryption routines, 334dedicated mode systems, 318, 488dedicated WAN lines, 173deencapsulation in OSI model, 90–91, 90–92default subnet masks, 107defense in depth, 7–8, 8, 210–211Defense Information Technology Security

Certification and Accreditation Process (DITSCAP), 468

definition phase in DITSCAP and NIACAP, 468

degaussing sensitive information, 544degrees in relational databases, 283–284delay, security controls for, 749delay feature, mantraps as, 754delegation

incident response, 575object-oriented programming, 302

Delphi technique, 254

bindex.indd 843bindex.indd 843 30/05/12 6:44 PM30/05/12 6:44 PM

Page 12: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

844 Delta rule – directory services

Delta rule, 296deluge water suppression systems, 770demilitarized zones (DMZs)

firewalls, 117–118, 118Web applications, 349

denial of service (DoS) attacksdescription, 62incident handling, 727overview, 191–192preventive measures, 583–584

denial security controls, 749Department of Defense, APT attacks, 52Department of Defense Password

Management Guidelines, 458deployment

firewalls, 117–119, 118patches, 552

DES (Data Encryption Standard), 382, 387–388

designsite. See site and facility designvulnerabilities from, 516–520

design review in software development, 305desktops, virtual, 179destroying sensitive information, 543, 544destruction

sensitive information, 544symmetric keys, 394by viruses, 329

detection and identification, 730fire, 769–770IDSs. See intrusion detection systems

(IDSs)incidents, 574–575security controls for, 749

detective access control, 5deterrent alarms, 758deterrent control, 6, 748Devakumar, Vijay, 56devices

firmware, 501Transport layer, 97

DHCP (Dynamic Host Configuration Protocol), 110

DIACAP (DoD Information Assurance Certification and Accreditation Process), 468

diagnosing phase in IDEAL model, 311, 311

dial-up protocolsencapsulation, 178remote access security management,

164–165Diameter authentication, 32–33dictionaries

data, 291password attacks, 54–55, 342–343

diddling, data, 519differential backups, 666Diffie-Hellman key encryption, 393–394diffusion in cryptography, 380digital certificates

enrollment, 418PKI, 415–416revoking, 419verifying, 418

digital communications in LANs, 141–142Digital Millennium Copyright Act (DMCA),

690–692Digital Signature Algorithm (DSA), 415Digital Signature Standard (DSS), 415digital signatures, 413–414

DSS, 415HMAC, 414–415static tokens, 16

digital subscriber line (DSL), 174direct addressing, 494direct evidence, 717Direct Inward System Access (DISA),

188–189Direct Memory Access (DMA), 500Direct Sequence Spread Spectrum

(DSSS), 129Directive 95/46/EC, 212directive access control, 6Directory Service Markup Language

(DSML), 31directory services, 27

bindex.indd 844bindex.indd 844 30/05/12 6:44 PM30/05/12 6:44 PM

Page 13: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

DISA (Direct Inward System Access) – domains 845

DISA (Direct Inward System Access), 188–189

disaster recovery planning (DRP), 618–619, 643

disastersman-made, 649–654natural, 645–649, 647nature of, 644–645

exam essentials, 675maintenance, 674recovery plan development. See recovery

plan developmentrecovery strategy. See recovery strategyreview questions, 676–679summary, 674testing, 672–673training and documentation, 671–672written lab, 675

discretionary access controls (DACs), 22discretionary MAC models, 25discretionary protection systems in TCSEC,

456–457Discretionary Security Property, 445discretionary security protection systems in

TCSEC, 456disgruntled employees, 539disk-to-disk (D2D) backup, 668distance vector routing protocols, 96distributed access control, 27distributed architecture, 504

applets, 505–507cloud computing, 508–509grid computing, 509–510peer to peer technologies, 510safeguards, 507–508vulnerabilities, 504–505

distributed computing, 278–281distributed databases, 282–283, 282distributed denial of service (DDoS) attacks,

62, 191–192distributed reflective denial-of-service

(DRDoS) attacks, 584distributing audit reports, 78distributing symmetric keys, 393

distribution methods for malicious code, 580

DITSCAP (Defense Information Technology Security Certification and Accreditation Process), 468

DMA (Direct Memory Access), 500DMCA (Digital Millennium Copyright Act),

690–692DML (Data Manipulation Language), 285DMZs (demilitarized zones)

firewalls, 117–118, 118Web applications, 349

DNS (Domain Name System)poisoning, 194–195reverse lookups, 595TCP/IP, 112–113

DNS Changer botnet, 587DNSSEC (Domain Name System Security

Extensions), 195Dobbertin, Hans, 412documentary evidence, 715documentation

BCP, 634–637configuration, 558disaster recovery planning, 671–672review process, 241

DoD Information Assurance Certification and Accreditation Process (DIACAP), 468

DOD model. See TCP/IP modeldogs, 755–756Domain Name System (DNS)

poisoning, 194–195reverse lookups, 595TCP/IP, 112–113

Domain Name System Security Extensions (DNSSEC), 195

domainsbroadcast, 120, 140collision, 119–120, 140layers, 511mandatory access controls, 24relational databases, 283trusts, 27

bindex.indd 845bindex.indd 845 30/05/12 6:44 PM30/05/12 6:44 PM

Page 14: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

846 DoS (denial of service) attacks – Electronic Codebook (ECB) mode

DoS (denial of service) attacksdescription, 62incident handling, 727overview, 191–192preventive measures, 583–584

Double DES (2DES), 429downloads, drive-by, 60, 580DRDoS (distributed reflective denial-

of-service) attacks, 584drive-by downloads, 60, 580DRP. See disaster recovery planning (DRP)dry pipe water suppression systems, 770DSA (Digital Signature Algorithm), 415DSL (digital subscriber line), 174DSML (Directory Service Markup

Language), 31DSS (Digital Signature Standard), 415DSSs (decision support systems), 297DSSS (Direct Sequence Spread

Spectrum), 129DTE/DCE (data terminal equipment/

data circuit-terminating equipment), 175–176

dual administrator accounts, 76–77dual-homed firewalls, 117due care, 214due diligence, 214dumpster diving, 352durability in ACID model, 287duties

rotating, 538separating from responsibilities,

534–537, 536dwell time in keystroke patterns, 18Dynamic Host Configuration Protocol

(DHCP), 110dynamic NAT, 168–169dynamic packet filtering firewalls, 116dynamic ports, 101dynamic RAM, 493dynamic testing, 315dynamic tokens, 15dynamic Web applications, 348–349, 348

EEAC (electronic access control) locks, 756EALs (evaluation assurance levels),

463–464EAP (Extensible Authentication Protocol),

154earthquake hazard maps, 627, 628earthquakes, 645–646eavesdropping, 57, 192–193, 751ECB (Electronic Codebook) mode, 387ECDSA (Elliptic Curve DSA), 415ECE flag, 104–105Echoplex error control, 165Economic and Protection of Proprietary

Information Act, 698–699Economic Espionage Act, 695ECPA (Electronic Communications Privacy

Act), 698eDirectory service, 27edit control for databases, 288education

continuity planning, 633personnel, 263–264users, 63

EEPROM (electronically erasable programmable read-only memory), 492

EES (Escrowed Encryption Standard), 390EF (exposure factor)

cost functions, 248–249impact assessment, 628

EFS (Encrypting File System) technology, 421

El Gamal algorithm, 408electricity, 764–765. See also powerelectrocution danger, 766electromagnetic (EM) radiation, 521electromagnetic interference (EMI), 765electronic access control (EAC)

locks, 756electronic access to password files, 62Electronic Codebook (ECB) mode, 387

bindex.indd 846bindex.indd 846 30/05/12 6:44 PM30/05/12 6:44 PM

Page 15: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

Electronic Communications Privacy Act (ECPA) – error ratings in biometric factors 847

Electronic Communications Privacy Act (ECPA), 698

electronic mail. See emailelectronic serial numbers (ESNs), 189electronic vaulting, 501, 662electronically erasable programmable

read-only memory (EEPROM), 492elevated privileges, 538–539elliptic curve cryptography theory,

408–409Elliptic Curve DSA (ECDSA), 415elliptic curve groups, 409EM (electromagnetic) radiation, 521EM (expectation maximization)

clustering, 292email

cryptography, 421–423phishing, 60security, 181

goals, 181–182issues, 183solutions, 183–185

spoofing, 59emanation security, 762–763embedded device analysis, 718emergency communications, 656emergency response

BCP documentation, 636recovery plan development, 664

emergency-response personnel, proximity to, 749

EMI (electromagnetic interference), 765employees. See personnel securityemployment agreements, 259–260Encapsulating Security Payload (ESP),

159, 426encapsulation, 318

dial-up protocols, 178OSI model, 90–91, 90–92TCP/IP, 111

encrypted viruses, 334Encrypting File System (EFS)

technology, 421

encryption. See also cryptographyend-to-end, 425export controls, 697overview, 211–212passwords, 12, 62sensitive information, 542TLS, 153

end-to-end encryption, 425end-to-end security, 122end users

access control, 2–3education, 63remote assistance, 164role, 210

endpoint security in networks, 119Enigma code machine, 364enrollment

biometric registration, 20certificates, 418provisioning, 35

enterprise extended mode infrastructure, 133entities in access control, 2entitlement audits, 75environment and life safety, 763

fire, 767–772, 767noise, 765personnel privacy and safety, 763–764physical security. See physical securitypower and electricity, 764–765temperature, humidity, and static, 766water leakage and flooding, 766

ephemeral ports, 101EPROM (erasable programmable read-only

memory), 492equal error rate (ERR), 19equipment

failures, 772life cycle, 549–550

erasable programmable read-only memory (EPROM), 492

erasing sensitive information, 543ERR (equal error rate), 19error ratings in biometric factors, 19–20, 19

bindex.indd 847bindex.indd 847 30/05/12 6:44 PM30/05/12 6:44 PM

Page 16: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

848 escalation of privileges – false alarms

escalation of privileges, 346escrow

software, 669–670symmetric cryptography keys, 394

Escrowed Encryption Standard (EES), 390ESNs (electronic serial numbers), 189ESP (Encapsulating Security Payload),

159, 426espionage

Economic Espionage Act, 695industrial, 722overview, 589

ESSIDs (extended service set identifiers), 133–134

establishing phase in IDEAL model, 311, 311

Esthost botnet, 587Ethernet technologies, 140–141ethical hacking in penetration testing, 602ethics, 735–737Ettercap tool, 194EUI-48 MAC addressing, 94European Union privacy law, 701–703evaluation assurance levels (EALs), 463–464Evaluation Criteria for Information

