515 a Access Control List , 184–187, 200, 289, 294, 404 Control Matrix

Index

A B Access Bandwidth , 8, 10, 11, 13, 27, 40, 85, 133, 278, control list , 184–187, 200, 289, 294, 404 281, 327, 388, 392, 393, 398, 403, 415, control matrix , 185–186 457, 467, 474 mandatory , 189, 190, 197, 352 Base-T , 37 role-based , 185–188, 477 Base-X , 37 rule-based , 185, 188–189 Bastion , 248, 251, 262–264, 268 Activism , 115, 491, 497 Biometrics , 43, 53, 192–193, 204, 208, Advocacy , 339, 497 209, 305 Alert noti fi er , 279–280 Blue box , 112, 113 Amplitude , 8, 391 Bluetooth , 40, 400–402, 408, 419, 432, 433, Annualized loss , 159–160 438, 440–442 Anomaly , 272, 275–277, 279, 291 Bridge , 3, 13, 24, 25, 28–31, 33, 35, 141, 248, ARPANET , 68, 113 259, 293, 396 Asynchronous token , 211 Buffer over fl ow , 63, 67, 78, 110 Asynchronous transfer mode (ATM) , 23, 25, 38–40, 379, 395 Auditing , 56, 145–147, 165–167, 183, 204, C 261, 290, 352, 384 Carrier sense multiple access (CSMA) , Authentication 36, 401 anonymous , 209, 217, 220 CASPR. See Commonly Accepted Security DES , 216 Practices and Regulations (CASPR) dial-in , 215–217 CERT. See Computer Emergency Response header , 374, 375 Team (CERT) Kerberos , 214–215, 366–369 Certi fi cate authority , 213, 234, 236, 237, 239, null , 216, 405 241, 364, 366, 506, 509 policy , 218–219 Certi fi cation protocols , 214, 216, 218, 317, 366, process , 152, 164–165 382–384, 425 security , 145, 146, 164–165 remote , 209, 215–218, 383–384 Chain of custody , 302, 306, 313 Unix , 216 Challenge-response , 204, 210–212, 216, 363 Authenticator , 203, 204, 206, 207, 209, Cipher 211, 215, 216 feedback , 225 Authority registration , 240, 241 specs , 370, 371 Authorization Cladding , 12 coarse grain , 200 Coaxial cable , 11, 150, 394 fi ne grain , 200 Code Red , 68, 78, 98, 114, 329, 331, 332 granularity , 198, 199 Common criteria (CC) , 349–350 Availability , 6, 10, 85, 93, 95, 98, 109, 121, 122, Commonly Accepted Security Practices 164, 165, 201, 292, 298, 353, 392, 393, and Regulations (CASPR) , 56 422, 424, 448, 460, 467, 474–486, 504 Communicating element , 236, 237

J.M. Kizza, Guide to Computer Network Security, Computer Communications 515 and Networks, DOI 10.1007/978-1-4471-4543-1, © Springer-Verlag London 2013 516 Index

