| < Free Open Study > |
|
SAG SQL (SQL Access Group), 273, 274
Salami attacks, 307-308, 319, 324
SAM (Security Accounts Manager), 116
Sandboxing, 72, 83
SATAN (Security Administration Tool for Analyzing Networks), 19
SAT (Security Access Tokens), 220
Scanners, 44
Screened hosts, 137
Screened subnets, 137
SDLC (Synchronous Data Link Control), 116
SDLC (System Development LifeCycle), 278-283, 292, 299
Secure European System for Applications in a Multi-vendor Environment (SESAME), 27
Secure HTTP (SHTTP), 165-166
Secure / Multipurpose Internet Mail Extensions (S / MIME), 166-167
Secure Remote Procedure Call (RPC), 126, 135
Secure Shell (SSH), 115, 167, 291
Secure Sockets Layer (SSL), 19, 84, 166, 182, 187
Security Access Tokens (SAT), 220
Security Accounts Manager (SAM), 116
Security controls, 286
domains, 286
kernels, 286
objects, 286
permissions, 286
process isolation, 286-287
subjects, 286
Security Identifier (SID), 30
Security monitoring, 41
Security policies, 29, 241
Acceptable Use Policies (AUPs), 211-212
CIA Triad, 212-213, 234
code of ethics, 215-216
defined and described, 19, 210
disposal / destruction of information, 213-214
documentation, 227-233
Due Care and Diligence, 212, 235
e-mail and, 62
guidelines security baselines, 133-134
Human Resources and, 214
incident response, 122, 216
management principles and, 212-213
personnel issues, 214-215
physical security and, 201
separation of duties, 213
SLAs (Service Level Agreements), 213
see also Documentation
Security services, 138
Serial Line Internet Protocol (SLIP), 117
Serpent algorithm, 158
Server certificates, 169-170
Server farms, 210
Servers
DMZs and, 129
file / print servers, 261-262
hardening server applications, 257-263, 291
IIS (Internet Information Server), 79
RAS (Remote Access Service), 57-59
remote access or communications servers, 56
server clustering, 210, 234
server farms, 210
Web servers, 257-258
Service Level Agreements (SLAs), 213, 234
Service packs, 257
Services. See Protocols and services
SESAME (Secure European System for Applications in a Multi-vendor Environment), 27
Session layer of OSI, 96
S / FTP (Secure FTP), 78
Shielded twisted pair (STP) cables, 105
SHTTP (Secure HTTP), 165-166
SID (Security Identifier), 30
Signal bounce, 98
Signature intrusion analysis, 119
Signatures. See Digital signatures
Simple Mail Transfer Protocol. See SMTP (Simple Mail Transfer Protocol) Relay
Single Sign-On (SSO) authentication systems, 26-27, 220-221, 235
Site surveys, 82, 86-87
Skipjack algorithm, 158
Slag code, 254
SLAs (Service Level Agreements), 213, 234
Smart cards, 44, 111, 145
defined, 19
Smart tokens, 24-25
S / MIME (Secure / Multipurpose Internet Mail Extensions), 63, 83, 85, 166-167
SMTP (Simple Mail Transfer Protocol) Relay, 75-76, 84, 129, 137, 258-259
Smurf attacks, 37-38
Sniffers, 19, 39-40, 44, 126
SNMP (Simple Network Management Protocol), 137
Social engineering, 40
Software. See Applications
Software piracy, 308, 320
Spam, 19, 40, 62, 259
cookies and, 71
Spoofing attacks, 19, 37-38, 40, 46, 258
Sprinkler systems, 200, 238
Spyware, 338-339, 352
SQL (Structured Query Language), 273, 274, 292
SSH (Secure Shell), 115, 167, 291
SSL (Secure Sockets Layer), 19, 65, 84, 166, 182, 187
SSO (Single Sign-On) authentication systems, 26-27, 220-221, 235, 242-243
Stalking, 310, 320
Standards, IEEE 802 specifications, 94-95
Star topology, 100-101
State objects. See Cookies
Statistical intrusion analysis, 51, 119-120
Stealth viruses, 254, 336, 353
Storage, 295
data storage systems, 288-289, 293
data warehousing, 267-268
of documentation, 232-233
garbage collection (storage reclamation), 274
keys, 177-178
off-site storage and disaster recovery, 205
primary storage, 288, 293
RAM (Random Access Memory), 288
real storage, 289
secondary storage, 289, 293
sequential storage, 289, 293
virtual storage, 289, 293
see also Media, removable
Stream ciphers, 190
Strong User Authentication (SUA), 22
Structured Query Language (SQL), 273, 274, 292
SUA (Strong User Authentication), 22
Subjects, 286, 287
Supervisor mode, 289-290
Supplicants, 59
Surveillance, 317
CCTV, 234, 317, 328
COAST (Computer Operations, Audit, and Security Technology), 318
SVCs (Switched Virtual Circuits), 117
Switched Virtual Circuits (SVCs), 117
Switches, 131, 135
Symantec, 134
Symmetric-key encryption, 124, 155-160, 184-185
SYN attacks, 36-37
Synchronous Data Link Control (SDLC), 116
System Access Control Lists (SACLs), 30
System development
certification and accreditation, 283-284
program languages and execution, 284-285, 293, 294
security controls, 286-287
separation of duties, 283
System Development LifeCycle (SDLC), 278-283, 292, 296
System Development LifeCycle (SDLC), 292, 296
analysis, 279-280
design, 280
development, 280
disposition, 282-283
feasibility, 279
implementation, 281
maintenance (operational), 281-282
testing, 280-281
System infectors, 335, 352
System requirements, 383
Systems architecture, documenting, 227-228
| < Free Open Study > |
|