IndexNote to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.
AAAA protocols, 31–32abstraction
object-oriented programming, 512in security, 211software development, 317–318
abuse in voice communications, 187–188acceptable use policies, 182, 222acceptance, risk, 255access aggregation attacks, 53access control, 1
AAA protocols, 31–32attacks, 47
access aggregation, 53asset valuation, 49–50denial of service, 62exam essentials, 80–82overview, 48password, 54–58, 58preventing, 62–64review questions, 83–86risk elements, 49smart cards, 61–62social engineering, 59–61spoofing, 58–59summary, 79threat modeling, 50–52vulnerability analysis, 53written lab, 82
authentication. See authenticationauthorization, 33–34centralized vs. decentralized, 26–27CIA Triad, 3–4content-dependent, 288–289defense-in-depth strategy, 7–8, 8Diameter, 32–33
discretionary access controls, 22elements, 8–11email, 182exam essentials, 39–41federated identity management, 30–31identification. See identificationidentity and access provisioning life cycle,
35–38Kerberos, 28–29lattice-based, 23, 23, 445mandatory access controls, 24–25monitoring. See monitoringnondiscretionary access controls, 22overview, 2–3permissions, rights, and privileges, 4–5policies, 4RADIUS, 32review questions, 42–45role-based, 25–26rule-based, 22–23security operations principles, 21–22single sign-on, 27–28, 30–31summary, 38–39TACACS+, 32technical controls, 761types, 5–7users, owners, and custodians, 3written lab, 41
access control lists (ACLs)access control matrices, 443DACs, 22firewalls, 33, 115
access control matrices, 33, 443–444access control triples, 448access points in wireless networks, 132–137access review audits, 75
bindex.indd 833bindex.indd 833 30/05/12 6:44 PM30/05/12 6:44 PM
COPYRIG
HTED M
ATERIAL
834 accessibility security in site design – annexes in Common Criteria
accessibility security in site design, 750accountability
access control, 11description, 515monitoring, 71–72security governance, 220
accountsdual administrator, 76–77lockout controls, 63managing, 64reviews, 36revocation, 37–38
accreditation in evaluation models, 466–468
ACID model, 286–287acknowledge (ACK) packets, 102, 104–105ACLs (access control lists)
access control matrices, 443DACs, 22firewalls, 33, 115
ACTA (Anti-Counterfeiting Trade Agreement), 692
acting phase in IDEAL model, 311, 311active content in malicious code, 339active IDS responses, 594ActiveX controls
signing, 340vulnerabilities, 281, 506–507
actual cash value (ACV) clause, 654–655ad hoc networks, 133Adams, Douglas, 122Address Resolution Protocol (ARP)
cache poisoning, 109description, 109purpose, 94spoofing, 194
addressesIP. See IP (Internet Protocol)MAC, 94, 112
addressing memory, 494Adleman, Leonard, 406administrative access controls, 7, 8administrative law, 684–685
administrative physical security controls, 747
Administrator group audits, 76admissible evidence, 715Advanced Encryption Standard (AES), 135,
391–392Advanced Persistent Threat (APT), 52advisory policies, 222adware, 339AES (Advanced Encryption Standard), 135,
391–392agents
DoS attacks, 191overview, 279–280relay, 181
aggregationaccess aggregation attacks, 53databases, 290–291
agile software development, 308–309AHs (Authentication Headers), 159, 426alarms, 758, 761ALE (annualized loss expectancy)
impact assessment, 629threat/risk calculations, 249–251
algorithms, defined, 367alternate processing sites, 657
cold sites, 657–658continuity planning, 632hot sites, 658–659mobile sites, 659–660multiple, 661service bureaus, 660warm sites, 659
alternative systems, 632ALUs (arithmetic-logical units), 494American Civil War, cryptography in, 363amplifiers, 120analog communications in LANs,
141–142analysis of incidents, 732analytic attacks, 428AND operation, 369annexes in Common Criteria, 463
bindex.indd 834bindex.indd 834 30/05/12 6:44 PM30/05/12 6:44 PM
annualized loss expectancy (ALE)impact assessment, 629threat/risk calculations, 249–251
annualized rate of occurrence (ARO)likelihood assessment, 627, 629threat/risk calculations, 249–250
anomaly detection, 592Anti-Counterfeiting Trade Agreement
(ACTA), 692antivirus (AV) mechanisms, 332–333, 581APIPA (Automatic Private IP
Addressing), 169applets
hostile, 330vulnerabilities, 280–281, 505–506
application attacks, 344back doors, 346buffer overflows, 344–345exam essentials, 354–355masquerading, 352–353privilege escalation attacks, 346reconnaissance attacks, 350–352review questions, 356–359summary, 353–354TOCTTOU issue, 345Web applications, 346–350, 348written lab, 355
application issues, 276distributed computing, 278–281local/nondistributed computing,
276–277logs, 66
Application layerOSI model, 98–99TCP/IP model, 99–100, 100–101, 109–110
application-level gateway firewalls, 116approval in continuity planning, 633APT (Advanced Persistent Threat), 52arc radius of cable, 124arithmetic-logical units (ALUs), 494ARO (annualized rate of occurrence)
likelihood assessment, 627, 629threat/risk calculations, 249–250
ARP (Address Resolution Protocol)cache poisoning, 109description, 109purpose, 94spoofing, 194
arpspoof tool, 194“Arrangement on the Recognition of
Common Criteria Certificates in the Field of IT Security”, 461
ASs (authentication services), 28assembly code, 300assembly language, 300assessments
BIA. See business impact assessment (BIA)
recovery plan development, 665vulnerability, 554–555
asset valuationattacks, 49–50defined, 243risk, 245–248
asset value (AV) in BIA, 626, 628assets
defined, 242managing, 549–550in threat modeling, 51
assignment of risk, 255assurance
evaluation assurance levels, 463–464overview, 454software development security, 298
asymmetric cryptography, 365, 405El Gamal, 408elliptic curve, 408–409hash functions, 409–412keys
algorithms, 383–386, 384managing, 419–420public and private, 405–406
RSA, 406–407asynchronous communications
in LANs, 142asynchronous dynamic password tokens, 16
annualized loss expectancy (ALE) – asynchronous dynamic password tokens 835
bindex.indd 835bindex.indd 835 30/05/12 6:44 PM30/05/12 6:44 PM
836 asynchronous tokens – backups
asynchronous tokens, 15–16asynchronous transfer mode (ATM), 177ATO (authorization to operate), 241atomicity in ACID model, 286attachments, email, 184–185attackers
defined, 48threat modeling, 51
attacksaccess control. See access controlapplication. See application attackscryptography, 428–430defined, 244incremental, 519network. See networkspassword. See passwordspreventive measures. See preventive
measures for attackswireless communications, 136
attenuation, cable, 127attributes in relational databases, 283auction sniping, 280audio streaming, 692audit trails, 11
physical access, 761purpose, 68–69
auditors, 73, 210audits and auditing, 73–74
access controls, 64access review, 75configuration, 314entitlement, 75external, 78inspection, 74–75privileged groups, 75–77report handling, 77–78security, 561–562security governance, 219
authenticationaccess control, 9–10biometric factors, 17–20, 19configuration, 314cryptography for, 365–366, 366
Diameter, 32–33Kerberos, 28–29multifactor, 20–21, 63overview, 11–12passwords, 12–14protocols, 154RADIUS, 32remote access, 163security governance, 218–219smart cards, 14–15tokens, 15–16
Authentication Headers (AHs), 159, 426authentication services (ASs), 28authorization
access control, 10–11mechanisms, 33–34security governance, 219
authorization to operate (ATO), 241automated provisioning systems, 35automated recovery, 608automated recovery without undue loss, 608Automatic Private IP Addressing
(APIPA), 169automatic rollover, 502auxiliary alarm systems, 758AV (antivirus) mechanisms, 332–333, 581AV (asset value) in BIA, 626, 628availability
CIA Triad, 3–4, 217–218techniques for, 452–453
AVG function, 290awareness training, 263–264
Bback doors, 346, 516, 518back up keys, 420background checks, 259backups, 666–667
best practices, 668–669disk-to-disk, 668neglecting, 667
bindex.indd 836bindex.indd 836 30/05/12 6:44 PM30/05/12 6:44 PM
badges – brouters (bridge routers) 837
tapesformats, 667–668protecting, 547–548rotating, 669sensitive information, 541–542
badges, 757bandwidth on demand, 176base+offset addressing, 494baseband cable, 124–125baseband technology, 142baselines, 556, 557
images, 557–558, 557security governance, 222–223
Basic Input/Output System (BIOS), 500–501
basic preventive measures, 579Basic Rate Interface (BRI), 174basic service set identifiers (BSSIDs), 133bastion hosts, 117batch processing, 501battery backup power, 606, 764BCI Good Practices Guide, 664BCP. See business continuity planning (BCP)beacon frames, 134behavior-based detection, 591–593behavioral biometric methods, 17behaviors in object-oriented
programming, 302Bell-LaPadula model, 441, 444–446, 446best-effort communications protocol, 106best evidence rule, 715BIA. See business impact assessment (BIA)Biba models, 441–442, 446–448, 447binary code, 300biometric factors
error ratings, 19–20, 19types, 17–19
biometric registration, 20BIOS (Basic Input/Output System),
500–501birthday attacks, 56, 430bit size in cryptography, 367BitLocker technology, 421
black-box approacheskey management, 420object-oriented programming, 512
black-box testing, 315, 600–601black boxes in phreaking, 189blackouts, 652, 764block ciphers, 380blocking attachments, 184–185Blowfish block cipher, 390blue boxes, 189Blue Screen of Death (BSOD), 299bluebugging, 132bluejacking, 132bluesnarfing, 132Bluetooth standard, 132Boca Ciega High School, 18Boehm, Barry, 306, 308Boeing record retention case, 545bombings, 650book ciphers, 379–380Boolean mathematics, 368–371boot sectors, 330Bootstrap Protocol (BootP), 110botmasters, 336botnets, 336, 587bots, 191, 279–280bottom-up management approach, 206boundaries, security, 190bounds, 452–453breaches
defined, 244Sony, 50
Brewer and Nash model, 449BRI (Basic Rate Interface), 174bridge mode infrastructure, 133bridge routers (brouters), 96, 121bridges, 120–121broadband cable, 124–125broadband LAN technology, 142broadcast domains, 120, 140broadcast messages, 140broadcast technology, 140, 142brouters (bridge routers), 96, 121
bindex.indd 837bindex.indd 837 30/05/12 6:44 PM30/05/12 6:44 PM
838 brownouts – CDDI (Copper Distributed Data Interface)
brownouts, 606, 764–765brute-force attacks
cryptographic, 428password, 55–56
BSOD (Blue Screen of Death), 299BSSIDs (basic service set identifiers), 133buffer overflows
application attacks, 344–345coding issues, 517–518
buildings in continuity planning, 632burglar alarms, 761bus topologies, 138business attacks, 722business continuity planning (BCP), 617–618
benefits, 623business impact assessment, 625–630, 628business organization analysis, 620continuity planning, 630–633documentation, 634–637exam essentials, 637–638legal and regulatory requirements, 624planning, 618–619resource requirements, 622–623review questions, 639–642senior management, 622summary, 637team selection, 620–621written lab, 638
business impact assessment (BIA), 625–626impact assessment, 628–629likelihood assessment, 627–628, 628priorities, 626recovery strategy, 655resource prioritization, 629–630risk identification, 626–627
business organization analysis, 620business units in recovery strategy, 655
CC++ language, 300C3 cipher, 363cable, 123
baseband and broadband, 124–125coaxial, 123–124conductors, 126–127shielding, 521twisted-pair, 125–126
cache poisoning, 109cache RAM, 493CACs (common access cards), 15Caesar cipher, 362–363, 375–376, 378Cain & Abel tool, 56, 194CALEA (Communications Assistance for
Law Enforcement Act), 131, 698callback mechanism, 164Caller ID, 162, 164cameras, 759Candidate Information Bulletin (CIB), 591candidate keys in relational databases, 284canons, 736capabilities lists, 439, 443Capability Maturity Model, 306capacitance motion detectors, 757cardinality in relational databases,
283–284carrier network communications, 173Carrier-Sense Multiple Access (CSMA), 143Carrier-Sense Multiple Access with Collision
Avoidance (CSMA/CA), 143Carrier-Sense Multiple Access with Collision
Detection (CSMA/CD), 143–144CAs (certificate authorities), 416–417cascading composition theory, 442categories
access control, 6computer crime, 721–725data, 225–229
CBC (Cipher Block Chaining) mode, 388
CBK (Common Body of Knowledge), 206CCMP (Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol), 135
CCTV, 759CDDI (Copper Distributed Data Interface),
141
bindex.indd 838bindex.indd 838 30/05/12 6:44 PM30/05/12 6:44 PM
CDIs (constrained data items) – Clark-Wilson model 839
CDIs (constrained data items), 449cell phones, 129–131cell suppression, 289central processing units (CPUs).