Technology Security document, 462evaluation models, 454–455

certification and accreditation, 466–468Common Criteria, 461–465industry and international security

implementation guidelines, 465ITSEC, 460–461rainbow series, 455–460

Event Viewer logs, 64–65, 65events in incident handling, 725evidence, 714

admissible, 715chain of evidence, 716collection and forensic procedures,

717–718types, 715–717

excessive privilege, 37exclusive OR (XOR) function, 370–371execution types, 479–482

exercises in BCP documentation, 637expectation maximization (EM)

clustering, 292experienced exposure, 243expert opinion, 717expert systems, 295exploit Wednesday, 552explosions, 650export laws, 696–697exposure, defined, 243exposure factor (EF)

cost functions, 248–249impact assessment, 628

extended LANs, 122extended service set identifiers (ESSIDs),

133–134extended TACACS (XTACACS), 32Extensible Access Control Markup Language

(XACML), 31Extensible Authentication Protocol

(EAP), 154Extensible Markup Language (XML), 30external audits, 78external communications in recovery plan

development, 670extinguishers, fire, 769extranets, 113

Fface scans, 17facilities

continuity planning, 632design. See site and facility design

fail-open systems, 607fail-secure and fail-open states, 298–299fail-secure systems, 502, 607failover, 502, 605–606, 605failure states in initialization, 517fair cryptosystems approach, 395false acceptance rate (FAR) in biometric

factors, 19, 19false alarms, 593

bindex.indd 848bindex.indd 848 30/05/12 6:44 PM30/05/12 6:44 PM

Page 17: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

false rejection rate (FRR) in biometric factors – firewalls 849

false rejection rate (FRR) in biometric factors, 19, 19

false values, 368Family Educational Rights and Privacy Act

(FERPA), 700FAR (false acceptance rate) in biometric

factors, 19, 19Faraday cages, 521, 762–763fault-resistant disk systems (FRDSs), 503fault tolerance, 603

carrier network communications, 173hard drives, 502–504, 603–605power sources, 606servers, 605–606, 605trusted recovery, 606–608

faults, defined, 764fax encryptors, 185faxes, 185FDDI (Fiber Distributed Data Interface), 141Federal Bureau of Investigation (FBI), 577, 719Federal Information Processing Standard

(FIPS) 140–2, 367Federal Information Processing Standard

(FIPS) 180, 410Federal Information Processing Standard

(FIPS) 185, 390Federal Information Processing Standard

(FIPS) 186–3, 415Federal Information Processing Standard

(FIPS) 197, 391Federal Information Processing Standard

(FIPS) 200, 67Federal Sentencing Guidelines, 688federated identity management, 30–31feedback composition theory, 442feedback loop characteristic of waterfall

model, 306fences, 753–754FERPA (Family Educational Rights and

Privacy Act), 700FHSS (Frequency Hopping Spread

Spectrum), 128Fiber Distributed Data Interface (FDDI), 141fiber-optic cable, 127

fields in relational databases, 283fifth-generation languages (5GL), 301file access control, 2file infector viruses, 330–331File Transfer Protocol (FTP), 109FileVault encryption, 421filters

firewalls, 115malicious code countermeasures, 340screen, 59

FIN (finish) packets, 102, 104–105financial attacks, 722–723finger utility, 337–338fingerprints, 17finish (FIN) packets, 102, 104–105finite state machines (FSMs), 441FIPS (Federal Information Processing

Standard) 140-2, 367FIPS (Federal Information Processing

Standard) 180, 410FIPS (Federal Information Processing

Standard) 185, 390FIPS (Federal Information Processing

Standard) 186-3, 415FIPS (Federal Information Processing

Standard) 197, 391FIPS (Federal Information Processing

Standard) 200, 67fire

damage, 771detection systems, 769–770extinguishers, 769gas discharge systems, 770–771man-made, 649natural disasters, 648overview, 767–768, 767–768water suppression systems, 770

fire triangle, 767, 767firewalls

ACLs, 33deployment architectures, 117–119, 118logs, 66multihomed, 117overview, 115–117

bindex.indd 849bindex.indd 849 30/05/12 6:44 PM30/05/12 6:44 PM

Page 18: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

850 firing employees – Google, APT attacks

firing employees, 261–263, 589firmware, 500–501first-generation languages (1GL), 301first normal form (1NF), 2855-4-3 rule, 127fixed-temperature fire detection systems, 769flame-actuated fire detection systems, 769flame stage of fire, 768flash drives, 546–547flash floods, 646flashing BIOS, 500flight time in keystroke patterns, 18flip-flops, 493flood attacks

ping, 588preventive measures, 584–585, 584

flood maps, 627, 647, 647floods

disaster recovery plans, 646–647, 647plumbing leaks, 766

footers in OSI model, 90, 90foreign keys in relational databases, 285forensic procedures, 717–718FORTRAN language, 3004G technology, 130Fourth Amendment, 698, 719fourth-generation languages (4GL), 301fraggle attacks, 585–586Frame Relay connections, 176–177frames

beacon, 134Ethernet, 140OSI model messages, 91, 92

fraud in voice communications, 187–188FRDSs (fault-resistant disk systems), 503French government, APT attacks, 52frequency, 128frequency analysis cryptographic attacks, 429Frequency Hopping Spread Spectrum

(FHSS), 128FRR (false rejection rate) in biometric

factors, 19, 19FSMs (finite state machines), 441

FTP (File Transfer Protocol), 109full backups, 666full-duplex communication, 97full-interruption tests, 673full-knowledge teams, 600–601full mesh topologies, 139function recovery, 608functional priorities in recovery strategy, 655functional requirements determination, 304functions

aggregate, 290–291cost, 248–249hash, 409–412one-way, 371–372

fuzzy logic, 296

GGantt charts, 312, 312gas discharge fire suppression systems,

770–771gates, 753–754Gates, Bill, 518gateways, 121gathering evidence, 731General Protection Faults (GPFs), 317Generalized Markup Language

(GML), 30generators, 606GFS (Grandfather-Father-Son)

strategy, 669Gibson, Steve, 728GISRA (Government Information Security

Reform Act), 689GLBA (Gramm-Leach-Bliley Act), 212,

699–700GML (Generalized Markup Language), 30GnuPG PGP solution, 184goals in documentation, 634Goguen-Meseguer model, 449–450Good Times virus warning, 334Google, APT attacks, 52

bindex.indd 850bindex.indd 850 30/05/12 6:44 PM30/05/12 6:44 PM

Page 19: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

governance – High Speed Serial Interface (HSSI) 851

governance. See security governanceGovernment Information Security Reform

Act (GISRA), 689GPFs (General Protection Faults), 317Graham-Denning model, 450Gramm-Leach-Bliley Act (GLBA), 212,

699–700Grandfather-Father-Son (GFS)

strategy, 669gray-box testing, 315, 600–601Green Book, 458grid computing, 509–510ground wires, 765grudge attacks, 723–725guards, 755–756guessing passwords, 341–342Guide to Integrating Forensic into Incident

Response, 715“Guide to Intrusion Detection and

Prevention Systems”, 590–591Guide to Protecting the Confidentiality of

Personally Identifiable Information (PII), 540, 773

guidelines in security governance, 222–223

Gumblar drive-by download, 580

Hhackers, 48hacktivism, 725hailstorms, 648half-duplex communication, 97halon, 770–771hand geometry, 18hard drives, protecting, 502–504, 603–605hardening provisions, 632hardware, 479

in evidence collection, 718failures, 651–652firmware, 500–501input and output devices, 498–499

input/output structures, 499–500memory, 491–496processors. See processorsreplacement options, 660segmentation, 316, 513storage, 496–498

hardware-based RAID arrays, 604–605hardware security module (HSM), 469Hash of Variable Length (HAVAL)

algorithm, 410hash totals, 180Hashed Message Authentication Code

(HMAC) algorithm, 414–415hashes

asymmetric cryptography, 409–412cryptographic keys, 386passwords, 55–56

HAVAL (Hash of Variable Length) algorithm, 410

HDLC (High-Level Data Link Control), 177

headersauthentication, 159, 426OSI model, 90, 90TCP, 103–104

Health Insurance Portability and Accountability Act (HIPAA), 212, 699

hearsay evidence, 717heart patterns, 18heartbeat sensors, 762heat-based motion detectors, 757heat damage, 771heat stage of fire, 768Hertz (Hz), 128heuristics-based detection, 592HIDS (host-based IDS), 594–596hierarchical databases, 282–283, 282hierarchical environment, 25hierarchical storage management (HSM)

system, 669high-level Administrator group audits, 76High-Level Data Link Control (HDLC), 177High Speed Serial Interface (HSSI), 177

bindex.indd 851bindex.indd 851 30/05/12 6:44 PM30/05/12 6:44 PM

Page 20: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

852 hijacking – implementation

hijackingDNS, 194–195session, 353

HIPAA (Health Insurance Portability and Accountability Act), 212, 699

hiring new staff, 36, 257, 259history, password, 13HMAC (Hashed Message Authentication

Code) algorithm, 414–415hoaxes, 334–335honeypots, 597hookup composition theory, 442host-based IDS (HIDS), 594–596host interfaces, 132hostile applets, 330hot rollover, 502hot sites, 658–659hot-swappable RAID, 503HSM (hardware security module), 469HSM (hierarchical storage management)

system, 669HSSI (High Speed Serial Interface), 177HTML (Hypertext Markup Language), 30HTTP (Hypertext Transport Protocol), 110HTTPS (Hypertext Transfer Protocol over

Secure Sockets Layer), 422hubs, 120humidity, 766hurricanes, 648hybrid environments in MAC model, 25hybrid password attacks, 55hyperlink spoofing, 195Hypertext Markup Language (HTML), 30Hypertext Transfer Protocol over Secure

Sockets Layer (HTTPS), 422Hypertext Transport Protocol (HTTP), 110Hz (Hertz), 128

II Love You virus, 331IAB (Internet Advisory Board), 736IANA (International Assigned Numbers

Authority), 101

ICMP (Internet Control Message Protocol), 108, 585

IDEA (International Data Encryption Algorithm) block cipher, 390

IDEAL model, 310–312, 311identification, 11–12

access control, 9biometric factors, 17–20, 19configuration, 314multifactor authentication, 20–21passwords, 12–14security governance, 218smart cards, 14–15tokens, 15–16

identification cards, 757identity and access provisioning life cycle, 35

account review, 36account revocation, 37–38provisioning, 35–36

identity-based access control, 22Identity Theft and Assumption Deterrence

Act, 700IDSs (intrusion detection systems), 590,

761–762host- and network-based, 594–596IDS response, 593–594intrusion prevention systems, 596, 596knowledge- and behavior-based

detection, 591–593tools, 596–598

IEEE 802.1x standard, 428ighashgpu tool, 56IGMP (Internet Group Management

Protocol), 109IM (instant messaging), 163images in baselining, 557–558, 557IMAP (Internet Message Access Protocol),

