Copyrighted Material

Copyrighted Material

Index separation of duties and Numbers responsibilities, 626 3DES (Triple DES), 177, 220, 222–223 CIA Triad and, 581–582 802.1X/EAP, 478 compensating control, 583 802.11 standard, 473 corrective control, 583 DAC (Discretionary Access Control), 628, 629 A defense-in-depth, 627–628 detective control, 582–583 AAA services, 8, 11 deterrent control, 583 AACS (Advanced Access Content System), directive control, 583 260 logical control, 584 abstraction, 13, 43 nondiscretionary, 630–635 acceptable use policies, 28 ABAC (Attribute Based Access access abuses, 410–411 Control), 629 access control Attribute Based, 633 administrative control, 583–584 MAC (Mandatory Access Control), assets, 580–581 629, 633–635 attacks, 635–636 RBAC (Role Based Access Control), access aggregation, 641 628, 630–632 asset identification, 637–638 rule-based access control, 628, 632 password attacks, 641–648 permissions, 624 risk elements, 636 physical control, 584 smartcard attacks, 651–652 preventive control, 582 social engineering attacks, privilege creep, 631 649–651 privileges, 625 spoofing attacks, 648 protection methods threat identification, 638–640 account lockout, 653 vulnerability analysis, 640 electronic access, 652 authorization logon notification, 653 access control matrix,COPYRIGHTED 625 MATERIAL multifactor authentication, 652–653 ACL, 625 password hashing, 652 capability tables, 625 password masking, 652 constrained interface, 625–626 password policies, 652 content-dependent control, 626 password salting, 652 context-dependent control, 626 physical access, 652 implicit deny, 625 user education, 653 need to know, 626 recovery control, 583 principle of lease privilege, 626 review question answers, 971–973 bindex.indd 06/27/2018 Page 1001 1002 access control matrix – Application layer (OSI) rights, 624–625 advisory policies, 27 security policies, 626–627 adware, 928 steps, 582 AES (Advanced Encryption Standard), 220, technical control, 584 224–225 written lab answers, 996 agents, 565 access control matrix, 286–288, 625 aggregation, 700 access points, 473–475 Agile development approach, 884–885 ad hoc mode, 475 ALE (annualized loss expectancy), 70–71, 110 enterprise extended mode, 475 algorithms ESSID, 475 asymmetric key, 216–219 infrastructure mode, 475 hashing algorithms, 219 rogue access points, 484–485 memorization chart, 246 SSID, 475 key spaces, 201 stand-alone mode, 475 alternate processing sites, 820–821 wired extension mode, 475 cloud computing, 824 access review audits, 785 cold sites, 821–822 account lockout, 653 hot sites, 822–823 account management reviews, 689 mobile sites, 823–824 accountability, 11, 43 service bureaus, 824 AAA services, 8 warm sites, 823 authorization and, 586–587 analytic attacks, 265 accreditation, 306–307 AND operation, 202–203 CNSS (Committee on National Security antivirus Systems), 308 heuristic-based detection, 921 DIACAP (DoD Information Assurance Kaspersky Lab, 920–921 Certification and Accreditation signature-based detection, 921 Process), 308 Tripwire, 922 DITSCAP (Defense Information APIPA (Automatic Private IP Addressing), Technology Security Certification 552–553 and Accreditation Process), 308 application attacks NIACAP (National Information back doors, 934–935 Assurance Certification and buffer overflows, 933–934 Accreditation Process), 308 escalation of privilege, 935 RMF (Risk Management Framework), rootkits, 935 308 TOCTTOU, 934 ACL (access control lists), 625 written lab answers, 1000 active website monitoring, 687 Application layer (OSI) ADEPT (Adobe Digital Experience EDI (Electronic Data Interchange), 451 Protection Technology), 261 FTP (File Transfer Protocol), 451 Adleman, Leonard, 239 HTTP (Hypertext Transfer Protocol), 451 administrative access control, 583–584 IMAP (Internet Message Access administrative controls, 78–79 Protocol), 451 physical, 403 LPD (Line Print Daemon), 451 administrative investigations, 846–847 NNTP (Network News Transport administrative law, 128–129 Protocol), 451 bindex.indd 06/27/2018 Page 1002 Application (Process) layer (TCP/IP model) – assurance 1003 POP3 (Post Office Protocol version 3), 451 cloud-based, 713–714 SET (Secure Electronic Transaction), 451 data classification, 162 SMTP (Simple Mail Transfer Protocol), confidential, 162, 164 451 defining, 165 SNMP (Simple Network Management FOIA (Freedom of Information Act), 163 Protocol), 451 FOUO (for official use only), 163 S-RPC (Secure Remote Procedure Call), 451 private, 164 Telnet, 451 proprietary, 164 TFTP (Trivial File Transfer Protocol), 451 public, 165 Application (Process) layer (TCP/IP model) SBU (sensitive but unclassified), 163 DHCP (Dynamic Host Configuration secret, 162 Protocol), 462 sensitive, 164 FTP (File Transfer Protocol), 462 top secret, 162 HTTP (Hypertext Transport Protocol), unclassified, 163 462 data security