index [media.wiley.com] · index note to reader: bolded page numbers refer to defi nitions and main...
TRANSCRIPT
IndexNote to Reader: Bolded page numbers refer to defi nitions and main discussions of a topic. Italicized page numbers refer to illustrations.d
Symbols® symbol, for trademarks, 135™ symbol, for copyrights, 135
Numbers1GL (first-generation languages), 840
1NF (first normal form), database normalization, 864
2GL (second-generation languages), 840
2NF (second normal form), database normalization, 864
3DES. See Triple DES (3DES)3GL (third-generation languages), 840
3NF (third normal form), database normalization, 864
4GL (fourth-generation languages), 840
5-4-3 rule, Ethernet, 4775GL (fifth-generation languages), 840
10Base2 (thinnet coax), 474–47510Base5 (thicknet coax), 474–47510Base-T cable, 475100Base-T/100Base-TX, 475802.1x, securing wireless networks, 258802.1X/EAP, 459802.11
shared key authentication (SKA) standard, 458wireless standards, 455
802.11i (WPA2), 459802.15 (Bluetooth), 4841000Base-T, 475
Aabstraction
essential security protection mechanisms, 365–366
overview of, 12–13abuse, voice communication threat, 505–507
acceptable use policydefined, 26
for email, 509–510access aggregation attacks, 610
access control
access provisioning lifecycle, 582–583
for assets, 556
authorization and accountability in, 561–562badges for, 411Brewer and Nash model (Chinese Wall), 287centralized and distributed options, 573CIA triad and, 560in datacenter security, 398
deploying physical controls, 413–414designing in systems development life cycle, 845
for devices, 355for email, 510keys and locks in, 410
lattice-based, 282–283motion detection systems and intrusion alarms,
411–413
perimeter controls, 407–409
for physical assets, 672
port-based, 439preventing malicious code, 894
preventing unauthorized access to data, 164proximity readers, 397for servers, 393–394single sign-on in, 573–574
smartcards in, 396–397
between subjects and objects (transitive trusts), 271, 557
thwarting storage threats, 870
trusted computing base (TCB) and, 276types of, 557–559
access control attacksaggregation attacks, 610
crackers vs. hackers vs. attackers, 604–605
denial-of-service (DoS) attacks, 619
exam topics, 622–623overview of, 604
password attacks, 610–615, 615protection methods, 619–621
review answers, 938–939review questions, 625–628risk elements, 605–610
smartcard attacks, 619
social engineering attacks, 616–619
spoofing attacks, 615–616
summary, 621–622
COPYRIG
HTED M
ATERIAL
968 written lab – DevOps model aligned with
written lab, 624written lab answers, 962
access control lists (ACLs)access control matrix and, 280–281, 595
active response of IDS to, 718capability tables vs., 595
in discretionary access control, 598
firewalls and, 725recovery step in incident response, 703
access control matrixas authorization mechanism, 595
Graham-Denning model, 288overview of, 280–282
access control modelsattribute-based access controls (ABAC), 601–602
authorization mechanisms, 595–596
defense in depth, 597, 77 597–598
discretionary access controls (DAC), 274, 598
exam topics, 593, 622–623mandatory access controls (MAC), 274, 283, 602,
602–604
nondiscretionary access controls (non-DAC), 598–602
permissions, rights, and privileges, 594–595
requirements defined from security policy, 596–597
review answers, 937–938review questions, 625–628role-based access control (role-BAC), 599, 599–601
rule-based access control (RBAC), 274, 601
summary, 621–622written lab, 624written lab answers, 962
access control triple, in Clark-Wilson model, 286access logs, 398access review audits
assessing effectiveness of access controls, 745
overview of, 743–744
account lockout controls, protecting against access control attacks, 620
account management reviews, 649–650
accountabilityAAA protocols, 580–581in access control system, 561–562
defined, 10–11
mechanisms of security policies, 368–369monitoring and, 735
nonrepudiation and, 11–12
accounting, AAA. See accountabilityaccounts
access provisioning lifecycle, 582–583
reviewing periodically, 583
revoking, 584
separation of privileges in service accounts, 664
accreditation, of security systems, 300–302
ACID model, database transactions, 865–866
ACK (acknowledge) packetsSYN flood attacks, 707in TCP three-way handshake, 440
ACLs. See access control lists (ACLs)acquisitions
integrating risk considerations into acquisition strategies and practices, 35–36
organizational processes and, 16–17Acting phase, IDEAL model, 851
active responses, intrusion detection systems, 718–719
ActiveX controls, 338, 894
ad hoc mode, configuring wireless access points, 455Address Resolution Protocol (ARP)
cache poisoning, 339, 447man-in-the-middle attacks, 713resolving domain names to IP addresses, 451resolving IP addresses to MAC addresses, 432spoofing attacks, 542–543
administrative access controlsimplementing defense in depth, 598
nondiscretionary access controls (non-DAC), 599, 599–601
selecting and assessing countermeasures, 74–75types of access control, 559violating principle of least privilege, 662–663
administrative law, 126–127
administrative physical security controls, 389administrators
audits of dual accounts for, 745
audits of high-level groups of, 744–745
configuring wireless security, 462security roles and responsibilities, 177–178
admissible evidence, 806–807
Adobe Digital Experience Protection Technology(ADEPT), 254
Adobe Reader, for this book, 968Advanced Access Content System (AACS), 253Advanced Encryption Standard (AES), 218–219
overview of, 173securing email data, 163storing sensitive data, 167–168supported by S/MIME, 249
advanced persistent threats (APTs)as highly effective and sophisticated, 814
overview of, 608–609
advisory security policies, 26adware, as malicious code, 893
affected users, in DREAD rating system, 35aggregation
access aggregation attacks, 610
least privilege problem and, 663
vulnerabilities in database security, 341–342
Agile software developmentDevOps model aligned with, 856
many variants of – access control 969
many variants of, 850overview of, 849–850
agreements, employment, 53–54
AH (Authentication Header), in IPsec, 174, 256, 521alarms
intrusion alarms, 411–413
intrusion detection systems (IDS), 397–398algorithms
cryptographic keys, 208–209
cryptography relying on, 195symmetric key, 209–210
Amazon Kindle, encryption technology used by, 254amplifiers, network devices, 470analog communication, subtechnologies supported by
Ethernet, 487analysis
of business organization, 96
of risks, 64–65
analytic attacks, types of cryptographic attacks, 258
AND operation, Boolean logic, 196–197Andersen, Arthur, 633
Android devices, vulnerabilities, 351annualized cost of safeguard (ACS)
calculating cost/benefit analysis of safeguard, 68formula, 69
annualized loss expectancy (ALE)assessing impact of risks, 105elements of quantitative risk analysis, 65–69
formula, 69annualized rate of occurrence (ARO)
elements of quantitative risk analysis, 65–67
formula, 69identifying for risks, 104
anomaly analysis, 717
anomaly detection, 717
antennas, managing placement and power levels, 461
anti-malware softwaredetecting potential incidents, 700
incident response and, 723–724
installing malware using fake, 712as preventive measure, 705protecting against botnets, 709
using sandboxing, 726antivirus mechanisms/programs
BYOD devices and, 358as countermeasure to malicious code, 893–895
overview of, 886–887
rogue antivirus software as Trojan, 888
API keysnot including in code repositories, 859
similarities to passwords, 856–857
APIPA (Automatic Private IP Addressing), 528–530
Apple iOS. See iOS
AppleTalk, alternatives to IP protocol, 433applets
overview of, 337–338
types of, 338application attacks
back doors, 900
buffer overflows, 899–900
escalation of privilege and rootkits, 900–901
exam topics, 909masquerading, 907–908
reconnaissance, 905–907
review answers, 950–951review questions, 911–914summary, 908time-of-check-to-time-of-use (TOCTTOU or TOC/
TOU), 900
on web applications, 901–905, 903written lab, 910written lab answers, 965
application control, mobile device security, 353–354application firewalls, 362–363Application layer (layer 7), in OSI model, 436–437
Application layer protocols, of TCP/IP suite, 447–448
application- level gateway firewall, 726application logs, 733
application programming interfaces (APIs)interface testing of, 648
software development security, 856–857
application securitymobile devices, 355–357
role-based access controls in, 601application whitelisting, mobile device security, 357application-level gateway firewalls, 466applications, mobile device security, 355architecture
bring-your-own-device (BYOD) and, 359computer architecture. See computer architecturedatabase management system (DBMS), 861, 861–862
vulnerabilities. See vulnerabilities, in securityarchitecture
arithmetic logic unit (ALU), 329ARP. See Address Resolution Protocol (ARP)artificial intelligence, learning by experience, 872
AS (authentication service), Kerberos, 575assembly languages, 839–840
assessmentof business impact of threat. See business impact
assessment (BIA)of disaster recovery efforts, 787
of risks. See risk assessmentof security systems. See security assessment and testingof vulnerabilities. See vulnerability assessment
asset securityaccess control, 556
970 administrative controls – attribute-based access controls (ABAC)
administrative controls, 74–75administrator roles, 177–178
business/mission owner role, 176
custodian role, 178
data owner role, 174–175
data processors role, 176–177
defining data classifications, 160–163
defining data security requirements, 163–164
defining risk terminology, 61
defining sensitive data, 158–160
destroying sensitive data, 168–171, 170employment termination processes, 55exam topics, 157, 182–183handling sensitive data, 167
identifying threats by focus on assets, 30marking sensitive data, 165–167
physical controls, 75protecting physical assets, 672
protecting privacy, 178–179
protecting sensitive data using symmetric encryption, 172–173
protecting sensitive data using transport encryption, 173–174
retaining assets (data, records, etc), 171–172
review answers, 922–924review questions, 184–187scoping and tailoring, 180
selecting standards and, 180–181
storing sensitive data, 167–168
summary, 181–182system owner role, 175–176
threat modeling with focus on, 607
types of controls, 75–769understanding data states, 164–165
user role, 178
using security baselines, 179–180
written lab, 183written lab answers, 956–957
asset valuation (AV)defining risk terminology, 61
elements of quantitative risk analysis, 65–66
in formula for total risk, 73quantitative decision making in impact analysis,
101in risk analysis, 77–78, 605–607
assetsidentifying, 605–606
managing cloud-based, 673–674
managing virtual, 672
tracking, 354assurance
of confidence in security, 274–275
evaluation assurance levels (EALs), 297–299
Information Technology Security Evaluation Criteria (ITSEC), 295–296
procedures, 841
asymmetric key cryptographydigital signatures. See digital signaturesin distribution of symmetric keys, 220El Gamal, 235
elliptic curve cryptography, 235–236
exam topics, 231, 261–263hash functions. See hash functionsmanaging asymmetric keys, 246–247
nonrepudiation and, 194overview of, 210–212, 211, 232, 233public and private keys, 232–233
public key infrastructure (PKI). See public keyinfrastructure (PKI)
review answers, 926–927review questions, 265–268Rivest, Shamir, and Adleman (RSA) algorithm, 218,
233–234
smartcards and, 566–567strengths of, 212–213summary, 261symmetric key cryptography compared with, 213written lab, 264written lab answers, 958
asynchronous communication, subtechnologies supported by Ethernet, 487
asynchronous dynamic password tokens, 567asynchronous transfer mode (ATM), WAN connections,
535–536ATO (authorization to operate), in security governance,
59–60atomicity, consistency, isolation, and durability (ACID),
865–866
atomicity, in ACID model of database transactions, 865
attachments, blocking email attachments, 512attackers
advanced persistent threats of, 608–609
crackers vs. hackers vs., 604–605
identifying threats by focus on, 30patch Tuesday, exploit Wednesday and, 685
threat modeling with focus on, 608
using vulnerability scanners, 686attacks. See also by individual types
defining risk terminology, 62
determining and diagramming potential, 32–33, 33focused on violation of availability, 7focused on violation of confidentiality, 4focused on violation of integrity, 6understanding, 705–706
attribute-based access controls (ABAC), 601–602
audio – storing sensitive data 971
audiocopyright protection of streaming media, 135streaming with UDP, 443
audit logs, retaining, 171audit trails
for access control, 398accountability and, 562designing, 845
auditorsprotecting, distributing, and reporting audit results,
746–747
roles and responsibilities, 23, 742
working with external, 747–748
audits/auditingaccess review, 743–744
accountability and, 562in assessing effectiveness, 742
defined, 10, 742
employment review, 54external auditors in, 747–748
incident response and, 742–748
inspection, 743
logging vs., 732
of privileged groups, 744–745
reporting results of, 746–747
retaining audit logs, 171security audits, 632–633, 745–746
user entitlement, 744
when they go wrong, 633
authenticated scans, network vulnerability scanning with, 638–639
authentication. See also identity managementAAA services, 8–12, 580–581for access control, 164API requirements, 856–857
biometric error ratings, 570–571, 571biometrics, 568–570
captive portals and, 462centralization of, 517
cognitive passwords in, 566
comparing identification with, 560–561
configuring wireless security, 462defined, 10
of devices, 572–573
with encrypted passwords, 564factors, 563
goals of cryptography, 193–194, 194integrating identity services, 579Kerberos for, 574–576
of mobile devices, 356multifactor, 572
passwords in, 564–565
planning remote access security, 516
session management and, 579–580
smartcards in, 566–567
tokens in, 567–568
of wireless access points, 458–460authentication, authorization, and accounting (AAA)
accountability, 10–11
auditing, 10
authentication, 8–10
authorization, 9–10
identification, 8, 8, 10
nonrepudiation, 11–12
overview of, 9protocols, 580–581
Authentication Header (AH), in IPsec, 174, 256, 521authentication service (AS), Kerberos, 575authority levels, bounds and, 273authorization
AAA services, 9–10, 580–581for access control, 164mechanisms, 595–596
overview of, 561–562
automated recovery, 774
automated recovery without undue loss, 775
Automatic Private IP Addressing (APIPA), 528–530
availabilitycategories of IT loss, 560in CIA triad, 7designing in systems development life cycle, 846
goals of cryptography, 192–194
techniques for ensuring, 272–274
unauthorized changes directly affecting, 681avalanches, disaster recovery planning for, 765awareness
in disaster recovery plan, 792–793
establishing and managing information security, 81–82
B
back doorsapplication attacks and, 900
due to coding flaws, 370maintenance hooks and, 372vulnerability assessments of, 816–817
background checks, in screening employment candidates,52
backup tapesformats, 789
handling sensitive data, 167rotation strategies, 790
storing sensitive data, 168
972 backups – recent examples
backupsfault tolerance vs., 771
offline or standby UPS battery, 773
protecting log data, 734
restoring data, 787–790
scheduling, 788of software escrow arrangements, 790
verifying, 650
badges, in physical security, 411
bandwidth, quality of service controls, 775
bar codes, in hardware inventory, 671
Barracuda Networks, 726base+offset addressing, of memory, 330baseband cable
overview of, 474
subtechnologies supported by Ethernet, 487–488baselines
in behavior-based IDSs, 717
configuration management with, 678
images deployed as, 678–680, 679in security and risk management, 26–27
using security baselines, 179–180
Basic Input/Output System (BIOS), 336
Basic Rate Interface (BRI), ISDN, 534basic service set identifier (BSSID)
securing, 456–457wireless access points and, 455–456
bastion host, multihomed firewalls and, 467battery backup system, offline or standby UPS, 773
BCI Good Practices Guideline, documenting businesscontinuity plan, 785
BCP Development phase, in business continuity planning,98
BCP Implementation phase, in business continuity planning, 99
BCP Testing, Training, and Maintenance phase, in business continuity planning, 99
beacon frames, in SSID broadcast, 457behavior-based IDSs
overview of, 717–718response, 718–719
behaviors, object-oriented programming, 841
Bell-LaPadula modelBiba model compared with, 284–285as information flow model, 279overview of, 282–284, 283
best evidence rule, in documentary evidence, 807
best-effort communication, with UDP, 443beyond a reasonable doubt standard, in criminal
investigations, 805
Biba modelas information flow model, 279limitations of, 286overview of, 284–285, 285
Big Four firms, for external audits, 633
binary code, programming languages and, 839–840binary numbers, converting, 529biometrics
authentication factors, 563error ratings, 570–571, 571overview of, 568–570
proximity readers, 397registration, 571–572
BIOS (Basic Input/Output System), 336
birthday attacksoverview of, 613–614
types of cryptographic attacks, 260bit size, of key space, 194–195BitLocker, encrypting Windows portable devices, 248bits, of data, 430black boxes
approach to abstraction, 365–366, 840–841
in penetration testing, 643
as phreaker tool, 507in software quality testing, 857–858
blacklisting applications, 724
block ciphersBlowfish, 217
International Data Encryption Algorithm, 217
overview of, 207
Rijndael, 218Rivest Cipher 5, 218Twofish, 218
Blowfishas block cipher, 217
comparing symmetric algorithms, 219overview of, 173
blue boxes, as phreaker tool, 507Blue Screen of Death (BSOD), 843
Bluetooth (IEEE 802.15), 484
Boiler Room film (2000), cold site in, 779bombings, disaster recovery planning for, 766
book ciphers, 206Boolean mathematics
logical operations, 196NOT operation, 198AND operation, 196–197OR operation, 196–197overview of, 196XOR (exclusive OR) operation, 198
boot sector, in master boot record (MBR), 884
bot herders, 709
botnetscreating with Trojan horse, 890
launching DDoS attacks, 706
overview of, 709
protecting against, 709
recent examples, 709–710
bounds – conductors 973
bounds, CIA techniques, 273breaches
defining risk terminology, 62
reporting to upper management, 702Brewer and Nash model (Chinese Wall), 287
BRI (Basic Rate Interface), ISDN, 534bridge infrastructure mode, in wireless access points,
455–456bridge routers (brouters)
as network device, 471operating at Network layer of OSI model, 434
bridges, network devices, 471bring-your-own-device (BYOD)
authentication, 572–573
mobile device security, 354policies, 357–360, 677
broadband cableoverview of, 474
subtechnologies supported by Ethernet, 488broadcast domains, 470broadcasts
collisions compared with, 469subtechnologies supported by Ethernet, 488
brouters (bridge routers)as network device, 471operating at Network layer of OSI model, 434
brownouts, power issues, 400, 773
browsers, protecting against botnets, 709
brute force attacksoverview of, 612–613
types of cryptographic attacks, 258BSOD (Blue Screen of Death), 843
BSSID (basic service set identifier)securing, 456–457wireless access points and, 455–456
buffer overflowattacks, 370–372vulnerabilities, 710, 899–900
buildings. See facilitiesBureau of Industry and Security, export controls, 139burglar alarms, 397–398bus topology, 478–479, 479business attacks, computer crime, 814
business continuity planning (BCP)analyzing business organization, 96
assessing business impact, 101
assessing risk impact, 104–106, 105assessing risk likelihood, 104
benefits of, 99
disaster recovery planning compared with, 95
documenting, 110
emergency-response guidelines, 113
environment and life safety, 414exam topics, 93, 115–116getting approval of plan, 109
goals in, 111
identifying priorities, 101–102
identifying risks, 102–103
implementing plan, 110
legal and regulatory requirements, 100
maintaining, testing, and performing exercises, 114
man-made natural disasters, 766–769overview of, 94–95prioritizing resources, 106
Professional Practices library for, 785project scope, 95–96
provisions and processes phase, 108–109
regional natural disasters, 765resource requirements, 98–99
review answers, 918–920review questions, 118–121risk assessment and risk acceptance/mitigation
sections, 112
senior management and, 98
statements of importance, priorities, organizational responsibility, and urgency and timing,111–112
strategy development phase, 107
subtasks in, 107
summary, 114–115team selection, 96–97
as template for recovery efforts, 795vital record program, 113
written lab, 117written lab answers, 955
business impact assessment (BIA)assessing risk impact, 104–106
assessing risk likelihood, 104
disaster recovery strategy, 776–777
identifying priorities, 101–102
identifying risks, 102–103
overview of, 101
prioritizing resources, 106
business organization, analyzing, 96
business units, functional priorities for disaster recovery,776–777
business/mission owner role, security roles andresponsibilities, 176
BYOD. See bring-your-own-device (BYOD)
CC3 cipher, 190–191cables, network
baseband and broadband, 474
characteristics of, 475
coaxial, 473–474
conductors, 476–477
974 overview of – Chinese Wall (Brewer and Nash model)
overview of, 473
twisted-pair, 475–476
cache, local, 339–341
cache poisoningARP and RARP and, 447overview of, 339
cache RAM, 328caching DNS server, 340CACs (Common Access Cards), 567Caesar cipher
historical milestones in cryptography, 190–191stream ciphers, 207substitution ciphers, 203
Cain & Abel, CPU-based password-cracker, 612–613CALEA (Communications Assistance for Law
Enforcement Act)in U.S. privacy laws, 141wiretaps and, 483–484
California Online Privacy Protection Act (COPA), 179callback security, as war dialing countermeasure, 714Candidate Information Bulletin (CIB), CISSP, 699,
715–716
candidate keys, in relational databases, 863
capabilities listsin access control matrix, 280security attributes and, 275
Capability Maturity Model for Software, 850captive portals, 462
cardinality, of database rows, 862–863
Carlisle Adams/Stafford Tavares (CAST), 249Carrier-Sense Multiple Access (CSMA), 488Carrier-Sense Multiple Access with Collision Avoidance
(CSMA/CA), 488–489Carrier-Sense Multiple Access with Collision Detection
(CSMA/CD), 489CAs (certificate authorities), 243–244
cascading, type of composition theory, 280CAST (Carlisle Adams/Stafford Tavares), 249Cat 5/Cat5e UTP cable, 476cathode ray tube monitors, radiation from, 334CBC (Cipher Block Chaining), in DES, 215CBK (Common Body of Knowledge)
CISSP Study Guide, 716Security and Risk Management domain, 3
CBK (Common Body of Knowledge), Security and Risk Management domain, 3
CCCA (Comprehensive Crime Control Act), 128CCTV. See closed circuit TV (CCTV)CDI (constrained data item), in Clark-Wilson model, 286CDNs (content distribution networks), 453–454
cell phonesgenerations of, 481–482
security issues, 507Wireless Application Protocol and, 483–484
cell suppression, DBMS granular control with, 867
cells, wireless, 454central processing unit (CPUs)