110, 181immediate addressing, 494impact assessment. See business impact

assessment (BIA)impersonation, 53, 193implementation

continuity planning, 633cryptographic attacks, 428

bindex.indd 852bindex.indd 852 30/05/12 6:44 PM30/05/12 6:44 PM

Page 21: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

implementation phase in BCP – integrity checking software 853

implementation phase in BCP, 623implicit deny principle, 33import/export laws, 696–697in-house hardware replacement, 660incident handling, 713

computer crime categories, 721–725

data integrity and retention, 733defining, 572–573exam essentials, 738–739interviews, 733investigations, 714

evidence, 714–718process, 719–720

overview, 725–726reports, 734–735response process, 730–733response teams, 728–729review questions, 741–744summary, 737–738types, 726–728written lab, 740

incident management, 571exam essentials, 609–611incidents defined, 572–573preventive measures. See preventive

measures for attacksresponse steps, 573–578, 574review questions, 612–615summary, 608–609system resilience and fault tolerance,

603–608written lab, 611

incipient stage in fire, 768incremental attacks, 519incremental backups, 666indirect addressing, 494industrial espionage, 722industry guidelines, 465inference attacks, 291inference engines, 295information flow model, 441–442information hiding, 318information systems

security capabilities, 469

security evaluation models. See evaluation models

Information Systems Audit and Control Association (ISACA), 213

Information Technology Infrastructure Library (ITIL), 213, 556

Information Technology Security Evaluation Criteria (ITSEC), 223–224

classes and required assurance and functionality, 460–461

development, 455–456informative policies, 222InfraGard program, 734infrared motion detectors, 757infrastructure

continuity planning, 632failures, 651wireless network nodes, 133

infrastructure as a service, 509inheritance in object-oriented programming,

302initialization failure states, 517initiating phase in IDEAL model,

311, 311injection attacks, 348–350, 348input and output devices, 498–499input/output structures, 499–500input validation

buffer overflow, 517cross-site scripting, 347SQL injection attacks, 350

inrush, 765insider threats, 724inspection audits, 74–75instances in object-oriented programming,

302instant messaging (IM), 163Integrated Services Digital Network

(ISDN), 174integrity

CIA Triad, 3–4, 215–216cryptography for, 365techniques for, 452–453verifying, 180

integrity checking software, 340

bindex.indd 853bindex.indd 853 30/05/12 6:44 PM30/05/12 6:44 PM

Page 22: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

854 integrity verification procedures (IVPs) – ISAKMP

integrity verification procedures (IVPs), 449

intellectual property, 689–690intelligence attacks, 721–722intent to use applications, 693interim reports, 78internal security in site and facility

design, 751International Assigned Numbers Authority

(IANA), 101International Criminal Police Organization

(INTERPOL), 577International Data Encryption Algorithm

(IDEA) block cipher, 390International Information Systems

Security Certification Consortium (ISC2), 735–736

International Organization for Standardization (ISO), 465

International Organization on Computer Evidence (IOCE), 717

international security implementation guidelines, 465

Internet Advisory Board (IAB), 736Internet Control Message Protocol (ICMP),

108, 585Internet Group Management Protocol

(IGMP), 109Internet layer in TCP/IP model, 99–100,

100–101Internet Message Access Protocol (IMAP),

110, 181Internet Protocol. See IP (Internet Protocol)Internet Protocol Security (IPSec) standard,

33, 158–159, 425–427Internet Security Association and Key

Management Protocol (ISAKMP), 427Internet Worm, 278, 337–338INTERPOL (International Criminal Police

Organization), 577interpreted languages, 301interrogation, 733interrupt conflicts, 500

interrupt requests (IRQ), 499–500interviewing individuals, 733intranets, 113intrusion alarms, 758intrusion detection systems (IDSs), 590,

761–762host- and network-based, 594–596IDS response, 593–594intrusion prevention systems, 596, 596knowledge- and behavior-based

detection, 591–593tools, 596–598

intrusion prevention systems (IPSs), 596, 596investigations, 714

audit trails, 72–73evidence, 714–718process, 719–720

IOCE (International Organization on Computer Evidence), 717

IP (Internet Protocol), 106classes, 107IP addresses, 106

ARP spoofing, 194converting, 169DNS, 112loopback, 170NAT, 165–170private, 167–168spoofing, 352–353

probes, 351IPSec (Internet Protocol Security),

33, 158–159, 425–427IPSs (intrusion prevention systems),

596, 596IPv4 addresses, 106IPv6 addresses, 106iris scans, 17IronKey flash drives, 547IRQ (interrupt requests), 499–500ISACA (Information Systems Audit and

Control Association), 213ISAKMP (Internet Security Association and

Key Management Protocol), 427

bindex.indd 854bindex.indd 854 30/05/12 6:44 PM30/05/12 6:44 PM

Page 23: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

(ISC2) code of ethics – L2TP/IPSec 855

(ISC2) code of ethics, 735–736ISDN (Integrated Services Digital Network),

174iSKORPiTX, 725ISO (International Organization for

Standardization), 465ISO/IEC 27002, 213isolation

in ACID model, 287containment, 731process, 316, 453

iSteg tool, 424, 424ITIL (Information Technology Infrastructure

Library), 213, 556ITSEC (Information Technology Security

Evaluation and Criteria), 223–224classes and required assurance and

functionality, 460–461development, 455–456

IVPs (integrity verification procedures), 449

Jjamming generators, 521Japanese Purple Machine, 364Java language, 300

applets, 281, 506sandbox, 340, 506

Java Virtual Machine (JVM), 281, 506JavaScript language, 301job descriptions, 257job responsibilities, 258–259job rotation, 258, 538journaling, remote, 501JVM (Java Virtual Machine), 281, 506

KKaminsky, Dan, 113, 194Kaminsky vulnerability, 113, 194KASs (Kerberos authentication servers), 28

Katrina hurricane, 648KDCs (key distribution centers), 28KDD (Knowledge Discovery in Databases),

292Kerberos, 28–29Kerberos authentication servers (KASs), 28Kerchoff principle, 367kernel mode, 485kernels, 440–441, 484, 487key distribution centers (KDCs), 28key escrows, 373key space in cryptography, 367keyboards, 498keys, 756–757

cryptography, 365–367, 381–382asymmetric, 383–386, 384, 405–406,

419–420hashing algorithms, 386requirements, 384symmetric, 382–383, 382, 393–394

relational databases, 284–285keystroke monitoring, 70keystroke patterns, 18knowledge-based detection, 591–592knowledge-based systems, 294–295

DSSs, 297expert systems, 295neural networks, 296security applications, 297

knowledge bases, 295Knowledge Discovery in Databases

(KDD), 292known plain-text attacks, 429Koblitz, Neal, 408KryptoKnight authentication system, 31

LL2F (Layer 2 Forwarding), 158L2TP (Layer 2 Tunneling Protocol),

158, 426L2TP/IPSec, 426

bindex.indd 855bindex.indd 855 30/05/12 6:44 PM30/05/12 6:44 PM

Page 24: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

856 labels – life cycles

labelssecurity, 439sensitive information, 541TCSEC, 457

land attacks, 586LANs (local area networks), 123, 140

Ethernet, 140–141extenders, 122media access, 143–144subtechnologies, 141–144VPNs, 159–160

last logon notification, 63lattice-based access controls, 23, 23, 445law enforcement, calling in, 719laws, 681

administrative, 684–685civil, 684computer crime, 685–689copyrights, 690–692criminal, 682–684exam essentials, 706–707import/export, 696–697intellectual property, 689–690licensing, 695–696patents, 693–694privacy

European Union, 701–703U.S., 697–701

review questions, 708–711summary, 705–706trademarks, 692–693written lab, 707

Layer 2 Forwarding (L2F), 158Layer 2 Tunneling Protocol (L2TP),

158, 426layers

defense in depth, 210–211domains, 511OSI model. See Open Systems

Interconnection (OSI) Reference Model

security, 7–8, 8, 511–512TCP/IP model. See TCP/IP model

LDAP (Lightweight Directory Access Protocol), 27

LEAP (Lightweight Extensible Authentication Protocol), 155

learning phase in IDEAL model, 311, 311learning rules, 296leased WAN lines, 173least privilege principle, 21, 514,

532–534, 581legal requirements

BCP, 624regulations, 773

legally defensible security, 220length, password, 13Lenstra, Arjen, 412lessons learned, 733Level 0 protection ring, 317Level 1 and 2 protection rings, 317level 2 caches, 493Level 3 protection ring, 317levels vs. rings, 511licensing software, 550, 695–696life cycle assurance, 298life cycles

cryptographic, 395–396media, 549models, 306

agile software development, 308–309Gantt charts, 312, 312IDEAL, 310–312, 311PERT, 313Software Capability Maturity

Model, 310spiral, 308, 308waterfall, 306–307, 307

systems development, 303code review walk-throughs, 305conceptual definition phase, 303–304control specifications development,

304–305design review, 305functional requirements

determination, 304

bindex.indd 856bindex.indd 856 30/05/12 6:44 PM30/05/12 6:44 PM

Page 25: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

life safety – malicious code 857

maintenance and change management, 306

system test review, 305life safety. See environment and life safetylight yellow book, 318lighting, 755Lightweight Directory Access Protocol

(LDAP), 27Lightweight Extensible Authentication

Protocol (LEAP), 155likelihood assessment in BIA, 627–628, 628limit checks in software development, 298line-interactive UPSs, 606Line Print Daemon (LPD), 110linear bus topology, 138link encryption, 425Link layer in TCP/IP model, 99–100,

100–101Link-Local address assignment, 169link state routing protocols, 96LLC (Logical Link Control) sublayer, 94local alarm systems, 758local area networks (LANs), 123, 140

Ethernet, 140–141extenders, 122media access, 143–144subtechnologies, 141–144VPNs, 159–160

local/nondistributed computing, 276–277locations, employee, 550locking databases, 288lockout controls, 63locks, 756–757logging, 64–65, 65logic bombs, 278, 335logical access controls, 7, 8Logical Link Control (LLC) sublayer, 94logical operations, 368

AND, 369exclusive OR, 370–371NOT, 370OR, 369–370

logical topologies, 137, 139

logistics in recovery plan development, 670logs

credentials, 16Kerberos, 29protecting, 66–67SSO scripts, 31types, 65–66

loopback addresses, 107, 170loose-leaf binders, 672loss potential, 248LPD (Line Print Daemon), 110

MM of N Control, 373MAAs (mutual assistance agreements), 661MAC (mandatory access control) systems,

24–25MAC (Media Access Control) address,

94, 112MAC sublayer in OSI model, 94machine language, 300macro viruses, 277, 331mail-bombing, 183main memory, 492maintenance

