CISSP for Dummies, 2nd Edition

by Lawrence Miller and Peter Gregory

CISSP For Dummies ^®, 2nd Edition

Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.

For technical support, please visit www.wiley.com/techsupport.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Control Number: 2006939502

ISBN: 978-0-470-12426-0

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

About the Authors

Lawrence Miller, CISSP has worked in systems administration and information security for more than a decade and has earned numerous other certifications throughout that time including MCSE+I, CCNP, SCSA, CNA, A+, Network+, Security+, and i-Net+. He has also received NSA IAM certification training. He is currently working as the Information Technology Operations Manager for a top 100 U.S. law firm. He has previously worked as an internetworking security engineer and a security consultant for service providers and clients in the retail, financial, and manufacturing sectors and served over 13 years in the U.S. Navy as a Chief Petty Officer in various roles including information systems security and “weather guesser.”

Peter H. Gregory, CISA, CISSP, is the author of twelve books on security and technology including Solaris Security, Computer Viruses For Dummies, and Blocking Spam and Spyware For Dummies.

Peter is a security strategist at a publicly-traded financial management software company located in Redmond, Washington. Prior to this, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, non-profit organizations, and academia since the late 1970s.

Peter’s Web sites can be found at www.isecbooks.com and www.peter hgregory.com. He can be reached at petergregory@yahoo.com.

Dedication

From Lawrence Miller:

To those in all our lives that make it exciting, interesting, and fun, and are there for us when it isn’t.

From Peter H. Gregory:

To security professionals everywhere who are trying to do the right thing to protect their organizations’ assets.

Authors’ Acknowledgments

Peter H. Gregory would like to thank Katie Feltman, Senior Acquisitions Editor at Wiley, for her perseverance and patience. Thank you to Mark Enochs, Senior Project Editor at Wiley, for your help, and to Nicole Haims for your thoughtful editing. Thank you, Larry, for agreeing once again to coauthor this book. It’s great as always to work with you on security books.

And finally, heartfelt thanks go to Liz Suto, wherever you are, for getting me into this business over ten years ago when you asked me to do a tech review on your book Informix Online Performance Tuning.

Lawrence Miller would like to thank the folks at Wiley for all of your great work on this project, particularly Katie Feltman, Mark Enochs, and Nicole Haims. Your wonderful efforts helped ensure this 2nd Edition wasn’t just a Brady Bunch Reunion or CHIPS 2000, but rather a thorough and complete update of the 1st Edition that our readers will certainly appreciate. Peter, thank you again for working with me on yet another project and ensuring the same. And again, congratulations are in order for your recent successes, both personal and professional. I look forward to the opportunity to work together again.

Publisher’s Acknowledgments

We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/.

Some of the people who helped bring this book to market include the following:

Acquisitions, Editorial, and Media Development

Sr. Project Editor
Mark Enochs
(Previous Edition: Pat O’Brien)

Sr. Acquisitions Editor
Katie Feltman

Copy Editors
Nicole Haims
Virginia Sanders

Technical Editors
Lawrence Miller
Peter Gregory

Editorial Manager
Leah Cameron

Media Development Specialists
Angela Denny
Kate Jenkins
Steven Kudirka
Kit Malone

Media Project Supervisor
Laura Moss-Hollister

Editorial Assistant
Amanda Foxworth

Sr. Editorial Assistant
Cherie Case

Cartoons
Rich Tennant
( www.the5thwave.com)

Composition Services

Project Coordinator
Heather Kolter

Layout and Graphics
Claudia Bell
Carl Byers

Proofreaders
Aptara
David Faust

Indexer
Aptara

Anniversary Logo Design
Richard Pacifico

Publishing and Editorial for Technology Dummies

Richard Swadley, Vice President and Executive Group Publisher

Andy Cummings, Vice President and Publisher

Mary Bednarek, Executive Acquisitions Director

Mary C. Corder, Editorial Director

Publishing for Consumer Dummies

Diane Graves Steele, Vice President and Publisher

Joyce Pepple, Acquisitions Director

Composition Services

Gerry Fahey, Vice President of Production Services

Debbie Stailey, Director of Composition Services