accessing secondary memory, 330interrupts and, 335large-scale parallel data systems and, 344operating modes, 326operating states, 321–322overview of, 315
processing types, 318–319
registers, 329
static vs. dynamic RAM and, 329CER (crossover error rate), in biometrics, 571certificate authorities (CAs), 243–244
certificate path validation (CPV), 244certificate practice statement (CPS), 246certificate revocation list (CRL)
revoking digital certificates, 246verification of certificates and, 245
certificates. See digital certificatescertification, in evaluation of security systems, 300–302
CFAA (Computer Fraud and Abuse Act)amendments, 128–130
provisions, 128
CFB (Cipher Feedback), in DES, 215CFR (Code of Federal Regulations), 127chain of evidence (or chain of custody), 807–808
Challenge Handshake Authentication Protocol (CHAP)planning remote access security, 516PPP support, 537types of authentication protocols, 502
challenge-response authentication, 194, 194change logs, 733
change managementoverview of, 680–682, 681process of, 853–854
security audits reviewing, 746
security governance and, 17–18
security impact analysis in, 682–683
as security tool, 853
systems development life cycle, 847
updating disaster recovery plan, 795
versioning, 683
channel service unit/data service unit (CSU/DSU), 534channels, wireless, 456CHAP. See Challenge Handshake Authentication Protocol
(CHAP)checklists
creating baseline with, 678
disaster, 785–786
checksums, integrity verification and, 537Children’s Online Privacy Protection Act (COPPA),
142–143, 179Chinese Wall (Brewer and Nash model), 287
chosen ciphertext attacks – Security and Risk Management domain 975
chosen ciphertext attacks, 259chosen plaintext attacks, 260CIA triad. See confidentiality, integrity, availability (CIA)CIB (Candidate Information Bulletin), CISSP, 699,
715–716
CIDR (Classless Inter-Domain Routing), 445CIFS (Common Internet File System), 433Cipher Block Chaining (CBC), in DES, 215Cipher Feedback (CFB), in DES, 215ciphers
in American Civil War, 191art of creating/implementing, 195block ciphers, 207
codes vs., 202
confusion and diffusion operations, 207
one-time pads, 205–206
running key ciphers, 206–207
stream ciphers, 207
substitution ciphers, 203–205
transposition ciphers, 202–203
ciphertext, plaintext compared with, 194ciphertext only attacks, 259CIR (committed information rate), in Frame Relay, 535circuit switching
overview of, 530–531
packet switching compared with, 531circuit-level gateway firewalls, 466, 726CIRTs (computer incident response teams), 701, 820
civil lawinvestigations, 805
overview of, 126
Clark-Wilson modelconstrained interfaces and, 304overview of, 286, 286–587
classes, IP address, 444–445classes, object-oriented programming
abstraction and, 366overview of, 841
classification labelsmandatory access control (MAC), 602, 602–604
multilevel security database security, 866–868
protecting audit results, 747
classification of data. See data classificationClassless Inter-Domain Routing (CIDR), 445click-through licenses, types of license agreements, 138client systems, implementing antivirus software, 893
client-based vulnerabilities. See vulnerabilities, client-based
closed circuit TV (CCTV)for access control, 398intrusion alarms and, 412monitoring access to servers, 394secondary verification mechanisms, 412–413
closed ports, network discovery with nmap, 635–638, 636–638
closed source, vs. open source, 272closed systems, vs. open systems, 271–272
cloud computingbusiness impact assessment and, 102as disaster recovery option, 782
managing cloud-based assets, 673–674
overview of, 346–347
types of license agreements, 138cloud service providers (CSPs), 673
CNSS (Committee on National Security Systems), 302CO2, fire suppression systems, 405–406coaxial cables, 473–474
COBIT (Control Objectives for Information and Related Technology), 24, 176
codeattacks based on flaws in, 370
checking for buffer overflows, 371code review phase in systems development life cycle,
846
repositories, 858–859
software for reviewing, 644–645, 645Code of Ethics, ISC, 827–828
Code of Federal Regulations (CFR), 127Code Red worm, 890–891
code words or phrases, for personnel safety, 670codes, ciphers contrasted with, 202
cognitive passwords, 566
cohesiveness, object-oriented programming, 841
cold sites, as disaster recovery option, 778–779
collaboration. See multimedia collaborationcollision attacks, types of cryptographic attacks, 260collision domains, 470collisions
in birthday attacks, 613–614
in brute force attacks, 612vs. broadcasts, 469
collusiondefined, 52
job rotation protecting against, 51mandatory vacations detecting, 666–667separation of duties protecting against, 50two-person control reducing, 666–667
columnar transposition, transposition ciphers, 202columns, database, 862–863
combination locks, physical security, 410committed information rate (CIR), in Frame Relay, 535Committee on National Security Systems (CNSS), 302Common Access Cards (CACs), 567Common Body of Knowledge (CBK)
CISSP Study Guide, 716Security and Risk Management domain, 3
976 Common Criteria – processing types
Common Criteriaoverview of, 296recognition of, 296–297
security standards, 290structure of, 297–299
trusted recovery, 774–775
Common Internet File System (CIFS), 433common mode noise, 401common routers, 466Common Vulnerability and Exposures (CVE) dictionary,
688
communication disconnects, 373–374
communication securityARP spoofing attacks, 542–543
authentication protocols in, 502
Automatic Private IP Addressing (APIPA), 528–530
centralization of authentication, 517
circuit switching, 530–531
denial of service/distributed denial of service attacks, 540–541
dial-up encapsulation protocols, 536–537
dial-up protocols, 516–517
disaster recovery planning, 786–787, 77 791
DNS poisoning, spoofing, and hijacking attacks, 543–544
eavesdropping attacks, 541–542
email security goals, 509–510
email security issues, 510–511
email security solutions, 511–512
emergency preparation, 777–778
exam topics, 499, 546–548fax security, 512–513
fraud and abuse, 505–507
hyperlink spoofing attacks, 544
instant messaging, 508
IPsec protocol in, 521–522
Layer 2 Tunneling Protocol (L2TP), 521
managing remote access, 513–515
masquerading/impersonation attacks, 542
modification attacks, 542
multimedia collaboration and, 507
network address translation (NAT), 525–526
overview of, 500–501packet switching, 531–532
planning remote access security, 515–516
Point-to-Point Tunneling Protocol (PPTP), 520–521
preventing/mitigating network attacks, 539–540
private IP addresses, 526–527
remote meetings, 508
replay attacks, 542
review answers, 933–934review questions, 550–553
secure protocols, 501–502
secure voice communications, 503
security boundaries, 539
security control characteristics, 537–538
social engineering attacks, 504–505
stateful NAT, 527–528
static and dynamic NAT, 528
summary, 545–546switching technologies, 530
tunneling and, 518–519
virtual applications/software, 523–524
virtual circuits, 532
virtual LANs (VLANs), 522
virtual networking, 524–525
virtual private networks (VPNs), 519–520
virtualization and, 523
Voice over IP (VoIP), 503–504
WAN connections, 534–536
WAN technologies, 532–534
written lab, 549written lab answers, 960–961
Communications Assistance for Law Enforcement Act (CALEA)
in U.S. privacy laws, 141wiretaps and, 483–484
community cloud deployment model, 674
companion viruses, 885
compartmentalized environment, in mandatory access control (MAC), 604
compartmented mode, 324
compartmented mode workstations (CMWs), 324compatibility tables, as authorization mechanism, 595
compensation access control, 76, 559compiled languages, security implications of, 839–840
compilers, 839compliance
with government regulations, 146–147
personnel security and, 57
composition theories, 279–280Comprehensive Crime Control Act (CCCA), 128compromise incidents, 819
computer architecturecentral processing units (CPUs), 315
execution options, 316–318
firmware, 336–337
hardware, 315
input and output devices, 333–335
input/output (I/O) operations, 335–336
memory, 327
memory addressing, 329–330
memory security issues, 331
operating modes, 326
process (operating) states, 321–322, 322processing types, 318–319
protection rings – strategy development phase 977
protection rings, 319–321, 320random access memory, 328–329
read-only memory, 327–328
registers, 329
secondary memory, 330–331
security modes, 323–325
storage, 331–333
computer crimebusiness attacks, 814
categories, 812–813
Computer Fraud and Abuse Act, 128–129
Computer Security Act, 129–130
Federal Information Security Management Act, 132
Federal Sentencing Guidelines for computer crimes, 130
financial attacks, 814–815
Government Information Security Reform Act, 131
grudge attacks, 815–817
military and intelligence attacks, 813–814
National Information Infrastructure Protection Act, 130
overview of, 127Paperwork Reduction Act, 130
terrorist attacks, 815
thrill attacks, 817Computer Fraud and Abuse Act (CFAA)
amendments, 128–130
provisions, 128
computer incident response teams (CIRTs), 701, 820
Computer Security Act (CSA), 129–130
computer security incident, defining requirements with,698–699
computer security incident response team (CSIRT), 701
computer security incident response teams (CSIRTs), 820
computers, export controls, 139concealment, aspects of confidentiality, 5concentrators
cable runs and, 477network devices and, 470
conceptual definition phase, of systems development life cycle, 845
concurrency (edit) control, in multilevel database security,867
conductors, network cable, 476–477
Conficker, 685
confidential (proprietary) datacommercial classification of data, 21, 162defining sensitive data, 159–160
governmental classification of data, 20, 160nondisclosure agreements (NDAs), 171securing email data, 163
confidentialityBell-LaPadula model and, 284business attacks on, 814
categories of IT loss, 560confidentiality principle in CIA, 4–5
goals of cryptography, 192–193mutual assistance agreements and, 783
NIST guidelines, 415principle of least privilege for, 662–663
protecting with encryption, 172–174thwarting attacks on database, 868
confidentiality, integrity, availability (CIA)availability principle, 7, 68177
categories of IT loss, 560
confidentiality principle, 4–5
goals of cryptography, 192–194
integrity principle, 5–6
overview of, 3–4security and risk management, 3techniques for ensuring, 272–274
configuration managementbaselining for, 678
derived from ITIL, 682
documentation of, 683
process of, 854–855
security audits reviewing, 746
as security practice, 679using images for baselining, 678–680
versioning control in, 683
Configuration Manager (ConfigMgr), 672confinement, CIA techniques, 273confiscation of evidence, incident response, 822
conflict of interests, segregation of duties preventing, 664–666
confusion operations, in obscuring plaintext messages, 207
connection technologies, WANs, 534–536
connectionless protocol, UDP as, 443connectivity, planning remote access security, 515consistency, in ACID model of database transactions, 865
constrained data item (CDI), in Clark-Wilson model, 286constrained interfaces, as authorization mechanism, 596
consultants, controlling, 56–57
content distribution networks (CDNs), 453–454
content filters, implementing antivirus programs, 893
Content Scrambling System (CSS), in movie DRM, 253content-dependent access controls
as authorization mechanism, 596
DBMS security, 867
context-dependent access controlsas authorization mechanism, 596
DBMS security, 867
continuity planning. See also business continuity planning (BCP)
getting approval of plan, 109
implementing plan, 110
provisions and processes phase, 108–109
strategy development phase, 107
978 subtasks in – email
subtasks in, 107
continuous improvement principle, personnel security and, 78
contractors, controlling, 56–57
contracts, types of license agreements, 138Control Objectives for Information and Related
Technology (COBIT), 24, 176control specifications development phase, systems
development life cycle, 845–846
control zonesprotecting against EM radiation eavesdropping, 375securing electrical signals and radiation, 399
controlled security mode, 324
controlsfor access. See access controlcharacteristics of, 537–538
frameworks, 23–24
monitoring and measuring, 76–77
for perimeter security, 407–409, 408for personnel security, 74–75
for physical security, 389–390
redundancy and diversity of, 363types of, 75–76
controls gap, residual risk and, 73converged protocols, 452
COPPA (Children’s Online Privacy Protection Act), 142–143, 179
copyrights. See also intellectual propertyDigital Millennium Copyright Act, 134–135
protecting trade secrets, 137works qualifying for, 133
cordless phones, 484
corporate policies, for BYOD devices, 359corrective access control, 76, 558cost-benefit analysis, in valuation of assets, 610Counter (CTR), in DES, 215Counter Mode Cipher Block Chaining Message
Authentication Control Protocol (CCMP), 459, 460–461
countermeasuresto availability attacks, 7certification and accreditation as, 300–302
Common Criteria and, 296–299
to confidentiality attacks, 4effectiveness of, 77implementing for personnel security, 74–75
industry and international security implementationguidelines, 299–300
to integrity attacks, 6ITSEC classes and required assurance and
functionality, 295–296
to malicious code, 893–895
Orange book, 290–292, 291Orange book limitations, 294–295
to password attacks, 898–899
rainbow series for security standards, 290, 293–294Red and Green books, 293residual risk and, 73selecting and assessing, 73–74, 289
counterstrikes/counter attacksnot included in incident response, 700
risk of launching, 720
coupling, object-oriented programming, 841
covert channelsattacking data storage resources, 870
types of, 369
CPS (certificate practice statement), 246CPTED (crime prevention through environmental design),
389CPUs. See central processing unit (CPUs)CPV (certificate path validation), 244crackers, hackers and attackers compared with,
604–605
CRCs (cyclic redundancy checks), 537credential management
Kerberos, 574mobile device security, 356overview of, 578–579
Credential Manager, in Windows OSs, 579credit cards, industry standard, 146creeping privilege, 583crime
criminal investigations, 805
securing evidence storage facility, 395crime prevention through environmental design (CPTED),
389criminal law
cybercrime, 131overview of, 124–126
United States Code (USC), 126crisis management, disaster recovery strategy for, 777
critical path analysis, in developing physical security plan, 387
criticality, aspects of confidentiality, 5CRL (certificate revocation list)
revoking digital certificates, 246verification of certificates and, 245
crossover error rate (CER), in biometrics, 571cross-site scripting (XSS) attacks, on web applications,
901–902
cross-training, as alternative to job rotation, 52CRT monitors, radiation from, 334cryptanalysis
algorithms and, 208–209defined, 195
cryptographic applicationsdigital rights management, 252–254
email, 248
networking – implementing 979
networking, 255–257
overview of, 247portable devices and, 247–248
Pretty Good Privacy (PGP), 248–249
Secure Multipurpose Internet Mail Extensions (S/MIME), 249
steganography and watermarking, 250–252, 251–252
web applications, 249–250
wireless networking, 257–258
cryptography. See also encryptionAdvanced Encryption Standard (AES), 218–219
asymmetric. See asymmetric key cryptographyattacks, 258–260
block ciphers, 207
Blowfish block cipher, 217
Boolean mathematics in, 196–198
codes vs. ciphers, 202
concepts in, 194–195
confusion and diffusion operations, 207
Data Encryption Standard (DES), 214–215
defined, 195
exam topics, 189, 223–224goals of, 192–194
hashing algorithms. See hash functionshistorical milestones, 190–192International Data Encryption Algorithm (IDEA), 217
key creation and distribution, 219–221
key escrow and recovery, 221–222
key storage and destruction, 221
keys, 208–209
lifecycle of, 222modulo function, 199
nonce, 200
one-time pads, 205–206
one-way functions, 199–200
overview of, 208–209
review answers, 924–926review questions, 226–229running key ciphers, 206–207
Skipjack algorithm, 217–218
split knowledge, 201
stream ciphers, 207
substitution ciphers, 203–205
summary, 222–223symmetric. See symmetric key cryptographytransposition ciphers, 202–203
Triple DES, 216–217
work function (work factor), 201
written lab, 225written lab answers, 958zero-knowledge proof, 200, 200–201
Cryptolocker ransomwarebotnets distributing, 709
overview of, 890
cryptovariables, 195CSA (Computer Security Act), 129–130
CSMA (Carrier-Sense Multiple Access), 488CSMA/CA (Carrier-Sense Multiple Access with Collision
Avoidance), 488–489CSMA/CD (Carrier-Sense Multiple Access with Collision
Detection), 489CSPs (cloud service providers), 673
CSS (Content Scrambling System), in movie DRM, 253CSU/DSU (channel service unit/data service unit), 534CTR (Counter), in DES, 215custodian role, security roles and responsibilities, 178
CVE (Common Vulnerability and Exposures) dictionary, 688
cybercrimelaw, 131securing evidence storage facility, 395
cyber-physical systems, 361cyclic redundancy checks (CRCs), 537
DD2D (disk-to-disk) backups, 789
DAC. See discretionary access controls (DAC)damage potential, in DREAD rating system, 34darknets, 721
DARPA model. See also Open Systems Interconnection(OSI), 427, 437
dataanalytics, 343
asset security, 164–165
formats, 435–436information life cycle management, 668–669
managing media, 675–678
protecting logs, 733–734
recovery planning for theft of, 759–760
retaining assets, 164–165
sensitive. See sensitive datastates of, 163–164
data at rest (stored)confidentiality and, 193understanding data states, 164
data breachesaccess control attacks, 606–607
notification rule, 142preventing, 165
data classificationBell-LaPadula model and, 282–283benefits of, 18–19Biba model and, 285commercial/business, 21, 21, 161, 161–163
governmental/military, 20, 20, 160–161, 161implementing, 19
980 information life cycle management – decomposing. See reduction analysis
information life cycle management, 668
marking sensitive data, 165overview of, 18
ownership and, 22security governance and, 20–21
data custodians (owners)discretionary access control (DAC) by, 598
security roles and responsibilities, 23Data Definition Language (DDL), SQL, 864
data dictionaries, 342data diddling, in incremental attacks, 372data emanations
defined, 454
securing electrical signals and radiation, 398–399
Data Encryption Standard (DES)comparing symmetric algorithms, 219cryptanalysis defeating, 209overview of, 173in symmetric cryptography, 214–215
data flowpaths in reduction analysis, 34server-based vulnerabilities, 341
data hidingessential security protection mechanisms, 366–367
protection mechanisms, 13
data in transit or in motionconfidentiality and, 193protecting, 173–174understanding data states, 164
data integrity. See also integrityDBMS security, 867
incident handling, 825
principle of least privilege for, 662–663
relational database transactions ensuring, 864–866
Data Link layer (layer 2), in OSI model, 431–432
data loss prevention (DLP)detecting watermarks, 741
egress monitoring with, 740–741
marking sensitive data, 166protecting email data, 164
Data Manipulation Language (DML), SQL, 864
data mart, storing metadata in, 343data mining, vulnerabilities in database security,
342–343
data owner rolebring-your-own-device (BYOD) and, 357
security roles and responsibilities, 23, 174–175
data processors role, security roles and responsibilities,176–177
Data Protection Directive (EU), 58data remanence
destroying sensitive data and, 168physical security of media storage and, 394storage security issues, 333
data stream, in OSI model, 430data terminal equipment/data circuit-terminating
equipment (DTE/DCE)in Frame Relay, 535WAN connections, 534
data warehousing, 342–343
database management system (DBMS)distributed data model, 862
hierarchical data model, 861, 861–862
overview of, 861
security mechanisms, 867–868
database recoverydisaster recovery plans for, 783
electronic vaulting for, 783–784
remote journaling for, 784
remote mirroring for, 784
database securityaggregation, 341–342
data analytics, 343
data mining and data warehousing, 342–343
inference attacks, 342
large-scale parallel data systems, 344
for multi-level databases, 866–868
overview of, 341
protecting data at rest, 164–165databases
DBMS architecture, 861, 861–862
key escrow database, 201normalization of tables, 864
Open Database Connectivity, 868, 868
overview of, 860–861relational, 862, 862–864
transactions, 864–866
datacenter securityaccess abuses, 398
intrusion detection systems (IDS), 397–398
overview of, 396proximity readers in, 397
securing electrical signals and radiation, 398–399
smartcards, 396–397
date stamps, DBMS data integrity, 867
DBMS. See database management system (DBMS)DCSs (distributed control systems), for industrial control,
348–349DDL (Data Definition Language), SQL, 864
DDoS. See distributed denial-of-service (DDoS) attacksdead zones, network segments, 433decision-making process
decision-support systems, 872–873
expert systems, 870–872
neural networks, 872
decision-support systems (DSS), 872–873
declassification, of media, 170decomposing. See reduction analysis
dedicated (leased) lines – e-book DRM 981
dedicated (leased) lines, WAN technologies, 532dedicated mode, security modes, 323–324
Defense Information Technology Security Certification and Accreditation Process (DITSCAP), 302
defense-in-depthIDS intended as part of, 715implementing, 74implementing access control with, 597, 77 597–598
preventing access aggregation attacks, 610
protecting large-scale parallel data systems, 346Defined phase, SW-CMMM, 851
degaussingdestroying sensitive data, 168media, 170–171
degrees, of database columns, 862–863
delegation, object-oriented programming, 841
deleting files, as antivirus mechanism, 886
Delphi techniques, in qualitative risk analysis, 71Delta rule (learning rule), learning by experience in neural
networks, 872
deluge fire suppression system, 405demilitarized zones (DMZ)
defined, 464
firewall deployment and, 468–469multihomed firewalls and, 467
denial of service (DoS) attackscountermeasures, 540–541
email security issues, 510–511overview of, 540in STRIDE threat categorization system, 31
denial-of-service (DoS) attackscategorizing incidents as, 819
detecting with IDSs, 715distributed denial-of-service (DDoS) attack, 706
distributed reflective denial-of-service (DRDoS) attack, 706
Gibson Research on, 821–822
overview of, 619, 706
SYN flood attack, 706–707
Department of Commerceexport controls, 139Safe Harbor program of, 177
Department of Defense (DoD)advanced persistent threat (APT) on, 609Bell-LaPadula model developed by, 282DoD Information Assurance Certification and
Accreditation Process (DIACAP), 302DoD Information Technology Security Certification
and Accreditation Process (DITSCAP), 324TCSEC standards, 290
departments, analyzing business organization, 96
DES. See Data Encryption Standard (DES)design
of facility, 388–389
flaws, 370
review phase in systems development life cycle, 846
design security principlesaccess control between subjects and objects (transitive
trusts), 271
CIA techniques, 272–274
open vs. closed systems and, 271–272