Communication Denial of service , 64, 67, 74–75, 78, 107, radio , 13 109–110, 117, 129, 137, 148, 272, 273, satellite , 13 275, 310, 313, 408, 420, 422, 424, 439, Complacency , 90 441, 479, 483, 492, 504, 509 Complexity Destroyers , 126, 333, 334 programming , 137 Detection , 37, 43, 78, 83, 87, 114, 129, 130, software , 90, 91, 161, 476 150, 164, 166, 173, 254, 265, 271, system , 90, 99 275–278, 280, 282, 283, 290–292, 310, Compression 313, 317, 320, 332, 392, 409, 416, 417, data , 85, 306, 307, 311 419, 487, 493, 496, 507 lossless , 304 intrusion , 83, 87, 114, 130, 150, 166, 265, lossy , 304 271–294, 306, 313, 317, 320, 422, 462, Computer Emergency Response Team 493, 504, 507, 508 (CERT) , 57, 63, 89, 92, 99, 114, Deterrence , 43 138, 325 Disaster Con ﬁ dentiality committee , 176, 178 data , 48, 49, 129, 223, 230–232, 241, 267, human , 172–173 423, 426 management , 171–181 information , 48 natural , 81, 150, 156, 157, 171 message , 359, 426 planning , 172 PPP , 383 prevention , 173–174 Congestion control , 21, 24, 25, 27, 32 recovery , 172, 175–176 Consolidation , 85, 447, 448, 460 resources , 180 Control Objectives for Information and response , 174–175 (Related) Technology (COBIT) , 57 Distribution center , 214, 234–236 Cracker , 81, 113, 115 Domain name service (DNS) , 22, 116, 149, CRC. See Cyclic redundancy check (CRC) 166, 255, 262–264, 266, 267, 293, Cryptanalysis , 48, 225, 226 313, 316, 504, 506 Cryptographic algorithm , 49, 224, 226, 233, Dual-homed , 256 363–364 Dumpster diving , 101 CSMA. See Carrier sense multiple access (CSMA) Cyber E crime , 107–131, 173, 493, 496 e-attack , 109 cyberspace , 64, 65, 68–72, 77, 81, 86, ECBS. See European Committee for Banking 100, 108, 109, 111, 115, 120, 133, Standards (ECBS) 137, 183, 185, 189, 247, 298, 357, ECMA. See European Computer 491–494, 497, 498 Manufacturers Association (ECMA) sleuth , 120 Education Cyclic redundancy check (CRC) , 37, 243, 304 focused , 494, 495 formal , 495 mass , 494, 495, 497, 498 D occasional , 495 DARPA. See Defense Advanced Research Effectiveness , 90, 93, 99–100, 163–165, 175, Project Agency (DARPA) 204–206, 284, 291, 292, 325, 326, 336, Data circuit-terminating equipment (DCE) , 39 337, 343, 347, 485 Datagram , 20–25, 27, 32–34, 40, 251, 252, Electronic 374–377, 397, 398, 507, 508 codebook , 225 DCE. See Data circuit-terminating equipment surveillance , 120, 191–192 (DCE) Encoding Defense Advanced Research Project Agency analog , 8, 9 (DARPA) , 21 digital , 8–9 Demilitarized zone (DMZ) , 43, 152, 262–264 scheme , 8 Index 517

Encryption Firewall asymmetric , 23, 49 forensics , 265–266 symmetric , 49, 224, 226–230, 232, 235 limitations , 267 End-points , 250, 485 NAT , 259, 261 Espionage services , 250, 266–267 economic , 82, 111 SOHO , 250, 259–260 military , 81, 120 VPN , 250, 258 Ethernet , 17, 23, 30, 32, 36–38, 248, 285, 289, Forensics 396, 509 analysis , 84, 87, 309, 311 ETSI. See European Telecommunications computer , 299, 303, 311 Standards Institute (ETSI) network , 307 European Committee for Banking Standards Frequency hopping , 401 (ECBS) , 51 FTP. See File transfer protocol (FTP) European Computer Manufacturers Association (ECMA) , 51 European Telecommunications Standards G Institute (ETSI) , 50, 392 Gateways , 3, 24, 25, 29, 30, 32–35, 46, 76, Evidence 116, 128, 133, 134, 137, 140, 247, 248, analysis of , 307–308 250, 323, 324, 327, 328, 332, 335, 377, preserving , 304–306 379–381, 398, 461, 474 recovery , 303–304 Globalization , 107, 111, 120, 171, 183, Exploits , 65, 67, 68, 78, 79, 83, 110, 116, 127, 297, 491 128, 159, 162, 163, 286, 421, 422, Global System for Mobile Communications 437–440, 504, 506, 507 (GSM) , 392, 398, 431, 433 Exterior gateway protocol (EGP) , 33 Goodtimes , 73, 74 GSM. See Global System for Mobile Communications (GSM) F FDDI. See Fiber distributed data interface (FDDI) H Federal criteria , 349, 354 Hacktivist , 115–117, 129 Federal Information Processing Standards Half open , 66, 110, 135 (FIPS) , 52, 53, 350 Hash function , 49, 211, 241–243, 306, 361, Fiber distributed data interface (FDDI) , 364, 372, 426 36, 38 Hashing algorithm , 49 File transfer protocol (FTP) , 22, 54, 149, 152, Hidden ﬁ les , 304, 309 201, 217, 241, 252, 254, 257, 262, 263, Honeypot , 286–287, 407 266, 267, 293, 313, 335, 336 Hotlines , 497 Filtering HTTPS. See Hypertext transfer protocol over address , 252 secure socket layer (HTTPS) content , 323–340 Humanware , 95, 157–159, 161, 163 exclusion , 323, 325 Hybrid , 17, 233, 275, 284–285, 378, 380, 408, keyword , 326 470, 475, 485, 487 packet , 326 Hypertext transfer protocol over secure socket port , 252–255 layer (HTTPS) , 357, 358, 364 pro ﬁ le , 326 stateful , 251 stateless , 251, 252 I virus , 328–335 ICMP. See Internet control message protocol Fingerprint , 47–49, 192–194, 204, 205, 208, (ICMP) 242 Ignorance , 83, 121 FIPS. See Federal Information Processing Impersonation , 102, 128 Standards (FIPS) Incident response , 58, 153, 288, 314–316 518 Index