BCP documentation, 636–637disaster recovery planning, 674software development, 306

maintenance hooks, 518–519maintenance phase in BCP, 623malicious code, 327, 580, 727

active content, 339countermeasures, 339–341exam essentials, 354–355logic bombs, 335password attacks, 341–344preventive measures, 580review questions, 356–359sources, 328–329spyware and adware, 339summary, 353–354

bindex.indd 857bindex.indd 857 30/05/12 6:44 PM30/05/12 6:44 PM

Page 26: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

858 malicious code – metamodels

malicious code (continued)Trojan horses, 335–336viruses. See virusesworms, 336–339written lab, 355

man-in-the-middle (MitM) attacksdescription, 429–430overview, 588–589, 588VoIP, 162

man-made disasters, 649bombings and explosions, 650fires, 649hardware and software failures, 651–652power outages, 650–651strikes and picketing, 653terrorism, 649–650theft and vandalism, 653–654utility and infrastructure failures, 651

mandatory access control (MAC) systems, 24

mandatory protection systems in TCSEC, 457

mandatory vacations, 538Manifesto for Agile Software Development,

308–309MANs (metropolitan area networks), 177mantraps, 753–754, 754manual recovery, 607manual rollover, 502marking sensitive information, 541masking, password, 63masks, subnet, 107masquerading, 58, 193, 352–353, 761massively parallel processing (MPP), 480master boot record (MBR) viruses, 330master boot records, 330material evidence, 715mathematics in cryptography, 368

Boolean, 368–371modulo function, 371nonces, 372one-way functions, 371–372zero-knowledge proof, 372–373, 373

matrices, access control, 33, 443–444MAUs (multistation access units), 139, 141MAX function, 290maximum tolerable downtime (MTD), 626maximum tolerable outage (MTO), 626MBR (master boot record) viruses, 330MD2 (Message Digest 2) algorithm, 411MD4 (Message Digest 4) algorithm,

411–412MD5 (Message Digest 5), 55–56, 412mean time between failures (MTBF), 549mean time to failure (MTTF), 549, 772mean time to repair (MTTR), 772measurable security, 265Media Access Control (MAC) address,

94, 112media access in LANs, 143–144media analysis, 717–718media life cycle, 549media management, 546–549mediated-access model, 484meet-in-the-middle attacks, 429memory, 293–294, 491

addressing, 494RAM, 492–493registers, 494ROM, 491–492secondary, 495security issues, 495–496

memory cards, 760memory-mapped I/O, 499Merkle-Hellman Knapsack algorithm, 407mesh topologies, 139, 140Message Digest 2 (MD2) algorithm, 411Message Digest 4 (MD4) algorithm,

411–412Message Digest 5 (MD5), 55–56, 412message digests, 180, 409–410messages

object-oriented programming, 302OSI model, 90–91, 90–91

metadata in data mining, 292metamodels, 308

bindex.indd 858bindex.indd 858 30/05/12 6:44 PM30/05/12 6:44 PM

Page 27: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

Metasploit tool – multistate systems 859

Metasploit tool, 590methods in object-oriented

programming, 302metropolitan area networks (MANs), 177mice, 498Michelangelo virus, 335microcode, 500Microcom Networking Protocol

(MNP), 165Microsoft Point-to-Point Encryption

(MPPE), 158military attacks, 721–722Miller, Victor, 408MIME Object Security Services

(MOSS), 184MIN function, 290Minimum Security Requirements for

Federal Information and Information Systems, 67

mining, data, 291–292MINs (mobile identification numbers), 189mirroring

RAID, 604remote, 663server, 501

mitigation of risk, 255MitM (man-in-the-middle) attacks

description, 429–430overview, 588–589, 588VoIP, 162

Mitnick, Kevin, 352MITRE, 555MNP (Microcom Networking Protocol), 165Mobile Broadband standard, 137mobile devices, 548mobile identification numbers (MINs), 189mobile sites, 659–660mod function, 371modems, 120, 499modes in software development security, 318modification attacks, 193modulo function, 371monitoring

access control effectiveness, 73–74accountability, 71–72audits. See audits and auditingclipping levels, 69exam essentials, 80–82investigations, 72–73keystroke, 70logging, 64–67, 65problem identification, 73review questions, 83–86special privileges, 538–539summary, 79techniques, 67–71written lab, 82

monitors, 498Moore’s law, 407Morris, Robert Tappan, 278, 337MOSS (MIME Object Security Services),

184motion detectors, 757–758MPP (massively parallel processing), 480MPPE (Microsoft Point-to-Point

Encryption), 158MTBF (mean time between failures), 549MTD (maximum tolerable downtime), 626MTO (maximum tolerable outage), 626MTTF (mean time to failure), 549, 772MTTR (mean time to repair), 772Mueller, Frederic, 411Multic operating system, 483multicast technology, 142multifactor authentication, 20–21, 63multihomed firewalls, 117multilayer protocols, 110–111multilayer switches, 159multilevel databases, 287–289multilevel mode systems, 318, 489multimedia collaboration, 162–163multipartite viruses, 334multiple sites, 661multiprocessing, 480–481multiprogramming, 481multistate systems, 482

bindex.indd 859bindex.indd 859 30/05/12 6:44 PM30/05/12 6:44 PM

Page 28: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

860 multistation access units (MAUs) – networks

multistation access units (MAUs), 139, 141multitasking, 480–481multithreading, 481–482mutual assistance agreements (MAAs), 661Myer, Albert, 363

NNAC (Network Access Control), 114–115NAT (Network Address Translation), 122

description, 165–167stateful, 168static and dynamic, 168–169

National Computer Crime Squad, 719National Computer Security Center

(NCSC), 456National Flood Insurance Program, 647National Information Assurance

Certification and Accreditation Process (NIACAP), 468

National Information Infrastructure Protection Act, 688

National Intraagency Fire Center, 648National Security Agency (NSA), 687natural disasters, 645

earthquakes, 645–646fires, 648floods, 646–647, 647regional events, 649site design, 750storms, 648

NCAs (noncompete agreements), 260NCSC (National Computer Security Center),

456NDAs (nondisclosure agreements), 259–260NDS (NetWare Directory Services), 27need to know principle, 21, 24, 487, 532–533Nessus tool, 351, 553NetSP product, 31NetWare Directory Services (NDS), 27NetWitness sniffer, 192Network Access Control (NAC), 114–115Network Address Translation (NAT), 122

description, 165–167stateful, 168static and dynamic, 168–169

network analysis in evidence collection, 718network-based IDS (NIDS), 594–596Network File System (NFS), 110Network layer

OSI model, 95–96TCP/IP model, 106–109

networks, 87attacks, 151

ARP spoofing, 194DNS poisoning, spoofing, and

hijacking, 194–195DoS and DDoS, 191–192eavesdropping, 192–193email, 181–185exam essentials, 197–199hyperlink spoofing, 195impersonation and masquerading, 193modification, 193NAT, 165–170protocol security mechanisms,

152–154remote access security management,

160–165replay, 193review questions, 201–204security boundaries, 190summary, 196–197switching technologies, 170–172transmission mechanisms, 181transparency, 179–180verifying integrity, 180virtualization technology, 178–179voice communications, 186–189VPNs, 155–160WANs, 172–178written lab, 200

cabling, 123–127cryptography, 425–428data loss prevention, 71devices, 119–122endpoint security, 119

bindex.indd 860bindex.indd 860 30/05/12 6:44 PM30/05/12 6:44 PM

Page 29: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

neural networks – Open Database Connectivity (ODBC) 861

exam essentials, 145–146firewalls, 115–119, 118LANs, 140–144NAC, 114–115neural, 296OSI Reference Model. See Open Systems

Interconnection (OSI) Reference Model

review questions, 147–150secure components overview, 113–114summary, 144–145TCP/IP model. See TCP/IP modeltopologies, 137–139, 138–140wireless communications. See wireless

communicationswritten lab, 146

neural networks, 296Newman, Oscar, 750Next-Generation Intrusion Detection Expert

System (NIDES), 297NFS (Network File System), 110NIACAP (National Information Assurance

Certification and Accreditation Process), 468

NIDES (Next-Generation Intrusion Detection Expert System), 297

NIDS (network-based IDS), 594–596noise

electrical, 765white, 763

noise generators, 521nonces, 372noncompete agreements (NCAs), 260nondedicated WAN lines, 173nondisclosure agreements (NDAs),

259–260nondiscretionary access controls, 22nondistributed computing, 276–277noninterference model, 442nonrepudiation

cryptography for, 366security governance, 220–221symmetric key algorithms, 383

nonstatistical sampling, 69

nonvolatile storage, 294, 496normalization of databases, 285NOT operation, 370notification alarms, 758NSA (National Security Agency), 687Nyberg-Rueppel signature algorithm, 415

Oobject evidence, 715object-oriented databases (OODBs), 283object-oriented programming (OOP),

301–303, 512objects

access control, 2classes, 301security models, 450–454trusted paths, 440

occupant emergency plans (OEPs), 764OCSP (Online Certificate Status

Protocol), 419ODBC (Open Database Connectivity),

289, 290OEPs (occupant emergency plans), 764OFB (Output Feedback) mode, 388OFDM (Orthogonal Frequency-Division

Multiplexing), 129offline distribution of symmetric keys, 393offline UPSs, 606offsite security challenges, 653–654offsite storage, 666one-time pads, 377–379one-time passwords, 16one-to-many data models, 283one-upped-constructed passwords, 54one-way functions, 371–372Online Certificate Status Protocol

(OCSP), 419OODBs (object-oriented databases), 283OOP (object-oriented programming),

301–303, 512Open Database Connectivity (ODBC),

289, 290

bindex.indd 861bindex.indd 861 30/05/12 6:44 PM30/05/12 6:44 PM

Page 30: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

862 open relays – passwords

open relays, 181Open Source Security Testing Methodology

Manual (OSSTMM), 213open system authentication (OSA), 134open systems, 451–452Open Systems Interconnection (OSI)

Reference Model, 88encapsulation/deencapsulation, 90–91,

90–92functionality, 89–90, 89history, 89layers, 92

Application, 98–99Data Link, 93–95Network, 95–96Physical, 93Presentation, 98Session, 97Transport, 97

vs. TCP/IP model, 100, 100Open Web Application Security Project

(OWASP), 505OpenPGP product, 184operating modes in processors, 490–491operating states, 485–487, 487operational plans, 207operations management software, 67operators role, 210OR operation, 369–370Orange Book, 456, 460Orthogonal Frequency-Division

Multiplexing (OFDM), 129OSA (open system authentication), 134OSI model. See Open Systems