overview of, 270–271
trust and assurance and, 274–275
destroying dataafter backup media reaches its MTTF, 678information life cycle management, 669
destroying media, 171detection phase, incident response, 822
detective access control, 75–76, 558deterrent access control, 75, 558–559Devakumar, Vijay, 612–613
device fingerprinting, 573devices
access control, 355, 556authentication, 572–573
examples of embedded and static systems, 360–362input and output devices, 333–335
input/output (I/O) operations, 335–336mobile device security, 352–355
network devices, 431, 470–472operating at Network layer of OSI model, 434securing wireless, 470–472
storage devices, 331–333
wireless networking, 485
DevOps model, 855, 855–856
DHCP (Dynamic Host Configuration Protocol), 529Diagnosing phase, IDEAL model, 851
diagramming potential attacks, 32–33
dial-up encapsulation protocols, 536–537
dial-up protocols, 516–517
Diameter, 581dictionary attacks
birthday attacks, 613–614
hybrid attacks, 612overview of, 611, 896–897
differential backups, in disaster recovery plan, 787–788
differential power analysis attacks, smartcards, 619
Diffie-Hellman key exchange algorithmin distribution of symmetric keys, 219–221El Gamal based on, 235use by OpenPGP, 249
diffusion operations, in obscuring plaintext messages, 207
digital certificatesgenerating and destroying, 245–246
obtaining, 243–244
overview of, 243
smartcards and, 566–567SSL and, 250
digital communication, subtechnologies supported by Ethernet, 487
Digital Millennium Copyright Act (DMCA), 134–135
digital rights management (DRM)document DRM, 254e-book DRM, 253–254
982 movie DRM – DITSCAP (Defense Information Technology Security Certification and Accreditation Process)
movie DRM, 253music DRM, 252–253overview of, 252
video game DRM, 254Digital Signature Algorithm (DSA)
key length, 235overview of, 242
Digital Signature Standard (DSS), 242
digital signaturesasymmetric key algorithms supporting, 212Digital Signature Standard, 242
Hashed Message Authentication Code (HMAC), 241–242
implementing partial, 241message digests in implementation of, 237overview of, 240–241
preventing malicious code, 894
digital subscriber line (DSL), WAN technologies, 533digital watermarking, 742
direct addressing, memory addressing, 330direct evidence, as testimonial evidence, 808
Direct Inward System Access (DISA), 506Direct Memory Access (DMA), 336Direct Sequence Spread Spectrum (DSSS), 481directed graph, Take-Grant model, 281directional antennas, 461directive access control, 76, 559directory services, 574DISA (Direct Inward System Access), 506disaster recovery planning (DRP)
assessment, 787
backups and offsite storage, 787–790
business continuity planning compared with, 95
business unit and functional priorities, 776–777
cloud computing, 782
cold sites, 778–779
crisis management, 777
database recovery, 783
electronic vaulting, 783–784
emergency communications, 777–778
emergency response, 785–786
exam topics, 759, 795–796external communications, 791
hot sites, 779–780
logistics and supplies, 791
maintenance, 794–795
man-made disasters, 765–770
mobile sites, 781
mutual assistance agreements (MAAs), 782–783
natural disasters, 761–762, 761–765
nature of disaster and, 760–761overview of, 760, 775–776, 784–785personnel and communications, 786–787
recovery vs. restoration, 791–792
remote journaling, 784
remote mirroring, 784
review answers, 946–947review questions, 798–801service bureaus, 781–782
software escrow arrangements, 790–791
summary, 795system resilience and fault tolerance, 770–775,
772testing, 793–794
training, awareness and documentation,792–793
utilities, 791
warm sites, 780–781
workgroup recovery, 778
written lab, 798written lab answers, 964–965
disastersman-made, 765–770
natural, 761–765
nature of, 760–761discoverability, in DREAD rating system, 35discretion, aspects of confidentiality, 5discretionary access controls (DAC)
overview of, 274, 598
role-based access control compared with, 600disinfecting files, as antivirus mechanism, 886, 905
disk drivesdestroying sensitive data on solid state drives, 169hard disk drives (HDDs), 333solid state drives (SSDs), 169, 333, 678
storing sensitive data, 168disk-to-disk (D2D) backups, 789
distance vector routing protocols, 434distributed control systems (DCSs), for industrial control,
348–349distributed data model, DBMS architecture, 862
distributed denial of service (DDoS) attackscountermeasures, 540–541
overview of, 540distributed denial-of-service (DDoS) attacks
detecting with IDSs, 715overview of, 706
in ping flood attack, 706–707
Distributed Network Protocol (DNP3), 450distributed reflective denial-of-service (DRDoS) attack,
706
distributed systemscloud computing and, 346–347
grid computing, 347–348
overview of, 344–346
peer-to-peer (P2P) system, 348
DITSCAP (Defense Information Technology Security Certification and Accreditation Process), 302
DKIM (DomainKeys Identified Mail) – in malicious software 983
DKIM (DomainKeys Identified Mail), 511DLP. See data loss prevention (DLP)DMA (Direct Memory Access), 336DMCA (Digital Millennium Copyright Act), 134–135
DML (Data Manipulation Language), SQL, 864
DMZ. See demilitarized zones (DMZ)DNP3 (Distributed Network Protocol), 450DNS. See Domain Name System (DNS)DNS poisoning, spoofing, and hijacking attacks
cache poisoning, 339on communication network, 543–544
query spoofing, 340DNS servers, 340DNSChanger (Esthost botnet), 710
document exchange and review, acquisition strategies and practices, 36
documentary evidence, using in court of law, 807
documentationof business continuity plan, 110
in change management, 683
in configuration management, 683
of disaster recovery plan, 793
of disaster recovery procedures, 785
in incident handling, 825–826
of incident response steps, 700
of penetration test results, 730
recovery step in incident response, 703Documentation review, in security governance, 59–60documents, digital rights management, 254DoD. See Department of Defense (DoD)DOD model. See TCP/IP suitedogs, as perimeter control, 409domain name, resolving to IP addresses, 450–451
Domain Name System (DNS)attacks on communication network, 543–544
cache poisoning attacks, 339DRDoS attacks, 706
NIDS discovering source of attack with DNS lookup, 720
query spoofing attacks, 340resolving domain names to IP addresses, 451
domain of attributes, relational databases, 862
DomainKeys Identified Mail (DKIM), 511domains of protection. See layeringDoS attacks. See denial-of-service (DoS) attacksDRDoS (distributed reflective denial-of-service) attack, 706
DREAD (Probability x Damage Potential) system, in threat prioritization and response, 34–35
drive-by downloadsdistributing malware with, 712overview of, 617
DRM. See digital rights management (DRM)DRP. See disaster recovery planning (DRP)dry pipe fire suppression system, 405DSA. See Digital Signature Algorithm (DSA)
DSL (digital subscriber line), WAN technologies, 533DSS (decision-support systems), 872–873
DSS (Digital Signature Standard), 242
DSSS (Direct Sequence Spread Spectrum), 481DTE/DCE (data terminal equipment/data circuit-
terminating equipment)in Frame Relay, 535WAN connections, 534
DTMF (dual-tone multifrequency) generator, 507dual-tone multifrequency (DTMF) generator, 507due care, security governance and, 24
due diligence, security governance and, 24
dumb (mutation) fuzzing, of software, 646, 647dumpster diving, as reconnaissance attack, 906–907
durability of database transactions, in ACID model, 866
duress systems, for personnel safety, 670Dynamic Host Configuration Protocol (DHCP), 529dynamic NAT, IP addressing and, 528
dynamic packet filtering firewalls, 467dynamic RAM, 329dynamic testing, of software, 646, 858
dynamic web applications, 902–903, 903
EEAC (electronic access control) lock, 410EALs (evaluation assurance levels), 297–299EAP. See Extensible Authentication Protocol (EAP)earthquakes
disaster recovery planning for, 761–762
seismic hazard levels, 761–762eavesdropping (sniffer/snooping) attacks
eavesdropping on communication network, 541–542
eavesdropping with, 541faxes and, 513as man-in-the-middle attacks, 713overview of, 614–615
preventing with switches, 720
protecting against, 375, 454e-books, digital rights management, 253–254ECB (Electronic Codebook Mode), in DES, 214ECC (elliptic curve cryptography), 235–236
ECDSA (elliptic curve DSA), 242Economic and Protection of Proprietary Information Act,
privacy laws in U.S., 141Economic Espionage Act, protecting trade secrets, 137ECPA (Electronic Communications Privacy Act), privacy
laws in U.S., 140eDiscovery investigations, 806
educationBCP implementation and, 110establishing and managing information security, 82in malicious software, 724
984 education verification – implementing need to know and least privilege
education verification, screening employment candidates, 52
EEPROM (electronically erasable programmable read-onlymemory), 327–328
EF. See exposure factor (EF)EFS (Encrypting File System), 248EFS (Escrowed Encryption Standard), 217–218, 222egress monitoring
incident response, 740–742
overview of, 740–742
El Gamal, 235
electro-magnetic (EM) radiationintercepting and processing, 374–375
securing electrical signals and radiation, 398–399
electromagnetic interference (EMI), 401electromagnetic pulse (EMP), 399electronic access control (EAC) lock, 410Electronic Codebook Mode (ECB), in DES, 214Electronic Communications Privacy Act (ECPA), privacy
laws in U.S., 140Electronic Discovery Reference Model, 806
electronic flashcards, for this book, 968electronic serial numbers (ESNs), cell phone security
issues, 507electronic vaulting, database recovery with, 783–784
electronically erasable programmable read-only memory (EEPROM), 327–328
elevation of privilege, in STRIDE threat categorization system, 31
elliptic curve cryptography (ECC), 235–236
elliptic curve DSA (ECDSA), 242EM (electro-magnetic) radiation
intercepting and processing, 374–375
securing electrical signals and radiation, 398–399
emailanti-malware software, 723
avoiding phishing, 617–618
cryptographic applications for, 248
distributing malware with, 712securing email data, 163securing with PGP, 217security goals, 509–510
security issues, 510–511
security solutions, 511–512
spoofing attacks, 616
emanations. See data emanationsembedded and static systems
examples of, 360–362
securing, 362–363
embedded devices, forensic evidence collection, 810
emergency communications, 777–778
emergency response. See also disaster recovery planning(DRP)
disaster planning, 785–786guidelines, 113
EMI (electromagnetic interference), 401EMP (electromagnetic pulse), 399employment. See also personnel
account revocation and termination process, 584agreements and policies, 53–54
being alert to threats from employees, 32job descriptions, 50–52
sabotage by employees, 714screening candidates, 52–53
termination processes, 54–56
Encapsulating Security Payload (ESP), in IPsec, 174, 256, 521encapsulation
dial-up protocols, 536–537
in OSI model, 428–429, 428–429
in TCP/IP, 449encrypted viruses, 888
Encrypting File System (EFS), 248encryption. See also cryptography
controlling USB flash drives, 676
designing in systems development life cycle, 845
export controls, 139mobile device security, 352, 356networking techniques, 255–257
of password files, 620of passwords, 564preventing sniffing attacks, 615protecting data confidentiality, 164–165protecting sensitive data using symmetric encryption,
172–173
protecting sensitive data using transport encryption, 173–174
protection mechanisms, 13
securing email data, 163smartcards and, 566–567storing sensitive data, 167–168thwarting storage threats, 870
of wireless access points, 458–460
end users. See also usersdelegating incident response to, 704detecting potential incidents, 700
endpointsendpoint-based DLP, 741
securing, 469
end-to-end encryption, in networking, 255Enigma code machine, 192enrollment
account provisioning and, 582biometric registration, 571of digital certificates, 245
enterprise extended infrastructure mode, wireless access points (WAPs) and, 455
enticement, honeypots, 722
entitlementauditing user, 744
implementing need to know and least privilege, 663
entrapment – external communications 985
entrapment, honeypots, 722
environmentcontrolling temperature, humidity, and static, 401penetration testing in vulnerability assessment, 727
protecting facility, 414
environmental controls, storing sensitive data, 168EPROM (erasable programmable read-only memory), 327equipment, preparing for failure of, 390–391
erasable programmable read-only memory (EPROM), 327erasing media, 169escalation of privilege attacks, on applications, 900–901
Escrowed Encryption Standard (EFS), 217–218, 222ESNs (electronic serial numbers), cell phone security
issues, 507ESP (Encapsulating Security Payload), in IPsec, 174, 256,
521espionage, 714–715
ESSID (extended service set identifier)securing, 456–457wireless access points, 455–456
Establishing phase, IDEAL model, 851
Esthost botnet (DNSChanger), 710
Ethernet (802.3)5-4-3 rule, 477Carrier-Sense Multiple Access with Collision
Detection, 489Data Link layer (layer 2) and, 431LAN technologies, 485–486subtechnologies supported, 486–487
ethical hacking, as penetration testing, 730–731
ethicsInternet and, 828
ISC Code of Ethics, 827–828
overview of, 826–827
Ten Commandments of Computer Ethics, 828–829
EU Data Protection Directive (95/46/EC), 178–179EUI (Extended Unique Identifier), MAC addresses and,
432Europe
advanced persistent threat on French government,609
General Data Protection Regulation, 179online privacy policies, 178–179privacy law, 145–146
restrictions on data transfer, 177evaluation assurance levels (EALs), 297–299Event Viewer, 731–732events, in incident handling, 817
evidenceadmissible, 826–829
beyond a reasonable doubt standard of, 805
chain of, 807–808
collection and forensic procedures, 809–810
gathering in incident response, 823–824
physical security of evidence storage, 395
preponderance of the evidence standard, 805
requirements in types of investigations, 805
in scanning attacks, 818–819
types of, 807–808
excessive privilege, 583Exchange servers, Microsoft, 509exclusive OR (XOR) operation
Boolean logical operations, 198in DES, 214
executable filesfile infector viruses using, 884–885
programming languages and, 839execution options
multiprocessing, 316–317
multiprogramming, 317
multitasking, 316
multithreading, 317–318
exit conference, external auditor, 748
exit interviewsaccount revocation and termination process,
584employment termination processes, 56organizational processes and, 16–17
expert opinion, as testimonial evidence, 808
expert systemsbacking decision-support systems, 873
behavior-based IDSs as, 717
overview of, 870–872
security applications of, 873
exploit Wednesday, 685
exploitability, in DREAD rating system, 34explosions, disaster recovery planning for, 766
export/import, laws and regulations, 139exposure, defining risk terminology, 62
exposure factor (EF)assessing impact of risks, 104formula, 69in quantitative risk analysis, 65–66
extended service set identifier (ESSID)securing, 456–457wireless access points, 455–456
Extended Unique Identifier (EUI), MAC addresses and,432
Extensible Access Control Markup Language (XACML), 578
Extensible Authentication Protocol (EAP)IEEE 802.1X/EAP, 459–460planning remote access security, 516PPP support, 537types of authentication protocols, 502–503
extensible markup language (XML)types of markup languages, 577vulnerabilities in web-based systems, 349
external auditors, working with, 747–748
external communications, disaster recovery plan for, 791
986 face scans – detection and extinguishers
Fface scans, biometric factors, 569facilities
controlling access, 556designing, 388–389
environment and life safety, 414
overview of, 386planning security, 387
provisions and processes phase of continuity plan, 108securing evidence storage facility, 395securing media storage facility, 394selecting site for, 387–388
factorsauthentication factors, 563biometric factors, 568
Fagan inspection, code review with, 644–645
fail-open systemavoiding/mitigating system failure, 843
defined, 774
when to implement, 843
failover clusters, protecting servers, 772
fail-secure systemavoiding/mitigating system failure, 842–843
defined, 774
failureavoiding/mitigating system, 841–844, 844initialization and failure states, 370
fair cryptosystems, for key escrow, 221false acceptance rate (FAR), biometric error ratings,
570–571false alerts, behavior-based IDSs creating, 717–718
false negatives, network vulnerability scanners creating,636
false positivesbehavior-based IDSs creating, 717
network vulnerability scanners creating, 638
false rejection rate (FRR), biometric error ratings, 570–571Family Educational Rights and Privacy Act (FERPA), 143FAR (false acceptance rate), biometric error ratings,
570–571Faraday cages, securing electrical signals and radiation,
375, 399fault analysis attacks, smartcards, 619
fault tolerancedesigning in systems development life cycle, 846
overview of, 304, 760
protecting hard drives, 771–772
protecting power sources, 773
protecting servers, 772, 772–773
quality of service, 775
trusted recovery, 773–775
fax, 512–513
FBI. See Federal Bureau of Investigations (FBI)
FCoE (Fibre Channel over Ethernet), 452FDDI (Fiber Distributed Data Interface), LAN
technologies, 485features, disabling unused, 355Federal Bureau of Investigations (FBI)
InfraGard program, 826
National Computer Crime Squad, 811
reporting serious security incidents to, 702Federal Information Processing Standard (FIPS)
Digital Signature Standard (DSS), 242Secure Hash Standard (FIPS 180), 237–238Security Requirements for Cryptographic Modules,
195use of Skipjack algorithm by, 217–218
Federal Information Security Management Act (FISMA),132
federal laws, role of legislature in, 125Federal Sentencing Guidelines, for computer crimes, 130
federated management, of identity, 576–578
feedback, type of composition theory, 280FEMA’s National Flood Insurance Program, 762–763fences, as perimeter control, 407FERPA (Family Educational Rights and Privacy Act), 143FHSS (Frequency Hopping Spread Spectrum), 481Fiber Distributed Data Interface (FDDI), LAN
technologies, 485fiber-optic cable
characteristics of, 475overview of, 477
Fibre Channel over Ethernet (FCoE), 452fields (attributes), relational databases, 862
fifth-generation languages (5GL), 840
file infector viruses, 884–885
File Transfer Protocol (FTP), 174files
cache-related issues in Internet files, 340comparing subjects and objects, 557disinfecting as antivirus mechanism, 886, 905
executable, 839, 884–885
formats, 435–436FileVault, encryption on portable devices (Mac OS X), 248filtered ports, network discovery with nmap, 635–638,
636–638filtering traffic, with firewalls, 725–726FIN (finish) packets
TCP reset attacks, 708
TCP sessions, 440financial attacks, computer crime, 814–815
Finger vulnerability, spread of Internet worm, 891–892
fingerprints, biometric factors, 568–569finite state machine (FSM), 278FIPS. See Federal Information Processing Standard (FIPS)fire
damage assessment, 406
detection and extinguishers, 404–406
fire triangle and fire stages – global positioning satellite (GPS) 987
fire triangle and fire stages, 403overview of, 402–404
recovery planning from bombings/explosions, 766
recovery planning from man-made, 765
recovery planning from natural, 764
fire extinguisher classes, 404fire triangle, 403fires stages, 403firewalls
blocking malware, 723
deployment architectures, 467–469
designed to be fail-secure, 774
incident response and, 725–726
logs, 733
methods of securing embedded and static systems,362–363
multihomed, 467
overview of, 465–466in rule-based access control, 601types of, 466–467
wireless networking, 468firmware (microcode)
stored on ROM chip, 336–337
version control, 363first normal form (1NF), database normalization, 864
first responders, for IT incidents, 700
first-generation languages (1GL), 840
FISMA (Federal Information Security Management Act), 132
flash floods, disaster recovery planning for, 762–763
flash memory, 328flashing the BIOS, 336flooding attacks, email security issues, 511floods
disaster recovery planning for, 762–763
physical security, 402
floppy disks, distributing malware with, 712flow control
data flow paths in reduction analysis, 34server-based vulnerabilities, 341
foreign keys, relational databases, 863
foreign words, password-cracking, 611
forensicsbring-your-own-device (BYOD) and, 358evidence collection, 809–810
formatsbackup tape, 789
file, 435–436Fourth Amendment of the U.S. Constitution
privacy rights and, 140on valid search warrants, 811
fourth-generation languages (4GL), 840
FQDN (fully qualified domain names), 339fraggle attacks, 708
Frame Relay, WAN connections, 535frames, data at Data Link layer of OSI model, 430
fraudjob rotation detecting, 666mandatory vacations detecting, 666–667two-person control reducing, 666voice communication threats, 505–507
frequenciescordless phones, 484measuring in Hertz, 480
frequency analysisapplying to Caesar cipher, 191period analysis, 205types of cryptographic attacks, 259
Frequency Hopping Spread Spectrum (FHSS), 481FRR (false rejection rate), biometric error ratings,
570–571FSM (finite state machine), 278FTP (File Transfer Protocol), 174full backups, 787
full duplex communicationSession layer of OSI model and, 435with TCP, 439–440
full-interruption tests, disaster recovery plan, 794
fully qualified domain names (FQDN), 339function recovery, trusted recovery as, 775
functional requirements determination phase, systems development life cycle, 845
fuzz testingoverview of, 29software, 646, 647
fuzzy logic, inference engines of expert systems, 871–872
Ggame consoles/game systems, 360–361Gameover Zeus (GOZ) botnet, 709–710
Gantt charts, in project-scheduling, 853, 853
GAO (Government Accountability Office), 632
gas discharge fire suppression systems, 405–406gates, as perimeter control, 407–408gateway firewalls, 466gateways, network devices, 471GDPR (General Data Protection Regulation), 179General Data Protection Regulation (GDPR), 179generational (intelligent) fuzzing, of software, 646
generators, powering systems during outages, 773
geotagging, mobile device security, 356GFS (Grandfather-Father-Son) strategy, backup tape
rotations, 790
Gibson, Steve, 821–822
GISRA (Government Information Security Reform Act), 131
GLBA (Gramm-Leach-Bliley Act), privacy regulations, 58, 143
global positioning satellite (GPS)
988 geotagging – types of hashing algorithms
geotagging, 356mobile device security, 353
global rules, rule-based access controls (rule-BAC), 601goals
aligning security functions to, 14–16, 15BCP (business continuity planning), 111
cryptographic, 192–194, 194email security, 509–510
Goguen-Meseguer model, 288
Good Times virus warning, hoax, 888
Google, advanced persistent threat (APT) on, 609governance, security. See security governanceGovernment Accountability Office (GAO), 632
Government Information Security Reform Act (GISRA), 131
GOZ (Gameover Zeus) botnet, 709–710
GPS (global positioning satellite)geotagging, 356mobile device security, 353
GPU (graphic processing unit)-based password cracker, 612–613
Graham-Denning model, 288
Gramm-Leach-Bliley Act (GLBA), privacy regulations, 58, 143