See processorscentral station systems, 758centralized access control, 26–27centralized remote authentication
services, 165CER (crossover error rate), 19–20, 19certificate authorities (CAs), 416–417certificate path validation (CPV), 417certificate practice statement (CPS), 419certificate revocation lists (CRLs),
418–419certificates
enrollment, 418PKI, 415–416revoking, 419verifying, 418
certification in evaluation models, 466–468
CFAA (Computer Fraud and Abuse Act), 686–687
CFB (Cipher Feedback) mode, 388CFR (Code of Federal Regulations),
685chain of evidence, 716Challenge Handshake Authentication
Protocol (CHAP), 154challenge-response authentication,
365–366, 366change logs, 66change management, 224–225
overview, 559–560, 559process, 560–561software development, 306,
313–314versioning, 561
channel service unit/data service unit (CSU/DSU), 175
channelscovert, 515–516wireless networks, 133–134
CHAP (Challenge Handshake Authentication Protocol), 154
Chapple, Mike, 292Chauvaud, Pascal, 411checklists, 665, 672–673checksums for hash totals, 180Children’s Online Privacy Protection Act
(COPPA), 699Chinese Wall model, 449chipping codes, 129chosen ciphertext attacks, 429chosen plain-text attacks, 429CIA Triad, 3–4
availability, 217–218confidentiality, 214–215integrity, 215–216priorities, 216–217
CIB (Candidate Information Bulletin), 591CIDR (Classless Inter-Domain Routing)
notation, 107Cipher Block Chaining (CBC) mode, 388Cipher Feedback (CFB) mode, 388ciphers, 374
block, 380vs. codes, 374–375one-time pads, 377–379running key, 379–380stream, 380substitution, 375–377transposition, 375
ciphertext messages, 366ciphertext only attacks, 429CIR (Committed Information Rate), 176circuit encryption in networks, 425circuit-level gateway firewalls, 116circuit proxies, 116circuit switching, 170–171CIRTs (computer incident response teams),
575, 728CISSP Certification Common Body
of Knowledge (CBK) Study Guide, 591
civil laws, 684Clark-Wilson model, 448–449
bindex.indd 839bindex.indd 839 30/05/12 6:44 PM30/05/12 6:44 PM
840 classes – composition passwords
classesIP, 107ITSEC, 460–461object, 301–302, 512TCSEC, 456–457
classification levels in Bell-LaPadula model, 445
classification of data, 225–229classified data, 227Classless Inter-Domain Routing (CIDR)
notation, 107clean power, 765cleaning malicious code, 340clearing sensitive information, 543, 544click-wrap license agreements, 695client systems, malicious code
countermeasures for, 340Clipper chip, 391clipping levels, 69closed head water suppression systems, 770closed systems, 451–452cloud computing
backups, 668concepts, 508–509
clustersdescription, 502failover, 605–606, 605
CMWs (compartmented mode workstations), 489
coaxial cable, 123–124COBIT (Control Objectives for Information
and Related Technology), 213Code of Ethics, 735–736Code of Federal Regulations (CFR), 685Code Red worm, 336–337code review walk-throughs, 305codes vs. ciphers, 374–375coding flaws, 516–520cognitive passwords, 14cohesion in object-oriented programming, 302cold rollover, 502cold sites, 657–658cold-swappable RAID systems, 503collecting evidence, 717–718
collision domains, 119–120, 140collisions
attacks, 430LAN media access, 143–144
collusion, 258, 537columnar transposition, 375combination locks, 756–757COMMIT command, 286Committed Information Rate (CIR), 176common access cards (CACs), 15Common Body of Knowledge (CBK), 206Common Criteria, 456, 461
recognition, 461–462structure, 462–465
common mode noise, 765common routers, 116Common Vulnerability and Exposures
(CVE) database, 555communications
disconnects, 520emergency, 656network segmentation, 114recovery plan development, 664–665switching technologies, 172voice, 186–189wireless. See wireless communications
Communications Assistance for Law Enforcement Act (CALEA), 131, 698
companion viruses, 331comparative password analysis, 55compartmentalized environment, 25compartmented mode systems, 318, 488–489compartmented mode workstations (CMWs),
489compensation access control, 6competent evidence, 715–717compiled languages, 300–301compilers, 300complexity of passwords, 13compliance
issues, 208overview, 703–704privacy requirements, 212–213
composition passwords, 13
bindex.indd 840bindex.indd 840 30/05/12 6:44 PM30/05/12 6:44 PM
composition theories – cost effective security 841
composition theories, 442computer architecture, 478–479
firmware, 500–501input and output devices, 498–499input/output structures, 499–500memory, 491–496processors. See processorsstorage, 496–498
computer crime, 721business attacks, 722financial attacks, 722–723incidents, 572laws, 685–689military and intelligence attacks, 721–722terrorist attacks, 723thrill attacks, 725
computer export controls, 696–697Computer Fraud and Abuse Act (CFAA),
686–687computer incident response teams (CIRTs),
575, 728Computer Security Act (CSA), 687–688concentrators, 120, 127conceptual definition phase in systems
development, 303–304conclusive evidence, 715concurrency of databases, 288conductors, cable, 126–127conficker vulnerability, 552confidential data classification, 227–228confidentiality
CIA Triad, 3–4, 214–215cryptography for, 364–365techniques, 452–453
configuration management, 555–556baselining, 556–558, 557documentation, 558software development security, 313–314
confinement, 452Confinement Property, 445confusion in cryptography, 380connections in WANs, 174–177consistency in ACID model, 286–287constrained data items (CDIs), 449
constrained interfaces, 34consultants
controls, 261risk, 247
contamination, database, 287content-dependent access controls, 34,
288–289content filters, 340context-dependent access controls, 34continuity planning, 630. See also business
continuity planning (BCP)plan approval, 633plan implementation, 633provisions and processes, 631–632strategy development phase, 630–631training and education, 633
contractorscontrols, 261governance reviews, 704–705
contractual license agreements, 695Control Objectives for Information and
Related Technology (COBIT), 213control zones, 521, 763controlled access protection systems, 457controlled security mode systems, 489controls, 453–454
access. See access controlconfiguration, 314security governance, 213–214software development, 316–318, 316specifications development,
304–305controls gap, 256converting IP addresses, 169COPPA (Children’s Online Privacy
Protection Act), 699copper conductors, 126Copper Distributed Data Interface
(CDDI), 141copyrights, 690–692cordless phones, 132corporate property, 748corrective access control, 5–6cost effective security, 265
bindex.indd 841bindex.indd 841 30/05/12 6:44 PM30/05/12 6:44 PM
842 cost functions in quantitative risk analysis – custodians
cost functions in quantitative risk analysis, 248–249
COUNT function, 290Counter (CTR) mode, 388Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP), 135
countermeasuresdefined, 244malicious code, 339–341password attacks, 344TEMPEST, 762–763
coupling in object-oriented programming, 303
covert channels, 515–516CPS (certificate practice statement), 419CPTED (crime prevention through
environmental design), 750CPUs (central processing units).
See processorsCPV (certificate path validation), 417Crack program, 342crackers, 48Creating Defensible Space, 750credentials, logon, 16creeping privileges, 37crime prevention through environmental
design (CPTED), 750criminal law, 682–684crisis management, 656critical path analysis, 747criticality prioritization, 626CRLs (certificate revocation lists),
418–419cross-site scripting (XSS) attacks, 347cross-training, 538crossover error rate (CER), 19–20, 19cryptanalysis, 367cryptography, 361
asymmetric. See asymmetric cryptography
attacks, 428–430cipher systems, 374–380
concepts, 366–368digital signature systems, 413–415email, 421–424, 424exam essentials, 396–398, 431–432goals, 364–366, 366history, 362–364keys, 381–382
asymmetric, 383–386, 384, 405–406, 419–420
hashing algorithms, 386requirements, 384static tokens, 16symmetric, 382–383, 382
life cycle, 395–396mathematics, 368
Boolean, 368–371modulo function, 371nonces, 372one-way functions, 371–372zero-knowledge proof, 372–373, 373
networks, 425–428PKI, 415–419portable devices, 420–421review questions, 399–402, 433–436split knowledge, 373summary, 396, 430–431symmetric. See symmetric cryptographywork function, 374written lab, 398, 432
cryptology, 367cryptosystems, 367cryptovariables, 367CSA (Computer Security Act), 687–688CSC-STD-003-85, 318CSMA (Carrier-Sense Multiple Access), 143CSMA/CA (Carrier-Sense Multiple Access
with Collision Avoidance), 143CSMA/CD (Carrier-Sense Multiple Access
with Collision Detection), 143–144CSU/DSU (channel service unit/data service
unit), 175CTR (Counter) mode, 388custodians, 3
bindex.indd 842bindex.indd 842 30/05/12 6:44 PM30/05/12 6:44 PM
customer goodwill – Delphi technique 843
customer goodwill, 49CVE (Common Vulnerability and
Exposures) database, 555CWR flag, 104–105CyberTrust third party, 455
DD2D (disk-to-disk) backup, 668DACs (discretionary access controls), 22damage from fire, 771darknets, 598DARPA model. See TCP/IP modeldata at rest, cryptography for, 365data breaches
defined, 244Sony, 50
data center security, 751–752data classification, 225–229data custodian role, 209–210Data Definition Language (DDL), 285data diddling, 519Data Encryption Standard (DES), 382,
387–388data extraction, 69data flow control, 505data hiding, 211, 318, 512data in motion, cryptography for, 365data/information storage, 293–294Data Link layer in OSI model, 93–95Data Manipulation Language
(DML), 285data marts, 292data mining, 291–292data owners role, 209Data Protection Directive, 212data remanence, 497, 543data streams in OSI model, 91, 92data terminal equipment/data circuit-
terminating equipment (DTE/DCE), 175–176
database contamination, 287
database management system (DBMS) architectures, 282–285, 282, 284
database recovery, 662electronic vaulting, 662remote journaling, 662–663remote mirroring, 663
databases and data warehousing, 282aggregation, 290–291data mining, 291–292DBMS, 282–285, 282, 284multilevel, 287–289ODBC, 289, 290shadowing, 502transactions, 286–287
datagrams in OSI model, 91, 92DBMS (database management system)
architectures, 282–285, 282, 284DDL (Data Definition Language), 285DDoS (distributed denial of service) attacks,
62, 191–192decentralized access control, 26–27decision making types, 625decision support systems (DSSs), 297declassification of sensitive information, 544decryption routines, 334dedicated mode systems, 318, 488dedicated WAN lines, 173deencapsulation in OSI model, 90–91, 90–92default subnet masks, 107defense in depth, 7–8, 8, 210–211Defense Information Technology Security
Certification and Accreditation Process (DITSCAP), 468
definition phase in DITSCAP and NIACAP, 468
degaussing sensitive information, 544degrees in relational databases, 283–284delay, security controls for, 749delay feature, mantraps as, 754delegation
incident response, 575object-oriented programming, 302
Delphi technique, 254
bindex.indd 843bindex.indd 843 30/05/12 6:44 PM30/05/12 6:44 PM
844 Delta rule – directory services
Delta rule, 296deluge water suppression systems, 770demilitarized zones (DMZs)
firewalls, 117–118, 118Web applications, 349
denial of service (DoS) attacksdescription, 62incident handling, 727overview, 191–192preventive measures, 583–584
denial security controls, 749Department of Defense, APT attacks, 52Department of Defense Password
Management Guidelines, 458deployment
firewalls, 117–119, 118patches, 552
DES (Data Encryption Standard), 382, 387–388
designsite. See site and facility designvulnerabilities from, 516–520
design review in software development, 305desktops, virtual, 179destroying sensitive information, 543, 544destruction
sensitive information, 544symmetric keys, 394by viruses, 329
detection and identification, 730fire, 769–770IDSs. See intrusion detection systems
(IDSs)incidents, 574–575security controls for, 749
detective access control, 5deterrent alarms, 758deterrent control, 6, 748Devakumar, Vijay, 56devices
firmware, 501Transport layer, 97
DHCP (Dynamic Host Configuration Protocol), 110
DIACAP (DoD Information Assurance Certification and Accreditation Process), 468
diagnosing phase in IDEAL model, 311, 311
dial-up protocolsencapsulation, 178remote access security management,
164–165Diameter authentication, 32–33dictionaries
data, 291password attacks, 54–55, 342–343
diddling, data, 519differential backups, 666Diffie-Hellman key encryption, 393–394diffusion in cryptography, 380digital certificates
enrollment, 418PKI, 415–416revoking, 419verifying, 418
digital communications in LANs, 141–142Digital Millennium Copyright Act (DMCA),
690–692Digital Signature Algorithm (DSA), 415Digital Signature Standard (DSS), 415digital signatures, 413–414
DSS, 415HMAC, 414–415static tokens, 16
digital subscriber line (DSL), 174direct addressing, 494direct evidence, 717Direct Inward System Access (DISA),
188–189Direct Memory Access (DMA), 500Direct Sequence Spread Spectrum
(DSSS), 129Directive 95/46/EC, 212directive access control, 6Directory Service Markup Language
(DSML), 31directory services, 27
bindex.indd 844bindex.indd 844 30/05/12 6:44 PM30/05/12 6:44 PM
DISA (Direct Inward System Access) – domains 845
DISA (Direct Inward System Access), 188–189