Interconnection (OSI) Reference ModelOSSTMM (Open Source Security Testing

Methodology Manual), 213output devices, 498–499Output Feedback (OFB) mode, 388overflows, buffer

application attacks, 344–345coding issues, 517–518

overt channels, 516overwriting sensitive information, 543, 544

OWASP (Open Web Application Security Project), 505

owners of access control, 3

PP2P (peer to peer) technologies, 133, 510packages in Common Criteria, 462packet sniffing, 112packet switching, 171–172padded cell systems, 598paging process, 495pairing Bluetooth standard, 132Palin, Sarah, 14palm scans, 18PANs (personal area networks), 132PAP (Password Authentication Protocol),

154Paperwork Reduction Act, 688parallel layers, 210–211parallel tests in disaster recovery planning, 673parameter checking, 517parity information, 503parol evidence rule, 715Paros tool, 192partial-knowledge teams, 600–601partial mesh topologies, 139partitions in work areas, 751passive audio motion detectors, 758passive IDS response, 594passive proximity readers, 760Password Authentication Protocol (PAP), 154passwords

administrator, 77attacks, 54, 341

brute-force, 55–56countermeasures, 344dictionary, 54–55, 342–343guessing, 341–342sniffer, 57–58, 58social engineering, 343

cognitive, 14encrypting, 12

bindex.indd 862bindex.indd 862 30/05/12 6:44 PM30/05/12 6:44 PM

Page 31: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

PAT (Port Address Translation) – physical access controls 863

one-time, 16overview, 12phrases, 13selection, 12–13

PAT (Port Address Translation), 166, 168patch Tuesday, 552patches

managing, 551–552zero-day exploits, 583

patents, 693–694PATRIOT Act, 700pattern-matching detection, 592pay-per-install approach, 580Payment Card Industry Data Security

Standard (PCI DSS), 212, 465, 703–704PBX (private branch exchange) systems,

186–188PDMCL (process data from multiple

clearance levels), 490PDUs (Protocol Data Units), 97PEAP (Protected Extensible Authentication

Protocol), 155peer to peer (P2P) technologies, 133, 510PEM (Privacy Enhanced Mail), 184penetration testing, 598–599

ethical hacking, 602permissions, 600reports, 602risks, 599social engineering, 601techniques, 600–601warning banners, 602

people in continuity planning, 631–632percent sign (%) operator for modulo

function, 371performance in network segmentation, 114perimeter security, 440, 750permanent physical connections, 170permanent virtual circuits (PVCs), 172permissions

access control, 4penetration testing, 600

personal area networks (PANs), 132Personal Identity Verification (PIV) cards, 15

personal property, 748personally identifiable information (PII),

212, 540personnel in recovery plan development,

664–665personnel privacy and safety, 763–764personnel security, 257–259

awareness training, 263–264employee agreements, 259–260exam essentials, 266–269review questions, 270–273sabotage, 589screening and background checks, 259security function, 264–265summary, 265–266terminations, 261–263, 589training, 36vendor, consultant, and contractor

controls, 261written lab, 269

PERT (Program Evaluation Review Technique) tool, 313

PGP (Pretty Good Privacy), 390description, 184email systems, 421–422

phishing, 60–61, 162, 195phlashing, 501phone number spoofing, 59phone phreaking, 189, 722phones, cordless, 132photoelectric motion detectors, 758phrases, password, 13phreakers, 188phreaking, 189, 722physical access controls, 7, 8, 62, 753

badges, 757fences, gates, turnstiles, and mantraps,

753–754, 754intrusion alarms, 758keys and combination locks, 756–757lighting, 755motion detectors, 757–758secondary verification mechanisms, 759security guards and dogs, 755–756

bindex.indd 863bindex.indd 863 30/05/12 6:44 PM30/05/12 6:44 PM

Page 32: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

864 physical controls for physical security – power

physical controls for physical security, 747physical labels for sensitive information, 541Physical layer, 93physical security, 745

environment and life safety. See environment and life safety

equipment failure, 772exam essentials, 774–776physical access controls. See physical

access controlsprivacy, 772–773regulatory requirements, 773review questions, 777–780site and facility design. See site and

facility designsummary, 773–774technical controls, 760–763written lab, 776

physically hardening systems, 632physiological biometric methods, 17picketing, 653picking locks, 756piggybacking, 761PII (personally identifiable information),

212, 540ping flood attacks, 588ping-of-death attacks, 586ping sweeps, 351PINs in Bluetooth standard, 132PIV (Personal Identity Verification) cards, 15PKCS (Public Key Cryptography Standard)

encryption, 183PKI (public key infrastructure), 415

certificate authorities, 416–417certificates, 415–416

enrollment, 418revoking, 419verifying, 418

plain old telephone service (POTS), 161plain-text attacks, 429plaintext messages, 366planning

BCP. See business continuity planning (BCP)

to plan, 213–214remote access security management,

163–164security management, 206–207

platform as a service, 509platforms in virus vulnerabilities, 332PlayStation breach, 50plenum cable, 127plumbing leaks, 766Point-to-Point Protocol (PPP), 157, 164, 178Point-to-Point Tunneling Protocol (PPTP),

157–158point-to-point WAN links, 173poisoning

ARP cache, 109DNS, 194–195

policiesaccess control, 4passwords, 12, 63security, 221–222, 513–515

polling in LAN technologies, 144polyalphabetic substitution ciphers, 376polyinstantiation, 289polymorphic viruses, 334polymorphism in object-oriented

programming, 302POP3 (Post Office Protocol), 109, 181Porras, Phillip, 297Port Address Translation (PAT), 166, 168port numbers in Transport layer, 101port scans, 351portable devices, 420–421post accreditation phase in DITSCAP and

NIACAP, 468Post Office Protocol (POP3), 109, 181postadmission philosophy, 115postmortem reviews, 729postwhitening in Twofish algorithm, 392POTS (plain old telephone service), 161power

intrusion detection systems, 762issues, 764–765outages, 650–651protecting, 606

bindex.indd 864bindex.indd 864 30/05/12 6:44 PM30/05/12 6:44 PM

Page 33: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

PPP (Point-to-Point Protocol) – processes 865

PPP (Point-to-Point Protocol), 157, 164, 178

PPs (protection profiles), 462PPTP (Point-to-Point Tunneling Protocol),

157–158preaction water suppression systems, 770preadmission philosophy, 114Presentation layer, 98preset locks, 756pretexting, 195Pretty Good Privacy (PGP), 390

description, 184email systems, 421–422

preventive access control, 5, 62–64preventive measures for attacks, 578–579

basic measures, 579botnets, 587denial-of-service attacks, 583–584intrusion detection. See intrusion

detection systems (IDSs)land attacks, 586malicious code, 580–582miscellaneous attacks, 588–590penetration testing, 598–602ping flood attacks, 588ping-of-death attacks, 586smurf and fraggle attacks, 585–586SYN flood attacks, 584–585, 584teardrop attacks, 586zero-day exploits, 582–583

prewhitening in Twofish algorithm, 392PRI (Primary Rate Interface), 174primary keys in relational databases, 284primary memory, 293, 492, 496Primary Rate Interface (PRI), 174principle of least privilege, 21, 514,

532–534, 581printers, 498priorities

BIA, 626CIA, 216–217recovery strategy, 655resources, 629–630statements of priorities, 635

privacylaws

European Union, 701–703U.S., 697–701

personnel, 763–764protecting, 772–773requirements compliance,

212–213workplace, 701

Privacy Act, 698Privacy Enhanced Mail (PEM), 184private branch exchange (PBX) systems,

186–188private data classification, 228private IP addresses, 167–168private keys

asymmetric cryptography, 405–406

static tokens, 16symmetric cryptography, 382

privileged group audits, 75–77privileged mode, 317, 485,

490–491privileged programs, 518–519privileges

access control, 5escalation, 346excessive, 37monitoring, 538–539separation of, 535SQL injection attacks, 350

probability determinations, 249probable cause, 720problem identification, 73problem state, 485–486procedures, security, 223–224process data from multiple clearance levels

(PDMCL), 490process scheduler, 487process states, 485–487, 487processes

continuity planning, 631–632integrating, 521isolating, 316, 513

bindex.indd 865bindex.indd 865 30/05/12 6:44 PM30/05/12 6:44 PM

Page 34: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

866 processors – quantitative risk analysis

processors, 479execution types, 479–482operating modes, 490–491processing types, 482–483protection mechanisms, 483–490, 484, 487

procurement, 704–705Professional Practice Library, 664Program Evaluation Review Technique

(PERT) tool, 313program executive, 487programmable read-only memory

(PROM), 492programming

languages, 300–301vulnerabilities from, 520

projects, Gantt charts for, 312PROM (programmable read-only memory),

492propagation techniques for viruses, 329–332property, corporate vs. personal, 748proprietary alarm systems, 758proprietary data, 228Protected Extensible Authentication Protocol

(PEAP), 155protected mode, 317protection

audit results, 77backup tapes, 547–548hard drives, 502–504, 603–605log data, 66–67processors, 483–490, 484, 487resources, 546–549security governance, 210–212servers, 605–606, 605

protection profiles (PPs), 462protection rings, 316–317, 316, 483–485, 484Protocol Data Units (PDUs), 97protocol security mechanisms, networks,

152–154protocol translators, 121protocols

authentication, 154defined, 88

dial-up, 164–165, 178discovery, 105multilayer, 110–111VPNs, 157–159

provisioning, 35provisions phase in continuity

planning, 631–632proxies, 116, 121–122proximity readers, 61, 760–761proxy firewalls, 116proxy logs, 66pseudo flaws, 597–598PSH flag, 104–105PSTN (public switched telephone network),

161public data classification, 228Public Key Cryptography Standard (PKCS)

encryption, 183public key infrastructure (PKI), 415

certificate authorities, 416–417certificates, 415–416

enrollment, 418revoking, 419verifying, 418

public keysalgorithms, 383–386, 384asymmetric cryptography, 405–406encryption, 393

public switched telephone network (PSTN), 161

pulse patterns, 18purging sensitive information, 544PVCs (permanent virtual circuits), 172

Qqualitative decision making, 625qualitative risk analysis, 248, 253–254quantitative decision making, 625quantitative risk analysis, 248

cost functions, 248–249threat/risk calculations, 249–253

bindex.indd 866bindex.indd 866 30/05/12 6:44 PM30/05/12 6:44 PM

Page 35: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

race conditions – regulatory policies 867

Rrace conditions, 520radiation

EM, 521van Eck, 498

radio frequency identification (RFID) tags, 549

radio frequency interference (RFI), 765RADIUS (Remote Authentication Dial-In

User Service), 32, 165RAID (Redundant Array of Independent

Disks), 502–504, 603–605rainbow series, 455–456

elements, 458–460TCSEC, 456–457

rainbow table attacks, 57, 428random access memory (RAM), 492–493random access storage, 293, 497random ports, 101ransomware, 580RARP (Reverse Address Resolution

Protocol), 94, 109, 595RAs (registration authorities), 417rate-of-rise fire detection systems, 769RBAC (role-based access control), 23, 25–26RBAC (rule-based access control) systems,