Grandfather-Father-Son (GFS) strategy, backup taperotations, 790
granular object control, DBMS security, 867
graphic processing unit (GPU)-based password cracker, 612–613
gray-box testingpenetration testing, 643, 729
software quality, 858
Green book, in rainbow series, 293grid computing, as parallel distributed system, 347–348
groupsaudits of privileged, 744–745
role-based access control (role-BAC), 599, 599–601
grudge attacks, 815–817
guard dogs, as perimeter control, 409guidelines
BCI Good Practices Guideline, 785for designing PBX security, 505–506emergency response, 113
Federal Sentencing Guidelines for computer crimes, 130
industry and international security implementationguidelines, 299–300
privacy guidelines, 415in security and risk management, 26–27
TCSEC guidelines relative to trusted paths, 277Gumblar, as drive-by download, 712
Hhackers
crackers and attackers compared with, 604–605
ethical, 730–731
hacktivism, 817
hailstorms, disaster recovery planning for, 764half-duplex communication, 435halon, fire suppression systems, 406hand geometry, biometric factors, 569hard disk drives (HDDs), 333hardening provisions, of continuity plan, 108–109hardware
alternate processing sites and, 781
asset management, 671–672
central processing unit (CPUs), 315
denial of service (DoS) attacks exploiting, 540devices operating at Network layer of OSI model,
434disaster recovery planning for, 767–768
fail safe/fail secure electrical locks, 774
forensic evidence collection, 810
integrating risk considerations into acquisition strategies and practices, 35
inventorying, 671
overview of, 315
RAID solutions, 771–772
replacement in disasters, 781retaining until sanitized, 171securing wireless, 470–472
segmentation, 367hardware security module (HSM), 304hash functions
detecting steganography attempts, 741
Hashed Message Authentication Code, 241–242
implementing digital signatures, 240–241
integrity verification and, 537–538Message Digest 2, 238–239
Message Digest 4, 238–239
Message Digest 5, 239–240
overview of, 236–237
preventing birthday attacks, 613–614Secure Hash Algorithm, 237–238, 240
security packages with antivirus functionality using,887
types of hashing algorithms, 213
Hashed Message Authentication Code (HMAC)comparing hashing algorithms, 239overview of, 241–242
types of hashing algorithms, 213
hashed passwords – authentication factors 989
hashed passwordsin birthday attacks, 613–614
in brute force attacks, 612in rainbow table attacks, 614
HDDs (hard disk drives), 333HDLC (High-Level Data Link Control), WAN
connections, 536Health Information Technology for Economic and Clinical
Health (HITECH), privacy laws in U.S., 141–142Health Insurance Portability and Accountability Act
(HIPAA)definition of protected health information (PHI), 159online privacy policies, 178privacy regulations, 58, 141–142
hearsay evidence, testimonial evidence vs., 808
heartbeat sensor, in intrusion detection system, 398heart/pulse patterns, biometric factors, 569Hertz (Hz), measuring frequency, 480heuristic-based mechanisms, of antivirus packages, 887
heuristics-based detection, behavior-based IDSs as, 717
HIDS (host-based IDS), 719
hierarchical data model, DBMS architecture, 861, 861–862
hierarchical environment, mandatory access control and, 604
hierarchical storage management (HSM) system, backup tape rotations, 790
High Speed Serial Interface (HSSI), WAN connections, 536high-level administrator groups, audits of, 744–745
High-Level Data Link Control (HDLC), WAN connections, 536
hijacking attacks, 543–544
HIPAA. See Health Insurance Portability and Accountability Act (HIPAA)
HITECH (Health Information Technology for Economicand Clinical Health), privacy laws in U.S., 141–142
HMAC. See Hashed Message Authentication Code(HMAC)
hoaxes, virus, 888–889
honeypots/honeynets, 721–722
hookup, type of composition theory, 280host-based IDS (HIDS), 719
HOSTS file, cache poisoning, 339hot sites, as disaster recovery option, 779–780
HSM (hardware security module), 304HSM (hierarchical storage management) system, backup
tape rotations, 790
HSSI (High Speed Serial Interface), WAN connections, 536HTML (Hypertext Markup Language), 577HTTPS (Hypertext Transfer Protocol over Secure Sockets
Layer)encryption protocol underlying, 173SSL and, 250
hubscable runs and, 477network devices, 470
humidity, physical security, 401
hurricanesdisaster recovery planning for failure of, 764power outages during Hurricane Katrina, 766
HVAC systems, in environmental control, 401hybrid attacks, 612
hybrid environment, mandatory access control and, 604
hyperlink spoofing attacks, on communication network, 544
Hypertext Markup Language (HTML), 577Hypertext Transfer Protocol over Secure Sockets Layer
(HTTPS)encryption protocol underlying, 173SSL and, 250
hypervisor, managing virtual assets, 673
Hz (Hertz), measuring frequency, 480
II Love You virus, 885
IaaS. See Infrastructure-as-a-Service (IaaS)IAB (Internet Advisory Board), 828–829
IANA (Internet Assigned Numbers Authority), 439, 725ICMP. See Internet Control Message Protocol (ICMP)ICS (industrial control system), 348–349
ICs (integrated circuits), smartcards, 396IDaaS (Identity and Access as a Service), 579IDEA. See International Data Encryption Algorithm
(IDEA)IDEAL model
memorization of level names in, 852
software development security, 851–852, 852identification
AAA services, 8comparing authentication with, 560–561
defined, 10
identification (ID) cardsphysical security, 411
smartcards, 396–397
identification phase, incident response, 822
Identity and Access as a Service (IDaaS), 579Identity as a Service (IaaS), 579identity management. See also authentication
AAA protocols, 580–581
access provisioning lifecycle, 582–583
authentication factors, 563
990 authorization and accountability and – penetration testing
authorization and accountability and, 561–562
biometric error ratings, 570–571, 571biometric registration, 571–572
biometrics, 568–570
CIA triad and, 560
comparing identification and authentication, 560–561
comparing subjects and objects, 557
controlling access to assets, 556
credential management, 578–579
device authentication, 572–573
exam topics, 555, 586–587examples of single sign-on, 578
federated management, 576–578
integrating services for, 579
Kerberos and, 574–576
Lightweight Directory Access Protocol (LDAP) and, 574
managing sessions, 579–580
multifactor authentication, 572
passwords, 566
registration, 561
review answers, 935–937review questions, 589–592reviewing accounts periodically, 583
revoking accounts, 584
single sign-on (SSO), 573–574
smartcards, 566–567
summary, 585tokens, 567–568
types of access control, 557–559
written lab, 587written lab answers, 961
Identity Theft and Assumption Deterrence Act, 144Identity Theft Resource Center (ITRC), tracking data
breaches, 165IdP (SecureAuth Identity Provider), for device
authentication, 573IDPSs (intrusion detection and prevention systems), 715,
720
IDSs. See intrusion detection systems (IDSs)IEEE 802.1x, securing wireless networks, 258IEEE 802.1X/EAP, 459IEEE 802.11
shared key authentication (SKA) standard, 458wireless standards, 455
IEEE 802.11i (WPA2), 459IEEE 802.15 (Bluetooth), 484IETF (Internet Engineering Task Force), 255–256IGMP (Internet Group Management Protocol), 447IM (instant messaging)
overview of, 508
vishing attacks on, 618–619
images, baseline, 678–680
IMAP (Internet Message Access Protocol), 508–509
immediate addressing, types of memory addressing, 330impersonation attacks
on communication network, 542
defined, 610
implementation attacks, types of cryptographic attacks, 258
implicit deny ruleas authorization mechanism, 595
firewalls and, 725import/export, laws and regulations, 139
incident handlingadmissible evidence, 806–807
categories of computer crime. See computer crimeethics and, 826–829
evidence collection and forensic procedures, 809–810
evidence types, 807–808
exam topics, 803, 830–831incident data integrity and retention, 825
interviewing individuals, 824
investigation process, 810–812
investigation types, 804–806
metadata and reports, 343overview of, 804, 817–818
reports and documentation, 825–826
response process, 821–824
response teams, 820–821
review answers, 948–949review questions, 833–836summary, 829types of incidents, 818–819
written lab, 832written lab answers, 965
incident prevention and responseanti-malware, 723–724
auditing to assess effectiveness, 742–748
basic preventive measures, 705
botnets, 709–710
defining incident, 698–699
denial-of-service (DoS) attack, 706
egress monitoring, 740–742
espionage, 714–715
exam topics, 697, 750–75377
firewalls, 725–726
honeypots/honeynets, 721–722
intrusion detection and prevention systems, 715–721, 721
land attack, 711
logging techniques, 731–734, 732malicious code, 712
man-in-the-middle attacks, 713, 713monitoring, 734–740
overview of, 698padded cells, 722
penetration testing, 727–731
ping flood attack – instances 991
ping flood attack, 708–709
ping-of-death attack, 710
pseudo flaws, 722
review answers, 943–946review questions, 755–758sabotage, 714
sandboxing, 726
smurf and fraggle attacks, 708
summary, 748–750SYN flood attack, 706–708, 707teardrop attack, 710–711
third-party security services, 726
understanding attacks, 705–706
war dialing, 713–714
warning banners, 723
whitelisting and blacklisting, 724
written lab, 754written lab answers, 963–964zero-day exploit, 711–712
incident response stepsdetection, 700–701
lessons learned, 703–704
mitigation, 701–702
overview of, 699, 699–700
recovery, 703
remediation, 703
reporting, 702
response, 701
incidents, in incident handling, 817–818
incremental attacks, 372–373
incremental backups, 787–788
indirect addressing, types of memory addressing,330
industrial control system (ICS), 348–349
industrial espionage computer crimes, 814
industry security guidelines, 299–300
inference attackspolyinstantiation as defense against, 868
vulnerabilities in database security, 342
inference engines, expert systems, 871
informationcontrolling access to assets, 556establishing and managing education, training, and
awareness, 81–82
life cycle management, 668–669
information disclosure, in STRIDE threat categorizationsystem, 31
information flow modelsBell-LaPadula model, 282–284, 283Bell-LaPadula model based on, 283Biba model, 284–286, 285composition theories, 279–280noninterference model loosely based on, 279overview of, 279
Information Systems Audit and Control Association(ISACA), 24
information systems, security capabilities offault tolerance and, 304
interfaces and, 304
memory protection, 303
overview of, 303Trusted Platform Module (TPM), 303–304
virtualization, 303
Information Technology Infrastructure Library (ITIL), 682
Information Technology Security Evaluation and Criteria(ITSEC)
classes and required assurance and functionality,295–296
classifications B2, B3, and A1 governing change management, 17
defining incident, 698
replaced by Common Criteria, 290security standards and baselines and, 27
informative security policies, 26InfraGard program, FBI, 826
infrastructurebring-your-own-device (BYOD) and, 359disaster recovery planning for failure of, 767
failure due to theft, 759
provisions and processes phase of continuity plan, 109infrastructure mode, configuring wireless access points, 455Infrastructure-as-a-Service (IaaS)
and code repositories, 859
definition of cloud computing concepts, 346
as disaster recovery option, 782
managing cloud-based assets, 674
software development security, 860
inheritance, object-oriented programming, 840–841
in-house hardware replacements, 781Initial phase, SW-CMMM, 850
initialization, failure states and, 370
Initiating phase, IDEAL model, 851
input, checking, 370–372
input points, in reduction analysis, 34input validation
avoiding/mitigating system failure, 842
protecting against cross-site scripting, 902
protecting against SQL injection, 905
vulnerability scanners checking for, 686input/output (I/O)
operations, 335–336
types of I/O devices, 333–335
insidersmobile system vulnerabilities and, 350threats, 816
inspection audits, 743
instances, object-oriented programming, 841
992 instant messaging (IM) – defined
instant messaging (IM)overview of, 508
vishing attacks on, 618–619
insurancecoverage for acts of terrorism, 766
coverage for flooding, 762–763
selecting disaster recovery, 776
integrated circuits (ICs), smartcards, 396Integrated Services Digital Network (ISDN), WAN
technologies, 533integrity. See also data integrity
Biba model and, 284–285categories of IT loss, 560Clark-Wilson model and, 286goals of cryptography, 193Goguen-Meseguer model, 288integrity-checking software, 894
Sutherland model, 288verification, 537
integrity principle, CIA triad, 5–6
integrity verification procedures (IVP), in Clark-Wilson model, 287
intellectual propertycopyright law, 133–135
Economic Espionage Act, 137licensing, 138
overview of, 132–133patents, 136
trade secrets, 136–137
trademarks, 135–136
Uniform Computer Information Transactions Act, 138intelligence attacks, computer crime, 813–814
intent to use application, for trademarks, 136interconnection security agreements (ISAs), as security
practice, 669
interfacesconstrained or restricted, 304
testing software interfaces, 646–648
testing user interfaces, 648
interference, quality of service controls for, 775
interim reports, by auditors, 748
internal audits, of security, 633
International Criminal Police Organization (INTERPOL), 702
International Data Encryption Algorithm (IDEA)as block cipher, 217
comparing symmetric algorithms, 219use by PGP, 249
International Information Systems Security Certification Consortium (ISC), Code of Ethics, 827–828
International Organization for Standardization (ISO)Common Criteria and, 296international standards, 299–300OSI model, 426
International Organization on Computer Evidence (IOCE), 809–810
International Telecommunications Union-Radio (ITU-R), 483Internet, ethics and, 828–829
Internet Advisory Board (IAB), 828–829
Internet Assigned Numbers Authority (IANA), 439, 725Internet Control Message Protocol (ICMP), 709
blocking in ping flood attack, 709
overview of, 445–446in smurf attacks, 708
Internet Engineering Task Force (IETF), 255–256Internet files, cache-related issues, 340Internet Group Management Protocol (IGMP), 447Internet Message Access Protocol (IMAP), 508–509Internet Protocol (IP). See also IP addresses
alternatives to, 433Automatic Private IP Addressing (APIPA), 526–527
IPv4 vs. IPv6, 444, 725private IP addresses, 526–527
voice over. See Voice over Internet Protocol (VoIP)Internet Protocol security (IPsec)
Diameter support for, 581encryption protocols used by VPNs, 174establishing VPNs, 439for secure communications over network, 255–256as VPN protocol, 521–522
Internet Security Association and Key Management Protocol (ISAKMP), 257
Internet Service Providers (ISPs), 580Internet Small Computer System Interface (iSCSI), 452Internetwork Packet Exchange (IPX), 433INTERPOL (International Criminal Police Organization),
702interpreted languages, 839
interrupt (IRQ), in device management, 335interviews
exit interviews, 16–17, 56, 584incident handling, 824
intrusion alarms, physical security, 411–413
intrusion detection and prevention systems (IDPSs), 715, 720
intrusion detection systems (IDSs)behavior-based, 716–717
darknets, 721
detecting potential incidents, 700
honeypots/honeynets, 721–722
host-based, 719
intrusion prevention systems vs., 720–721
knowledge-based, 716
monitoring network for sniffers, 615network-based, 719–720
overview of, 397–398, 715
padded cells, 722
preventing cache-related attacks, 340as preventive measure, 705response, 718–719
intrusion prevention systems (IPSs)defined, 715
IDSs using active response as – Kerchoff principle 993
IDSs using active response as, 719
overview of, 720–721
as preventive measure, 705inventories, hardware, 671
inventory control, mobile device security, 354investigations, incident
data integrity and retention, 825
gathering forensic evidence, 806–810
incident handling, 817–821
interviewing individuals, 824
process of, 810–812
reporting and documenting incidents, 825–826
response process, 821–824
types of, 804–806
I/O (input/output)devices, 333–335
operations, 335–336
iOSremoving restrictions on iOS devices, 725vulnerabilities of iOS mobile system, 351
IP. See Internet Protocol (IP)IP addresses
Automatic Private IP Addressing (APIPA), 526–530
cache poisoning, 339classes of addresses, 444–445configuring wireless security, 462converting binary numbers, 529darknets, 721
network discovery scanning of, 634–637, 77 636–637Network layer of OSI model and, 433private IP addresses, 526–527
resolving domain names to, 450–451
resolving IP addresses to MAC addresses, 432, 447stateful NAT and, 527–528static and dynamic NAT and, 528
subnet masks, 445IP probes (or sweeps or ping sweeps), in reconnaissance
attacks, 905–906
IP spoofing attacksdefined, 616
as masquerading attacks, 907–908
iPad, vulnerabilities, 351iPhone, vulnerabilities, 351iPod, vulnerabilities, 351IPsec. See Internet Protocol security (IPsec)IPSs. See intrusion prevention systems (IPSs)IPX (Internetwork Packet Exchange), 433iris scans, biometric factors, 569IronKey flash drives, 676
IRQ (interrupt), in device management, 335ISACA (Information Systems Audit and Control
Association), 24ISAKMP (Internet Security Association and Key
Management Protocol), 257ISAs (interconnection security agreements), as security
practice, 669
ISC (International Information Systems Security Certification Consortium), Code of Ethics, 827–828
iSCSI (Internet Small Computer System Interface), 452ISDN (Integrated Services Digital Network), WAN
technologies, 533ISO. See International Organization for Standardization
(ISO)isolation
in ACID model of database transactions, 865
aspects of confidentiality, 5CIA techniques, 273–274
isolation and containment phase, incident response, 822
ISPs (Internet Service Providers), 580ITIL (Information Technology Infrastructure Library),
682
ITRC (Identity Theft Resource Center), tracking data breaches, 165
ITSEC. See Information Technology Security Evaluation and Criteria (ITSEC)
ITU-R (International Telecommunications Union-Radio), 483
IVP (integrity verification procedures), in Clark-Wilson model, 287
Jjailbreaking, removing restrictions on iOS devices,
725jamming, protecting against EM radiation eavesdropping,
375Java applets, 338Java Virtual Machines (JVM), 338jitter, quality of service controls for, 775
job descriptionsimportance of, 50in personnel security, 50–51, 50–52
screening employment candidates, 52–53job responsibilities, 51job rotation
personnel security and, 51–52as security practice, 666
John the Ripper, password cracker, 897
judiciary, in U.S. legal system, 125, 144JVM (Java Virtual Machines), 338
KKDC (key distribution center), 575Keccak algorithm, 238KeePass, in credential management, 579Kerberos, 574–576
Kerchoff principle, 195
994 kernel – methods of securing embedded and static systems
kerneldefined, 319
in four-ring model, 320, 320program executive or process scheduler, 322–323, 323
key distribution center (KDC), 575key escrow
database, 201example of split knowledge, 201recovery and, 221–222
key space, 194keyboards, security vulnerabilities, 334keys, cryptographic. See also asymmetric key
cryptography; symmetric key cryptographydetermining which to use, 241distribution weakness in symmetric key cryptography,
210importance of key length as security parameter, 234–235managing, 246–247
mobile device security, 355–356overview of, 194
keys, database, 863
keys, physical, 410
keystroke monitoring, 739
keystroke patterns, biometric factors, 570knowledge base, expert systems, 871
knowledge-based IDSsoverview of, 716–717
response, 718–719
knowledge-based systemsdecision-support systems (DSS), 872–873
expert systems, 870–872
neural networks, 872
overview of, 870
security applications of, 873
known plaintext attacks, 259KryptoKnight, 578
LL2TP. See Layer 2 Tunneling Protocol (L2TP)L-3 Communications, advanced persistent threat (APT)
on, 609labels
assigning to audit reports, 747
information life cycle management, 668
mandatory access control (MAC) classification, 602–604
security attributes and, 275LAN extenders, 472LAND attacks, 711
LANs. See local area networks (LANs)last logon notification, protection from access control
attacks, 621
latency, quality of service controls for, 775
lattice-based access controlmandatory access control (MAC) as, 602, 602–604
overview of, 282–283law enforcement
computer crime investigation by, 811
establishing relationship with before incidents, 825–826
intelligence attacks against, 813
laws and regulationsadministrative law, 126–127
bring-your-own-device (BYOD) and, 359civil law, 126
compliance, 146–147
computer crime and, 127
Computer Fraud and Abuse Act, 128–129
Computer Security Act, 129–130
copyright law, 133–135
criminal law, 124–126
Economic Espionage Act, 137European privacy law, 145–146
exam topics, 123, 149–150Federal Information Security Management Act, 132
Federal Sentencing Guidelines for computer crimes, 130
Government Information Security Reform Act, 131
import/export, 139
incident handling, 818
intellectual property and, 132–133
legal requirements in business continuity plan, 100
licensing, 138
National Information Infrastructure Protection Act, 130
Paperwork Reduction Act, 130
patents, 136
physical security regulations, 415
privacy, 139–140, 414–415
review answers, 920–922review questions, 152–155summary, 148
trade secrets, 136–137
trademarks, 135–136
Uniform Computer Information Transactions Act, 138U.S. privacy law, 140–144
vendor governance review, 147–148
wiretaps and, 483–484written lab, 151written lab answers, 956
Layer 2 Tunneling Protocol (L2TP)establishing VPNs, 439IPsec combined with, 174, 256tunneling, 521
layering. See also defense-in-depthmethods of securing embedded and static systems, 362
protection mechanisms – mainframes 995
protection mechanisms, 12
types of essential security protection mechanisms,364–365
layersof OSI model, 429–430, 430of TCP/IP suite, 438, 438–439
LCD monitors, radiation from, 334LDAP (Lightweight Directory Access Protocol), 574
LEAP. See Lightweight Extensible Authentication Protocol (LEAP)
learning phase, IDEAL model, 851, 852learning rule (Delta rule) learning by experience in neural
networks, 872
leased (dedicated) lines, WAN technologies, 532least privilege principle. See principle of least privilegelegally defensible security, 11lessons learned step, incident response, 703–704, 824
levels of protection. See layeringlicensing
agreements, 138
software, 671–672
life cyclemanaging information, 668–669
managing media, 677–678
models, 847
spiral model, 848–849, 849systems development, 844–847
waterfall model, 847–848, 848life safety, physical security, 414
lighting, as perimeter control, 408–409lightning, disaster recovery planning for, 764Lightweight Directory Access Protocol (LDAP), 574
Lightweight Extensible Authentication Protocol (LEAP)overview of, 460planning remote access security, 516types of authentication protocols, 502–503
link encryption, 255link state routing protocols, 434Linux OS, encryption on portable devices, 248LLC (Logical Link Control), sublayers of Data Link layer,
432local area networks (LANs)
main technologies, 485–486
media access technologies, 488–489subtechnologies, 486–489