disaster recovery planning (DRP), 618–619, 643
disastersman-made, 649–654natural, 645–649, 647nature of, 644–645
exam essentials, 675maintenance, 674recovery plan development. See recovery
plan developmentrecovery strategy. See recovery strategyreview questions, 676–679summary, 674testing, 672–673training and documentation, 671–672written lab, 675
discretionary access controls (DACs), 22discretionary MAC models, 25discretionary protection systems in TCSEC,
456–457Discretionary Security Property, 445discretionary security protection systems in
TCSEC, 456disgruntled employees, 539disk-to-disk (D2D) backup, 668distance vector routing protocols, 96distributed access control, 27distributed architecture, 504
applets, 505–507cloud computing, 508–509grid computing, 509–510peer to peer technologies, 510safeguards, 507–508vulnerabilities, 504–505
distributed computing, 278–281distributed databases, 282–283, 282distributed denial of service (DDoS) attacks,
62, 191–192distributed reflective denial-of-service
(DRDoS) attacks, 584distributing audit reports, 78distributing symmetric keys, 393
distribution methods for malicious code, 580
DITSCAP (Defense Information Technology Security Certification and Accreditation Process), 468
DMA (Direct Memory Access), 500DMCA (Digital Millennium Copyright Act),
690–692DML (Data Manipulation Language), 285DMZs (demilitarized zones)
firewalls, 117–118, 118Web applications, 349
DNS (Domain Name System)poisoning, 194–195reverse lookups, 595TCP/IP, 112–113
DNS Changer botnet, 587DNSSEC (Domain Name System Security
Extensions), 195Dobbertin, Hans, 412documentary evidence, 715documentation
BCP, 634–637configuration, 558disaster recovery planning, 671–672review process, 241
DoD Information Assurance Certification and Accreditation Process (DIACAP), 468
DOD model. See TCP/IP modeldogs, 755–756Domain Name System (DNS)
poisoning, 194–195reverse lookups, 595TCP/IP, 112–113
Domain Name System Security Extensions (DNSSEC), 195
domainsbroadcast, 120, 140collision, 119–120, 140layers, 511mandatory access controls, 24relational databases, 283trusts, 27
bindex.indd 845bindex.indd 845 30/05/12 6:44 PM30/05/12 6:44 PM
846 DoS (denial of service) attacks – Electronic Codebook (ECB) mode
DoS (denial of service) attacksdescription, 62incident handling, 727overview, 191–192preventive measures, 583–584
Double DES (2DES), 429downloads, drive-by, 60, 580DRDoS (distributed reflective denial-
of-service) attacks, 584drive-by downloads, 60, 580DRP. See disaster recovery planning (DRP)dry pipe water suppression systems, 770DSA (Digital Signature Algorithm), 415DSL (digital subscriber line), 174DSML (Directory Service Markup
Language), 31DSS (Digital Signature Standard), 415DSSs (decision support systems), 297DSSS (Direct Sequence Spread
Spectrum), 129DTE/DCE (data terminal equipment/
data circuit-terminating equipment), 175–176
dual administrator accounts, 76–77dual-homed firewalls, 117due care, 214due diligence, 214dumpster diving, 352durability in ACID model, 287duties
rotating, 538separating from responsibilities,
534–537, 536dwell time in keystroke patterns, 18Dynamic Host Configuration Protocol
(DHCP), 110dynamic NAT, 168–169dynamic packet filtering firewalls, 116dynamic ports, 101dynamic RAM, 493dynamic testing, 315dynamic tokens, 15dynamic Web applications, 348–349, 348
EEAC (electronic access control) locks, 756EALs (evaluation assurance levels),
463–464EAP (Extensible Authentication Protocol),
154earthquake hazard maps, 627, 628earthquakes, 645–646eavesdropping, 57, 192–193, 751ECB (Electronic Codebook) mode, 387ECDSA (Elliptic Curve DSA), 415ECE flag, 104–105Echoplex error control, 165Economic and Protection of Proprietary
Information Act, 698–699Economic Espionage Act, 695ECPA (Electronic Communications Privacy
Act), 698eDirectory service, 27edit control for databases, 288education
continuity planning, 633personnel, 263–264users, 63
EEPROM (electronically erasable programmable read-only memory), 492
EES (Escrowed Encryption Standard), 390EF (exposure factor)
cost functions, 248–249impact assessment, 628
EFS (Encrypting File System) technology, 421
El Gamal algorithm, 408electricity, 764–765. See also powerelectrocution danger, 766electromagnetic (EM) radiation, 521electromagnetic interference (EMI), 765electronic access control (EAC)
locks, 756electronic access to password files, 62Electronic Codebook (ECB) mode, 387
bindex.indd 846bindex.indd 846 30/05/12 6:44 PM30/05/12 6:44 PM
Electronic Communications Privacy Act (ECPA) – error ratings in biometric factors 847
Electronic Communications Privacy Act (ECPA), 698
electronic mail. See emailelectronic serial numbers (ESNs), 189electronic vaulting, 501, 662electronically erasable programmable
read-only memory (EEPROM), 492elevated privileges, 538–539elliptic curve cryptography theory,
408–409Elliptic Curve DSA (ECDSA), 415elliptic curve groups, 409EM (electromagnetic) radiation, 521EM (expectation maximization)
clustering, 292email
cryptography, 421–423phishing, 60security, 181
goals, 181–182issues, 183solutions, 183–185
spoofing, 59emanation security, 762–763embedded device analysis, 718emergency communications, 656emergency response
BCP documentation, 636recovery plan development, 664
emergency-response personnel, proximity to, 749
EMI (electromagnetic interference), 765employees. See personnel securityemployment agreements, 259–260Encapsulating Security Payload (ESP),
159, 426encapsulation, 318
dial-up protocols, 178OSI model, 90–91, 90–92TCP/IP, 111
encrypted viruses, 334Encrypting File System (EFS)
technology, 421
encryption. See also cryptographyend-to-end, 425export controls, 697overview, 211–212passwords, 12, 62sensitive information, 542TLS, 153
end-to-end encryption, 425end-to-end security, 122end users
access control, 2–3education, 63remote assistance, 164role, 210
endpoint security in networks, 119Enigma code machine, 364enrollment
biometric registration, 20certificates, 418provisioning, 35
enterprise extended mode infrastructure, 133entities in access control, 2entitlement audits, 75environment and life safety, 763
fire, 767–772, 767noise, 765personnel privacy and safety, 763–764physical security. See physical securitypower and electricity, 764–765temperature, humidity, and static, 766water leakage and flooding, 766
ephemeral ports, 101EPROM (erasable programmable read-only
memory), 492equal error rate (ERR), 19equipment
failures, 772life cycle, 549–550
erasable programmable read-only memory (EPROM), 492
erasing sensitive information, 543ERR (equal error rate), 19error ratings in biometric factors, 19–20, 19
bindex.indd 847bindex.indd 847 30/05/12 6:44 PM30/05/12 6:44 PM
848 escalation of privileges – false alarms
escalation of privileges, 346escrow
software, 669–670symmetric cryptography keys, 394
Escrowed Encryption Standard (EES), 390ESNs (electronic serial numbers), 189ESP (Encapsulating Security Payload),
159, 426espionage
Economic Espionage Act, 695industrial, 722overview, 589
ESSIDs (extended service set identifiers), 133–134
establishing phase in IDEAL model, 311, 311
Esthost botnet, 587Ethernet technologies, 140–141ethical hacking in penetration testing, 602ethics, 735–737Ettercap tool, 194EUI-48 MAC addressing, 94European Union privacy law, 701–703evaluation assurance levels (EALs), 463–464Evaluation Criteria for Information
Technology Security document, 462evaluation models, 454–455
certification and accreditation, 466–468Common Criteria, 461–465industry and international security
implementation guidelines, 465ITSEC, 460–461rainbow series, 455–460
Event Viewer logs, 64–65, 65events in incident handling, 725evidence, 714
admissible, 715chain of evidence, 716collection and forensic procedures,
717–718types, 715–717
excessive privilege, 37exclusive OR (XOR) function, 370–371execution types, 479–482
exercises in BCP documentation, 637expectation maximization (EM)
clustering, 292experienced exposure, 243expert opinion, 717expert systems, 295exploit Wednesday, 552explosions, 650export laws, 696–697exposure, defined, 243exposure factor (EF)
cost functions, 248–249impact assessment, 628
extended LANs, 122extended service set identifiers (ESSIDs),
133–134extended TACACS (XTACACS), 32Extensible Access Control Markup Language
(XACML), 31Extensible Authentication Protocol
(EAP), 154Extensible Markup Language (XML), 30external audits, 78external communications in recovery plan
development, 670extinguishers, fire, 769extranets, 113
Fface scans, 17facilities
continuity planning, 632design. See site and facility design
fail-open systems, 607fail-secure and fail-open states, 298–299fail-secure systems, 502, 607failover, 502, 605–606, 605failure states in initialization, 517fair cryptosystems approach, 395false acceptance rate (FAR) in biometric
factors, 19, 19false alarms, 593
bindex.indd 848bindex.indd 848 30/05/12 6:44 PM30/05/12 6:44 PM
false rejection rate (FRR) in biometric factors – firewalls 849
false rejection rate (FRR) in biometric factors, 19, 19
false values, 368Family Educational Rights and Privacy Act
(FERPA), 700FAR (false acceptance rate) in biometric
factors, 19, 19Faraday cages, 521, 762–763fault-resistant disk systems (FRDSs), 503fault tolerance, 603
carrier network communications, 173hard drives, 502–504, 603–605power sources, 606servers, 605–606, 605trusted recovery, 606–608
faults, defined, 764fax encryptors, 185faxes, 185FDDI (Fiber Distributed Data Interface), 141Federal Bureau of Investigation (FBI), 577, 719Federal Information Processing Standard
(FIPS) 140–2, 367Federal Information Processing Standard
(FIPS) 180, 410Federal Information Processing Standard
(FIPS) 185, 390Federal Information Processing Standard
(FIPS) 186–3, 415Federal Information Processing Standard
(FIPS) 197, 391Federal Information Processing Standard
(FIPS) 200, 67Federal Sentencing Guidelines, 688federated identity management, 30–31feedback composition theory, 442feedback loop characteristic of waterfall
model, 306fences, 753–754FERPA (Family Educational Rights and
Privacy Act), 700FHSS (Frequency Hopping Spread
Spectrum), 128Fiber Distributed Data Interface (FDDI), 141fiber-optic cable, 127
fields in relational databases, 283fifth-generation languages (5GL), 301file access control, 2file infector viruses, 330–331File Transfer Protocol (FTP), 109FileVault encryption, 421filters
firewalls, 115malicious code countermeasures, 340screen, 59
FIN (finish) packets, 102, 104–105financial attacks, 722–723finger utility, 337–338fingerprints, 17finish (FIN) packets, 102, 104–105finite state machines (FSMs), 441FIPS (Federal Information Processing
Standard) 140-2, 367FIPS (Federal Information Processing
Standard) 180, 410FIPS (Federal Information Processing
Standard) 185, 390FIPS (Federal Information Processing
Standard) 186-3, 415FIPS (Federal Information Processing
Standard) 197, 391FIPS (Federal Information Processing
Standard) 200, 67fire
damage, 771detection systems, 769–770extinguishers, 769gas discharge systems, 770–771man-made, 649natural disasters, 648overview, 767–768, 767–768water suppression systems, 770
fire triangle, 767, 767firewalls
ACLs, 33deployment architectures, 117–119, 118logs, 66multihomed, 117overview, 115–117
bindex.indd 849bindex.indd 849 30/05/12 6:44 PM30/05/12 6:44 PM
850 firing employees – Google, APT attacks
firing employees, 261–263, 589firmware, 500–501first-generation languages (1GL), 301first normal form (1NF), 2855-4-3 rule, 127fixed-temperature fire detection systems, 769flame-actuated fire detection systems, 769flame stage of fire, 768flash drives, 546–547flash floods, 646flashing BIOS, 500flight time in keystroke patterns, 18flip-flops, 493flood attacks
ping, 588preventive measures, 584–585, 584
flood maps, 627, 647, 647floods
disaster recovery plans, 646–647, 647plumbing leaks, 766
footers in OSI model, 90, 90foreign keys in relational databases, 285forensic procedures, 717–718FORTRAN language, 3004G technology, 130Fourth Amendment, 698, 719fourth-generation languages (4GL), 301fraggle attacks, 585–586Frame Relay connections, 176–177frames
beacon, 134Ethernet, 140OSI model messages, 91, 92
fraud in voice communications, 187–188FRDSs (fault-resistant disk systems), 503French government, APT attacks, 52frequency, 128frequency analysis cryptographic attacks, 429Frequency Hopping Spread Spectrum
(FHSS), 128FRR (false rejection rate) in biometric
factors, 19, 19FSMs (finite state machines), 441
FTP (File Transfer Protocol), 109full backups, 666full-duplex communication, 97full-interruption tests, 673full-knowledge teams, 600–601full mesh topologies, 139function recovery, 608functional priorities in recovery strategy, 655functional requirements determination, 304functions
aggregate, 290–291cost, 248–249hash, 409–412one-way, 371–372
fuzzy logic, 296
GGantt charts, 312, 312gas discharge fire suppression systems,
770–771gates, 753–754Gates, Bill, 518gateways, 121gathering evidence, 731General Protection Faults (GPFs), 317Generalized Markup Language
(GML), 30generators, 606GFS (Grandfather-Father-Son)
strategy, 669Gibson, Steve, 728GISRA (Government Information Security
Reform Act), 689GLBA (Gramm-Leach-Bliley Act), 212,
699–700GML (Generalized Markup Language), 30GnuPG PGP solution, 184goals in documentation, 634Goguen-Meseguer model, 449–450Good Times virus warning, 334Google, APT attacks, 52