22–23, 453RC5 (Rivest Cipher 5), 391RDBMSs (relational database management

systems), 282read-only memory (ROM), 491–492ready state, 486real evidence, 715real memory, 293, 492realms of security in mandatory access

controls, 24reasonable expectation of privacy, 701reasonableness checks in software

development, 314reciprocal agreements, 661reconnaissance attacks, 53, 350–352record retention, 545

recovery and remediation, 732access control, 6vs. restoration, 670–671symmetric cryptography keys, 394trusted, 606–608

recovery plan development, 663–664assessment, 665backups and offsite storage, 666–669emergency response, 664external communications, 670logistics and supplies, 670personnel and communications, 664–665recovery vs. restoration, 670–671software escrow arrangements, 669–670utilities, 670

recovery response step for incidents, 577recovery strategy, 654

alternate processing sites, 657–661business unit and functional

priorities, 655crisis management, 656database recovery, 662–663emergency communications, 656mutual assistance agreements, 661work groups, 656–657

recovery time objective (RTO), 626Red Book, 458, 460red boxes, 189Redundant Array of Independent Disks

(RAID), 502–504, 603–605redundant servers, 501–502reference monitors, 440–441reference profiles, 20referential integrity in relational databases,

285reflected input in cross-site scripting, 347regional natural disasters, 649register addressing, 494registered software ports, 101registers, 494registration, biometric, 20registration authorities (RAs), 417regulatory policies, 222

bindex.indd 867bindex.indd 867 30/05/12 6:44 PM30/05/12 6:44 PM

Page 36: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

868 regulatory requirements – risk and risk management

regulatory requirementsBCP, 624complying with, 773

rejection of risk, 256relational database management systems

(RDBMSs), 282relational databases, 283–285, 284relations in relational databases, 283relay agents, 181release control process, 314relevant evidence, 715remediation response step for incidents,

577–578remote access security management, 160–163

centralized services, 165dial-up protocols, 164–165planning, 163–164

Remote Authentication Dial-In User Service (RADIUS), 32, 165

remote control, 175remote journaling, 501, 662–663remote mirroring, 663remote wipe, 548removal of viruses, 340repeaters, 120, 127repellant alarms, 758replay attacks, 193, 430reports

incidents, 576–577, 734penetration testing, 602

repudiating messages, 366request control process in change

management, 313reset attacks in TCP, 585reset (RST) packets, 102, 104–105residual risk, 256resolution attacks, 194–195resources

managing, 549–550prioritization in BIA, 629–630protecting, 546–549requirements in BCP, 622–623security, 265

response steps for incidents, 573–574, 574, 730

detection, 574–575recovery, 577remediation and review, 577–578reporting, 576–577response, 575–576

response teams, 728–729responsibilities

duties separated from, 534–537, 536security governance, 209–210

restorationprocess, 732vs. recovery, 670–671

restricted interfaces, 34, 449restrictions, passwords, 12retina scans, 17Reverse Address Resolution Protocol

(RARP), 94, 109, 595reverse DNS lookups, 595reverse hash matching attacks, 430review response step for incidents,

577–578reviews, security, 561–562revoking

accounts, 37–38certificates, 418–419

RFI (radio frequency interference), 765RFID (radio frequency identification)

tags, 549rights in access control, 4ring topologies, 137, 138rings

vs. levels, 511protection, 483–485, 484

risk and risk managementanalysis, 242, 245asset valuation, 245–248attacks, 49BCP documentation, 635–636BIA, 626–627defined, 243exam essentials, 266–269

bindex.indd 868bindex.indd 868 30/05/12 6:44 PM30/05/12 6:44 PM

Page 37: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

Rivest, Ronald – screening routers 869

handling, 255–257overview, 241personnel management, 239qualitative risk analysis, 253–254quantitative risk analysis,

248–253review questions, 270–273summary, 265–266terminology, 242–244, 244third-party governance, 240–241written lab, 269

Rivest, Ronald, 406, 411–412Rivest, Shamir, Adleman (RSA) algorithm,

52, 406–407, 415Rivest Cipher 5 (RC5), 391Rogier, Nathalie, 411rogueware, 60, 580role-based access control (RBAC),

23, 25–26roles in security governance,

209–210ROLLBACK command, 286rollover, 502ROM (read-only memory), 491–492rootkits, 346Rosenberger, Rob, 335ROT3 cipher, 363, 376rotation

job, 258, 538tape backups, 669

rounds of encryption, 387routers, 96, 116, 121routing protocols, 96Royce, Winston, 306RSA (Rivest, Shamir, Adleman) algorithm,

52, 406–407, 415RST (reset) packets, 102, 104–105RTO (recovery time objective), 626rule-based access controls (RBACs),

22–23, 453running key ciphers, 379–380running state, 486Rustock botnet, 587

SS/MIME (Secure Multipurpose Internet Mail

Extensions) protocol, 183–184, 422S-RPC (Secure Remote Procedure Call),

153, 393sabotage by employees, 589safeguards

cost/benefits, 250–252defined, 244distributed architecture, 507–508

sags, 606, 764SAIC (Science Applications International

Corporation), 542Saint scanner, 351salami attacks, 519SAML (Security Assertion Markup

Language), 30, 505sampling in monitoring, 69sandboxes in Java, 340, 506sanitizing data, 497, 544Sarbanes-Oxley Act (SOX), 212, 535SAs (security associations)

IPSec, 426ISAKMP, 427

satellite connections, 174scalability of symmetric key algorithms, 383scanners, vulnerability, 64, 553–554scanning attacks, 726–727scenarios for risk analysis, 253–254schedules

changes, 560Gantt charts, 312

schema for relational databases, 285Schneier, Bruce, 390, 392, 518Schnorr signature algorithm, 415Science Applications International

Corporation (SAIC), 542screen filters, 59screen scrapers, 175–176screened hosts, 117screening checks in personnel security, 259screening routers, 116

bindex.indd 869bindex.indd 869 30/05/12 6:44 PM30/05/12 6:44 PM

Page 38: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

870 script kiddies – security kernels

script kiddies, 328–329, 725scripted access in SSO, 31SCTP (Stream Control Transmission

Protocol) port, 33SDLC (Synchronous Data Link Control), 177Search for Extraterrestrial Intelligence

(SETI) project, 279search warrants, 719–720, 731second-generation languages (2GL), 301second normal form (2NF), 285secondary evidence, 715secondary memory, 495–496secondary storage, 293secondary verification mechanisms, 759secret data classification, 227secret key cryptography, 382secure communication protocols, 153–154Secure Electronic Transaction (SET), 154Secure European System for Applications

in a Multivendor Environment (SESAME), 31

secure facility plans, 746–747Secure Hash Algorithm (SHA), 410–411Secure Hash Algorithm version 2

(SHA-2), 56Secure Hash Standard (SHS), 410Secure Multipurpose Internet Mail

Extensions (S/MIME) protocol, 183–184, 422

Secure Remote Procedure Call (S-RPC), 153, 393

Secure Shell (SSH), 425Secure Sockets Layer (SSL), 110, 153,

422–423secure state machines, 441secured enveloped messages, 183security applications in knowledge-based

systems, 297Security Assertion Markup Language

(SAML), 30, 505security associations (SAs)

IPSec, 426ISAKMP, 427

Security Assurance section in Common Criteria, 463

security boundaries, 190security cameras, 759security domain systems, 457Security Event Management (SEM), 68Security Functional Requirements section in

Common Criteria, 463security governance, 205–206

accountability, 220auditing, 219authentication, 218–219authorization, 219availability, 217–218change control/management,

224–225compliance issues, 208confidentiality, 214–215control frameworks, 213–214data classification, 225–229exam essentials, 230–232identification, 218integrity, 215–216legally defensible, 220nonrepudiation, 220–221overview, 208planning, 206–207policies, 221–222privacy requirements, 212–213procedures, 223–224protection mechanisms, 210–212review questions, 234–237roles and responsibilities, 209–210standards, baselines, and guidelines,

222–223summary, 229–230written lab, 233

security guards and dogs, 755–756security IDs, 757Security Information and Event Management

(SIEM), 68Security Information Management (SIM), 68security kernels, 440–441

bindex.indd 870bindex.indd 870 30/05/12 6:44 PM30/05/12 6:44 PM

Page 39: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

security labels – series layers 871

security labels, 439security logs, 65–66security models, 437

access control matrices, 443–444Bell-LaPadula, 444–446, 446Biba, 446–448, 447Brewer and Nash, 449Clark-Wilson, 448–449concepts, 438–439evaluation. See evaluation modelsexam essentials, 470–471Goguen-Meseguer, 449–450Graham-Denning, 450information flow, 441–442noninterference, 442objects and subjects, 450–454review questions, 473–476security capabilities of information

systems, 469state machine, 441summary, 470Sutherland, 450Take-Grant, 443TCB, 440–441written lab, 472

security modes, 487–490Security Operations, 531

audits and reviews, 561–562change management, 559–561, 559configuration management, 555–558, 557exam essentials, 563–564job rotation, 538mandatory vacations, 538need to know and least privilege, 532–534patch management, 551–552principles, 21–22resource protection, 546–550review questions, 566–569sensitive information. See sensitive

informationseparating duties and responsibilities,

534–537, 536special privileges, 538–539

summary, 562–563vulnerability management, 552–555written lab, 565

security perimeters, 440security policies, 4, 513–515security professionals roles, 209security protection mechanisms, 510–511

security policy and computer architecture, 513–515

technical, 511–513security targets (STs) in Common

Criteria, 462security through obscurity, 367, 381segmentation

hardware, 316, 513network, 113–114

segments in OSI model, 91, 92segregation of duties, 535–537, 536seismic hazard level, 645–646SEM (Security Event Management), 68sendmail program, 181, 337senior management

BCP process, 622roles, 209security plans, 207

sensitive but unclassified data, 227sensitive data, 228sensitive information

destroying, 543, 544handling, 542managing, 539–540marking, 541PII, 540record retention, 545storing, 542

separation of duties, 258separation of duties and responsibilities

principle, 21, 534–537, 536separation of privilege, 514–515, 535sequential storage, 294, 497Serial Line Internet Protocol (SLIP),

165, 178series layers, 210–211

bindex.indd 871bindex.indd 871 30/05/12 6:44 PM30/05/12 6:44 PM

Page 40: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

872 servers – site and facility design

serversmalicious code countermeasures, 340protecting, 605–606, 605redundant, 501–502security, 751–752

service bureaus, 660service injection viruses, 331–332service-level agreements (SLAs)

BCPs, 624equipment failures, 772issues, 261overview, 318–319

service-oriented architecture (SOA), 521service ports in Transport layer, 101Service Provisioning Markup Language