wide area networks compared with, 473Lockheed Martin, advanced persistent threat (APT) on,
609lockout, mobile device security, 352locks
fail safe/fail secure electrical hardware, 774
physical, 410
locks, database concurrency with, 867
logic bombs, as malicious code, 889
logical (technical) access controls, 559
logical access controls. See technical access controlsLogical Link Control (LLC), sublayers of Data Link layer,
432logical operations, Boolean mathematics
NOT operation, 198AND operation, 196–197OR operation, 196–197overview of, 196XOR (exclusive OR) operation, 198
logistics, disaster recovery, 791
logoncredentials, 574process with Kerberos, 575scripts, 578session management and, 579–580using notification of last, 621
logs/logging. See also monitoringfor access control, 398accountability and, 562auditing compared with, 732
common log types, 732, 732–733
forensic evidence collection of log files, 810
incident detection using, 700
protecting log data, 733–734
retaining audit logs, 171reviewing, 649
techniques, 731–732
transmission, 538loopback addresses, 529
MMAAs (mutual assistance agreements), as disaster recovery
option, 782–783
MAC. See mandatory access controls (MAC)MAC (Media Access Control) sublayer, of Data Link layer,
432MAC addresses. See Media Access Control (MAC)
addressesMAC filter
configuring wireless security, 462listing of authorized MAC addresses, 460
Mac OS Xencryption on portable devices, 248less vulnerable to viruses, 886
machine languages, 839
macrosemail security issues, 510proliferation of macro viruses, 885
magnetic fields, managing tape media, 676main (real/primary) memory, types of RAM, 328mainframes, examples of embedded and static systems,
361
996 maintenance – mobile devices
maintenancedisaster recovery plan for, 794–795
documenting business continuity plan, 114
systems development life cycle, 847
maintenance hooks, 372
malicious code. See also malwarecleaning, 894
countermeasures, 893–895
email security issues, 511exam topics, 881, 909incidents, 819
logic bombs, 889
overview of, 882, 882–883
password attacks, 895–899
review answers, 950–951review questions, 911–914spyware and adware, 893
summary, 908Trojan Horses, 889–890
viruses. See virusesworms, 890–893
written lab answers, 965malicious insiders, 350malware
installing on infected computer in botnet,709
installing on system with phishing email, 617methods of installing, 712
principle of least privilege and, 663Managed phase, SW-CMMM, 851
managementaligning security functions to strategies, goals,
mission, and objectives, 14–16
change. See change managementconfiguration. See configuration managementidentity. See identity managementmedia. See media managementpatch. See patchesrisk. See risk managementsecurity tasks, 649–650
senior management, senior managementmandatory access controls (MAC)
access control models, 602in Bell-LaPadula model, 283overview of, 274, 602–604
mandatory vacations, as security practice, 666–667
Mandiant APT1, 608
Manifesto for Agile Software Development, principles of,849–850
man-in-the-middle attacksincident response, 713overview of, 713
securing voice communication and, 504types of cryptographic attacks, 260
man-made disastersacts of terrorism, 765–766
bombings/explosions, 766
fires, 765
hardware/software failures, 767–768
other utility/infrastructure failures, 767
overview of, 765power outages, 766–767
strikes/picketing, 768–769
theft/vandalism, 769–770
man-made risks, identifying in BIA, 101–102mantraps, as perimeter control, 408manual recovery, 774
manual updates, 363marking (labeling) data, information life cycle
management, 668
markup languages, 577–578masquerading (spoofing) attacks
access abuses, 398on communication network, 542
overview of, 907–908
masquerading attacks. See spoofing (masquerading)attacks
massively parallel multiprocessing (MPP), 316–317
master boot record (MBR) virusesspread of, 884
stealth viruses and, 888
McAfee VirusScan, 886
MD2 (Message Digest 4). See Message Digest 2 (MD2)MD4 (Message Digest 4). See Message Digest 4 (MD4)MD5 (Message Digest 5). See Message Digest 5 (MD5)MDM (mobile device management), 354mean time between failures (MTBF), 391, 678
mean time to failure (MTTF)media management, 677–678
preparing for equipment failure, 391mean time to recovery (MTR), 777
mean time to repair (MTTR), 391measurement, security, 76–77, 8277
Media Access Control (MAC) addressesARP and RARP and, 447cache poisoning, 339Data Link layer (layer 2) and, 431–432MAC filter, 460resolving domain names and, 451
Media Access Control (MAC) sublayer, of Data Link layer, 432
media forensic analysis, evidence collection, 809
media managementclearing/overwriting, 169degaussing, 170–171labeling portable media, 671
life cycle, 677–678
mobile devices, 677
overview of – monsoons 997
overview of, 675tapes, 675–676
USB flash drives, 676
media players, examples of embedded and static systems, 360
media storage facilities, physical security of, 394
mediated-access model, 320meet-in-the-middle attacks, 260Melissa virus, 885
memorandum of understandings (MOUs), as securitypractice, 669
memorymemory addressing, 329–330
overview of, 327protection as core security component, 303
random access memory, 328–329
read-only memory, 327–328
registers, 329
secondary memory, 330–331
security issues, 331
memory cardsauthentication factors, 563smartcards, 397
memory-mapped I/O, 335mergers, organizational processes and, 16–17Merkle-Hellman Knapsack algorithm, 234mesh topology, 480, 480Message Digest 2 (MD2)
comparing hashing algorithms, 239overview of, 238–239
types of hashing algorithms, 213Message Digest 4 (MD4)
comparing hashing algorithms, 239overview of, 238–239
Message Digest 5 (MD5)comparing hashing algorithms, 240not collision free, 613overview of, 239–240
types of hashing algorithms, 213use by PGP, 249
message digests, generallycombining HMAC with, 242defined, 237
types of, 213messages, object-oriented programming, 841
metadata, data mining and, 343Metasploit, penetration testing with, 642, 643methods, object-oriented programming, 840–841
mice, security vulnerabilities, 334Michelangelo virus, 888
microcode (firmware)stored on ROM chip, 336–337
version control, 363Microsoft Security Essentials, antivirus programs,
886
Microsoft WindowsBitLocker encryption on portable devices, 248Credential Manager, 579vulnerable to viruses, 886
military attacks, computer crime, 813–814
MIME Object Security Services (MOSS), email securitysolutions, 511
MINs (mobile identification numbers), cell phone security issues, 507
mirroring, RAID-1, 771
mission, aligning security functions to, 14–16, 15mission-critical systems, GISRA criteria for, 131misuse (or abuse) case testing, software, 648
mitigationincident response, 701–702
network attacks, 539–540
mobile device management (MDM), 354mobile devices. See also portable electronic devices (PEDs)
labeling media, 671
managing, 677
securing, 354system vulnerabilities. See vulnerabilities, in mobile
systemswireless networking, 485
mobile identification numbers (MINs), cell phone securityissues, 507
mobile phones. See smartphones/mobile phonesmobile sites, as disaster recovery option, 781
modemsnetwork devices, 470security vulnerabilities, 334–335war dialing using, 713–714
modification attacks, on communication network, 542
modulo function, in cryptography, 199
monitoringaccountability and, 562, 735
activity, 735
with audit trails, 737–738
with clipping levels, 738–739egress, 740–742
investigation and, 736
key performance and risk indicators, 650
keystrokes, 739
with log analysis, 736–737
perimeter controls and, 407problem identification and, 736
role of, 734with sampling, 738
security controls, 76–77
with Security Information and Event Management (SIEM), 737
storms in hurricane-prone areas, 764
traffic and trend analysis, 740
monitors (displays), security vulnerabilities, 334monsoons, disaster recovery planning for, 765
998 Moore’s Law – Network Access Control (NAC)
Moore’s Law, 235, 315MOSS (MIME Object Security Services), email security
solutions, 511motion detection/motion sensor systems, in physical
security, 411–413
MOUs (memorandum of understandings), as security practice, 669
movies, digital rights management, 253MPLS (Multiprotocol Label Switching), 452MPP (massively parallel multiprocessing), 316–317
MTBF (mean time between failures), 391, 678
MTD (maximum tolerable downtime)quantitative decision making in impact analysis, 101strategy development phase of continuity plan, 107
MTO (maximum tolerable outage), 101MTR (mean time to recovery), 777
MTTF (mean time to failure)media management, 677–678
preparing for equipment failure, 391MTTR (mean time to repair), 391mudslides, disaster recovery planning for, 765multicasts, subtechnologies supported by Ethernet, 488multifactor authentication. See also two-factor
authenticationoverview of, 572
preventing password attacks, 898
protecting against access control attacks, 620multilevel mode, security modes, 325
multilevel security database security, 866–868
multimedia collaborationinstant messaging, 508
overview of, 507
remote meetings, 508
multipartite viruses, 888
multiprocessing, 316–317
multiprogramming, 317
Multiprotocol Label Switching (MPLS), 452multistate system, processing types, 318multitasking, 316
multithreading, 317–318
music, digital rights management, 252–253mutation (dumb) fuzzing, of software, 646, 647mutual assistance agreements (MAAs), as disaster recovery
option, 782–783
NNAC (Network Access Control)
planning remote access security, 516as security policy, 464–465
NAT. See network address translation (NAT)National Computer Security Center (NCSC), role in
development of the Orange book, 290
National Flood Insurance Program, FEMA, 762–763National Information Assurance Certification and
Accreditation Process (NIACAP), 302National Information Infrastructure Protection Act, 130
National Institute of Standards and Technology (NIST)on acceptable digital signature algorithms, 242on computer security incidents, 698–699
definition of personally identifiable information,158–159
Government Information Security Reform Act and, 131
managing use of Skipjack algorithm, 218privacy guidelines, 415on responsibilities of business/mission owners, 176on responsibilities of information owners, 175on responsibilities of system owners, 175–176responsibility for computer standards, 129on security control baselines, 179–180standard hash functions, 237–238
National Interagency Fire Center, 764National Security Agency (NSA)
on destroying sensitive data, 169Government Information Security Reform Act and,
131responsibility for classified systems, 129VENONA project, 206
natural disastersearthquakes, 761–762, 761–762factors in facility site selection, 388fires, 764
floods, 762–763
other regional events, 785
overview of, 761
storms, 763–764
natural languages, 4GL attempting to approximate, 840
natural risk, identifying in BIA, 101NBF (NetBIOS Frame) protocol, 433NBT (NetBIOS over TCP/IP), 433NCAs (noncompete agreements), 53–54NCSC (National Computer Security Center), role in
development of the Orange book, 290NDAs. See nondisclosure agreements (NDAs)need to know principle
defined, 596
mandatory access control (MAC) model enforcing, 603
overview of, 662
preventing access aggregation attacks, 610
Nessus vulnerability scanner, 639, 639, 686NetBEUI (NetBIOS Extended User Interface), 433NetBIOS Extended User Interface (NetBEUI), 433NetBIOS Frame (NBF) protocol, 433NetBIOS over TCP/IP (NBT), 433Network Access Control (NAC)
planning remote access security – goals of cryptography 999
planning remote access security, 516as security policy, 464–465
network address translation (NAT)Automatic Private IP Addressing (APIPA), 528–530
overview of, 525–526
private IP addresses, 526–527
stateful NAT, 527–528
static and dynamic NAT, 528
network attacksARP spoofing attacks, 542–543
denial of service/distributed denial of service attacks, 540–541
DNS poisoning, spoofing, and hijacking attacks, 543–544
eavesdropping attacks, 541–542
hyperlink spoofing attacks, 544
masquerading/impersonation attacks, 542
modification attacks, 542
preventing/mitigating, 539–540
replay attacks, 542
network components, securing wireless, 463–464
network discovery scans, 634–637,77 636–638network forensic analysis, evidence collection, 809–810
network interface cards (NICs), 455Network layer (layer 3), in OSI model, 433–434
Network layer protocols, of TCP/IP suite, 444–447
network load balancing, providing fault tolerance forservers, 772
network operations centers (NOCs), IDS alerts displayedin, 718
network segmentsbenefits of, 464methods of securing embedded and static systems, 362
network topologies, 477–480, 478–480network traffic
denial of service (DoS) attacks flooding, 540filtering with firewalls, 725–726monitoring using traffic analysis, 740
network traffic, denial of service (DoS) attacks flooding, 540network vulnerability scans
overview of, 637–640, 639–640web vulnerability scans vs., 641
network-based DLP, 741–742
network-based IDS (NIDS), 719–720
networkingcabling. See cables, networkcontent distribution networks (CDNs), 453–454
converged protocols, 452
encryption techniques used in, 255–257
exam topics, 425, 490–493LAN main technologies, 485–486
LAN subtechnologies, 486–489
network topologies, 477–480, 478–480OSI model. See Open Systems Interconnection (OSI)
review answers, 932–933review questions, 495–498securing wireless networks, 257–258
summary, 490TCP/IP model. See TCP/IP suitewireless. See wireless networkingwireless networking, 454
written lab, 494written lab answers, 960
neural networksoverview of, 872
security applications of, 873
New York City blackout, 767next-generation firewall, 726Next-Generation Intrusion Detection Expert System
(NIDES), 873
NGOs (nongovernmental organizations), data classification, 161
NIACAP (National Information Assurance Certification and Accreditation Process), 302
NICs (network interface cards), 455NIDES (Next-Generation Intrusion Detection Expert
System), 873
NIDS (network-based IDS), 719–720
NIST. See National Institute of Standards and Technology(NIST)
nmap toolnetwork discovery with, 635–638, 636–638overview of, 905–906
NOCs (network operations centers), IDS alerts displayed in, 718
noisepower issues, 400protecting against electronic, 401
thwarting database confidentiality attacks, 868
use of white noise in securing emanations, 399noise generators, protecting against EM radiation
eavesdropping, 375nonce, in cryptography, 200
noncompete agreements (NCAs), 53–54nondisclosure agreements (NDAs)
employment agreements and policies, 53employment termination process and, 56protecting proprietary data, 171protecting trade secrets, 137
nondiscretionary access control (non-DAC)overview of, 598–599
role-based access control (role-BAC), 599, 599–601
rule-based access control (rule-BAC), 601
nongovernmental organizations (NGOs), data classification, 161
noninterference model, 279–280
nonrepudiationgoals of cryptography, 194
1000 HMAC not providing for – data classification and
HMAC not providing for, 241overview of, 11–12
symmetric key cryptography not implementing, 210nonvolatile storage
compared with volatile, 332overview of, 869
normalization, database, 864
Norton AntiVirus, 886
NOT operation, Boolean logic, 198notification, last logon, 621NSA. See National Security Agency (NSA)
Oobject (real) evidence, using in court of law, 807
objectives, aligning security functions to, 14–16
object-oriented databases (OODBs), 862
object-oriented programming (OOP)abstraction in, 365–366and databases, 862
software development security, 840–841
objectsabstraction, 12–13, 365–366access control between subjects and, 271, 557
in Clark-Wilson triple, 286in Graham-Denning model, 288
OCSP (Online Certificate Status Protocol), 246ODBC (Open Database Connectivity), 868, 868OFB (Output Feedback), in DES, 215OFDM (Orthogonal Frequency-Division Multiplexing),
481Office 365, integrating identity services, 579Office of Management and Budget (OMB), managing
public information, 130offline UPS, 773
offsite storage, disaster recovery plan for, 787–790
OMB (Office of Management and Budget), managing public information, 130
omnidirectional antennas, 461on-board cameras/video, BYOD devices and, 359on-boarding/off-boarding, BYOD devices and, 358one-time pads, 205–206
one-time passwords, 568, 615one-upped-constructed passwords, 611–612
one-way functions, in cryptography, 199–200
Online Certificate Status Protocol (OCSP), 246on-site assessment, integrating risk considerations into
acquisition strategies and practices, 36OODBs (object-oriented databases), 862
OOP. See object-oriented programming (OOP)Open Database Connectivity (ODBC), 868, 868
open ports, discovery with nmap, 635–638, 636–638open relay agents, SMTP servers and, 509
open source, vs. closed source, 272open system authentication (OSA), 458Open Systems Interconnection (OSI)
Application layer (layer 7), 436–437
comparing with TCP/IP model, 437–438Data Link layer (layer 2), 431–432
encapsulation mechanism, 428–429, 428–429functionality of, 427, 77 427–428
layers of, 429–430, 430Network layer (layer 3), 433–434
overview and history of, 425–426
Physical layer (layer 1), 430–431
Presentation layer (layer 6), 435–436
Session layer (layer 5), 435
Transport layer (layer 4), 434–435
open systems, vs. closed systems, 271–272
Open Web Application Security Project (OWASP), community focused on improving web security,349–350
OpenPGP standard, 249operating modes, 326
operating states. See process (operating) statesoperation centers (work areas), physical security of, 395Operation Tovar, protecting against GOZ botnet, 709–710
operational investigations, 804–805
operational planning, 15, 15–16Optimizing phase, SW-CMMM, 851
OR operation, Boolean logic, 196–197Orange book (TCSEC)
classes and required functions, 290–292, 291limitations, 294–295
on trusted computing base (TCB), 276organizational processes, security governance and, 16–17
Organizationally Unique Identifiers (OUIs), registering, 431–432
organizations, analyzing business organization, 96
Orthogonal Frequency-Division Multiplexing (OFDM),481
OSA (open system authentication), 458OSI model. See Open Systems Interconnection (OSI)OUIs (Organizationally Unique Identifiers), registering,
431–432outages
avoiding in penetration testing, 727
change management to prevent, 680–683
output devices, 333–335
Output Feedback (OFB), in DES, 215OWASP (Open Web Application Security Project),
community focused on improving web security,349–350
ownershipbring-your-own-device (BYOD) and, 357
business/mission owner role, 176
data classification and, 22
data owner role – Payment Card Industry Data Security Standard (PCI DSS) 1001
data owner role, 174–175
discretionary access control (DAC) by, 598
security roles and responsibilities, 23system owner role, 175–176
PP2P (peer-to-peer) system, networking and sharing with,
348
PaaS (Platform-as-a-Service)definition of cloud computing concepts, 346
managing cloud-based assets, 674
packet (protocol) analyzereavesdropping attacks, 541sniffer attacks, 614–615
Packet (Protocol or Payload) Data Units (PDUs), 434packet filtering firewall, 466–467packet switching
overview of, 531–532
virtual circuits, 532packets
converting into segments at Transport layer of OSI model, 434
data at Network layer of OSI model, 430quality of service controls for loss of, 775
padded cells, incident response and, 722
Padding Oracle On Downgraded Legacy Encryption (POODLE), 250
paging, disk paging, 330palm scans, biometric factors, 569PANs (personal area networks), 484PAP. See Password Authentication Protocol (PAP)Paperwork Reduction Act
amended by Government Information Security Reform Act, 131
provisions of, 130
parallel data systems, large-scale, 344
parallel tests, disaster recovery plan, 794
parameters, checking security vulnerabilities, 370–372
parol evidence rule, in documentary evidence, 807
partitionsdatabase, 867
preventing inference attacks, 342partners, being alert to threats from, 32parts inventory
disaster recovery planning for hardware failures,766–767
recovery planning for theft, 760
passive responses, intrusion detection systems, 718
passphrasesin authentication, 8authentication factors, 563overview of, 565
password attacks, 895–899
brute force, 612–613
countermeasures, 898–899
dictionary, 611, 896–897
Internet worm using, 891–892
most common passwords, 895–896
overview of, 610–611, 895
password guessing, 895–896
rainbow table, 614
sniffer, 614–615
Password Authentication Protocol (PAP)planning remote access security, 516PPP support, 537types of authentication protocols, 502
password masking, as social engineering attack, 617Password-Based Key Derivation Function 2 (PBKDF2),
564passwords
API keys similar to, 857authenticating users, 561authentication factors, 563cognitive, 566configuring wireless security, 462creating strong, 564–565
masking, 620most common, 895–896
one-time, 568overview of, 564
phrases, 565
policy for, 564protection from access control attacks, 619–621
restrictions, 564tokens and, 567–568vulnerability scanners checking for, 686
patchesbring-your-own-device (BYOD) and, 358deploying, 685overview of, 684–685
preventing escalation of privilege attacks, 901
preventing malicious code, 895
as preventive measure, 705protecting against botnets, 709protecting against buffer overflow errors, 710protecting against man-in-the-middle attacks, 713protecting against teardrop attacks, 711protecting against zero-day exploits, 711security audits reviewing management of, 746
vulnerability scanners checking for, 686–687
patentsoverview of, 136
protecting trade secrets, 137paths in reduction analysis, data flow, 34Payload (Protocol or Packet) Data Units (PDUs), 434Payment Card Industry Data Security Standard (PCI DSS)
1002 credit card standards – voice communication threats
credit card standards, 146, 180–181privacy regulations, 58security guidelines, 299third-party security services, 726
pay-per-install, distributing malware with, 712PBX. See private branch exchange (PBX)PCI DSS. See Payment Card Industry Data Security
Standard (PCI DSS)PDF (Portable Document Format), 254PEAP. See Protected Extensible Authentication Protocol
(PEAP)PEDs. See portable electronic devices (PEDs)peer auditing, job rotation and, 51peer-to-peer (P2P) system, networking and sharing with,
348
PEM (Privacy Enhanced Mail), 511penetration testing
documenting results, 730
incident response using, 727–731
obtaining permission for, 728
overview of, 642–643, 643preventing incidents with, 727
risks of, 728
techniques, 728–730
people, provisions and processes phase of continuity plan, 108
performance, monitoring key indicators of, 650
perimetercontrols, 407–409, 408security perimeters, 277, 77 277
perimeter networks, 464
period analysis, frequency analysis, 205permanent virtual circuits (PVCs), 532permissions
principle of least privilege for, 662–663
rights and privileges compared with, 594–595
personal area networks (PANs), 484personal identification numbers (PINs)
in authentication, 8authentication factors, 563smartcards and, 567
Personal Identity Verification (PIV) cards, 567personally identifiable information (PII)
defining sensitive data, 158–159
laws governing protection of, 702NIST guidelines, 415privacy and, 58
personnelapplying risk management concepts, 60–61