bindex.indd 850bindex.indd 850 30/05/12 6:44 PM30/05/12 6:44 PM
governance – High Speed Serial Interface (HSSI) 851
governance. See security governanceGovernment Information Security Reform
Act (GISRA), 689GPFs (General Protection Faults), 317Graham-Denning model, 450Gramm-Leach-Bliley Act (GLBA), 212,
699–700Grandfather-Father-Son (GFS)
strategy, 669gray-box testing, 315, 600–601Green Book, 458grid computing, 509–510ground wires, 765grudge attacks, 723–725guards, 755–756guessing passwords, 341–342Guide to Integrating Forensic into Incident
Response, 715“Guide to Intrusion Detection and
Prevention Systems”, 590–591Guide to Protecting the Confidentiality of
Personally Identifiable Information (PII), 540, 773
guidelines in security governance, 222–223
Gumblar drive-by download, 580
Hhackers, 48hacktivism, 725hailstorms, 648half-duplex communication, 97halon, 770–771hand geometry, 18hard drives, protecting, 502–504, 603–605hardening provisions, 632hardware, 479
in evidence collection, 718failures, 651–652firmware, 500–501input and output devices, 498–499
input/output structures, 499–500memory, 491–496processors. See processorsreplacement options, 660segmentation, 316, 513storage, 496–498
hardware-based RAID arrays, 604–605hardware security module (HSM), 469Hash of Variable Length (HAVAL)
algorithm, 410hash totals, 180Hashed Message Authentication Code
(HMAC) algorithm, 414–415hashes
asymmetric cryptography, 409–412cryptographic keys, 386passwords, 55–56
HAVAL (Hash of Variable Length) algorithm, 410
HDLC (High-Level Data Link Control), 177
headersauthentication, 159, 426OSI model, 90, 90TCP, 103–104
Health Insurance Portability and Accountability Act (HIPAA), 212, 699
hearsay evidence, 717heart patterns, 18heartbeat sensors, 762heat-based motion detectors, 757heat damage, 771heat stage of fire, 768Hertz (Hz), 128heuristics-based detection, 592HIDS (host-based IDS), 594–596hierarchical databases, 282–283, 282hierarchical environment, 25hierarchical storage management (HSM)
system, 669high-level Administrator group audits, 76High-Level Data Link Control (HDLC), 177High Speed Serial Interface (HSSI), 177
bindex.indd 851bindex.indd 851 30/05/12 6:44 PM30/05/12 6:44 PM
852 hijacking – implementation
hijackingDNS, 194–195session, 353
HIPAA (Health Insurance Portability and Accountability Act), 212, 699
hiring new staff, 36, 257, 259history, password, 13HMAC (Hashed Message Authentication
Code) algorithm, 414–415hoaxes, 334–335honeypots, 597hookup composition theory, 442host-based IDS (HIDS), 594–596host interfaces, 132hostile applets, 330hot rollover, 502hot sites, 658–659hot-swappable RAID, 503HSM (hardware security module), 469HSM (hierarchical storage management)
system, 669HSSI (High Speed Serial Interface), 177HTML (Hypertext Markup Language), 30HTTP (Hypertext Transport Protocol), 110HTTPS (Hypertext Transfer Protocol over
Secure Sockets Layer), 422hubs, 120humidity, 766hurricanes, 648hybrid environments in MAC model, 25hybrid password attacks, 55hyperlink spoofing, 195Hypertext Markup Language (HTML), 30Hypertext Transfer Protocol over Secure
Sockets Layer (HTTPS), 422Hypertext Transport Protocol (HTTP), 110Hz (Hertz), 128
II Love You virus, 331IAB (Internet Advisory Board), 736IANA (International Assigned Numbers
Authority), 101
ICMP (Internet Control Message Protocol), 108, 585
IDEA (International Data Encryption Algorithm) block cipher, 390
IDEAL model, 310–312, 311identification, 11–12
access control, 9biometric factors, 17–20, 19configuration, 314multifactor authentication, 20–21passwords, 12–14security governance, 218smart cards, 14–15tokens, 15–16
identification cards, 757identity and access provisioning life cycle, 35
account review, 36account revocation, 37–38provisioning, 35–36
identity-based access control, 22Identity Theft and Assumption Deterrence
Act, 700IDSs (intrusion detection systems), 590,
761–762host- and network-based, 594–596IDS response, 593–594intrusion prevention systems, 596, 596knowledge- and behavior-based
detection, 591–593tools, 596–598
IEEE 802.1x standard, 428ighashgpu tool, 56IGMP (Internet Group Management
Protocol), 109IM (instant messaging), 163images in baselining, 557–558, 557IMAP (Internet Message Access Protocol),
110, 181immediate addressing, 494impact assessment. See business impact
assessment (BIA)impersonation, 53, 193implementation
continuity planning, 633cryptographic attacks, 428
bindex.indd 852bindex.indd 852 30/05/12 6:44 PM30/05/12 6:44 PM
implementation phase in BCP – integrity checking software 853
implementation phase in BCP, 623implicit deny principle, 33import/export laws, 696–697in-house hardware replacement, 660incident handling, 713
computer crime categories, 721–725
data integrity and retention, 733defining, 572–573exam essentials, 738–739interviews, 733investigations, 714
evidence, 714–718process, 719–720
overview, 725–726reports, 734–735response process, 730–733response teams, 728–729review questions, 741–744summary, 737–738types, 726–728written lab, 740
incident management, 571exam essentials, 609–611incidents defined, 572–573preventive measures. See preventive
measures for attacksresponse steps, 573–578, 574review questions, 612–615summary, 608–609system resilience and fault tolerance,
603–608written lab, 611
incipient stage in fire, 768incremental attacks, 519incremental backups, 666indirect addressing, 494industrial espionage, 722industry guidelines, 465inference attacks, 291inference engines, 295information flow model, 441–442information hiding, 318information systems
security capabilities, 469
security evaluation models. See evaluation models
Information Systems Audit and Control Association (ISACA), 213
Information Technology Infrastructure Library (ITIL), 213, 556
Information Technology Security Evaluation Criteria (ITSEC), 223–224
classes and required assurance and functionality, 460–461
development, 455–456informative policies, 222InfraGard program, 734infrared motion detectors, 757infrastructure
continuity planning, 632failures, 651wireless network nodes, 133
infrastructure as a service, 509inheritance in object-oriented programming,
302initialization failure states, 517initiating phase in IDEAL model,
311, 311injection attacks, 348–350, 348input and output devices, 498–499input/output structures, 499–500input validation
buffer overflow, 517cross-site scripting, 347SQL injection attacks, 350
inrush, 765insider threats, 724inspection audits, 74–75instances in object-oriented programming,
302instant messaging (IM), 163Integrated Services Digital Network
(ISDN), 174integrity
CIA Triad, 3–4, 215–216cryptography for, 365techniques for, 452–453verifying, 180
integrity checking software, 340
bindex.indd 853bindex.indd 853 30/05/12 6:44 PM30/05/12 6:44 PM
854 integrity verification procedures (IVPs) – ISAKMP
integrity verification procedures (IVPs), 449
intellectual property, 689–690intelligence attacks, 721–722intent to use applications, 693interim reports, 78internal security in site and facility
design, 751International Assigned Numbers Authority
(IANA), 101International Criminal Police Organization
(INTERPOL), 577International Data Encryption Algorithm
(IDEA) block cipher, 390International Information Systems
Security Certification Consortium (ISC2), 735–736
International Organization for Standardization (ISO), 465
International Organization on Computer Evidence (IOCE), 717
international security implementation guidelines, 465
Internet Advisory Board (IAB), 736Internet Control Message Protocol (ICMP),
108, 585Internet Group Management Protocol
(IGMP), 109Internet layer in TCP/IP model, 99–100,
100–101Internet Message Access Protocol (IMAP),
110, 181Internet Protocol. See IP (Internet Protocol)Internet Protocol Security (IPSec) standard,
33, 158–159, 425–427Internet Security Association and Key
Management Protocol (ISAKMP), 427Internet Worm, 278, 337–338INTERPOL (International Criminal Police
Organization), 577interpreted languages, 301interrogation, 733interrupt conflicts, 500
interrupt requests (IRQ), 499–500interviewing individuals, 733intranets, 113intrusion alarms, 758intrusion detection systems (IDSs), 590,
761–762host- and network-based, 594–596IDS response, 593–594intrusion prevention systems, 596, 596knowledge- and behavior-based
detection, 591–593tools, 596–598
intrusion prevention systems (IPSs), 596, 596investigations, 714
audit trails, 72–73evidence, 714–718process, 719–720
IOCE (International Organization on Computer Evidence), 717
IP (Internet Protocol), 106classes, 107IP addresses, 106
ARP spoofing, 194converting, 169DNS, 112loopback, 170NAT, 165–170private, 167–168spoofing, 352–353
probes, 351IPSec (Internet Protocol Security),
33, 158–159, 425–427IPSs (intrusion prevention systems),
596, 596IPv4 addresses, 106IPv6 addresses, 106iris scans, 17IronKey flash drives, 547IRQ (interrupt requests), 499–500ISACA (Information Systems Audit and
Control Association), 213ISAKMP (Internet Security Association and
Key Management Protocol), 427
bindex.indd 854bindex.indd 854 30/05/12 6:44 PM30/05/12 6:44 PM
(ISC2) code of ethics – L2TP/IPSec 855
(ISC2) code of ethics, 735–736ISDN (Integrated Services Digital Network),
174iSKORPiTX, 725ISO (International Organization for
Standardization), 465ISO/IEC 27002, 213isolation
in ACID model, 287containment, 731process, 316, 453
iSteg tool, 424, 424ITIL (Information Technology Infrastructure
Library), 213, 556ITSEC (Information Technology Security
Evaluation and Criteria), 223–224classes and required assurance and
functionality, 460–461development, 455–456
IVPs (integrity verification procedures), 449
Jjamming generators, 521Japanese Purple Machine, 364Java language, 300
applets, 281, 506sandbox, 340, 506
Java Virtual Machine (JVM), 281, 506JavaScript language, 301job descriptions, 257job responsibilities, 258–259job rotation, 258, 538journaling, remote, 501JVM (Java Virtual Machine), 281, 506
KKaminsky, Dan, 113, 194Kaminsky vulnerability, 113, 194KASs (Kerberos authentication servers), 28
Katrina hurricane, 648KDCs (key distribution centers), 28KDD (Knowledge Discovery in Databases),
292Kerberos, 28–29Kerberos authentication servers (KASs), 28Kerchoff principle, 367kernel mode, 485kernels, 440–441, 484, 487key distribution centers (KDCs), 28key escrows, 373key space in cryptography, 367keyboards, 498keys, 756–757
cryptography, 365–367, 381–382asymmetric, 383–386, 384, 405–406,
419–420hashing algorithms, 386requirements, 384symmetric, 382–383, 382, 393–394
relational databases, 284–285keystroke monitoring, 70keystroke patterns, 18knowledge-based detection, 591–592knowledge-based systems, 294–295
DSSs, 297expert systems, 295neural networks, 296security applications, 297
knowledge bases, 295Knowledge Discovery in Databases
(KDD), 292known plain-text attacks, 429Koblitz, Neal, 408KryptoKnight authentication system, 31
LL2F (Layer 2 Forwarding), 158L2TP (Layer 2 Tunneling Protocol),
158, 426L2TP/IPSec, 426
bindex.indd 855bindex.indd 855 30/05/12 6:44 PM30/05/12 6:44 PM
856 labels – life cycles
labelssecurity, 439sensitive information, 541TCSEC, 457
land attacks, 586LANs (local area networks), 123, 140
Ethernet, 140–141extenders, 122media access, 143–144subtechnologies, 141–144VPNs, 159–160
last logon notification, 63lattice-based access controls, 23, 23, 445law enforcement, calling in, 719laws, 681
administrative, 684–685civil, 684computer crime, 685–689copyrights, 690–692criminal, 682–684exam essentials, 706–707import/export, 696–697intellectual property, 689–690licensing, 695–696patents, 693–694privacy
European Union, 701–703U.S., 697–701
review questions, 708–711summary, 705–706trademarks, 692–693written lab, 707
Layer 2 Forwarding (L2F), 158Layer 2 Tunneling Protocol (L2TP),
158, 426layers
defense in depth, 210–211domains, 511OSI model. See Open Systems
Interconnection (OSI) Reference Model
security, 7–8, 8, 511–512TCP/IP model. See TCP/IP model
LDAP (Lightweight Directory Access Protocol), 27
LEAP (Lightweight Extensible Authentication Protocol), 155
learning phase in IDEAL model, 311, 311learning rules, 296leased WAN lines, 173least privilege principle, 21, 514,
532–534, 581legal requirements
BCP, 624regulations, 773
legally defensible security, 220length, password, 13Lenstra, Arjen, 412lessons learned, 733Level 0 protection ring, 317Level 1 and 2 protection rings, 317level 2 caches, 493Level 3 protection ring, 317levels vs. rings, 511licensing software, 550, 695–696life cycle assurance, 298life cycles
cryptographic, 395–396media, 549models, 306
agile software development, 308–309Gantt charts, 312, 312IDEAL, 310–312, 311PERT, 313Software Capability Maturity
Model, 310spiral, 308, 308waterfall, 306–307, 307
systems development, 303code review walk-throughs, 305conceptual definition phase, 303–304control specifications development,
304–305design review, 305functional requirements
determination, 304
bindex.indd 856bindex.indd 856 30/05/12 6:44 PM30/05/12 6:44 PM
life safety – malicious code 857
maintenance and change management, 306
system test review, 305life safety. See environment and life safetylight yellow book, 318lighting, 755Lightweight Directory Access Protocol
(LDAP), 27Lightweight Extensible Authentication