Information quality , 85 K e y Information Sharing and Analysis Centers distribution , 229, 234, 236, 240, 359, 506 (ISACs) , 107 encryption , 49, 234 Infrared , 13, 40, 194, 388, 396, 419, 440 escrow , 239–240 Initial sequence numbers , 67, 254, 508 exchange , 211, 232, 234, 362, 409, 425, 441 Integrated services digital network (ISDN) , infrastructure , 361 38, 216 management , 51–53, 233–240, 405–406, Integrity , 36, 46, 49, 52, 53, 63, 81, 93, 409, 424–426, 506 108–110, 151, 152, 164, 189, 205, 206, private , 49, 212, 213, 218, 224, 230–232, 213, 223, 224, 230–233, 235–237, 241, 242, 359, 366, 367, 371 241–243, 267, 285–286, 300, 302, public , 49, 51, 52, 209, 212–215, 218, 220, 304–306, 318, 333, 351–353, 361, 224, 226, 227, 230–245, 358, 359, 364–366, 369, 370, 372, 374–376, 361–365, 367, 368, 370, 371, 380, 381, 379, 409, 422, 423, 426, 453 425, 483, 509–510 Interface , 19, 21, 23, 30, 32–36, 38, 46, 50, 65, 93–95, 103, 133–139, 156, 158, 162, 179, 189, 207, 250, 284, 285, 332, 344, L 352, 395, 396, 414, 433, 434, 458, 468, LAN. See Local area network (LAN) 470, 474, 478, 485, 507, 508 Land.c attack , 110 Internet control message protocol (ICMP) , 22, Least privileges , 188, 189, 199, 201 23, 31, 32, 67, 68, 110, 151, 250–252, Legislation , 130, 131, 298, 340, 491–493 374, 504, 509 Load balancer , 278–280, 460, 483–484 Internet protocol security (IPSec) , 51, 52, Local area network (LAN), 6, 7, 11, 13–17, 22, 258, 267, 357, 373–377, 380, 381, 27–30, 32–38, 40, 41, 51, 68, 109, 121, 462, 504, 506 153, 207, 219, 248, 381–385, 388, 395, Internetworking , 4, 30–34, 112 396, 400–402, 404–406, 410, 457, 458 Intruder , 11, 43, 44, 66, 67, 78, 80, 83, 89, 90, 97, 98, 109, 126–128, 150, 151, 159, 161–163, 190, 192, 200, 205, 209, 210, M 212, 226, 233, 250, 253, 255, 257, MAC. See Medium access control (MAC) 262–264, 272, 273, 276, 277, 282, 283, MAN. See Metropolitan area network (MAN) 285–287, 302, 313, 337, 359, 365, 404, Manchester , 9 406–408, 425, 437, 442, 479, 484, 485 MD-5 , 52 Intrusion detection , 83, 87, 114, 130, 150, 166, Medium access control (MAC) , 36, 37, 51, 265, 271–294, 306, 313, 317, 320, 422, 189, 190, 242, 243, 250, 252, 312, 359, 462, 493, 504, 506–508 364, 372, 395, 401, 404, 408, 409, 426 IP version (IPv) , 23, 337, 374, 376, 377, 482, Metropolitan area network (MAN) , 7, 14, 502, 507 41, 52 Iris , 47, 194, 195, 204, 205, 208, 293 Mobile IP , 396–400 ISACs. See Information Sharing and Analysis Modes Centers (ISACs) transport , 376–378, 380, 384 ISDN. See Integrated services digital network tunnel , 376–378, 384 (ISDN) Monitoring remote , 47 Multiplexing , 9–10, 34, 391, 402, 416 Multi-ported , 28, 30, 31 J Jamming , 37, 116, 406, 408, 424 Javascript , 134, 141–142, 332 N JPEG , 76, 77, 360 Narrowband , 13, 40, 396 National Infrastructure Protection Center (NIPC) , 108, 496 K National Institute of Standards and Kerberos , 51, 52, 207, 213–215, 219, 220, Technology (NIST) , 50, 51, 53, 305, 357, 362, 366–369, 380, 385, 95, 188, 228, 240, 242, 243, 345, 409, 410, 506 350, 352, 465, 468, 496 Index 519