asset valuation, 77–78
compliance, 57
continuous improvement and, 78
controlling access to assets, 556cost functions associated with quantitative risk
analysis, 66–70
disaster recovery plan for contacting, 786–787
disaster recovery plan for strikes/picketing by, 768–769
disaster recovery plan for training, 792–793
elements of quantitative risk analysis, 65–66
employment agreements and policies, 53–54
employment termination processes, 54–56, 55establishing and managing information security
education, training, and awareness, 81–82
exam topics, 47–48, 84–87grudge attacks by former, 815–816
identifying threats and vulnerabilities, 63–64
implementing controls, countermeasures, and safeguards, 74–75
implementing defense in depth with, 598
job descriptions, 50–51, 50–52
managing the security function, 82–83
monitoring and measuring, 76–77
overview of, 49–50privacy, 57–58
qualitative risk analysis, 70–71
review answers, 917–918review questions, 89–92risk assessment and analysis, 64–65
risk assignment/acceptance, 72–73
risk frameworks, 78–81
risk terminology, 61–63
role-based access control (role-BAC) for frequentchanges in, 600
sabotage by, 714safety of, 670
screening employment candidates, 52–53
security governance and, 59–60
selecting and assessing countermeasures, 73–74
summary, 83–84types of controls, 75–76
vendor, consultant,and contractor controls, 56–57
written lab, 88written lab answers, 954–955
PERT (Program Evaluation Review Technique), project-scheduling tool, 853
perturbation, thwarting database confidentiality attacks, 868
PHI (protected health information), 159
phishing attackshyperlink spoofing attacks, 544overview of, 617–619
as password attacks, 897–898
phlashing attacks, 336The Phoenix Project: A Novel about IT, DevOps, and
Helping Your Business Win (IT Revolution Press, 2013), 856
phone number spoofing attacks, 616
phreakersfinancial attacks using phone phreakers, 814–815
voice communication threats, 505–507
physical access controls – POODLE (Padding Oracle On Downgraded Legacy Encryption) 1003
physical access controlsimplementing defense in depth, 598
protection from access control attacks, 619
selecting and assessing countermeasures, 75types of access control, 559
physical assets, protecting, 672
physical interfaces, testing, 648
Physical layer (layer 1), in OSI model, 430–431
physical media, storing, 168physical security
access abuses, 398
access control, 413–414badges and ID cards, 411
of datacenters, 396
designing facility, 388–389
environment and life safety, 414
of evidence storage, 395
exam topics, 385, 416–419fail safe/fail secure electrical hardware locks, 774
fire damage assessment, 406
fire detection and extinguishers, 404–406
fire issues, 402–404
intrusion detection systems (IDS), 397–398
keys and locks, 410
of media storage facilities, 394
motion detection systems and intrusion alarms, 411–413
overview of, 386, 403perimeter controls, 407–409, 408planning secure facility, 387
of power utilities, 399–400
preparing for equipment failure, 390–391
preventing sniffing attacks, 615privacy responsibilities and requirements, 414–415
protecting against electronic noise, 401
protecting physical assets, 672
proximity readers in, 397
regulatory requirements, 415
review answers, 931–932review questions, 421–424securing electrical signals and radiation, 398–399
selecting site, 387–388
of server rooms, 393–394
smartcards in, 396–397
summary, 415–416temperature, humidity, and static, 401
types of controls and order of use, 389–390
water/flooding issues, 402
of wiring closets, 391–393
of work areas (operation centers), 395
written lab, 420written lab answers, 959–960
picketing/strikes, disaster recovery planning for, 768–769
piggybacking, access abuses, 398PII. See personally identifiable information (PII)
ping, in smurf attacks, 708
ping flood attacksIDS active response to, 718incident response, 708–709
ping-of-death attacks, 710
pink slips, employment termination processes, 56PINs. See personal identification numbers (PINs)piracy, software licensing preventing, 671PIV (Personal Identity Verification) cards, 567PKCS (Public Key Cryptography Standard), 511PKI. See public key infrastructure (PKI)plain old telephone service (POTS)
circuit switching, 530telephony options, 513–514
plaintextciphertext compared with, 194confusion and diffusion operations, 207
planningaligning security functions to strategies, goals,
mission, and objectives, 14–16
business continuity. See business continuity planning (BCP)
disaster recovery. See disaster recovery planning (DRP)secure facility, 387
Platform-as-a-Service (PaaS)definition of cloud computing concepts, 346
managing cloud-based assets, 674
platforms, vulnerable to viruses, 885
PLCs (programmable logic controllers), 348–349plenum cable, 476plug and play (PnP) devices, 335Point-to-Point Protocol (PPP)
dial-up encapsulation protocols, 536–537dial-up protocols, 516–517
Point-to-Point Tunneling Protocol (PPTP)establishing VPNs, 439tunneling, 520–521
poisoning attacks, DNS and, 543–544
policies. See also security policiesasset retention, 172bring-your-own-device (BYOD), 357–360
compliance, 57developing, 25–26
employment, 53–54
handling sensitive data, 167online privacy, 178passwords, 564protection mechanisms, 367–369
political motivations, in thrill attacks, 817
polling, LAN media access technologies, 489polyinstantiation, DBMS security, 868
polymorphic viruses, 888
polymorphism, object-oriented programming, 841
POODLE (Padding Oracle On Downgraded Legacy Encryption), 250
1004 POP3 (Post Office Protocol version 3) – privileged mode
POP3 (Post Office Protocol version 3), 508port mirroring, used by IDS, 720
port scans, as reconnaissance attacks, 906
Portable Document Format (PDF), 254portable electronic devices (PEDs). See also mobile devices
cryptographic applications for, 247–248
overview of, 352vulnerabilities. See vulnerabilities, in mobile systems
port-based access control, 439ports
IANA list of protocols matched to well-known, 725learning TCP, 639–640, 639–640network discovery of closed ports, 635–638, 636–638network vulnerability scans of, 637–639, 639Transport layer protocols, in TCP/IP suite, 439web vulnerability scans of, 640–642, 641
POST (power-on-self-test), 327Post Office Protocol version 3 (POP3), 508postmortem review, incident response team, 822
postwhitening technique, in Twofish, 218POTS (plain old telephone service)
circuit switching, 530telephony options, 513–514
power monitoring attacks, smartcards, 619
power supplyadding fault tolerance for, 773
physical security of, 399–400
recovery planning for outages, 766–767
terminology of power issues, 400power-on-self-test (POST), 327PPP (Point-to-Point Protocol)
dial-up encapsulation protocols, 536–537dial-up protocols, 516–517
PPs (protection profiles), Common Criteria, 296–297PPTP (Point-to-Point Tunneling Protocol)
establishing VPNs, 439tunneling, 520–521
preaction fire suppression system, 405premises wire distribution rooms, physical security of,
391–393
preponderance of the evidence standard, in civil investigations, 805
Presentation layer (layer 6), in OSI model, 435–436
pretexting attacks, 544Pretty Good Privacy (PGP)
email security solutions, 511–512example of use of IDEA, 217overview of, 248–249
preventive access control, 75, 558preventive measures, incident prevention and response, 705
prewhitening technique, in Twofish, 218PRI (Primary Rate Interface), ISDN options, 534primary (main/real) memory, types of RAM, 328primary (or “real”) memory, data storage, 869
primary keys, relational databases, 863
Primary Rate Interface (PRI), ISDN options, 534primary storage, compared with secondary, 332prime numbers, factoring, 234principle of least privilege
blocking malware, 724
defined, 596
excessive and creeping privileges and, 583mechanisms of security policies, 368preventing access aggregation attacks, 610
role-based access control (role-BAC) enforcing, 600
as security practice, 662–663
in segregation of duties, 664–666
separation of privilege built on, 664
principlesapplying security governance, 13–14
authorization mechanisms, 596
printersexamples of embedded and static systems, 360security vulnerabilities, 334
prioritizationin business impact assessment, 101–102
CIA priorities, 6–7of resources in business impact assessment, 106
threat modeling and, 34–35
privacyaspects of confidentiality, 5bring-your-own-device (BYOD) and, 358defined, 57–58
European privacy law, 145–146
overview of, 139–140protecting, 178–179
responsibilities and requirements, 414–415
U.S. privacy law, 140–144
in workplace, 144Privacy Act of 1974, 140–141Privacy Enhanced Mail (PEM), 511private
commercial classification of data, 21, 162securing email data, 164
private branch exchange (PBX)designing security guidelines, 505–506Direct Inward System Access (DISA), 506secure voice communications and, 503telephony options, 513voice communication threats, 505
private cloud deployment model, 674
private IP addresses, NAT and, 526–527
private key cryptography. See symmetric key cryptographyprivate keys, in asymmetric cryptography, 232–233
privileged entities, monitoring, 667–668
privileged groups, audits of, 744–745
privileged mode
in four-ring model – pseudo-artificial intelligence systems 1005
in four-ring model, 320types of operating modes, 326
privileged programs, 372
privilegesabuses of, 52audits of privileged groups, 744–745
capability tables identifying, 595
constrained interfaces identifying, 596
elevation of, 31escalation of privilege attacks, 900–901
excessive and creeping, 583least privilege principle. See principle of least privilegelimiting to protect against SQL injection, 905
mechanisms of security policies and, 368monitoring special, 667–668
rights vs. privileges vs., 594–595
separation of, 664
Probability x Damage Potential (DREAD) system, in threat prioritization and response, 34–35
probable cause, search warrants based on, 811–812
problem (running) state, types of operating states, 322procedures
handling sensitive data, 167security, 27–28, 28wireless networking security, 462–463
process (operating) statesoverview of, 321–322
process scheduler and, 322process integration, 374
process isolationCIA techniques, 273–274types of essential security protection mechanisms,
366–367
processors. See central processing unit (CPUs)process/policy review, integrating risk considerations into
acquisition strategies and practices, 36Professional Practices library, documenting planning for
BCP, 785Program Evaluation Review Technique (PERT), project-
scheduling tool, 853
program executive (process scheduler) kernel, 322–323, 323
programmable logic controllers (PLCs), 348–349programmable read-only memory (PROM), 327–328programming
flaws, 373
languages, 839–840
object-oriented, 840–841, 862
relational databases using SQL language, 863–864
project scope, business continuity planning and, 95–96
PROM (programmable read-only memory), 327–328proofing, of identity, 561propagation techniques, of viruses, 883–885
proprietary data. See confidential (proprietary) data
Protected Extensible Authentication Protocol (PEAP)overview of, 460planning remote access security, 516types of authentication protocols, 502–503
protected health information (PHI), 159
protection mechanismsabstraction, 12–13, 365–366
data hiding, 13, 366–367
encryption, 13
layering (defense in depth), 12, 364–365
overview of, 364
policy mechanisms, 367–369
process (operating) states, 321–322, 322protection rings, 319–321, 320security modes, 323–325
technical mechanisms, 364
protection profiles (PPs), Common Criteria, 296–297protection rings
four ring model, 320overview of, 319–321
protocol (packet) analyzereavesdropping attacks, 541sniffer attacks, 614–615
Protocol (Packet or Payload) Data Units (PDUs), 434protocols
AAA protocols, 580–581
Application layer of OSI model, 436Application layer of TCP/IP model, 447–448authentication protocols, 502
converged protocols, 452
Data Link layer of OSI model, 431–432denial of service (DoS) attacks exploiting, 540dial-up encapsulation protocols, 536–537
dial-up protocols, 516–517
disabling unneeded as preventive measure, 705discovery of protocols in use on TCP/IP network, 443implications of multilayer protocols in TCP/IP model,
448–450
Network layer of OSI model, 433, 445–447secure communication protocols, 501–502
Session layer of OSI model, 435Transport layer of OSI model, 435WAN connections, 536
provisioningaccount access provisioning lifecycle, 582–583
in continuity planning, 108–109
proxies, network devices, 472proximity readers, in datacenter security, 397
proxy firewalls, 466proxy logs, 733
prudent man rule, responsibility of senior management fordue care, 130
pseudo flaws, incident response and, 722
pseudo-artificial intelligence systems, 717
1006 PSTN (public switched telephone network) – recovery phase
PSTN (public switched telephone network)circuit switching, 530telephony options, 513–514
publiccommercial classification of data, 21, 163securing email data, 164
public cloud model, 674
public key algorithms. See asymmetric key cryptographyPublic Key Cryptography Standard (PKCS), 511public key infrastructure (PKI)
certificate authorities, 243–244
digital certificates, 243
exam topics, 261–263generating and destroying certificates, 245–246
LDAP and, 574managing asymmetric keys, 246–247
overview of, 242
review answers, 926–927review questions, 265–268written lab, 264written lab answers, 958
public keys, in asymmetric cryptography, 232–233
public switched telephone network (PSTN)circuit switching, 530telephony options, 513–514
purging media, 170PVCs (permanent virtual circuits), 532
QQoS (quality of service) controls, adding fault tolerance
with, 775
qualitative decision makingassessing impact of risks, 106in business impact analysis, 101
qualitative risk analysiscomparing with quantitative, 71overview of, 70–71
quality of service (QoS) controls, adding fault tolerance with, 775
quantitative risk analysiscomparing with qualitative, 71cost functions associated with, 66–70
elements of, 65, 65–66
quarantining files, as antivirus mechanism, 886
Rradio frequency identification (RFID)
hardware inventory, 671
proximity readers, 397radio frequency interference (RFI), 401
RADIUS. See Remote Authentication Dial-In User Service(RADIUS)
RAID (redundant array of inexpensive disks)fault tolerance and, 304protecting hard drives, 761–762
RAID 1 + 0 (RAID-10), 771
rainbow serieslist of publications, 293–294Orange book classes and required functions, 290–292
Orange book limitations, 294–295
Orange book on trusted computing base (TCB), 276overview of, 290Red and Green books, 293security standards, 290
rainbow table attacks, one-upped-constructed passwordsin, 611
random access memory (RAM)data storage, 869
keeping computers turned on when containing incident, 701
overview of, 328–329
security issues, 331troubleshooting programs for this book, 969–970
random storagecompared with sequential, 332–333random access storage of data, 869
ransomware, as Trojan variant, 890
RARP. See Reverse Address Resolution Protocol (RARP)RAs (registration authorities), issuing digital certificates,
244RDBMSs. See relational database management systems
(RDBMSs)read-only memory (ROM)
firmware (microcode) stored on ROM chip, 336security issues, 331types of, 327–328
read-through test, disaster recovery plan, 793–794
ready state, types of operating states, 321real (main/primary) memory, types of RAM, 328real (object) evidence, using in court of law, 807
reasonableness check, in software testing, 857
reciprocal agreements, as disaster recovery option, 782–783
reconnaissance attacksdumpster diving, 906–907
IP probes, 905–906
overview of, 610, 905
port scans, 906
vulnerability scans, 906
recordsidentifying database, 863
retaining, 164–165, 171recovery, trusted recovery, 370recovery access control, 76, 559recovery phase, incident response, 824
recovery steps – resolving IP addresses to MAC addresses 1007
recovery steps, incident response, 703
recovery time objective (RTO), 101Red book, in rainbow series, 293red boxes, phreaker tools, 507reduction analysis, 33–34
redundancyof controls, 363fault tolerance and, 304
redundant array of inexpensive disks (RAID)fault tolerance and, 304protecting hard drives, 761–762
redundant failover servers, 766–767
reference monitors, 277, 77 277–278
reference profile (template), of biometric factor, 571references, screening employment candidates, 52referential integrity, relational databases, 863
register addressing, types of memory addressing, 329registers, CPUs and, 329
registrationaccount provisioning and, 582of users, 561
registration authorities (RAs), issuing digital certificates, 244regulations (government). See also laws and regulations
applying security governance principles, 13–14Code of Federal Regulations (CFR), 127compliance, 57, 146–147
physical security, 415
privacy, 58regulatory investigations, 805
regulatory requirements, in business continuity plan, 100
regulatory security policies, 26relational database management systems (RDBMSs)
object-oriented programming (OOP) and, 862
overview of, 862, 862–864
security, 866–868
transactions, 864–866
relational databases, establishing, 862, 862–864
relationships between tables, databases, 863
relay agents, SMTP servers and, 509release control, change management process, 854
remediation phase, incident response, 703, 824
remote accesscentralization of remote authentication services, 517
managing, 513–515
planning security for, 515–516
techniques, 514war dialing countermeasures, 714
Remote Authentication Dial-In User Service (RADIUS)AAA protocols, 580–581centralizing remote authentication services, 517planning remote access security, 516
remote journaling, database recovery with, 784
remote meetings, 508
remote mirroring, database recovery with, 784
remote user assistance, 516
remote wipefailures of, 677mobile device security, 352
removable storage, mobile device security, 355Repeatable phase, SW-CMMM, 851
repeaterscable runs and, 477network devices, 470
replay attackson communication network, 542
types of cryptographic attacks, 260reports
audit, 746–747
incident, 824
incident handling, 825–826
on lessons learned, 704on penetration test results, 730
protecting audit results, 747
as step in incident response, 702
reproducibility, in DREAD rating system, 34repudiation, in STRIDE threat categorization system,
31request control, change management process, 854
reset packets. See RST (reset) packetsresidual risk, 73resources, provisioning and managing
assessing requirements in business continuity plan, 98–99
cloud-based assets, 673–674
hardware inventories, 671
media assets, 675–678
overview of, 670physical assets, 672
prioritizing in business impact assessment, 106
software licensing, 671–672
virtual assets, 672–673
responsechoosing appropriate, 822–824
incident, 701
of intrusion detection systems, 718–719
process for, 821–824
teams for, 820–821
threat modeling and, 34–35
restorationdisaster recovery tasks compared with, 791–792
process, after incident, 824
restricted interface model, 287retention, of data from incidents, 825
retina scans, biometric factors, 569return on investment (ROI), 16–17Reverse Address Resolution Protocol (RARP)
NIDS discovering source of attack with, 720
overview of, 447resolving domain names to IP addresses, 451resolving IP addresses to MAC addresses, 432
1008 reverse hash matching attacks – rows
reverse hash matching attacks, 260revocation, digital certificates, 246RFI (radio frequency interference), 401RFID (radio frequency identification)
hardware inventory, 671
proximity readers, 397rights
permissions and privileges compared with, 594–595
principle of least privilege for, 662–663
Rijndael block cipher, 218–219ring topology, 478, 478rings of protection. See layeringrisk acceptance
documenting business continuity plan, 112
overview of, 72risk analysis
continuous improvement and, 78
defined, 61
risk assessmentdocumenting business continuity plan, 112
overview of, 64–65qualitative risk analysis, 70–71quantitative risk analysis, 65–70vulnerability assessment indicating, 687–688
risk managementidentifying assets, 605–607
identifying threats, 607–609
identifying vulnerabilities, 609–610
overview of, 605
Risk Management Framework (RMF)certification and accreditation systems, 302characteristics of, 79overview of, 78–79steps in, 79–80types of, 80–81
risk mitigationdocumenting business continuity plan, 112
overview of, 72risk rejection, 72risks
applying risk management concepts, 60–61
assessment and analysis, 64–65
assignment, 72assignment/acceptance, 72–73
basing audits on associated, 743code repositories, 859
cost functions associated with quantitative risk analysis, 66–70
defined, 605
defining risk terminology, 62
elements of, 63elements of quantitative risk analysis, 65, 65–66
evaluating based on CIA triad, 4flooding, 763
identifying risks in business impact assessment, 102–103
identifying threats and vulnerabilities, 63–64
management accepting vs. mitigating, 687
monitoring key indicators of, 650
penetration testing, 728
qualitative risk analysis, 70–71
risk frameworks, 78–81
RMF (Risk Management Framework), 78–81
six steps of risk management framework, 80terminology, 61–63
Rivest, Shamir, and Adleman (RSA) algorithmadvanced persistent threat (APT) on, 609developed by RSA Data Security, 218encryption algorithms approved under Digital
Signature Standard, 242key length, 235overview of, 233–234
use by PGP, 249use by S/MIME, 249
Rivest Cipher 2 (RC2), 219Rivest Cipher 4 (RC4)
comparing symmetric algorithms, 219use by WEP encryption, 458
Rivest Cipher 5 (RC5)comparing symmetric algorithms, 219example of block cipher, 218
RJ-45 jacks, 360RMF. See Risk Management Framework (RMF)rogue antivirus software, as Trojan variant, 888
ROI (return on investment), 16–17role-based access control (role-BAC)
access control models, 599, 599–601
task-based access control (TBAC), 600
rolessecurity governance and, 22–23
security policies and, 26segregation of duties matrix, 665–666
ROM. See read-only memory (ROM)root cause analysis
in operational investigations, 805
remediation step in incident response, 703rootkits, waging escalation of privilege attacks with,
900–901
ROT3 cipherexample of substitution cipher, 203historical milestones in cryptography, 190–191
rotation, backup tape, 790
rotation of duties (job rotation), 666
routersnetwork devices, 471operating at Network layer of OSI model, 434
routing protocolscategories of, 434Network layer of OSI model and, 433
rows, cardinality of database, 862–863
RSA algorithm. See Rivest – comparing hashing algorithms 1009
RSA algorithm. See Rivest, Shamir, and Adleman (RSA)algorithm
RST (reset) packetsSYN flood attacks, 707TCP reset attacks, 708
TCP sessions, 440RTO (recovery time objective), 101rule-based access control (rule-BAC)
access control models, 601
attribute-based access control (ABAC) as advanced,601–602
mandatory access control (MAC) vs., 603overview of, 274
rulesattribute-based access control (ABAC), 601–602
auditing specific process for following, 742
NIST rules of behavior, 175running (problem) state, types of operating states,
322running key ciphers, 206–207
S
SaaS. See Software-as-a-Service (SaaS)sabotage, 714
safe harborEU privacy law and, 145transferring data with EU and, 180–181US Department of Commerce program, 177