Protocol (LEAP), 155likelihood assessment in BIA, 627–628, 628limit checks in software development, 298line-interactive UPSs, 606Line Print Daemon (LPD), 110linear bus topology, 138link encryption, 425Link layer in TCP/IP model, 99–100,
100–101Link-Local address assignment, 169link state routing protocols, 96LLC (Logical Link Control) sublayer, 94local alarm systems, 758local area networks (LANs), 123, 140
Ethernet, 140–141extenders, 122media access, 143–144subtechnologies, 141–144VPNs, 159–160
local/nondistributed computing, 276–277locations, employee, 550locking databases, 288lockout controls, 63locks, 756–757logging, 64–65, 65logic bombs, 278, 335logical access controls, 7, 8Logical Link Control (LLC) sublayer, 94logical operations, 368
AND, 369exclusive OR, 370–371NOT, 370OR, 369–370
logical topologies, 137, 139
logistics in recovery plan development, 670logs
credentials, 16Kerberos, 29protecting, 66–67SSO scripts, 31types, 65–66
loopback addresses, 107, 170loose-leaf binders, 672loss potential, 248LPD (Line Print Daemon), 110
MM of N Control, 373MAAs (mutual assistance agreements), 661MAC (mandatory access control) systems,
24–25MAC (Media Access Control) address,
94, 112MAC sublayer in OSI model, 94machine language, 300macro viruses, 277, 331mail-bombing, 183main memory, 492maintenance
BCP documentation, 636–637disaster recovery planning, 674software development, 306
maintenance hooks, 518–519maintenance phase in BCP, 623malicious code, 327, 580, 727
active content, 339countermeasures, 339–341exam essentials, 354–355logic bombs, 335password attacks, 341–344preventive measures, 580review questions, 356–359sources, 328–329spyware and adware, 339summary, 353–354
bindex.indd 857bindex.indd 857 30/05/12 6:44 PM30/05/12 6:44 PM
858 malicious code – metamodels
malicious code (continued)Trojan horses, 335–336viruses. See virusesworms, 336–339written lab, 355
man-in-the-middle (MitM) attacksdescription, 429–430overview, 588–589, 588VoIP, 162
man-made disasters, 649bombings and explosions, 650fires, 649hardware and software failures, 651–652power outages, 650–651strikes and picketing, 653terrorism, 649–650theft and vandalism, 653–654utility and infrastructure failures, 651
mandatory access control (MAC) systems, 24
mandatory protection systems in TCSEC, 457
mandatory vacations, 538Manifesto for Agile Software Development,
308–309MANs (metropolitan area networks), 177mantraps, 753–754, 754manual recovery, 607manual rollover, 502marking sensitive information, 541masking, password, 63masks, subnet, 107masquerading, 58, 193, 352–353, 761massively parallel processing (MPP), 480master boot record (MBR) viruses, 330master boot records, 330material evidence, 715mathematics in cryptography, 368
Boolean, 368–371modulo function, 371nonces, 372one-way functions, 371–372zero-knowledge proof, 372–373, 373
matrices, access control, 33, 443–444MAUs (multistation access units), 139, 141MAX function, 290maximum tolerable downtime (MTD), 626maximum tolerable outage (MTO), 626MBR (master boot record) viruses, 330MD2 (Message Digest 2) algorithm, 411MD4 (Message Digest 4) algorithm,
411–412MD5 (Message Digest 5), 55–56, 412mean time between failures (MTBF), 549mean time to failure (MTTF), 549, 772mean time to repair (MTTR), 772measurable security, 265Media Access Control (MAC) address,
94, 112media access in LANs, 143–144media analysis, 717–718media life cycle, 549media management, 546–549mediated-access model, 484meet-in-the-middle attacks, 429memory, 293–294, 491
addressing, 494RAM, 492–493registers, 494ROM, 491–492secondary, 495security issues, 495–496
memory cards, 760memory-mapped I/O, 499Merkle-Hellman Knapsack algorithm, 407mesh topologies, 139, 140Message Digest 2 (MD2) algorithm, 411Message Digest 4 (MD4) algorithm,
411–412Message Digest 5 (MD5), 55–56, 412message digests, 180, 409–410messages
object-oriented programming, 302OSI model, 90–91, 90–91
metadata in data mining, 292metamodels, 308
bindex.indd 858bindex.indd 858 30/05/12 6:44 PM30/05/12 6:44 PM
Metasploit tool – multistate systems 859
Metasploit tool, 590methods in object-oriented
programming, 302metropolitan area networks (MANs), 177mice, 498Michelangelo virus, 335microcode, 500Microcom Networking Protocol
(MNP), 165Microsoft Point-to-Point Encryption
(MPPE), 158military attacks, 721–722Miller, Victor, 408MIME Object Security Services
(MOSS), 184MIN function, 290Minimum Security Requirements for
Federal Information and Information Systems, 67
mining, data, 291–292MINs (mobile identification numbers), 189mirroring
RAID, 604remote, 663server, 501
mitigation of risk, 255MitM (man-in-the-middle) attacks
description, 429–430overview, 588–589, 588VoIP, 162
Mitnick, Kevin, 352MITRE, 555MNP (Microcom Networking Protocol), 165Mobile Broadband standard, 137mobile devices, 548mobile identification numbers (MINs), 189mobile sites, 659–660mod function, 371modems, 120, 499modes in software development security, 318modification attacks, 193modulo function, 371monitoring
access control effectiveness, 73–74accountability, 71–72audits. See audits and auditingclipping levels, 69exam essentials, 80–82investigations, 72–73keystroke, 70logging, 64–67, 65problem identification, 73review questions, 83–86special privileges, 538–539summary, 79techniques, 67–71written lab, 82
monitors, 498Moore’s law, 407Morris, Robert Tappan, 278, 337MOSS (MIME Object Security Services),
184motion detectors, 757–758MPP (massively parallel processing), 480MPPE (Microsoft Point-to-Point
Encryption), 158MTBF (mean time between failures), 549MTD (maximum tolerable downtime), 626MTO (maximum tolerable outage), 626MTTF (mean time to failure), 549, 772MTTR (mean time to repair), 772Mueller, Frederic, 411Multic operating system, 483multicast technology, 142multifactor authentication, 20–21, 63multihomed firewalls, 117multilayer protocols, 110–111multilayer switches, 159multilevel databases, 287–289multilevel mode systems, 318, 489multimedia collaboration, 162–163multipartite viruses, 334multiple sites, 661multiprocessing, 480–481multiprogramming, 481multistate systems, 482
bindex.indd 859bindex.indd 859 30/05/12 6:44 PM30/05/12 6:44 PM
860 multistation access units (MAUs) – networks
multistation access units (MAUs), 139, 141multitasking, 480–481multithreading, 481–482mutual assistance agreements (MAAs), 661Myer, Albert, 363
NNAC (Network Access Control), 114–115NAT (Network Address Translation), 122
description, 165–167stateful, 168static and dynamic, 168–169
National Computer Crime Squad, 719National Computer Security Center
(NCSC), 456National Flood Insurance Program, 647National Information Assurance
Certification and Accreditation Process (NIACAP), 468
National Information Infrastructure Protection Act, 688
National Intraagency Fire Center, 648National Security Agency (NSA), 687natural disasters, 645
earthquakes, 645–646fires, 648floods, 646–647, 647regional events, 649site design, 750storms, 648
NCAs (noncompete agreements), 260NCSC (National Computer Security Center),
456NDAs (nondisclosure agreements), 259–260NDS (NetWare Directory Services), 27need to know principle, 21, 24, 487, 532–533Nessus tool, 351, 553NetSP product, 31NetWare Directory Services (NDS), 27NetWitness sniffer, 192Network Access Control (NAC), 114–115Network Address Translation (NAT), 122
description, 165–167stateful, 168static and dynamic, 168–169
network analysis in evidence collection, 718network-based IDS (NIDS), 594–596Network File System (NFS), 110Network layer
OSI model, 95–96TCP/IP model, 106–109
networks, 87attacks, 151
ARP spoofing, 194DNS poisoning, spoofing, and
hijacking, 194–195DoS and DDoS, 191–192eavesdropping, 192–193email, 181–185exam essentials, 197–199hyperlink spoofing, 195impersonation and masquerading, 193modification, 193NAT, 165–170protocol security mechanisms,
152–154remote access security management,
160–165replay, 193review questions, 201–204security boundaries, 190summary, 196–197switching technologies, 170–172transmission mechanisms, 181transparency, 179–180verifying integrity, 180virtualization technology, 178–179voice communications, 186–189VPNs, 155–160WANs, 172–178written lab, 200
cabling, 123–127cryptography, 425–428data loss prevention, 71devices, 119–122endpoint security, 119
bindex.indd 860bindex.indd 860 30/05/12 6:44 PM30/05/12 6:44 PM
neural networks – Open Database Connectivity (ODBC) 861
exam essentials, 145–146firewalls, 115–119, 118LANs, 140–144NAC, 114–115neural, 296OSI Reference Model. See Open Systems
Interconnection (OSI) Reference Model
review questions, 147–150secure components overview, 113–114summary, 144–145TCP/IP model. See TCP/IP modeltopologies, 137–139, 138–140wireless communications. See wireless
communicationswritten lab, 146
neural networks, 296Newman, Oscar, 750Next-Generation Intrusion Detection Expert
System (NIDES), 297NFS (Network File System), 110NIACAP (National Information Assurance
Certification and Accreditation Process), 468
NIDES (Next-Generation Intrusion Detection Expert System), 297
NIDS (network-based IDS), 594–596noise
electrical, 765white, 763
noise generators, 521nonces, 372noncompete agreements (NCAs), 260nondedicated WAN lines, 173nondisclosure agreements (NDAs),
259–260nondiscretionary access controls, 22nondistributed computing, 276–277noninterference model, 442nonrepudiation
cryptography for, 366security governance, 220–221symmetric key algorithms, 383
nonstatistical sampling, 69
nonvolatile storage, 294, 496normalization of databases, 285NOT operation, 370notification alarms, 758NSA (National Security Agency), 687Nyberg-Rueppel signature algorithm, 415
Oobject evidence, 715object-oriented databases (OODBs), 283object-oriented programming (OOP),
301–303, 512objects
access control, 2classes, 301security models, 450–454trusted paths, 440
occupant emergency plans (OEPs), 764OCSP (Online Certificate Status
Protocol), 419ODBC (Open Database Connectivity),
289, 290OEPs (occupant emergency plans), 764OFB (Output Feedback) mode, 388OFDM (Orthogonal Frequency-Division
Multiplexing), 129offline distribution of symmetric keys, 393offline UPSs, 606offsite security challenges, 653–654offsite storage, 666one-time pads, 377–379one-time passwords, 16one-to-many data models, 283one-upped-constructed passwords, 54one-way functions, 371–372Online Certificate Status Protocol
(OCSP), 419OODBs (object-oriented databases), 283OOP (object-oriented programming),
301–303, 512Open Database Connectivity (ODBC),
289, 290
bindex.indd 861bindex.indd 861 30/05/12 6:44 PM30/05/12 6:44 PM
862 open relays – passwords
open relays, 181Open Source Security Testing Methodology
Manual (OSSTMM), 213open system authentication (OSA), 134open systems, 451–452Open Systems Interconnection (OSI)
Reference Model, 88encapsulation/deencapsulation, 90–91,
90–92functionality, 89–90, 89history, 89layers, 92
Application, 98–99Data Link, 93–95Network, 95–96Physical, 93Presentation, 98Session, 97Transport, 97
vs. TCP/IP model, 100, 100Open Web Application Security Project
(OWASP), 505OpenPGP product, 184operating modes in processors, 490–491operating states, 485–487, 487operational plans, 207operations management software, 67operators role, 210OR operation, 369–370Orange Book, 456, 460Orthogonal Frequency-Division
Multiplexing (OFDM), 129OSA (open system authentication), 134OSI model. See Open Systems
Interconnection (OSI) Reference ModelOSSTMM (Open Source Security Testing
Methodology Manual), 213output devices, 498–499Output Feedback (OFB) mode, 388overflows, buffer
application attacks, 344–345coding issues, 517–518
overt channels, 516overwriting sensitive information, 543, 544
OWASP (Open Web Application Security Project), 505
owners of access control, 3
PP2P (peer to peer) technologies, 133, 510packages in Common Criteria, 462packet sniffing, 112packet switching, 171–172padded cell systems, 598paging process, 495pairing Bluetooth standard, 132Palin, Sarah, 14palm scans, 18PANs (personal area networks), 132PAP (Password Authentication Protocol),
154Paperwork Reduction Act, 688parallel layers, 210–211parallel tests in disaster recovery planning, 673parameter checking, 517parity information, 503parol evidence rule, 715Paros tool, 192partial-knowledge teams, 600–601partial mesh topologies, 139partitions in work areas, 751passive audio motion detectors, 758passive IDS response, 594passive proximity readers, 760Password Authentication Protocol (PAP), 154passwords
administrator, 77attacks, 54, 341
brute-force, 55–56countermeasures, 344dictionary, 54–55, 342–343guessing, 341–342sniffer, 57–58, 58social engineering, 343
cognitive, 14encrypting, 12
bindex.indd 862bindex.indd 862 30/05/12 6:44 PM30/05/12 6:44 PM
PAT (Port Address Translation) – physical access controls 863
one-time, 16overview, 12phrases, 13selection, 12–13
PAT (Port Address Translation), 166, 168patch Tuesday, 552patches
managing, 551–552zero-day exploits, 583
patents, 693–694PATRIOT Act, 700pattern-matching detection, 592pay-per-install approach, 580Payment Card Industry Data Security
Standard (PCI DSS), 212, 465, 703–704PBX (private branch exchange) systems,
186–188PDMCL (process data from multiple
clearance levels), 490PDUs (Protocol Data Units), 97PEAP (Protected Extensible Authentication
Protocol), 155peer to peer (P2P) technologies, 133, 510PEM (Privacy Enhanced Mail), 184penetration testing, 598–599