controls, 165–167 IMAP (Internet Message Access devices, 580 Protocol), 462 facilities, 580 LPD (Line Print Daemon), 463 files, 581 NFS (Network File System), 463 hardware inventories, 710–711 POP3 (Post Office Protocol), 462 information, 580 SMTP (Simple Mail Transfer Protocol), media management, 714–715 462 flash drives, 715 SNMP (Simple Network Management lifecycle, 717 Protocol), 463 mobile devices, 716–717 SSL (Secure Sockets Layer), 462 tape media, 716 Telnet, 462 objects, 581 TFTP (Trivial File Transfer Protocol), 462 owners, 179–180 X Window, 463 personnel, 580 application logs, 774 PHI (protected health information), 161 application-level gateway firewalls, 489 physical assets, 711–712 APTs (advanced persistent threats), 705, 858, PII (personally identifiable information), 917 160–161 architecture, 320–321 proprietary data, 161–162 distributed, 351 retaining, 175–176 review question answers, 966–967 review question answers, 956–958 written lab answers, 994–995 sensitive ARO (annualized rate of occurrence), 70, 109 handling, 170–171 ARP (Address Resolution Protocol), 445, marking, 169–170 446–447, 461–462, 567–568 software, licensing, 711 artificial identifiers, 183 subjects, 581 ASCII (American Standard Code for systems, 580 Information Interchange), 450 valuation, 65 asset-focused threats, 31 virtual assets,712 assets, 64 written lab answers, 991 access control, 580 assurance, 281 bindex.indd 06/27/2018 Page 1003 1004 asymmetric cryptography – attacks asymmetric cryptography incremental, 387–388 El Gamal, 241 input checking, 386–387 elliptic curve, 242 maintenance hooks and, 387 key length, 240–241 parameter checking, 386–387 Merkle-Hellman Knapsack, 240–241 privileged programs, 387 private keys, 238–239 salami attack, 388 public keys, 238–239 state attacks, 389 RSA algorithm, 239–241 trusted recovery and, 386 asymmetric cryptosystems, 199 computer crime asymmetric key algorithms, 216–219 APTs, 858 key management, 253–254 business, 858 asynchronous dynamic password tokens, 593 corporate espionage, 858 ATO (authorization to operate), 63 financial, 859 attacker-focused threats, 31 grudge, 859–861 attacks, 66, 635–636. See also malicious hacktivists, 861 code industrial espionage, 858 access aggregation, 641 insider threats, 860 access control, 635–636 intelligence, 857–858 access aggregation, 641 military, 857–858 asset identification, 637–638 script kiddies, 861, 916–917 password attacks, 641–648 terrorist, 859 risk elements, 636 thrill, 861 smartcard attacks, 651–652 cryptography social engineering attacks, 649–651 analytic, 265 spoofing attacks, 648 birthday, 267–268 threat identification, 638–640 brute force, 265–266 vulnerability analysis, 640 chosen ciphertext, 267 agents, 565 chosen plaintext, 267 application attacks ciphertext only, 266–267 back doors, 934–935 collision attack, 267–268 buffer overflows, 933–934 frequency, 266–267 escalation of privilege, 935 implementation, 265 rootkits, 935 known plaintext, 267 TOCTTOU, 934 man in the middle, 267 APTs (advanced persistent threats), 858 meet in the middle, 267 ARP (Address Resolution Protocol), replay, 268 567–568 reverse hash matching attack, 267–268 asset identification, 637–638 statistical, 265 botnets, 565, 747–748 DDoS (distributed denial of service), bots, 565 564–565 business, 858 DNS poisoning, 568 computer architecture DNS spoofing, 568 buffer overflow, 386–387 DoS (denial of service), 564–565, data diddling, 387–388 748–749 design-based attacks, 385–388 eavesdropping, 565–566 bindex.indd 06/27/2018 Page 1004 auditing – auditing 1005 espionage, 755–756 terrorist, 859 financial, 859 threat identification fraggle attacks, 751 APTs, 639–640 grudge, 859–861 thread modeling, 638–639 hijacking, 568 thread modeling approaches, 640 hyperlink spoofing, 568–569 thrill, 861 impersonation, 566–567 unskilled attackers, 457 insider threats, 860 VoIP (Voice over Internet Protocol), 525 intelligence, 857–858 vulnerability analysis, 640 land attacks, 752 wireless networking, 482–483 malicious code, 753–754 evil twins, 485 drive-by downloads, 753 IV (initialization vector), 484 man-in-the-middle, 754–755 replay attacks, 484 masquerading, 566–567 rogue access points, 484–485 military, 857–858 war chalking, 483 modification attacks, 567 war driving, 483 password attacks, 641–643 written lab answers, 995 birthday attacks, 645–646 zero-day exploits, 752–753, 928 brute-force attacks, 644–645 zombies, 565 dictionary attacks, 643 auditing, 42, 783 PBKDFw, 646 AAA services, 8, 10–11 pepper, 647 access review audits, 785 rainbow table attacks, 646 auditors, 784 sniffer attacks, 647 change management, 788 wireshark capture, 647–648 COBIT (Control Objectives for phishing, 569 Information and related ping floods, 751 Technologies),

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    50 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us