Network PKCS. See Public-Key Cryptography centralized , 5, 353 Standards (PKCS) civic , 7, 205 PKI. See Public-key infrastructure (PKI) distributed , 4, 5, 45 PKZip , 304 extended , 13, 248, 511 PPP mobile , 13, 218, 393 authentication , 216, 217, 382 packet , 27, 32, 65, 108 con ﬁ dentiality , 383 public , 39, 250, 315, 436, 437, 485, 512 Prank , 119 wireless , 13, 40, 41, 58, 218, 387–411, Precedence , 185 416, 440 Pretty Good Privacy (PGP) , 52, 54, 232, 234, Next-hop , 32, 33, 128, 316 304, 317, 357–360, 362, 363, 384, 385, NIPC. See National Infrastructure Protection 504, 506, 510 Center (NIPC) Prevention , 43, 46, 109, 129–130, 150, NIST. See National Institute of Standards 172–173, 271–295, 493, 496, 504, 506 and Technology (NIST) Protocol Nmap , 506, 509 alert , 370, 372 Nonrepudiation , 46, 49–50, 58, 224, 231–233, SSL record , 370–373 241, 242, 422 Proxy server , 250, 255–259, 327, 328, 336, Nonreturn to zero (NRZ) , 8–9 337, 398 Nonreturn to zero, invert on ones (NRZ-I) , Public-Key Cryptography Standards (PKCS) , 8–9 51–52, 362, 364 Nonreturn to zero level (NRZ-L) , 8–9 Public-key infrastructure (PKI) , 52, 58, 89, Normalizer , 291 213, 214, 217, 218, 220, 236, 240–241, Notoriety , 83, 111, 121 244, 245, 358, 509–510 NRZ. See Nonreturn to zero (NRZ) NRZ-I. See Nonreturn to zero, invert on ones (NRZ-I) R NRZ-L. See Nonreturn to zero level RADIUS. See Remote Authentication Dial-In (NRZ-L) User Service (RADIUS) Regulation , 298, 440, 485, 491–493, 498 Remote Authentication Dial-In User Service O (RADIUS) , 215, 217, 293, 316, 357, Open architecture , 19, 65, 162, 393 382–385, 409, 410 Open System Interconnection (OSI) , 19–20, Repeater , 9, 28, 29, 38 30–32, 34, 39, 401, 402, 416, 469 Replication , 126, 166, 219, 333, 424 model , 19–22, 29, 395, 401 Risk assessment , 84, 86, 87, 93, 151, 165, 176, Orange Book , 55, 346, 347, 350–353 179–180 OSI. See Open System Interconnection Rivest, Shamir, and Adleman (RSA) , 51–53, (OSI) 58, 209, 232, 233, 242, 243, 359, 361, 362, 364

P Packet S ﬁ ltering , 247, 250, 251, 254, 255, SATAN , 506 326, 335 Scanning inspection , 250–252, 256 content , 324 Password heuristic , 324 cracking , 190, 299, 310 Scripts one-time , 210–211, 257, 506 CGI , 134–139, 332 token , 211 hostile , 133–143 Pathogen , 72 Perl , 140 PGP. See Pretty Good Privacy (PGP) server-side , 139–141 Phase shift , 8 Secure/Multipurpose Internet Mail Extension Phreaking , 112, 113, 119 (S/MIME) , 51, 52, 54, 317, 357, 358, Ping-of-death , 273 360–363, 385, 504, 506 520 Index