ethical hacking, 602permissions, 600reports, 602risks, 599social engineering, 601techniques, 600–601warning banners, 602
people in continuity planning, 631–632percent sign (%) operator for modulo
function, 371performance in network segmentation, 114perimeter security, 440, 750permanent physical connections, 170permanent virtual circuits (PVCs), 172permissions
access control, 4penetration testing, 600
personal area networks (PANs), 132Personal Identity Verification (PIV) cards, 15
personal property, 748personally identifiable information (PII),
212, 540personnel in recovery plan development,
664–665personnel privacy and safety, 763–764personnel security, 257–259
awareness training, 263–264employee agreements, 259–260exam essentials, 266–269review questions, 270–273sabotage, 589screening and background checks, 259security function, 264–265summary, 265–266terminations, 261–263, 589training, 36vendor, consultant, and contractor
controls, 261written lab, 269
PERT (Program Evaluation Review Technique) tool, 313
PGP (Pretty Good Privacy), 390description, 184email systems, 421–422
phishing, 60–61, 162, 195phlashing, 501phone number spoofing, 59phone phreaking, 189, 722phones, cordless, 132photoelectric motion detectors, 758phrases, password, 13phreakers, 188phreaking, 189, 722physical access controls, 7, 8, 62, 753
badges, 757fences, gates, turnstiles, and mantraps,
753–754, 754intrusion alarms, 758keys and combination locks, 756–757lighting, 755motion detectors, 757–758secondary verification mechanisms, 759security guards and dogs, 755–756
bindex.indd 863bindex.indd 863 30/05/12 6:44 PM30/05/12 6:44 PM
864 physical controls for physical security – power
physical controls for physical security, 747physical labels for sensitive information, 541Physical layer, 93physical security, 745
environment and life safety. See environment and life safety
equipment failure, 772exam essentials, 774–776physical access controls. See physical
access controlsprivacy, 772–773regulatory requirements, 773review questions, 777–780site and facility design. See site and
facility designsummary, 773–774technical controls, 760–763written lab, 776
physically hardening systems, 632physiological biometric methods, 17picketing, 653picking locks, 756piggybacking, 761PII (personally identifiable information),
212, 540ping flood attacks, 588ping-of-death attacks, 586ping sweeps, 351PINs in Bluetooth standard, 132PIV (Personal Identity Verification) cards, 15PKCS (Public Key Cryptography Standard)
encryption, 183PKI (public key infrastructure), 415
certificate authorities, 416–417certificates, 415–416
enrollment, 418revoking, 419verifying, 418
plain old telephone service (POTS), 161plain-text attacks, 429plaintext messages, 366planning
BCP. See business continuity planning (BCP)
to plan, 213–214remote access security management,
163–164security management, 206–207
platform as a service, 509platforms in virus vulnerabilities, 332PlayStation breach, 50plenum cable, 127plumbing leaks, 766Point-to-Point Protocol (PPP), 157, 164, 178Point-to-Point Tunneling Protocol (PPTP),
157–158point-to-point WAN links, 173poisoning
ARP cache, 109DNS, 194–195
policiesaccess control, 4passwords, 12, 63security, 221–222, 513–515
polling in LAN technologies, 144polyalphabetic substitution ciphers, 376polyinstantiation, 289polymorphic viruses, 334polymorphism in object-oriented
programming, 302POP3 (Post Office Protocol), 109, 181Porras, Phillip, 297Port Address Translation (PAT), 166, 168port numbers in Transport layer, 101port scans, 351portable devices, 420–421post accreditation phase in DITSCAP and
NIACAP, 468Post Office Protocol (POP3), 109, 181postadmission philosophy, 115postmortem reviews, 729postwhitening in Twofish algorithm, 392POTS (plain old telephone service), 161power
intrusion detection systems, 762issues, 764–765outages, 650–651protecting, 606
bindex.indd 864bindex.indd 864 30/05/12 6:44 PM30/05/12 6:44 PM
PPP (Point-to-Point Protocol) – processes 865
PPP (Point-to-Point Protocol), 157, 164, 178
PPs (protection profiles), 462PPTP (Point-to-Point Tunneling Protocol),
157–158preaction water suppression systems, 770preadmission philosophy, 114Presentation layer, 98preset locks, 756pretexting, 195Pretty Good Privacy (PGP), 390
description, 184email systems, 421–422
preventive access control, 5, 62–64preventive measures for attacks, 578–579
basic measures, 579botnets, 587denial-of-service attacks, 583–584intrusion detection. See intrusion
detection systems (IDSs)land attacks, 586malicious code, 580–582miscellaneous attacks, 588–590penetration testing, 598–602ping flood attacks, 588ping-of-death attacks, 586smurf and fraggle attacks, 585–586SYN flood attacks, 584–585, 584teardrop attacks, 586zero-day exploits, 582–583
prewhitening in Twofish algorithm, 392PRI (Primary Rate Interface), 174primary keys in relational databases, 284primary memory, 293, 492, 496Primary Rate Interface (PRI), 174principle of least privilege, 21, 514,
532–534, 581printers, 498priorities
BIA, 626CIA, 216–217recovery strategy, 655resources, 629–630statements of priorities, 635
privacylaws
European Union, 701–703U.S., 697–701
personnel, 763–764protecting, 772–773requirements compliance,
212–213workplace, 701
Privacy Act, 698Privacy Enhanced Mail (PEM), 184private branch exchange (PBX) systems,
186–188private data classification, 228private IP addresses, 167–168private keys
asymmetric cryptography, 405–406
static tokens, 16symmetric cryptography, 382
privileged group audits, 75–77privileged mode, 317, 485,
490–491privileged programs, 518–519privileges
access control, 5escalation, 346excessive, 37monitoring, 538–539separation of, 535SQL injection attacks, 350
probability determinations, 249probable cause, 720problem identification, 73problem state, 485–486procedures, security, 223–224process data from multiple clearance levels
(PDMCL), 490process scheduler, 487process states, 485–487, 487processes
continuity planning, 631–632integrating, 521isolating, 316, 513
bindex.indd 865bindex.indd 865 30/05/12 6:44 PM30/05/12 6:44 PM
866 processors – quantitative risk analysis
processors, 479execution types, 479–482operating modes, 490–491processing types, 482–483protection mechanisms, 483–490, 484, 487
procurement, 704–705Professional Practice Library, 664Program Evaluation Review Technique
(PERT) tool, 313program executive, 487programmable read-only memory
(PROM), 492programming
languages, 300–301vulnerabilities from, 520
projects, Gantt charts for, 312PROM (programmable read-only memory),
492propagation techniques for viruses, 329–332property, corporate vs. personal, 748proprietary alarm systems, 758proprietary data, 228Protected Extensible Authentication Protocol
(PEAP), 155protected mode, 317protection
audit results, 77backup tapes, 547–548hard drives, 502–504, 603–605log data, 66–67processors, 483–490, 484, 487resources, 546–549security governance, 210–212servers, 605–606, 605
protection profiles (PPs), 462protection rings, 316–317, 316, 483–485, 484Protocol Data Units (PDUs), 97protocol security mechanisms, networks,
152–154protocol translators, 121protocols
authentication, 154defined, 88
dial-up, 164–165, 178discovery, 105multilayer, 110–111VPNs, 157–159
provisioning, 35provisions phase in continuity
planning, 631–632proxies, 116, 121–122proximity readers, 61, 760–761proxy firewalls, 116proxy logs, 66pseudo flaws, 597–598PSH flag, 104–105PSTN (public switched telephone network),
161public data classification, 228Public Key Cryptography Standard (PKCS)
encryption, 183public key infrastructure (PKI), 415
certificate authorities, 416–417certificates, 415–416
enrollment, 418revoking, 419verifying, 418
public keysalgorithms, 383–386, 384asymmetric cryptography, 405–406encryption, 393
public switched telephone network (PSTN), 161
pulse patterns, 18purging sensitive information, 544PVCs (permanent virtual circuits), 172
Qqualitative decision making, 625qualitative risk analysis, 248, 253–254quantitative decision making, 625quantitative risk analysis, 248
cost functions, 248–249threat/risk calculations, 249–253
bindex.indd 866bindex.indd 866 30/05/12 6:44 PM30/05/12 6:44 PM
race conditions – regulatory policies 867
Rrace conditions, 520radiation
EM, 521van Eck, 498
radio frequency identification (RFID) tags, 549
radio frequency interference (RFI), 765RADIUS (Remote Authentication Dial-In
User Service), 32, 165RAID (Redundant Array of Independent
Disks), 502–504, 603–605rainbow series, 455–456
elements, 458–460TCSEC, 456–457
rainbow table attacks, 57, 428random access memory (RAM), 492–493random access storage, 293, 497random ports, 101ransomware, 580RARP (Reverse Address Resolution
Protocol), 94, 109, 595RAs (registration authorities), 417rate-of-rise fire detection systems, 769RBAC (role-based access control), 23, 25–26RBAC (rule-based access control) systems,
22–23, 453RC5 (Rivest Cipher 5), 391RDBMSs (relational database management
systems), 282read-only memory (ROM), 491–492ready state, 486real evidence, 715real memory, 293, 492realms of security in mandatory access
controls, 24reasonable expectation of privacy, 701reasonableness checks in software
development, 314reciprocal agreements, 661reconnaissance attacks, 53, 350–352record retention, 545
recovery and remediation, 732access control, 6vs. restoration, 670–671symmetric cryptography keys, 394trusted, 606–608
recovery plan development, 663–664assessment, 665backups and offsite storage, 666–669emergency response, 664external communications, 670logistics and supplies, 670personnel and communications, 664–665recovery vs. restoration, 670–671software escrow arrangements, 669–670utilities, 670
recovery response step for incidents, 577recovery strategy, 654
alternate processing sites, 657–661business unit and functional
priorities, 655crisis management, 656database recovery, 662–663emergency communications, 656mutual assistance agreements, 661work groups, 656–657
recovery time objective (RTO), 626Red Book, 458, 460red boxes, 189Redundant Array of Independent Disks
(RAID), 502–504, 603–605redundant servers, 501–502reference monitors, 440–441reference profiles, 20referential integrity in relational databases,
285reflected input in cross-site scripting, 347regional natural disasters, 649register addressing, 494registered software ports, 101registers, 494registration, biometric, 20registration authorities (RAs), 417regulatory policies, 222
bindex.indd 867bindex.indd 867 30/05/12 6:44 PM30/05/12 6:44 PM
868 regulatory requirements – risk and risk management
regulatory requirementsBCP, 624complying with, 773
rejection of risk, 256relational database management systems
(RDBMSs), 282relational databases, 283–285, 284relations in relational databases, 283relay agents, 181release control process, 314relevant evidence, 715remediation response step for incidents,
577–578remote access security management, 160–163
centralized services, 165dial-up protocols, 164–165planning, 163–164
Remote Authentication Dial-In User Service (RADIUS), 32, 165
remote control, 175remote journaling, 501, 662–663remote mirroring, 663remote wipe, 548removal of viruses, 340repeaters, 120, 127repellant alarms, 758replay attacks, 193, 430reports
incidents, 576–577, 734penetration testing, 602
repudiating messages, 366request control process in change
management, 313reset attacks in TCP, 585reset (RST) packets, 102, 104–105residual risk, 256resolution attacks, 194–195resources
managing, 549–550prioritization in BIA, 629–630protecting, 546–549requirements in BCP, 622–623security, 265
response steps for incidents, 573–574, 574, 730
detection, 574–575recovery, 577remediation and review, 577–578reporting, 576–577response, 575–576
response teams, 728–729responsibilities
duties separated from, 534–537, 536security governance, 209–210
restorationprocess, 732vs. recovery, 670–671
restricted interfaces, 34, 449restrictions, passwords, 12retina scans, 17Reverse Address Resolution Protocol
(RARP), 94, 109, 595reverse DNS lookups, 595reverse hash matching attacks, 430review response step for incidents,
577–578reviews, security, 561–562revoking
accounts, 37–38certificates, 418–419
RFI (radio frequency interference), 765RFID (radio frequency identification)
tags, 549rights in access control, 4ring topologies, 137, 138rings
vs. levels, 511protection, 483–485, 484
risk and risk managementanalysis, 242, 245asset valuation, 245–248attacks, 49BCP documentation, 635–636BIA, 626–627defined, 243exam essentials, 266–269
bindex.indd 868bindex.indd 868 30/05/12 6:44 PM30/05/12 6:44 PM
Rivest, Ronald – screening routers 869
handling, 255–257overview, 241personnel management, 239qualitative risk analysis, 253–254quantitative risk analysis,
248–253review questions, 270–273summary, 265–266terminology, 242–244, 244third-party governance, 240–241written lab, 269
Rivest, Ronald, 406, 411–412Rivest, Shamir, Adleman (RSA) algorithm,
52, 406–407, 415Rivest Cipher 5 (RC5), 391Rogier, Nathalie, 411rogueware, 60, 580role-based access control (RBAC),
23, 25–26roles in security governance,
209–210ROLLBACK command, 286rollover, 502ROM (read-only memory), 491–492rootkits, 346Rosenberger, Rob, 335ROT3 cipher, 363, 376rotation
job, 258, 538tape backups, 669