safeguardscalculating annualized loss expectancy with, 67calculating costs of, 68cost/benefit analysis, 68–69defining risk terminology, 62
implementing for personnel security, 74–75
safety, security controls for personnel, 414, 670
salami attack, incremental attacks, 373salted passwords, cracking with brute-force attack, 614SAML (Security Assertion Markup Language)
federated identity systems using, 577vulnerabilities in web-based systems, 349
sampling, in account management, 650
San Andreas fault, disaster recovery planning, 761sandboxing
CIA techniques, 273incident response and, 726
preventing malicious code, 894
protecting against botnets, 709
sanitizationof hardware, 171, 671
of media, 170of storage devices, 333
SANs (storage area networks), 525Sarbanes-Oxley Act of 2002 (SOX)
privacy regulations, 58role in compliance, 147segregation of duties and, 665
SAs (security associations)in IPsec sessions, 256managing with ISAKMP, 257
SCADA (supervisory control and data acquisition), 348–349
scanning attack incidents, 818–819
scenarios, in qualitative risk analysis, 70–71scheduling changes, 628SCMMM or SW-SCMM or (Software Capability Maturity
Model), 850–852
scoping, in security baselines, 180
SCP (Secure Copy), 174screen locks, mobile device security, 353screen savers, session management and, 579–580screened host, multihomed firewalls and, 467screening employment candidates, 52–53
screening routers, 466script kiddies, thrill attacks by, 817
scripted access, examples of single sign-on, 578scripts, email security issues, 510SCTP (Stream Control Transmission Protocol), 581SD3+C (Secure by Design, Security by Default, Secure in
Deployment and Communication), 29SDL (Security Development Lifecycle), 29SDLC (Synchronous Data Link Control), 536SDNs. See software-defined networks (SDNs)SDx (software-defined everything), 672–673
search warrantsin computer crime investigation, 811–812
gathering evidence using, 822
seclusion, aspects of confidentiality, 5second normal form (2NF), database normalization, 864
secondary memory, 330–331
secondary storagecompared with primary, 332data storage, 869
second-generation languages (2GL), 840
secrecy, aspects of confidentiality, 5secret key cryptography. See symmetric key cryptographySecure by Design, Security by Default, Secure in
Deployment and Communication (SD3+C), 29Secure Copy (SCP), 174Secure Electronic Transaction (SET), 501–502Secure European System for Applications in a Multivendor
Environment (SESAME), 578Secure File Transfer Protocol (SFTP), 174Secure Hash Algorithm (SHA)
birthday attacks and SHA-3, 613–614comparing hashing algorithms, 240
1010 overview of SHA-1 and SHA-2 and SHA-3 – security impact analysis
overview of SHA-1 and SHA-2 and SHA-3, 237–238
SHA-1 use by OpenPGP, 249types of hashing algorithms, 213
Secure Hash Standard (SHS), 237–238Secure Multipurpose Internet Mail Extensions (S/MIME)
email security solutions, 511overview of, 249
secure passwords, preventing password attacks, 898
Secure Remote Procedure Call (S-RPC), secure communication protocols, 501
Secure Shell (SSH)example of end-to-end encryption, 255protecting data in transit, 174
Secure Sockets Layer (SSL)overview of, 173protecting web applications, 250secure communication protocols, 501X.509 standard for, 243
secure state machine, 278SecureAuth Identity Provider (IdP), for device
authentication, 573security architecture vulnerabilities. See vulnerabilities, in
security architectureSecurity Assertion Markup Language (SAML)
federated identity systems using, 577vulnerabilities in web-based systems, 349
security assessment and testingbuilding program for, 631–632
exam topics, 629, 651–652network discovery scans, 634–637, 77 636–637network vulnerability scans, 637–640, 638–640penetration testing, 642–643, 643review answers, 939–940review questions, 654–657security assessments, 631–632
security audits, 632–633
security management processes, 649–650
security testing, 630–631
summary, 650–651testing your software, 643–648, 645, 647types of vulnerability scans, 634
web vulnerability scans, 640–642, 641written lab, 653written lab answers, 962–963
security associations (SAs)in IPsec sessions, 256managing with ISAKMP, 257
security audits. See also audits/auditingbuilding program for, 632–633
and reviews, 745–746
security boundaries, 539
security breaches. See breachessecurity clearance, screening employment candidates, 52security controls. See controlsSecurity Development Lifecycle (SDL), 29
security domains, mandatory access control (MAC), 602, 602–604
security engineering controls, 274
security governance, 36AAA services, 8, 9abstraction, 12–13
accountability, 10–11
aligning security functions to strategies, goals,mission, and objectives, 14–16, 15
applying security governance principles, 13–14
auditing, 10
authentication, 8–9, 10
authorization, 9–10
availability principle, 7change control/management, 17–18
CIA triad, 3, 3–4
confidentiality principle, 4–5
control frameworks, 23–24
data classification, 18–22, 20–21data hiding, 13
determining and diagramming potential attacks, 32–33, 33
due care and due diligence, 24
encryption, 13
exam topics, 1–2, 38–40identification, 8, 10
identifying threats, 30–32
integrating risk considerations into acquisition strategies and practices, 35–36
integrity principle, 5–6
lab, 41layering (defense in depth), 12
legally defensible security, 11for multi-level databases, 866–868
nonrepudiation, 11–12
organizational processes and, 16–17
performing reduction analysis, 33–34
personnel security, 59–60
policies, 25–26
prioritization and response, 34–35
procedures, 27–28, 28review answers, 916–917review Q&A, 42–45review questions, 42–45roles and responsibilities, 22–23
standards, baselines, and guidelines, 26–27
summary, 36–38
threat modeling, 28–29
written lab, 41written lab answers, 954
security guards, as perimeter control, 409security IDs, physical security, 411security impact analysis, change management,
682–683
security incident and event management (SIEM) packages – aligning security functions to strategies 1011
security incident and event management (SIEM) packages,649
security kernel, 278
security labels. See labelssecurity layers. See layeringsecurity logs. See also logs/logging, 733
security modelsaccess control matrix, 280–282
Bell-LaPadula model, 282–284, 283Biba model, 284–286, 285Brewer and Nash model (Chinese Wall), 287
Clark-Wilson model, 286, 286–587
Goguen-Meseguer model, 288
Graham-Denning model, 288
information flow model, 279
noninterference model, 279–280
overview of, 275–276
reference monitors and, 277–278
review answers, 927–929review questions, 308–311security perimeters and, 277, 77 277state machine model, 278
Sutherland model, 288
Take-Grant model, 280, 281trusted computing base (TCB) and, 276
written lab answers, 958–959security modes
comparing, 325compartmented mode, 324
dedicated mode, 323–324
multilevel (controlled security) mode, 325
overview of, 323system high mode, 324
security operationsbalancing usability with security, 681change, 680–683, 681cloud-based assets, 673–674
Common Vulnerability and Exposures (CVE) database, 688
configuration, 678–680, 679exam topics, 659–660, 689–690hardware and software assets, 671–672
information life cycle, 668–669
job rotation and, 666
mandatory vacations, 666–667
media, 675–678
need to know principle, 661–662
overview of, 661patch management, 684–685
personnel safety, 670
physical asset protection, 672
principle of least privilege, 662–663
review answers, 940–943review questions, 692–695separation of duties and responsibilities, 663–666, 665
service level agreements, 669
special privileges, 667–668
summary, 688–689virtual asses, 672–673
vulnerabilities, 685–688
written lab, 691written lab answers, 963
security perimeterscontrols, 407–409, 408overview of, 277, 77 277
security policies. See also policiesaccess control with, 596–597
auditing effectiveness of, 742–748
for BYOD devices, 677developing, 25–26
for email, 509handling sensitive data, 167implementing defense in depth with, 598
for incident handling, 817–818
integrating risk considerations into acquisition strategies and practices, 36
for malicious software, 724
Network Access Control (NAC) as, 464–465
for passwords, 564on potential of attacks by disgruntled employees, 816
preventing military and intelligence attacks, 813
protection mechanisms, 367–369
reduction analysis and, 34for strong passwords, 620warning banners informing users about,
723security procedures
overview of, 27–28
wireless networking, 462–463
security professionals, 22–23security standards, rainbow series, 290
security targets (STs), Common Criteria, 296–297security testing, building program for, 630–631
segmentationhardware segmentation, 367storage segmentation, 354
segmentsdata at Transport layer of OSI model, 430packets converted into segments at Transport layer of
OSI model, 434segregation of duties, 664–666
SEI (Software Engineering Institute)IDEAL model for software development, 851–852
SCMM model for software development, 850–851
semantic integrity, DBMS security, 867
Sendmail debug mode, spread of Internet worm, 891
Sendmail server, Unix systems, 509senior management
aligning security functions to strategies, goals,mission, and objectives, 15
1012 analyzing business organization – Kerberos and
analyzing business organization, 96
business continuity planning and, 98getting approval of continuity plan, 109prudent man rule, 130security roles and responsibilities, 22
sensitive datacommercial classification of data, 21, 162defining, 158–160
destroying, 168–171, 170handling, 167
marking, 165–167
not including in code repositories, 859
protecting using symmetric encryption, 172–173
protecting using transport encryption, 173–174
securing email data, 164storing, 167–168
trusted systems, 274–275
sensitivity, aspects of confidentiality, 5separation of duties
Clark-Wilson model and, 286defined, 596
important elements of job descriptions, 50overview of, 663–666, 665in software testing, 857
separation of privilegemechanisms of security policies, 368overview of, 664
sequential storagecompared with random, 332–333data storage, 869
Serial Line Internet Protocol (SLIP), 516–517Server Message Block (SMB), 433server rooms, physical security of, 393–394
serversalternate processing sites for. See sites, alternate
processingcontrolling accessibility of, 393–394fully redundant failover, 766–767
implementing antivirus software on, 893
protecting with failover clusters, 772–773
server-based vulnerabilities, 341
service accounts, separation of privileges in, 664
service bureaus, as disaster recovery option, 781–782
service injection viruses, 885–886
service oriented architecture (SOA), 374Service Provisioning Markup Language (SPML), 577service set identifiers (SSIDs)
configuring wireless security, 462disabling SSID broadcast, 457securing, 456–457
service-level agreements (SLAs)hardware replacement in disasters using, 781legal and regulatory requirements and, 100preparing for equipment failure, 391
as security practice, 669
in software escrow arrangements, 790systems development control with, 859–860
vendor, consultant, and contractor controls, 56–57services
disabling unneeded as preventive measure, 705integrating for identity management, 579
integrating risk considerations into acquisition strategies and practices, 35
SESAME (Secure European System for Applications in a Multivendor Environment), 578
session hijacking, as masquerading attack, 908
Session layer (layer 5), in OSI model, 435
sessions, managing, 579–580
SET (Secure Electronic Transaction), 501–502SFTP (Secure File Transfer Protocol), 174SHA (Secure Hash Algorithm). See Secure Hash Algorithm
(SHA)shadow passwords, preventing password attacks on Linux/
Unix, 898–899
shared key authentication (SKA), authenticating wireless access points, 458
shared private keys, 209shielded twisted-pair (STP), 475–476
shielded twisted-pair (STP) cable, 475–476
shoulder surfingsecuring work areas, 395as social engineering attack, 616–617
shrink-wrap licenses, types of license agreements, 138SHS (Secure Hash Standard), 237–238side-channel attacks, smartcards, 619
signature dynamics, biometric factors, 570signature files, anti-malware software using up-to-date, 723
signature-based detection, of antivirus programsoverview of, 886–887
updating frequently, 894
Silver Bullet Service, IronKey flash drives, 676
Simda botnet, 710
Simple Key Management for Internet Protocol (SKIP), 501Simple Mail Transfer Protocol (SMTP), 508–509simplex communication
Session layer of OSI model and, 435with UDP, 439
simulation tests, disaster recovery plan, 794
single loss expectancy (SLE)assessing impact of risks, 105elements of quantitative risk analysis, 65–66
formula, 69single points of failure, eliminating, 760
single sign-on (SSO)as centralized access control technique, 573–574examples, 578federated management of, 576–578
Kerberos and, 574–576
Lightweight Directory Access Protocol and – review answers 1013
Lightweight Directory Access Protocol and, 574
Security Association Markup Language and, 349single-state systems, 318site surveys, conducting for wireless networks, 457
sitesprovisions and processes phase of continuity plan,
108–109selecting for facility, 387–388
sites, alternate processingcloud computing, 782
cold sites, 778–779
disaster recovery plan for, 787–790
hot sites, 779–780
locating away from your main site, 767, 77 778
mobile sites, 781
service bureaus, 781–782
warm sites, 780–781
Six Cartridge Weekly Backup strategy, backup taperotations, 790
SKA (shared key authentication), authenticating wireless access points, 458
SKIP (Simple Key Management for Internet Protocol), 501Skipjack algorithm
comparing symmetric algorithms, 219overview of, 217–218
SLAs. See service-level agreements (SLAs)SLE. See single loss expectancy (SLE)SLIP (Serial Line Internet Protocol), 516–517smart TVs, 360smartcards
attacks, 619
authentication factors, 563in datacenter security, 396–397
overview of, 566–567
smartphones/mobile phonesaccessing and mitigating vulnerabilities, 350–351managing, 677
types of hashing algorithms, 213wireless networking, 485
SMB (Server Message Block), 433SMDS (Switched Multimegabit Data Service), WAN
connections, 536S/MIME (Secure Multipurpose Internet Mail Extensions)
email security solutions, 511overview of, 249
SMP (symmetric multiprocessing), 316–317
SMTP (Simple Mail Transfer Protocol), 508–509smurf amplifier, 708
smurf attacksas DRDoS attacks, 706
overview of, 708
sniffer (snooping or eavesdropper) attackseavesdropping on communication network, 541–542
faxes and, 513
as man-in-the-middle attacks, 713overview of, 614–615
preventing with switches, 720
protecting against, 375, 454SOA (service oriented architecture), 374SOC (service organization control) report, 102social engineering attacks
access control attack via, 616–617
guidelines for protection against, 505overview of, 504
as password attacks, 897–898
in penetration tests, 729–730
phishing, 617–618
used during penetration tests, 727
Socket Secure (SOCKS), circuit-level gateway firewall, 466software
alternate processing sites for. See sites, alternateprocessing
anti-malware. See anti-malware softwarecopyright protection and, 134–135disaster recovery planning for failure of, 767–768
escrow arrangements, 790–791
export controls, 139forensic evidence collection, 810
identifying threats by focus on, 30integrating risk considerations into acquisition
strategies and practices, 35licensing, 671–672
RAID solutions for, 771
security controls for acquisition of, 860
threat modeling with focus on, 608
trade secret protection, 137virtual, 523–524
Software Alliance, 138Software Capability Maturity Model (SW-SCMM or
SCMMM), 850–852
software developmentAgile software development, 849–850
application programming interfaces (APIs), 856–857
assurance, 841
avoiding/mitigating system failure, 841–844
change and configuration management, 853–855
code repositories, 858–859
databases/data warehousing, 860–868, 861–862, 868DevOps model, 855–856
exam topics, 837, 874Gantt charts and PERT, 853, 853
IDEAL model, 851–852, 852knowledge-based systems, 870–873
life cycle models, 847–849, 848–849object-oriented programming (OOP), 840–841
overview of, 838programming languages, 839–840
review answers, 949–950
1014 review questions – Bell-LaPadula model based on
review questions, 876–879service-level agreements (SLAs), 859–860
software acquisition, 860
Software Capability Maturity Model (SCMM), 850–851
software testing, 857–858
spiral model, 848–849, 849storing data and information, 868–869
summary, 873systems development life cycle, 844–847
waterfall model, 847–848, 848written lab, 875written lab answers, 965
Software Engineering Institute (SEI)IDEAL model for software development, 851–852
SCMM model for software development, 850–851
Software IP Encryption (swIPe), secure communication protocols, 501
software testingblack-box testing, 857–858
code review, 644–645, 645dynamic testing, 646, 858
fuzz testing, 646, 647gray-box testing, 858
interface testing, 646–648
misuse case testing, 648
overview of, 643–644
reasonableness check, 857
static testing, 645, 858
test coverage analysis, 648
white-box testing, 857
Software-as-a-Service (SaaS)definition of cloud computing concepts, 346
integrating identity services, 579managing cloud-based assets, 674
overview of, 102software development security, 860
third-party security services, 726software-defined everything (SDx), 672–673
software-defined networks (SDNs)converged protocols, 453managing virtual assets, 673
virtual networking, 524–525solid state drives (SSDs)
destroying sensitive data and, 169destroying sensitive data on, 678
storage security issues, 333something you do, authentication factors, 563, 568something you have, authentication factors, 563something you know, authentication factors, 563Sony
advanced persistent threat (APT) on, 609network-based DLP could have detected attack on, 741
PlayStation breach, 610
reporting to upper management, 702SOX. See Sarbanes-Oxley Act of 2002 (SOX)spam
email security issues, 511phishing attacks using, 617
Spam over Internet Telephony (SPIT) attacks, 503spear phishing, 618
special privileges, monitoring for security, 667–668
spikes, power, 773
SPIT (Spam over Internet Telephony) attacks, 503split knowledge
in cryptography, 201
defined, 221
separation of duties/two-person control in, 666
SPML (Service Provisioning Markup Language), 577spoofing (masquerading) attacks
access abuses, 398ARP spoofing attacks on, 542–543
on communication network, 542
DNS and, 543–544
email, 616
email security issues, 510overview of, 615–616, 907–908
in STRIDE threat categorization system, 30Spoofing, Tampering, Repudiation, Information
disclosure, Denial of service, Elevation of privilege (STRIDE), threat modeling and, 30–31
spread spectrum technologies, 481spyware, as malicious code, 893
SQL. See Structured Query Language (SQL)SQL injection attacks
protecting against, 905
on web applications, 902–904
S-RPC (Secure Remote Procedure Call), secure communication protocols, 501
SSDs. See solid state drives (SSDs)SSH (Secure Shell)
example of end-to-end encryption, 255protecting data in transit, 174
SSIDs. See service set identifiers (SSIDs)SSL. See Secure Sockets Layer (SSL)SSO. See single sign-on (SSO)stand-alone infrastructure mode, wireless access points
(WAPs) and, 455standards
compliance, 57in security and risk management, 26–27
selecting, 180–181
standby UPS, 773
star topology, 479, 479
state changes, attacks based on predictability of task execution, 374
state machine modelBell-LaPadula model based on, 283
Biba model and – SVCs (switched virtual circuits) 1015
Biba model and, 284information flow model based on, 279overview of, 278
state transitions, in state machine model, 278stateful inspection firewalls, 467stateful NAT, IP addressing and, 527–528
statement of importance, documenting business continuity plan, 111–112
statement of organizational responsibility, documentingbusiness continuity plan, 111–112
statement of priorities, documenting business continuity plan, 111–112
statement of urgency and timing, documenting business continuity plan, 111–112
static electricity, controlling, 401
static NAT, IP addressing and, 528
static packet-filtering firewalls, 466static passwords, 564static RAM, 329static systems. See embedded and static systemsstatic testing, software, 645, 858
statistical attacks, types of cryptographic attacks, 258statistical intrusion detection, 717
stealth viruses, 888
steganographyegress monitoring with, 741
overview of, 250–252, 251–252STOP error, in Blue Screen of Death, 843
stopped state, types of operating states, 322storage
of disaster recovery plans, 793information life cycle management and, 669
plan for backup media, 787–790
removable, 355sensitive data, 167–168
of threats, 870
types of, 869
storage area networks (SANs), 525storage devices
security issues, 333types of, 331–333
storage segmentation, mobile device security, 354stored procedures, protecting against SQL injection, 905
storms, disaster recovery planning for, 763–764
STP (shielded twisted-pair) cable, 475–476
strategic planning, aligning security functions to, 15, 15–16
strategy development phase, in continuity planning, 107
stream ciphers, 207
Stream Control Transmission Protocol (SCTP), 581streaming media (audio/video), copyright protection and,
135STRIDE (Spoofing, Tampering, Repudiation, Information
disclosure, Denial of service, Elevation of privilege),threat modeling and, 30–31
strikes, disaster recovery planning for, 768–769
stripe of mirrors, RAID-10, 771
striping, RAID-0, 771
striping with parity, RAID-5, 771
strong passwordscreating policy for, 620dual administrator account audits for, 745
preventing password attacks, 611
Structured Query Language (SQL)aggregation-related vulnerabilities, 341Data Definition Language, 864
Data Manipulation Language, 864
database transactions, 864–866
multilevel security database security with views, 866
relational databases, 863–864
structured walk-through test, disaster recovery plan, 794
STs (security targets), Common Criteria, 296–297study tools, for this book
additional, 968customer care, 970system requirements, 969troubleshooting, 969–970using, 969
Stuxnet wormadvanced persistent threat (APT) using, 609overview of, 892–893
subclasses, in object-oriented programming, 840
subjectsaccess control between objects and, 271, 557
in Clark-Wilson triple, 286Graham-Denning model, 288
subnet masks, IP addressing, 445subpoena, compelling surrender of evidence, 822
subscriber identity module (SIM) cardcell phone security issues, 507failure of remote wipe and, 677
substitution ciphersin American Civil War, 191Caesar cipher, 190–191one-time pads, 205–206overview of, 203–205
super-increasing sets, Merkle-Hellman Knapsack algorithm based on, 234
supervisory control and data acquisition (SCADA), 348–349
supervisory state, types of operating states, 322supplies, disaster recovery plan for, 791
support ownership, BYOD devices, 358support services, analyzing business organization, 96
Supreme Court, in U.S. legal system, 125surges, power
offline or standby UPS protecting from, 773
surge protectors, 400Sutherland model, 288
SVCs (switched virtual circuits), 532
1016 swIPe (Software IP Encryption) – TCP/IP suite