(SPML), 30–31service set identifiers (SSIDs), 133–134service-specific remote access, 175service tickets (STs), 28SESAME (Secure European System

for Applications in a Multivendor Environment), 31

session hijacking, 353Session Initiation Protocol (SIP), 153Session layer in OSI model, 97SET (Secure Electronic Transaction), 154SETI (Search for Extraterrestrial

Intelligence) project, 279SGML (Standard Generalized Markup

Language), 30SHA (Secure Hash Algorithm), 410–411SHA-2 (Secure Hash Algorithm

version 2), 56Shamir, Adi, 406shared key authentication (SKA), 135shared private keys, 382shielded twisted-pair (STP) cable, 125shielding, cable, 521shimming locks, 756shoulder surfing, 59, 751shrink-wrap license agreements, 695SHS (Secure Hash Standard), 410side-channel attacks, 61

SIEM (Security Information and Event Management), 68

signature-based filters, 340signature-based virus detection,

332–333, 592signature dynamics, 18signatures, 413–414

DSS, 415HMAC, 414–415static tokens, 16

signed messages, 183Silver Bullet Service, 547SIM (Security Information Management), 68SIM (subscriber identity module) cards, 548Simple Integrity Property, 447Simple Key Management for Internet

Protocol (SKIP), 153Simple Mail Transfer Protocol (SMTP),

109, 181Simple Network Management Protocol

(SNMP), 110Simple Security Property, 445simplex communication, 97simulation tests in disaster recovery

planning, 673single loss expectancy (SLE)

impact assessment, 628–629threat/risk calculations, 249

single points of failure, 501, 603failover solutions, 502RAID, 502–504redundant servers, 501–502

single sign-on (SSO) access controldescription, 27–28examples, 31federated identity management, 30–31

single state systems, 482single-tier firewall deployment, 117, 118SIP (Session Initiation Protocol), 153site and facility design, 746

accessibility and perimeter security, 750facility design, 750natural disasters, 750

bindex.indd 872bindex.indd 872 30/05/12 6:44 PM30/05/12 6:44 PM

Page 41: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

Site Digger product – “somewhere you are” authentication factor 873

physical security controls, 747–749secure facility plans, 746–747server rooms and data center security,

751–752site selection, 749visibility, 749visitors, 752work areas and internal security, 751

Site Digger product, 176Six Cartridge Weekly Backup strategy, 669SKA (shared key authentication), 135SKIP (Simple Key Management for Internet

Protocol), 153Skipjack algorithm, 390–391SLAs (service-level agreements)

BCPs, 624equipment failures, 772issues, 261overview, 318–319

SLE (single loss expectancy)impact assessment, 628–629threat/risk calculations, 249

sliding windows, 103SLIP (Serial Line Internet Protocol), 165, 178smart cards

attacks, 61–62overview, 14–15, 760

smartphonescryptology, 421protecting, 548

SMDS (Switched Multimegabit Data Service), 177

smoke-actuated fire detection systems, 769smoke damage, 771smoke stage in fire, 768SMP (symmetric multiprocessing), 480SMTP (Simple Mail Transfer Protocol),

109, 181smurf attacks, 585–586sniffers, 57–58, 58, 192sniping, auction, 280SNMP (Simple Network Management

Protocol), 110

snooping attacks, 57SOA (service-oriented architecture), 521social engineering

overview, 59–61password attacks, 343penetration tests, 601voice communications, 186–187

softwareescrow arrangements, 669–670in evidence collection, 718failures, 651–652licensing, 550, 695–696threat modeling, 51

software as a service, 509Software Capability Maturity Model, 310software development security, 275

application issues, 276–281assurance procedures, 298change and configuration management,

313–314control architecture, 316–318, 316data/information storage, 293–294databases. See databases and data

warehousingexam essentials, 319–321knowledge-based systems, 294–297life cycle. See life cyclesmodes, 318object-oriented programming, 301–303programming languages, 300–301review questions, 322–325SLAs, 318–319software development process, 297–298software testing, 314–316summary, 319system failures, 298–300, 300written lab, 321

Software IP Encryption (swIPe), 153“something you have” authentication

factor, 9“something you know” authentication factor, 9“somewhere you are” authentication

factor, 10

bindex.indd 873bindex.indd 873 30/05/12 6:44 PM30/05/12 6:44 PM

Page 42: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

874 Sony data breaches – storms

Sony data breaches, 50Soviet cryptosystem, 378SOX (Sarbanes-Oxley Act), 212, 535Spam over Internet Telephony (SPIT)

attacks, 162spamming, 183SPAN (Switched Port Analyzer) ports, 595spear phishing, 61special privileges, 538–539speed of symmetric key algorithms, 383spikes, 606, 765spiral model, 308, 308SPIT (Spam over Internet Telephony) attacks,

162split knowledge principle, 373, 394, 537SPML (Service Provisioning Markup

Language), 30–31spoofing attacks, 58–59

ARP, 194DNS, 194–195email, 59, 183hyperlink, 195IP, 352–353

spread spectrum communication, 128spyware, 339SQL (Structured Query Language)

features, 285injection attacks, 348–350, 348

SSAAs (System Security Authorization Agreements), 468

SSH (Secure Shell), 425SSIDs (service set identifiers), 133–134SSL (Secure Sockets Layer), 110, 153,

422–423SSO (single sign-on) access control

description, 27–28examples, 31federated identity management, 30–31

stand-alone mode infrastructure, 133Standard Generalized Markup Language

(SGML), 30standards in security governance, 222–223standby UPSs, 606, 650–651, 764

*(star) Integrity Property, 447*(star) Security Property, 445–446star topologies, 138–139, 139state attacks, 520state changes, 520state laws, 685state machine model, 441state transitions, 441stateful inspection firewalls, 116–117stateful NAT, 168statements of importance, 634–635statements of organizational

responsibility, 635statements of priorities, 635statements of urgency and timing, 635static electricity, 766static NAT, 168–169static packet-filtering firewalls, 116static RAM, 493static testing, 315static tokens, 15–16static Web pages, 348statistical cryptographic attacks, 428statistical intrusion detection, 592statistical sampling, 69status accounting configuration, 314stealth viruses, 334steganography, 423–424, 424stolen storage devices, 496STOP errors, 299stop orders, 279–280stopped state, 486storage

backups. See backupscovert channels, 516overview, 496–498sensitive information, 542symmetric keys, 394threats, 294types, 293–294

store-and-forward devices, 121stored procedures, 350storms, 648

bindex.indd 874bindex.indd 874 30/05/12 6:44 PM30/05/12 6:44 PM

Page 43: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

STP (shielded twisted-pair) cable – system resilience 875

STP (shielded twisted-pair) cable, 125strategic plans, 207strategy development phase in continuity

planning, 630–631stream ciphers, 380Stream Control Transmission Protocol

(SCTP) port, 33streaming media, 692strikes, 653stripe of mirrors, 604striping, 604striping with parity, 604strong passwords, 54, 63structured protection systems in

TCSEC, 457Structured Query Language (SQL)

features, 285injection attacks, 348–350, 348

structured walk-throughs, 673STs (security targets) in Common

Criteria, 462STs (service tickets) in Kerberos, 28Stuxnet worm, 52, 338–339subjects

access control, 2security models, 450–454trusted paths, 440

subnet masks, 107subpoenas, 731subscriber identity module (SIM)

cards, 548substitution ciphers, 375–377SUM function, 290summation in neural networks, 296super-increasing sets theory, 407supervisor state, 485supervisory mode, 491supervisory state, 486supplicants in IEEE 802.1x standard, 428supplies in recovery plan development, 670surges, 765Sutherland model, 450SVCs (switched virtual circuits), 172

swIPe (Software IP Encryption), 153Switched Multimegabit Data Service

(SMDS), 177Switched Port Analyzer (SPAN)

ports, 595switched virtual circuits (SVCs), 172switches, 121, 595switching technologies, 170

circuit switching, 170–171packet switching, 171–172virtual circuits, 172

symmetric cryptography, 365, 386–387AES, 391–392Blowfish, 390DES, 387–388IDEA, 390key management, 393

algorithms, 382–383, 382creating and distributing, 393escrow and recovery, 394storage and destruction, 394

Skipjack algorithm, 390–391Triple DES, 389–390

symmetric multiprocessing (SMP), 480SYN (synchronize) packets, 102, 104–105SYN/ACK (synchronize and acknowledge)

packets, 102SYN flood attacks, 584–585, 584synchronization, time, 73Synchronous Data Link Control

(SDLC), 177synchronous LAN communications, 142synchronous tokens, 15–16system calls, 485system compromise, 727system failures, avoiding, 298–300, 300system high mode systems, 318, 488system logs, 66system resilience, 603

hard drives, 603–605power sources, 606servers, 605–606, 605trusted recovery, 606–608

bindex.indd 875bindex.indd 875 30/05/12 6:44 PM30/05/12 6:44 PM

Page 44: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

876 System Security Authorization Agreements (SSAAs) – testing

System Security Authorization Agreements (SSAAs), 468

system test review, 305

TT-sight tool, 192table-top exercises in disaster recovery

planning, 673tablets, 548TACACS (Terminal Access Controller

Access-Control System), 32, 165TACACS Plus (TACACS+), 32tactical plans, 207Take-Grant model, 443tape backups

formats, 667–668protecting, 547–548rotating, 669sensitive information, 541–542

targets of evaluation (TOEs), 460task-based access control (TBAC), 26TATO (temporary authorization to

operate), 241TBAC (task-based access control), 26TCB (trusted computing base), 440–441TCP (Transmission Control Protocol)

overview, 101–104reset attacks, 585

TCP/IP model, 99–100, 100Application layer protocols, 109–110DNR, 112–113multilayer protocols, 110–111Network layer protocols, 106–109Transport layer protocols, 101–106vulnerabilities, 112

TCP wrappers, 101TCSEC (Trusted Computer System

Evaluation Criteria), 223, 455–456classes and required functionality,

456–457limitations, 459–460

teamsBCP, 620–621CIRT, 575response, 728–729testing, 600–601

teardrop attacks, 586technical controls, 7, 8, 760

access abuses, 761emanation security, 762–763intrusion detection systems, 761–762physical security, 747proximity readers, 760–761smart cards, 760

technical security mechanisms, 511abstraction, 512data hiding, 512hardware segmentation, 513layering processes, 511–512process isolation, 513

technology and process integration vulnerabilities, 521

technology convergence, 747telcos, 131telecommuting, 160–165, 175–176Telnet protocol, 109temperature, 766TEMPEST technologies

countermeasures, 762–763screen eavesdropping, 498, 521

Temporal Key Integrity Protocol (TKIP), 427temporary authorization to operate

(TATO), 241Ten Commandments of Computer

Ethics, 737Terminal Access Controller Access-Control

System (TACACS), 32, 165termination of employees, 261–263, 589terrorism, 649–650, 723testimonial evidence, 716–717testing