rounds of encryption, 387routers, 96, 116, 121routing protocols, 96Royce, Winston, 306RSA (Rivest, Shamir, Adleman) algorithm,
52, 406–407, 415RST (reset) packets, 102, 104–105RTO (recovery time objective), 626rule-based access controls (RBACs),
22–23, 453running key ciphers, 379–380running state, 486Rustock botnet, 587
SS/MIME (Secure Multipurpose Internet Mail
Extensions) protocol, 183–184, 422S-RPC (Secure Remote Procedure Call),
153, 393sabotage by employees, 589safeguards
cost/benefits, 250–252defined, 244distributed architecture, 507–508
sags, 606, 764SAIC (Science Applications International
Corporation), 542Saint scanner, 351salami attacks, 519SAML (Security Assertion Markup
Language), 30, 505sampling in monitoring, 69sandboxes in Java, 340, 506sanitizing data, 497, 544Sarbanes-Oxley Act (SOX), 212, 535SAs (security associations)
IPSec, 426ISAKMP, 427
satellite connections, 174scalability of symmetric key algorithms, 383scanners, vulnerability, 64, 553–554scanning attacks, 726–727scenarios for risk analysis, 253–254schedules
changes, 560Gantt charts, 312
schema for relational databases, 285Schneier, Bruce, 390, 392, 518Schnorr signature algorithm, 415Science Applications International
Corporation (SAIC), 542screen filters, 59screen scrapers, 175–176screened hosts, 117screening checks in personnel security, 259screening routers, 116
bindex.indd 869bindex.indd 869 30/05/12 6:44 PM30/05/12 6:44 PM
870 script kiddies – security kernels
script kiddies, 328–329, 725scripted access in SSO, 31SCTP (Stream Control Transmission
Protocol) port, 33SDLC (Synchronous Data Link Control), 177Search for Extraterrestrial Intelligence
(SETI) project, 279search warrants, 719–720, 731second-generation languages (2GL), 301second normal form (2NF), 285secondary evidence, 715secondary memory, 495–496secondary storage, 293secondary verification mechanisms, 759secret data classification, 227secret key cryptography, 382secure communication protocols, 153–154Secure Electronic Transaction (SET), 154Secure European System for Applications
in a Multivendor Environment (SESAME), 31
secure facility plans, 746–747Secure Hash Algorithm (SHA), 410–411Secure Hash Algorithm version 2
(SHA-2), 56Secure Hash Standard (SHS), 410Secure Multipurpose Internet Mail
Extensions (S/MIME) protocol, 183–184, 422
Secure Remote Procedure Call (S-RPC), 153, 393
Secure Shell (SSH), 425Secure Sockets Layer (SSL), 110, 153,
422–423secure state machines, 441secured enveloped messages, 183security applications in knowledge-based
systems, 297Security Assertion Markup Language
(SAML), 30, 505security associations (SAs)
IPSec, 426ISAKMP, 427
Security Assurance section in Common Criteria, 463
security boundaries, 190security cameras, 759security domain systems, 457Security Event Management (SEM), 68Security Functional Requirements section in
Common Criteria, 463security governance, 205–206
accountability, 220auditing, 219authentication, 218–219authorization, 219availability, 217–218change control/management,
224–225compliance issues, 208confidentiality, 214–215control frameworks, 213–214data classification, 225–229exam essentials, 230–232identification, 218integrity, 215–216legally defensible, 220nonrepudiation, 220–221overview, 208planning, 206–207policies, 221–222privacy requirements, 212–213procedures, 223–224protection mechanisms, 210–212review questions, 234–237roles and responsibilities, 209–210standards, baselines, and guidelines,
222–223summary, 229–230written lab, 233
security guards and dogs, 755–756security IDs, 757Security Information and Event Management
(SIEM), 68Security Information Management (SIM), 68security kernels, 440–441
bindex.indd 870bindex.indd 870 30/05/12 6:44 PM30/05/12 6:44 PM
security labels – series layers 871
security labels, 439security logs, 65–66security models, 437
access control matrices, 443–444Bell-LaPadula, 444–446, 446Biba, 446–448, 447Brewer and Nash, 449Clark-Wilson, 448–449concepts, 438–439evaluation. See evaluation modelsexam essentials, 470–471Goguen-Meseguer, 449–450Graham-Denning, 450information flow, 441–442noninterference, 442objects and subjects, 450–454review questions, 473–476security capabilities of information
systems, 469state machine, 441summary, 470Sutherland, 450Take-Grant, 443TCB, 440–441written lab, 472
security modes, 487–490Security Operations, 531
audits and reviews, 561–562change management, 559–561, 559configuration management, 555–558, 557exam essentials, 563–564job rotation, 538mandatory vacations, 538need to know and least privilege, 532–534patch management, 551–552principles, 21–22resource protection, 546–550review questions, 566–569sensitive information. See sensitive
informationseparating duties and responsibilities,
534–537, 536special privileges, 538–539
summary, 562–563vulnerability management, 552–555written lab, 565
security perimeters, 440security policies, 4, 513–515security professionals roles, 209security protection mechanisms, 510–511
security policy and computer architecture, 513–515
technical, 511–513security targets (STs) in Common
Criteria, 462security through obscurity, 367, 381segmentation
hardware, 316, 513network, 113–114
segments in OSI model, 91, 92segregation of duties, 535–537, 536seismic hazard level, 645–646SEM (Security Event Management), 68sendmail program, 181, 337senior management
BCP process, 622roles, 209security plans, 207
sensitive but unclassified data, 227sensitive data, 228sensitive information
destroying, 543, 544handling, 542managing, 539–540marking, 541PII, 540record retention, 545storing, 542
separation of duties, 258separation of duties and responsibilities
principle, 21, 534–537, 536separation of privilege, 514–515, 535sequential storage, 294, 497Serial Line Internet Protocol (SLIP),
165, 178series layers, 210–211
bindex.indd 871bindex.indd 871 30/05/12 6:44 PM30/05/12 6:44 PM
872 servers – site and facility design
serversmalicious code countermeasures, 340protecting, 605–606, 605redundant, 501–502security, 751–752
service bureaus, 660service injection viruses, 331–332service-level agreements (SLAs)
BCPs, 624equipment failures, 772issues, 261overview, 318–319
service-oriented architecture (SOA), 521service ports in Transport layer, 101Service Provisioning Markup Language
(SPML), 30–31service set identifiers (SSIDs), 133–134service-specific remote access, 175service tickets (STs), 28SESAME (Secure European System
for Applications in a Multivendor Environment), 31
session hijacking, 353Session Initiation Protocol (SIP), 153Session layer in OSI model, 97SET (Secure Electronic Transaction), 154SETI (Search for Extraterrestrial
Intelligence) project, 279SGML (Standard Generalized Markup
Language), 30SHA (Secure Hash Algorithm), 410–411SHA-2 (Secure Hash Algorithm
version 2), 56Shamir, Adi, 406shared key authentication (SKA), 135shared private keys, 382shielded twisted-pair (STP) cable, 125shielding, cable, 521shimming locks, 756shoulder surfing, 59, 751shrink-wrap license agreements, 695SHS (Secure Hash Standard), 410side-channel attacks, 61
SIEM (Security Information and Event Management), 68
signature-based filters, 340signature-based virus detection,
332–333, 592signature dynamics, 18signatures, 413–414
DSS, 415HMAC, 414–415static tokens, 16
signed messages, 183Silver Bullet Service, 547SIM (Security Information Management), 68SIM (subscriber identity module) cards, 548Simple Integrity Property, 447Simple Key Management for Internet
Protocol (SKIP), 153Simple Mail Transfer Protocol (SMTP),
109, 181Simple Network Management Protocol
(SNMP), 110Simple Security Property, 445simplex communication, 97simulation tests in disaster recovery
planning, 673single loss expectancy (SLE)
impact assessment, 628–629threat/risk calculations, 249
single points of failure, 501, 603failover solutions, 502RAID, 502–504redundant servers, 501–502
single sign-on (SSO) access controldescription, 27–28examples, 31federated identity management, 30–31
single state systems, 482single-tier firewall deployment, 117, 118SIP (Session Initiation Protocol), 153site and facility design, 746
accessibility and perimeter security, 750facility design, 750natural disasters, 750
bindex.indd 872bindex.indd 872 30/05/12 6:44 PM30/05/12 6:44 PM
Site Digger product – “somewhere you are” authentication factor 873
physical security controls, 747–749secure facility plans, 746–747server rooms and data center security,
751–752site selection, 749visibility, 749visitors, 752work areas and internal security, 751
Site Digger product, 176Six Cartridge Weekly Backup strategy, 669SKA (shared key authentication), 135SKIP (Simple Key Management for Internet
Protocol), 153Skipjack algorithm, 390–391SLAs (service-level agreements)
BCPs, 624equipment failures, 772issues, 261overview, 318–319
SLE (single loss expectancy)impact assessment, 628–629threat/risk calculations, 249
sliding windows, 103SLIP (Serial Line Internet Protocol), 165, 178smart cards
attacks, 61–62overview, 14–15, 760
smartphonescryptology, 421protecting, 548
SMDS (Switched Multimegabit Data Service), 177
smoke-actuated fire detection systems, 769smoke damage, 771smoke stage in fire, 768SMP (symmetric multiprocessing), 480SMTP (Simple Mail Transfer Protocol),
109, 181smurf attacks, 585–586sniffers, 57–58, 58, 192sniping, auction, 280SNMP (Simple Network Management
Protocol), 110
snooping attacks, 57SOA (service-oriented architecture), 521social engineering
overview, 59–61password attacks, 343penetration tests, 601voice communications, 186–187
softwareescrow arrangements, 669–670in evidence collection, 718failures, 651–652licensing, 550, 695–696threat modeling, 51
software as a service, 509Software Capability Maturity Model, 310software development security, 275
application issues, 276–281assurance procedures, 298change and configuration management,
313–314control architecture, 316–318, 316data/information storage, 293–294databases. See databases and data
warehousingexam essentials, 319–321knowledge-based systems, 294–297life cycle. See life cyclesmodes, 318object-oriented programming, 301–303programming languages, 300–301review questions, 322–325SLAs, 318–319software development process, 297–298software testing, 314–316summary, 319system failures, 298–300, 300written lab, 321
Software IP Encryption (swIPe), 153“something you have” authentication
factor, 9“something you know” authentication factor, 9“somewhere you are” authentication
factor, 10
bindex.indd 873bindex.indd 873 30/05/12 6:44 PM30/05/12 6:44 PM
874 Sony data breaches – storms
Sony data breaches, 50Soviet cryptosystem, 378SOX (Sarbanes-Oxley Act), 212, 535Spam over Internet Telephony (SPIT)
attacks, 162spamming, 183SPAN (Switched Port Analyzer) ports, 595spear phishing, 61special privileges, 538–539speed of symmetric key algorithms, 383spikes, 606, 765spiral model, 308, 308SPIT (Spam over Internet Telephony) attacks,
162split knowledge principle, 373, 394, 537SPML (Service Provisioning Markup
Language), 30–31spoofing attacks, 58–59
ARP, 194DNS, 194–195email, 59, 183hyperlink, 195IP, 352–353
spread spectrum communication, 128spyware, 339SQL (Structured Query Language)
features, 285injection attacks, 348–350, 348
SSAAs (System Security Authorization Agreements), 468
SSH (Secure Shell), 425SSIDs (service set identifiers), 133–134SSL (Secure Sockets Layer), 110, 153,
422–423SSO (single sign-on) access control
description, 27–28examples, 31federated identity management, 30–31
stand-alone mode infrastructure, 133Standard Generalized Markup Language
(SGML), 30standards in security governance, 222–223standby UPSs, 606, 650–651, 764
*(star) Integrity Property, 447*(star) Security Property, 445–446star topologies, 138–139, 139state attacks, 520state changes, 520state laws, 685state machine model, 441state transitions, 441stateful inspection firewalls, 116–117stateful NAT, 168statements of importance, 634–635statements of organizational
responsibility, 635statements of priorities, 635statements of urgency and timing, 635static electricity, 766static NAT, 168–169static packet-filtering firewalls, 116static RAM, 493static testing, 315static tokens, 15–16static Web pages, 348statistical cryptographic attacks, 428statistical intrusion detection, 592statistical sampling, 69status accounting configuration, 314stealth viruses, 334steganography, 423–424, 424stolen storage devices, 496STOP errors, 299stop orders, 279–280stopped state, 486storage
backups. See backupscovert channels, 516overview, 496–498sensitive information, 542symmetric keys, 394threats, 294types, 293–294
store-and-forward devices, 121stored procedures, 350storms, 648
bindex.indd 874bindex.indd 874 30/05/12 6:44 PM30/05/12 6:44 PM
STP (shielded twisted-pair) cable – system resilience 875
STP (shielded twisted-pair) cable, 125strategic plans, 207strategy development phase in continuity
planning, 630–631stream ciphers, 380Stream Control Transmission Protocol
(SCTP) port, 33streaming media, 692strikes, 653stripe of mirrors, 604striping, 604striping with parity, 604strong passwords, 54, 63structured protection systems in
TCSEC, 457Structured Query Language (SQL)
features, 285injection attacks, 348–350, 348
structured walk-throughs, 673STs (security targets) in Common
Criteria, 462STs (service tickets) in Kerberos, 28Stuxnet worm, 52, 338–339subjects
access control, 2security models, 450–454trusted paths, 440