swIPe (Software IP Encryption), secure communication protocols, 501
Switched Multimegabit Data Service (SMDS), WANconnections, 536
switched virtual circuits (SVCs), 532switches
network devices, 471preventing rogue sniffers, 720
switching technologiescircuit switching, 530–531
overview of, 530
packet switching, 531–532
virtual circuits, 532
SW-SCMM or SCMMM (Software Capability MaturityModel), 850–852
Sybex text engine, 968symmetric key cryptography
Advanced Encryption Standard (AES), 218–219
algorithms, 209, 209–210
asymmetric key algorithms compared with, 213Blowfish block cipher, 217
comparing symmetric algorithms, 219creating and distributing symmetric keys, 219–221
Data Encryption Standard (DES), 214–215
exam topics, 189, 223–224International Data Encryption Algorithm (IDEA),
217
key escrow and recovery, 221–222
nonrepudiation and, 194protecting sensitive data, 172–173
review answers, 924–926review questions, 226–229Skipjack algorithm, 217–218
storing and destroying symmetric keys, 221
summary, 222–223Triple DES, 216–217
weakness of, 210written lab, 225
symmetric multiprocessing (SMP), 316–317
SYN, in TCP three-way handshake, 440SYN flood attacks
blocking, 707–708
IDS active response to, 718overview of, 706–707, 77 707
SYN/ACK, in TCP three-way handshake, 440synchronous communication, subtechnologies supported
by Ethernet, 487Synchronous Data Link Control (SDLC), 536synchronous dynamic password tokens, 567synthetic transactions, dynamic testing of software,
646
systemcontrolling access to assets, 556principle of least privilege for access to, 662–663
recovering from incident by rebuilding, 703
system high mode, security modes, 324
system logs, 733
system owner role, 175–176
system requirements, for this book, 969system resilience
overview of, 760
protecting hard drives, 771–772
protecting power sources, 773
protecting servers, 772–773
quality of service, 775
trusted recovery, 773–775
systems development life cyclecode review walk-through phase, 846
conceptual definition phase, 845
control specifications development phase, 845–846
design review phase, 846
functional requirements determination phase, 845
maintenance and change management phase, 847
overview of, 844
user acceptance testing phase, 846
Ttables, relational database
normalization of, 864
overview of, 862–864
tabletsexamples of embedded and static systems, 360managing, 677
TACACS+. See Terminal Access Controller Access ControlPlus (TACACS+)
tactical planning, 15, 15–16tailoring, security baselines, 180
Take-Grant modeldirected graph, 281overview of, 280
tampering, in STRIDE threat categorization system, 30
tape mediamanaging, 675–676
mean time to failure of, 677
target of evaluation (TOE), 295–297task-based access control (TBAC), 600
TATO (temporary authorization to operate), in security governance, 59–60
TCB. See trusted computing base (TCB)TCP ACK scan, network discovery with, 635
TCP connect scan, network discovery with, 635
TCP header, 441–442TCP reset attacks, 708
TCP SYN scan, network discovery with, 634–635
TCP wrapper, in port-based access control, 439TCP/IP suite
Application layer protocols – time stamps 1017
Application layer protocols, 447–448
domain name resolution and, 450–451
implications of multilayer protocols, 448–450
layers of, 438, 438–439
Network layer protocols, 444–447
overview of, 437, 77 437–438
security of, 500Transmission Control Protocol (TCP), 440, 440–443
Transport layer protocols, 439
User Datagram Protocol (UDP), 443–444
vulnerabilities, 450
TCSEC. See Trusted Computer System Evaluation Criteria (TCSEC)
teamincident response, 701selecting for business continuity planning, 96–97
teardrop attacks, 710–711
technical access controlsimplementing defense in depth, 598
selecting and assessing countermeasures, 74types of access control, 559
technical mechanisms, 364
technical physical security controls, 389technologies
integration, 374
virus, 887–888
technology convergence, in planning secure facility, 387Telnet, SSH compared with, 174temperature, physical security and, 401
TEMPESTsecuring data on monitors and, 334securing electrical signals and radiation, 375, 399, 454
Temporal Key Integrity Protocol (TKIP)overview of, 460securing wireless networks, 257
temporary authorization to operate (TATO), in security governance, 59–60
temporary Internet files, cache-related issues, 340Ten Commandments of Computer Ethics, IAB, 828–829
Terminal Access Controller Access Control Plus (TACACS+)
AAA protocols, 581centralizing remote authentication services, 516planning remote access security, 516
termination processes, employment, 54–56, 55terrorism
computer crime, 815
disaster recovery planning for, 765–766
test coverage analysis, software, 648
testimonial evidence, 808
testing. See also security assessment and testingdisaster recovery plan, 793–794
documenting business continuity plan, 114
electronic vaulting setup, 784fuzz testing, 29
patches, 684–685
penetration testing. See penetration testingPOST (power-on-self-test), 327software. See software testingUPS devices, 767
TGS (ticket-granting service), Kerberos, 575TGT (ticket-granting ticket), Kerberos, 575–576theft
disaster recovery planning for, 769–770
storage security issues, 333thicknet coax (10Base5), 474–475thinnet coax (10Base2), 474–475third normal form (3NF), database normalization, 864
third-generation languages (3GL), 840
third-partyplug-ins used by adware and malware, 893
security audits, 632–633
security governance, 59security services, 726
software escrow arrangements, 790threat modeling
advanced persistent threat (APT), 608–609
applying, 28–29
approaches to, 607–608
determining and diagramming potential attacks, 32–33
identifying threats, 30–32
overview of, 607
performing reduction analysis, 33–34
prioritization and response, 34–35
threatsadvanced persistent threat (APT), 608–609
to availability, 7computer crime. See computer crimeto confidentiality, 4defined, 605
defining risk terminology, 61
in formula for total risk, 73identifying, 63–64, 606–609
identifying with threat modeling, 607–608
insider, 816
to integrity, 6to storage, 870
three-way handshakeSYN flood attack disrupting, 706
in TCP, 440thrill attacks, computer crime, 817throughput rate, in biometric processing, 572ticket-granting service (TGS), Kerberos, 575ticket-granting ticket (TGT), Kerberos, 575–576tickets, Kerberos, 575time of check (TOC), attacks based on predictability of
task execution, 373time of use (TOU), attacks based on predictability of task
execution, 374time stamps, DBMS data integrity, 867
1018 time-of-check-to-time-of-use (TOCTOU) – TrueCrypt
time-of-check-to-time-of-use (TOCTOU)and application attacks, 900
attacks based on predictability of task execution, 374timing attacks
attacks based on predictability of task execution,373–374
smartcards, 619
TKIP (Temporal Key Integrity Protocol)overview of, 460securing wireless networks, 257
TLS. See Transport Layer Security (TLS)TOC (time of check), attacks based on predictability of
task execution, 373TOCTOU (time-of-check-to-time-of-use)
and application attacks, 900
attacks based on predictability of task execution,374
TOE (target of evaluation), 295–297token passing, LAN media access technologies, 489Token Ring, LAN technologies, 485tokens
authentication factors, 563overview of, 567–568
security attributes and, 275top secret
defining data classifications, 160governmental classification of data, 20
topologies, network, 477–480, 478–480tornadoes, disaster recovery planning for, 764TOU (time of use), attacks based on predictability of task
execution, 374Tower of Hanoi strategy, backup tape rotations, 790
TPM (Trusted Platform Module)integration of encryption systems with, 248overview of, 303–304
TPs (transformation procedures), in Clark-Wilson model, 287
trade secrets, 136–137
trademarks, 135–136
traffic. See network traffictraining
BCP implementation and, 110cross-training as alternative to job rotation, 52disaster recovery crisis management, 777
disaster recovery plan for, 792–793
employees on social engineering tactics, 616establishing and managing information security
education, training, and awareness, 81–82
first responders for IT incidents, 701in malicious software, 724
operational planning and, 16on reporting security incidents, 702security training as countermeasure to confidentiality
breach, 4
security training as countermeasure to integrity breach, 6
users about security, 621transactions, database, 864–866
transformation procedures (TPs), in Clark-Wilson model,287
transients, on power lines, 773
transitive trustsaccess control between objects and subjects, 271
least privilege problem and, 663
transmissionlogging, 538planning remote access security, 515
Transmission Control Protocol (TCP)AAA protocols and, 581overview of, 439in TCP/IP suite, 440, 440–443
transparency, characteristics of security controls, 537transport encryption, protecting sensitive data, 173–174
Transport layer (layer 4), in OSI model, 434–435
Transport layer protocols, in TCP/IP suiteoverview of, 439
Transmission Control Protocol (TCP), 440–443
User Datagram Protocol (UDP), 443–444
Transport Layer Security (TLS)Diameter support for, 581as encryption protocol underlying HTTPS, 173encryption protocols used by VPNs, 174example of end-to-end encryption, 255protecting web applications, 250secure communication protocols, 501
transport mode, IPsec, 256transposition ciphers
in American Civil War, 191as example of block cipher, 207overview of, 202–203
travel, personnel safety during, 670traverse mode noise, 401trend analysis, monitoring using, 740
triple, in Clark-Wilson model, 286Triple DES (3DES)
comparing symmetric algorithms, 219overview of, 173supported by S/MIME, 249versions of, 216–217
Tripwire data integrityas malicious code countermeasure, 887
preventing malicious code, 894
Trojan horsescreating botnet with, 890
email security issues, 510with logic bomb component, 888
as malicious code, 889–890
troubleshooting, study tools for this book, 969–970TrueCrypt, encryption on portable devices, 248
trust – storing sensitive data 1019
trustassurance procedures building system, 841
between LDAP domains, 574social engineering by gaining, 616–617
trust boundaries, in reduction analysis, 34trust relationships
Internet worm using, 892
in PKI, 242Trusted Computer System Evaluation Criteria (TCSEC)
categories and levels of protection, 290–292, 291Common Criteria replaces, 289guidelines relative to trusted paths, 277ITSEC compared with, 295–296limitations of, 294–295rainbow series and, 290Red and Green books of rainbow series, 293security standards and baselines and, 27
trusted computing base (TCB)overview of, 276
reference monitors and kernels, 277–278
security perimeter and, 277trusted paths, in TCB communication, 277Trusted Platform Module (TPM)
integration of encryption systems with, 248overview of, 303–304
trusted recoverydesigning for, 773–775
system shutdown and, 370trusted systems, in protection of sensitive data, 274–275
tsunamis, disaster recovery planning for, 762, 765tunnel mode, IPsec, 256tunneling
Layer 2 Tunneling Protocol (L2TP), 521
overview of, 518–519
Point-to-Point Tunneling Protocol (PPTP), 520–521
protocols for establishing VPNs, 439tuples, relational database, 862
turnstiles, as perimeter control, 408twisted-pair cable
characteristics of, 475overview of, 475–476
two-factor authenticationoverview of, 572
smartcards, 397Twofish algorithm, 218–219two-person controls (two-man rule), 666
Type 1 Error, biometric error ratings, 570Type 2 Error, biometric error ratings, 570
UUCITA (Uniform Computer Information Transactions
Act), 138UDI (unconstrained data item), in Clark-Wilson model,
287UDP. See User Datagram Protocol (UDP)
UDP header, 443UDP packets, 708
UEFI (unified extensible firmware interface), 336Ultra, attack on Enigma code, 192unclassified
defining data classifications, 160governmental classification of data, 20
unconstrained data item (UDI), in Clark-Wilson model, 287
unicasts, subtechnologies supported by Ethernet, 488unified extensible firmware interface (UEFI), 336Uniform Computer Information Transactions Act
(UCITA), 138uninterruptible power supply (UPS)
adding fault tolerance for power sources with, 773
recovery planning for power outages, 766
securing power supply, 400testing regularly, 767
United Statescode of criminal and civil law, 126Copyright Office, 134–135Department of Commerce. See Department of
CommerceDepartment of Defense. See Department of Defense
(DoD)Patent and Trademark Office (USPTO), 135privacy law, 140–144
USA PATRIOT ACT, 143United States Constitution
administrative law and, 127Fourth Amendment (privacy rights), 140Fourth Amendment (valid search), 811
role of legislature in, 125Unix
less vulnerable to viruses, 886
preventing password attacks, 898
unshielded twisted-pair (UTP)categories of, 476characteristics of, 475overview of, 475
updatesmethods of securing embedded and static systems, 363as preventive measure, 705of primary site servers to hot site servers, 779
protecting against botnets, 709
protecting against LAND attacks, 711Uplay, DRM technology used by video games, 254UPS. See uninterruptible power supply (UPS)usability, balancing security with, 681USB flash drives
authentication factors, 563controlling, 676
installing malware using, 712mobile system vulnerabilities and, 350storing sensitive data, 168
1020 USC (United States Code) – Diameter support for
USC (United States Code), of criminal and civil law, 126user acceptance, BYOD and, 359user acceptance testing phase, systems development life
cycle, 846
User Datagram Protocol (UDP)AAA protocols and, 580–581overview of, 439in TCP/IP suite, 443–444
user entitlement audits, 744–745
user interfaces (UIs), testing, 648
user modein four-ring model, 320types of operating modes, 326
userscomparing subjects and objects, 557delegating incident response to end user, 704detecting potential incidents, 700
registration of, 561
security roles and responsibilities, 23, 178
usernames for identifying, 561USPTO (United States Patent and Trademark Office), 135utilities
disaster recovery plan for, 791
disaster recovery planning for other, 767
disaster recovery planning for power outages, 766–767
UTP. See unshielded twisted-pair (UTP)
VVan Eck phreaking, 334Van Eck radiation, 334vandalism, disaster recovery planning for, 769–770
VBA (Visual Basic for Applications), 885
vehicle computing systems, examples of embedded and static systems, 362
vendorscommunications during disaster recovery with, 791controls, 56–57
electronic vaulting, 783
governance review, 147–148
software acquisition from, 860
VENONA project, 206verification
of backup, 650
of digital certificates, 245of integrity, 537integrity verification procedures (IVP), 287PIV (Personal Identity Verification) cards, 567secondary verification mechanisms, 412–413
Vernam ciphers, 205versioning control
in configuration management, 683
firmware (microcode), 363
videoBYOD devices and, 359–360copyright protection of streaming media, 135streaming with UDP, 443
video games, digital rights management, 254views, in multilevel security database security, 866
Vigenère cipher, 203–204virtual LANs (VLANs), 522–523
virtual machines (VMs)hosting honeypots/honeynets on, 722
managing, 672–673
virtual memorydata storage, 869
as type of secondary memory, 330virtual private networks (VPNs)
encryption and, 174how they work, 519–520
IPsec and, 521–522
Layer 2 Tunneling Protocol (L2TP), 521
overview of, 517–518Point-to-Point Tunneling Protocol (PPTP), 520–521
protocols, 520securing with IPsec, 256TCP/IP security using VPN links, 439telephony options, 513tunneling and, 518–519
virtual SANs (storage area networks), 525virtual storage area networks (VSANs), 673
virtualizationof data storage, 869
managing virtual assets, 672–673
overview of, 303, 523
virtual applications/software, 523–524
virtual desktops, 524virtual networking, 524–525
virus decryption routine, 888
virusesantivirus mechanisms, 886–887
email security issues, 510hoaxes, 888–889
with logic bomb component, 888
platforms vulnerable to, 885
prevalence of, 883
propagation techniques, 883–885
technologies, 887–888
vishing attacks, as variant of phishing, 618–619
visibility, factors in facility site selection, 388Visual Basic for Applications (VBA), 885
vital record program, documenting business continuity plan, 113
VLANs (virtual LANs), 522–523
VMs (virtual machines)hosting honeypots/honeynets on, 722
managing, 672–673
Voice over Internet Protocol (VoIP)converged protocols, 452–453Diameter support for, 581
phishing attacks – defacing in thrill attacks 1021
phishing attacks, 503phone number spoofing on, 616
for secure voice communication, 503–504
telephony options, 513vishing attacks, 618–619
voice encryption, 352war dialing using, 714
voice pattern recognition, biometric factors, 569volatile storage
compared with nonvolatile, 332data storage, 869
volcanic eruptions, disaster recovery planning for, 765voluntary surrender, of evidence, 822
VSANs (virtual storage area networks), 673
vulnerabilitiesCommon Vulnerability and Exposures (CVE)
database, 688
database. See database securitydefined, 61, 605
distributed systems. See distributed systemseffective management of, 685–686
evaluating based on CIA triad, 4exam topics, 376–378in formula for total risk, 73identifying, 63–64, 609–610
I/O devices, 334–335managing as security practice, 685–688
review answers, 929–930review questions, 380–383security audits reviewing management of, 746
server-based, 341
summary, 375TCP/IP suite, 450
vulnerability analysis, 609–610
web-based systems, 349–350
written lab, 379vulnerabilities, client-based
applets, 337–338
local caches, 339–341
overview of, 337
vulnerabilities, in embedded and static systemsexamples of, 360–362
methods of securing, 362–363
overview of, 360
vulnerabilities, in mobile systemsaccessing and mitigating vulnerabilities, 350–351
application security, 355–357
BYOD policies and concerns, 357–360
data ownership and, 357
device security, 352–355
vulnerabilities, in security architecturecovert channels, 369
from design or code flaws, 370
electromagnetic radiation (EM), 374–375
incremental attacks, 372–373
initialization and failure states, 370
input and parameter checking, 370–372
maintenance hooks and privileged programs, 372
overview of, 369
programming flaws, 373
technology and process integration, 374
timing, state, changes, and communicationdisconnects, 373–374
vulnerability assessmentafter departure of disgruntled employee, 816–817
network discovery scans, 634–637, 77 636–638network vulnerability scans, 637–640, 639–640overview of, 634
penetration testing of, 727
scans as reconnaissance attacks, 906
scans as security practice, 686–687
as security practice, 687–688
web vulnerability scans, 640–642, 641
Wwaiting state, types of operating states, 322WANs. See wide area networks (WANs)WAP (Wireless Application Protocol), 483–484WAPs. See wireless access points (WAPs)war dialing, 713–714
wardriving, 463warm sites, as disaster recovery option, 780–781
warning banners, incident response and, 723
WarVOX, 714water-based fire suppression systems, 405waterfall model, 847–848, 848water/flooding issues
disaster recovery planning for, 762–763
physical security, 402
watermarking, egress monitoring with, 741–742
watermarks, using steganography for, 251web application security
cross-site scripting (XSS), 901–902
with encryption, 249–250
overview of, 901
SQL injection, 902–904, 903“web of trust” concept, in Pretty Good Privacy (PGP), 249web vulnerability scans, 640–642, 641web-based systems, accessing and mitigating
vulnerabilities, 349–350
webcasting, copyright protection and, 135websites
defacing in thrill attacks, 817
1022 online privacy policies – use by S/MIME
online privacy policies, 178weighting information, in neural networks, 872
well known ports, 439WEP. See Wired Equivalent Privacy (WEP)wet pipe fire suppression system, 405whaling attacks, as variant of phishing, 618
white boxes, phreaker tools, 507white noise, securing electrical signals and radiation, 399white-box testing
penetration testing, 643, 729software quality, 857
white-box testing by full-knowledge team, 729
white-box testing by zero-knowledge team, 729
whitelistingin Apple iOS, 725blocking users from unauthorized applications, 724
preventing malicious code, 894
wide area networks (WANs)connection technologies, 534–536
dial-up encapsulation protocols, 536–537
local area networks compared with, 473technologies, 532–534
Wi-Fi Protected Access (WPA/WPA2)configuring wireless security, 462overview of, 459
securing wireless networks, 257WikiLeaks, 350wildfires, disaster recovery planning for, 764–765
WIPO (World Intellectual Property Organization), 134Wired Equivalent Privacy (WEP)
configuring wireless security, 462IEEE 802.11 and, 455overview of, 458
securing wireless networks, 257wired extension infrastructure mode, wireless access
points and, 455wireless access points (WAPs)
configuring wireless security, 462–463encryption of, 458–460
securing, 454–456
Wireless Application Protocol (WAP), 483–484wireless cells, 454wireless channels, 456wireless networking
Bluetooth (IEEE 802.15), 484
captive portals, 462
cell phones, 481–484
conducting site surveys, 457
cordless phones, 484
encryption of wireless access points, 458–460
firewalls, 465–469, 468general concepts, 480–481
managing antenna placement and power levels, 461
mobile devices, 485
Network Access Control (NAC), 464–465
overview of, 454
securing, 257–258
securing endpoints, 469
securing hardware devices, 470–472
securing network components, 463–464
securing service set identifiers, 456–457
securing wireless access points, 454–456
security procedures, 462–463
Wireless Transport Layer Security (WTLS), 483Wireshark, 614–615
wiretaps, 483–484wiring closets, securing, 391–393, 392WordPress, role-based controls of, 601work areas (operation centers), physical security of,
395
work function (work factor), in cryptography, 201
workgroup recoverydisaster recovery strategy for, 778
implementing mobile sites for, 781World Intellectual Property Organization (WIPO),
134worms
Code Red worm, 890–891
destructive potential of, 890
email security issues, 510as malicious code, 890–893
spread of Internet worm, 891–892
Stuxnet, 892–893
WPA/WPA2. See Wi-Fi Protected Access (WPA/WPA2)wrappers, methods of securing embedded and static
systems, 363WTLS (Wireless Transport Layer Security), 483
XX.25, WAN connections, 535X.509 standard
email security solutions, 511enrollment of certificates and, 245standard for digital certificates, 242use by S/MIME, 249
XACML (Extensible Access Control Markup Language) – zzuf tool 1023
XACML (Extensible Access Control Markup Language),578
Xmas scan, network discovery with, 635
XML (extensible markup language)
types of markup languages, 577
vulnerabilities in web-based systems, 349
XOR (exclusive OR) operation
Boolean logical operations, 198
in DES, 214
XSS (cross-site scripting) attacks, on web applications,901–902
Z
zero-day vulnerabilitiesmalicious code taking advantage of, 894–895
protecting against exploits, 711–712
spear phishing, 618
zeroization, securing media storage facilities, 394zero-knowledge proof, in cryptography, 200, 200–201
Zeus, as drive-by download, 712zombies, 709
zzuf tool, mutation fuzzing, 646, 647