BCP documentation, 637disaster recovery planning, 672–673patches, 551

bindex.indd 876bindex.indd 876 30/05/12 6:45 PM30/05/12 6:45 PM

Page 45: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

testing phase in BCP – transposition ciphers 877

penetration. See penetration testingsoftware, 314–316

testing phase in BCP, 623TFTP (Trivial File Transfer Protocol), 109TGTs (ticket-granting tickets), 28theft, 653–654thicknet, 124thinnet, 124third-generation languages (3GL), 301third normal form (3NF), 285third-party governance, 240–241threats

attacks. See attacksdefined, 243insider, 724modeling, 50–52storage, 294threat/risk calculations, 249–253

three-tier firewall deployment, 118–119thrill attacks, 725throughput rate in biometric registration, 20ticket-granting tickets (TGTs), 28tickets in Kerberos, 28–29time, synchronization, 73time of check (TOC), 520time-of-check-to-time-of-use (TOCTTOU)

attacks, 345, 520time of use (TOU), 520time slices, 485timing covert channels, 516timing issues, 520TJX security breach, 427TKIP (Temporal Key Integrity Protocol), 427TLS (Transport Layer Security), 33, 153,

422–423TOC (time of check), 520TOCTTOU (time-of-check-to-time-of-use)

attacks, 345, 520TOEs (targets of evaluation), 460Token Ring technologies, 141tokens

identification and authentication, 15–16

LAN technologies, 144security, 439

top-down management approach, 206top secret data classification, 227topologies, network, 137–139, 138–140tornadoes, 648total risk, 256TOU (time of use), 520Tower of Hanoi backup strategy, 669TPMs (Trusted Platform Modules),

421, 469TPs (transformation procedures), 449trade secrets, 694–695trademarks, 692–693traffic analysis, 71training

continuity planning, 633cross-training, 538disaster recovery planning, 671–672hiring process, 36personnel, 263–264users, 63

training phase in BCP, 623transactions, database, 286–287transformation procedures (TPs), 449transients, 606, 765transitions, state, 441Transmission Control Protocol (TCP)

overview, 101–104reset attacks, 585

transmission mechanisms, 181transmission protection for remote

access, 163transmission windows, 103transparency, 179–180transponder proximity readers, 761Transport layer

OSI model, 97TCP/IP model, 99–106, 100–101

Transport Layer Security (TLS), 33, 153, 422–423

transport mode in IPSec, 426transposition ciphers, 375

bindex.indd 877bindex.indd 877 30/05/12 6:45 PM30/05/12 6:45 PM

Page 46: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

878 traverse mode noise – USGCB images

traverse mode noise, 765tree bus topology, 138trend analysis, 71Triple DES (3DES), 389–390triples in Clark-Wilson model, 448Tripwire tool, 313, 333Trivial File Transfer Protocol (TFTP),

109Trojan horses, 277–278, 335–336Tropical Prediction Center, 648true values, 368TrueCrypt package, 421trust relationships and worms, 338Trusted Computer System Evaluation

Criteria (TCSEC), 223, 455–456classes and required functionality,

456–457limitations, 459–460

trusted computing base (TCB), 440–441Trusted Network Interpretation of the

TCSEC, 458trusted paths, 440Trusted Platform Modules (TPMs),

421, 469trusted recovery, 517, 606–608trusted systems, 454trusts in domains, 27Trustworthy Computing Initiative, 518tsunamis, 646tunnel mode in IPSec, 426tunneling in VPNs, 155–157tuples in relational databases, 283turnstiles, 753–754, 754twisted-pair cabling, 125–126two-factor authentication, 20two-person control, 537two-tier firewall deployment, 118Twofish algorithm, 392Type 1 authentication factor, 9Type 1 biometric factor errors, 19Type 2 authentication factor, 9Type 2 biometric factor errors, 19Type 3 authentication factor, 10

UUCITA (Uniform Computer Information

Transactions Act), 696UDIs (unconstrained data items), 449UDP (User Datagram Protocol), 101, 106

fraggle attacks, 586RADIUS, 32

Ultra effort, 364unchecked buffers, 518unclassified data, 227unconstrained data items (UDIs), 449unicast technology, 142Uniform Computer Information

Transactions Act (UCITA), 696uninterruptible power supplies (UPSs),

606, 650–651, 764United States Code (USC), 684United States Government Configuration

Baseline (USGCB) images, 558United States Patent and Trademark Office

(USPTO), 693UNIX operating system, 332unlocking databases, 288unshielded twisted-pair (UTP) cable,

125–126UPSs (uninterruptible power supplies), 606,

650–651, 764URG flag, 104–105U.S. Geological Survey (USGS), 627, 628USA PATRIOT Act, 700USB flash drives, 546–547User Datagram Protocol (UDP), 101, 106

fraggle attacks, 586RADIUS, 32

user-friendliness, 300, 300user mode, 317, 485, 490users

access control, 2–3education, 63remote assistance, 164role, 210

USGCB (United States Government Configuration Baseline) images, 558

bindex.indd 878bindex.indd 878 30/05/12 6:45 PM30/05/12 6:45 PM

Page 47: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

USGS (U.S. Geological Survey) – vulnerabilities 879

USGS (U.S. Geological Survey), 627, 628USPTO (United States Patent and Trademark

Office), 693utilities

failures, 651recovery plan development, 670

UTP (unshielded twisted-pair) cable, 125–126

Vvacations, mandatory, 538validation and verification steps in waterfall

model, 307validation phase in DITSCAP

and NIACAP, 468valuation of assets, 245–248Van Eck phreaking, 498Van Eck radiation, 498vandalism, 653–654vaulting, electronic, 501, 662VBScript language, 301vendor controls in personnel security, 261VENONA project, 378–379verification

certificates, 418integrity, 180, 449patches, 552secondary, 759

verification phase in DITSCAP and NIACAP, 468

verified protection systems in TCSEC, 457Vernam, Gilbert Sandford, 378Vernam ciphers, 378versioning in change management, 561video streaming, 692views, databases, 287–288Vigenere cipher, 376–377virtual circuits, 172virtual desktops, 179virtual LANs (VLANs), 159–160virtual machines (VMs), 490

virtual memory, 293, 495virtual private networks (VPNs), 155

IPSec, 426operation, 157protocols, 157–159TCP/IP model links, 101tunneling, 155–157virtual LANs, 159–160

virtual storage, 293virtualization technology, 178–179, 469viruses, 277

antivirus mechanisms, 332–333, 581countermeasures, 339–341decryption routines, 334hoaxes, 334–335overview, 329platforms vulnerable to, 332propagation techniques, 329–332technologies, 333–334

vishing (VoIP phishing), 61, 162visibility in site design, 749visitors, tracking, 752vital records program in BCP

documentation, 636VLANs (virtual LANs), 159–160VMs (virtual machines), 490voice communications, 186

fraud and abuse, 187–188phreaking, 189social engineering, 186–187

voice pattern recognition, 18VoIP (Voice over Internet Protocol),

162, 590VoIP phishing (vishing), 61, 162volatile storage, 294, 496voluntarily surrender of information, 731VPNs. See virtual private networks (VPNs)vulnerabilities

analysis, 53assessments, 554–555covert channels, 515–516CVE database, 555defined, 243

bindex.indd 879bindex.indd 879 30/05/12 6:45 PM30/05/12 6:45 PM

Page 48: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

880 vulnerabilities – workers

vulnerabilities (continued)design and coding flaws, 516–520distributed architecture. See distributed

architectureelectromagnetic radiation, 521exam essentials, 522–524managing, 552–553review questions, 526–529risk, 49scanners, 64, 553–554security protection mechanisms, 510–515single-point-of-failure, 501–504summary, 522TCP/IP, 112technology and process integration, 521timing issues, 520written lab, 525zero-day exploits, 582–583

vulnerability scans, 351–352

Wwaiting state, 486Waledac botnet, 587walk-throughs

code review, 305disaster recovery planning, 673

walls in work areas, 751WANs (wide area networks), 123

connection technologies, 174–177overview, 172–174

WAP (Wireless Application Protocol), 131war dialing, 589–590wardriving, 136warm sites, 659warm-swappable RAID, 503warning banners for penetration testing, 602warrants, search, 719–720, 731WarVOX tool, 590water fire suppression systems, 770water leakage and flooding, 766waterfall model, 306–307, 307

watermarking, 423–424wave pattern motion detectors, 757WDS (Windows Deployment Services), 557Web application security, 346–347, 422–423

dynamic applications, 348–349, 348SQL injection attacks, 348–350, 348XSS attacks, 347

webcasting, 692well-known ports, 101WEP (Wired Equivalent Privacy), 135, 427wet pipe water suppression systems, 770whaling, 61white-box testing, 315, 600–601white boxes, 189white noise, 763whitelisting, 340wide area networks (WANs), 123

connection technologies, 174–177overview, 172–174

WiFi Protected Access (WPA), 135, 427–428WiMax standard, 137Windows Deployment Services (WDS), 557Windows Update, 551WIPO (World Intellectual Property

Organization) treaties, 691Wired Equivalent Privacy (WEP), 135, 427wired extension infrastructure mode, 133Wireless Application Protocol (WAP), 131wireless communications, 128

attacks, 136Bluetooth, 132cell phones, 129–131concepts, 128–129cordless phones, 132networks, 132–137, 427–428

Wireless Transport Layer Security (WTLS), 131

Wireshark protocol analyzer, 57–58, 58, 192wiretapping, 70work areas, 751work function in cryptography, 374work group recovery, 656–657workers. See personnel security

bindex.indd 880bindex.indd 880 30/05/12 6:45 PM30/05/12 6:45 PM

Page 49: Index []Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations. A AAA protocols,

workplace privacy – zombies 881

workplace privacy, 701workstation changes, 550World Intellectual Property Organization

(WIPO) treaties, 691worms, 278, 336

Code Red, 336–337Internet, 337–338Stuxnet, 338–339

WPA (WiFi Protected Access), 135, 427–428wrappers in TCP, 101WTLS (Wireless Transport Layer Security),

131

XX.25 WAN connections, 176X.509 certificates, 416X Window, 110

XACML (Extensible Access Control Markup Language), 31

XML (Extensible Markup Language), 30XOR (exclusive OR) function, 370–371XSS (cross-site scripting) attacks, 347XTACACS (extended TACACS), 32

Zzero-day exploits, 582–583zero-knowledge proof, 372–373, 373zero-knowledge teams, 600–601Zeus Trojan horse, 329, 580Zimmerman, Phil, 390, 421zombies

botnets, 587DoS attacks, 191ping floods, 588

bindex.indd 881bindex.indd 881 30/05/12 6:45 PM30/05/12 6:45 PM