subnet masks, 107subpoenas, 731subscriber identity module (SIM)
cards, 548substitution ciphers, 375–377SUM function, 290summation in neural networks, 296super-increasing sets theory, 407supervisor state, 485supervisory mode, 491supervisory state, 486supplicants in IEEE 802.1x standard, 428supplies in recovery plan development, 670surges, 765Sutherland model, 450SVCs (switched virtual circuits), 172
swIPe (Software IP Encryption), 153Switched Multimegabit Data Service
(SMDS), 177Switched Port Analyzer (SPAN)
ports, 595switched virtual circuits (SVCs), 172switches, 121, 595switching technologies, 170
circuit switching, 170–171packet switching, 171–172virtual circuits, 172
symmetric cryptography, 365, 386–387AES, 391–392Blowfish, 390DES, 387–388IDEA, 390key management, 393
algorithms, 382–383, 382creating and distributing, 393escrow and recovery, 394storage and destruction, 394
Skipjack algorithm, 390–391Triple DES, 389–390
symmetric multiprocessing (SMP), 480SYN (synchronize) packets, 102, 104–105SYN/ACK (synchronize and acknowledge)
packets, 102SYN flood attacks, 584–585, 584synchronization, time, 73Synchronous Data Link Control
(SDLC), 177synchronous LAN communications, 142synchronous tokens, 15–16system calls, 485system compromise, 727system failures, avoiding, 298–300, 300system high mode systems, 318, 488system logs, 66system resilience, 603
hard drives, 603–605power sources, 606servers, 605–606, 605trusted recovery, 606–608
bindex.indd 875bindex.indd 875 30/05/12 6:44 PM30/05/12 6:44 PM
876 System Security Authorization Agreements (SSAAs) – testing
System Security Authorization Agreements (SSAAs), 468
system test review, 305
TT-sight tool, 192table-top exercises in disaster recovery
planning, 673tablets, 548TACACS (Terminal Access Controller
Access-Control System), 32, 165TACACS Plus (TACACS+), 32tactical plans, 207Take-Grant model, 443tape backups
formats, 667–668protecting, 547–548rotating, 669sensitive information, 541–542
targets of evaluation (TOEs), 460task-based access control (TBAC), 26TATO (temporary authorization to
operate), 241TBAC (task-based access control), 26TCB (trusted computing base), 440–441TCP (Transmission Control Protocol)
overview, 101–104reset attacks, 585
TCP/IP model, 99–100, 100Application layer protocols, 109–110DNR, 112–113multilayer protocols, 110–111Network layer protocols, 106–109Transport layer protocols, 101–106vulnerabilities, 112
TCP wrappers, 101TCSEC (Trusted Computer System
Evaluation Criteria), 223, 455–456classes and required functionality,
456–457limitations, 459–460
teamsBCP, 620–621CIRT, 575response, 728–729testing, 600–601
teardrop attacks, 586technical controls, 7, 8, 760
access abuses, 761emanation security, 762–763intrusion detection systems, 761–762physical security, 747proximity readers, 760–761smart cards, 760
technical security mechanisms, 511abstraction, 512data hiding, 512hardware segmentation, 513layering processes, 511–512process isolation, 513
technology and process integration vulnerabilities, 521
technology convergence, 747telcos, 131telecommuting, 160–165, 175–176Telnet protocol, 109temperature, 766TEMPEST technologies
countermeasures, 762–763screen eavesdropping, 498, 521
Temporal Key Integrity Protocol (TKIP), 427temporary authorization to operate
(TATO), 241Ten Commandments of Computer
Ethics, 737Terminal Access Controller Access-Control
System (TACACS), 32, 165termination of employees, 261–263, 589terrorism, 649–650, 723testimonial evidence, 716–717testing
BCP documentation, 637disaster recovery planning, 672–673patches, 551
bindex.indd 876bindex.indd 876 30/05/12 6:45 PM30/05/12 6:45 PM
testing phase in BCP – transposition ciphers 877
penetration. See penetration testingsoftware, 314–316
testing phase in BCP, 623TFTP (Trivial File Transfer Protocol), 109TGTs (ticket-granting tickets), 28theft, 653–654thicknet, 124thinnet, 124third-generation languages (3GL), 301third normal form (3NF), 285third-party governance, 240–241threats
attacks. See attacksdefined, 243insider, 724modeling, 50–52storage, 294threat/risk calculations, 249–253
three-tier firewall deployment, 118–119thrill attacks, 725throughput rate in biometric registration, 20ticket-granting tickets (TGTs), 28tickets in Kerberos, 28–29time, synchronization, 73time of check (TOC), 520time-of-check-to-time-of-use (TOCTTOU)
attacks, 345, 520time of use (TOU), 520time slices, 485timing covert channels, 516timing issues, 520TJX security breach, 427TKIP (Temporal Key Integrity Protocol), 427TLS (Transport Layer Security), 33, 153,
422–423TOC (time of check), 520TOCTTOU (time-of-check-to-time-of-use)
attacks, 345, 520TOEs (targets of evaluation), 460Token Ring technologies, 141tokens
identification and authentication, 15–16
LAN technologies, 144security, 439
top-down management approach, 206top secret data classification, 227topologies, network, 137–139, 138–140tornadoes, 648total risk, 256TOU (time of use), 520Tower of Hanoi backup strategy, 669TPMs (Trusted Platform Modules),
421, 469TPs (transformation procedures), 449trade secrets, 694–695trademarks, 692–693traffic analysis, 71training
continuity planning, 633cross-training, 538disaster recovery planning, 671–672hiring process, 36personnel, 263–264users, 63
training phase in BCP, 623transactions, database, 286–287transformation procedures (TPs), 449transients, 606, 765transitions, state, 441Transmission Control Protocol (TCP)
overview, 101–104reset attacks, 585
transmission mechanisms, 181transmission protection for remote
access, 163transmission windows, 103transparency, 179–180transponder proximity readers, 761Transport layer
OSI model, 97TCP/IP model, 99–106, 100–101
Transport Layer Security (TLS), 33, 153, 422–423
transport mode in IPSec, 426transposition ciphers, 375
bindex.indd 877bindex.indd 877 30/05/12 6:45 PM30/05/12 6:45 PM
878 traverse mode noise – USGCB images
traverse mode noise, 765tree bus topology, 138trend analysis, 71Triple DES (3DES), 389–390triples in Clark-Wilson model, 448Tripwire tool, 313, 333Trivial File Transfer Protocol (TFTP),
109Trojan horses, 277–278, 335–336Tropical Prediction Center, 648true values, 368TrueCrypt package, 421trust relationships and worms, 338Trusted Computer System Evaluation
Criteria (TCSEC), 223, 455–456classes and required functionality,
456–457limitations, 459–460
trusted computing base (TCB), 440–441Trusted Network Interpretation of the
TCSEC, 458trusted paths, 440Trusted Platform Modules (TPMs),
421, 469trusted recovery, 517, 606–608trusted systems, 454trusts in domains, 27Trustworthy Computing Initiative, 518tsunamis, 646tunnel mode in IPSec, 426tunneling in VPNs, 155–157tuples in relational databases, 283turnstiles, 753–754, 754twisted-pair cabling, 125–126two-factor authentication, 20two-person control, 537two-tier firewall deployment, 118Twofish algorithm, 392Type 1 authentication factor, 9Type 1 biometric factor errors, 19Type 2 authentication factor, 9Type 2 biometric factor errors, 19Type 3 authentication factor, 10
UUCITA (Uniform Computer Information
Transactions Act), 696UDIs (unconstrained data items), 449UDP (User Datagram Protocol), 101, 106
fraggle attacks, 586RADIUS, 32
Ultra effort, 364unchecked buffers, 518unclassified data, 227unconstrained data items (UDIs), 449unicast technology, 142Uniform Computer Information
Transactions Act (UCITA), 696uninterruptible power supplies (UPSs),
606, 650–651, 764United States Code (USC), 684United States Government Configuration
Baseline (USGCB) images, 558United States Patent and Trademark Office
(USPTO), 693UNIX operating system, 332unlocking databases, 288unshielded twisted-pair (UTP) cable,
125–126UPSs (uninterruptible power supplies), 606,
650–651, 764URG flag, 104–105U.S. Geological Survey (USGS), 627, 628USA PATRIOT Act, 700USB flash drives, 546–547User Datagram Protocol (UDP), 101, 106
fraggle attacks, 586RADIUS, 32
user-friendliness, 300, 300user mode, 317, 485, 490users
access control, 2–3education, 63remote assistance, 164role, 210
USGCB (United States Government Configuration Baseline) images, 558
bindex.indd 878bindex.indd 878 30/05/12 6:45 PM30/05/12 6:45 PM
USGS (U.S. Geological Survey) – vulnerabilities 879
USGS (U.S. Geological Survey), 627, 628USPTO (United States Patent and Trademark
Office), 693utilities
failures, 651recovery plan development, 670
UTP (unshielded twisted-pair) cable, 125–126
Vvacations, mandatory, 538validation and verification steps in waterfall
model, 307validation phase in DITSCAP
and NIACAP, 468valuation of assets, 245–248Van Eck phreaking, 498Van Eck radiation, 498vandalism, 653–654vaulting, electronic, 501, 662VBScript language, 301vendor controls in personnel security, 261VENONA project, 378–379verification
certificates, 418integrity, 180, 449patches, 552secondary, 759
verification phase in DITSCAP and NIACAP, 468
verified protection systems in TCSEC, 457Vernam, Gilbert Sandford, 378Vernam ciphers, 378versioning in change management, 561video streaming, 692views, databases, 287–288Vigenere cipher, 376–377virtual circuits, 172virtual desktops, 179virtual LANs (VLANs), 159–160virtual machines (VMs), 490
virtual memory, 293, 495virtual private networks (VPNs), 155
IPSec, 426operation, 157protocols, 157–159TCP/IP model links, 101tunneling, 155–157virtual LANs, 159–160
virtual storage, 293virtualization technology, 178–179, 469viruses, 277
antivirus mechanisms, 332–333, 581countermeasures, 339–341decryption routines, 334hoaxes, 334–335overview, 329platforms vulnerable to, 332propagation techniques, 329–332technologies, 333–334
vishing (VoIP phishing), 61, 162visibility in site design, 749visitors, tracking, 752vital records program in BCP
documentation, 636VLANs (virtual LANs), 159–160VMs (virtual machines), 490voice communications, 186
fraud and abuse, 187–188phreaking, 189social engineering, 186–187
voice pattern recognition, 18VoIP (Voice over Internet Protocol),
162, 590VoIP phishing (vishing), 61, 162volatile storage, 294, 496voluntarily surrender of information, 731VPNs. See virtual private networks (VPNs)vulnerabilities
analysis, 53assessments, 554–555covert channels, 515–516CVE database, 555defined, 243
bindex.indd 879bindex.indd 879 30/05/12 6:45 PM30/05/12 6:45 PM
880 vulnerabilities – workers
vulnerabilities (continued)design and coding flaws, 516–520distributed architecture. See distributed
architectureelectromagnetic radiation, 521exam essentials, 522–524managing, 552–553review questions, 526–529risk, 49scanners, 64, 553–554security protection mechanisms, 510–515single-point-of-failure, 501–504summary, 522TCP/IP, 112technology and process integration, 521timing issues, 520written lab, 525zero-day exploits, 582–583
vulnerability scans, 351–352
Wwaiting state, 486Waledac botnet, 587walk-throughs
code review, 305disaster recovery planning, 673
walls in work areas, 751WANs (wide area networks), 123
connection technologies, 174–177overview, 172–174
WAP (Wireless Application Protocol), 131war dialing, 589–590wardriving, 136warm sites, 659warm-swappable RAID, 503warning banners for penetration testing, 602warrants, search, 719–720, 731WarVOX tool, 590water fire suppression systems, 770water leakage and flooding, 766waterfall model, 306–307, 307
watermarking, 423–424wave pattern motion detectors, 757WDS (Windows Deployment Services), 557Web application security, 346–347, 422–423
dynamic applications, 348–349, 348SQL injection attacks, 348–350, 348XSS attacks, 347
webcasting, 692well-known ports, 101WEP (Wired Equivalent Privacy), 135, 427wet pipe water suppression systems, 770whaling, 61white-box testing, 315, 600–601white boxes, 189white noise, 763whitelisting, 340wide area networks (WANs), 123
connection technologies, 174–177overview, 172–174
WiFi Protected Access (WPA), 135, 427–428WiMax standard, 137Windows Deployment Services (WDS), 557Windows Update, 551WIPO (World Intellectual Property
Organization) treaties, 691Wired Equivalent Privacy (WEP), 135, 427wired extension infrastructure mode, 133Wireless Application Protocol (WAP), 131wireless communications, 128
attacks, 136Bluetooth, 132cell phones, 129–131concepts, 128–129cordless phones, 132networks, 132–137, 427–428
Wireless Transport Layer Security (WTLS), 131
Wireshark protocol analyzer, 57–58, 58, 192wiretapping, 70work areas, 751work function in cryptography, 374work group recovery, 656–657workers. See personnel security
bindex.indd 880bindex.indd 880 30/05/12 6:45 PM30/05/12 6:45 PM
workplace privacy – zombies 881
workplace privacy, 701workstation changes, 550World Intellectual Property Organization
(WIPO) treaties, 691worms, 278, 336
Code Red, 336–337Internet, 337–338Stuxnet, 338–339
WPA (WiFi Protected Access), 135, 427–428wrappers in TCP, 101WTLS (Wireless Transport Layer Security),
131
XX.25 WAN connections, 176X.509 certificates, 416X Window, 110
XACML (Extensible Access Control Markup Language), 31
XML (Extensible Markup Language), 30XOR (exclusive OR) function, 370–371XSS (cross-site scripting) attacks, 347XTACACS (extended TACACS), 32
Zzero-day exploits, 582–583zero-knowledge proof, 372–373, 373zero-knowledge teams, 600–601Zeus Trojan horse, 329, 580Zimmerman, Phil, 390, 421zombies
botnets, 587DoS attacks, 191ping floods, 588
bindex.indd 881bindex.indd 881 30/05/12 6:45 PM30/05/12 6:45 PM