Security Spam laws , 340 analysis , 145–168, 353 Spread spectrum , 13, 40, 396, 401, 402 assessment , 145–168, 346 SSID. See Service Set Identi fi er (SSID) associations , 375–376, 381 Steganography , 306, 309, 310 assurance , 145–168, 346, 350, 352, 496, 512 Surrogate , 4, 48, 72, 75, 117, 126, 127, 137, awareness , 55, 56, 86, 87, 94, 104, 153, 328, 330, 331, 333 436, 495, 498 Switching certi fi cation , 145, 146, 164–165 circuit , 25–26 model , 257–258, 445, 504 data , 25 policy , 53, 57–59, 83, 89, 93, 94, 129, packet , 22, 25–27 145–155, 161, 163–165, 188, 218, 219, SYN fl ooding , 67, 110, 255, 273, 278 247–251, 257, 261, 279, 280, 283, 288, 291, 324, 352, 443–445, 506, 512 requirements , 145, 146, 152–156, 164, T 183, 346–348, 351–353, 379, 380, 422, TACACS+. See Terminal access controller 437, 443, 493 access control system (TACACS+) threat , 55, 63–87, 110, 137, 138, 140–142, TACACS , 384 145, 150, 156, 157, 159–164, 168, 258, TCPDump , 92, 128, 294, 320, 507, 508 271, 406, 436, 437, 460, 482, 511, 512 TCP/IP , 19–24, 34, 39, 41, 52, 53, 67, 250, vulnerability , 78, 79, 89, 90, 109, 160, 348, 252, 255, 259, 293, 364, 378, 408, 416 421, 484 TDM , 10 Self-regulation , 130, 492–494, 498 TDMA. See Time division multiple access Sensor networks (TDMA) design features , 415–419 Teardrop , 110 growth , 414–415 Terminal access controller access control routing in , 415–418 system (TACACS+) , 384 securing , 422–423 Terrorism , 81, 108, 120, 124, 125, 172, vulnerability of , 420–422 177, 339 Service Set Identi fi er (SSID) , 404, 407–409 Third generation (3G) , 293, 392, 394 Shadow , 294 Three-way handshake , 24, 66, 67, 86, 110, Signature 128, 134–136, 216, 254, 360 chameleon , 209 Time digital , 49, 50, 52, 53, 209, 212, 217, 218, bomb , 126, 127, 334 224, 232, 238, 239, 242–245, 358–361, response , 84, 98, 474, 509 363–365, 367 turnaround , 84, 87, 98, 100 Simple network management protocol (SNMP) , Time division multiple access (TDMA) , 391, 22, 63, 149, 279, 407, 504, 506 392, 398, 431 S/Key , 210, 211, 506 Toolkit , 167, 287, 299, 303, 311, 319 Slack space , 309 Topology S/MIME. See Secure/Multipurpose Internet bus , 15, 16 Mail Extension (S/MIME) ring , 17, 18 Sniffer , 48, 125, 127, 128, 191, 192, 256, 306, star , 16, 17 404, 507 Trapdoor , 126, 127, 276 Snif fi ng , 67, 110, 120, 129, 441 Trust model , 206 SNMP. See Simple network management protocol (SNMP) Snort , 294, 320, 506–508 U Social engineering , 64, 80, 86, 90, 100–102, UDP. See User datagram protocol (UDP) 104, 120, 128, 153, 163, 168, 407, 441, Unauthorized access , 43, 46, 63, 64, 109, 112, 442 139, 148, 199, 200, 211, 250, 271, 275, Software 374, 423, 484 application , 161, 469, 472 User datagram protocol (UDP) , 21–23, 25, 65, controls , 494 67, 110, 151, 250–256, 265, 367, 368, security , 58, 104 374, 504, 509 Index 521

V Games , 113, 406, 411 VBScript , 134, 141, 142, 332 walking , 406, 411 Vendetta , 81–83, 90, 119, 122, 124 Wide area network (WAN) , 6–7, 22, 27, 36, Veri ﬁ er , 207 38–41, 109, 236, 293, 380, 387 Victim computer , 74, 78, 109, 111 Wi-Fi. See Wireless Fidelity (Wi-Fi) Virtual private network (VPN) WildList , 335 hybrid , 378, 380 WinNuke , 273 secure , 378–380 WinZip , 304 trusted , 378–380 Wireless Virtual sit-in , 115, 117 LAN , 40, 41, 51, 387, 396–400, Virus 403–411 boot , 331, 340 loop , 394, 395 Code Red , 99, 114, 329, 332 Wireless Fidelity (Wi-Fi) , 218, 396–400, 402, multipartite , 333 406, 408–410, 432–434 palm , 76–77 Wiretap , 82, 129, 288 polymorphic , 332, 335 Workload , 156, 457 retro , 333 stealth , 332, 333 Trojan horse , 332 X VPN. See Virtual private network X.25 , 38–40 (VPN) xDirect Service Line (xDSL) , 40 Vulnerability assessment , 102–104, XML , 51–53, 398 145, 167, 272

Y W YK WAN. See Wide area network (WAN) bug , 73, 74 War crisis , 73 chalking , 406 driving , 406, 411, 441 fare , 118, 120 Z ﬂ ying , 406 ZDNet , 74