| < Day Day Up > |
|
Sabotage, 25
Safeback, 270, 271, 284
Safeguards
cost/benefit analysis of, 25
definition of, 6
Safe harbor issues, United States, 405
SAINT, 186
SAM, see Security Account Manager
SAMBA, 297
SamSpade, 179, 320, 321, 504
SARA, 186
SARs, see Suspicious Activity Reports
Satellite-linked Internet connections, 233
Schwartzkopf, Norman, 36
Screensaver passwords, 101, 151
SCSI drives, 274
SDLC, see Systems development lifecycle
SearchString, 286
Search warrants, 362, 363
SEC, see Securities Exchange Commission
Secret Service, 482
Secure Sockets Layer (SSL), 84, 193
Securities Exchange Commission (SEC), 178
database, 178
filings, 179
Security
Account Manager (SAM), 171
log entries, 304
policies, 456
through obscurity, 67
Separation of duties, 112, 391
September 11, 2001, 1
Server
FTP, 461, 463, 465
help desk, 100
proxy, 464, 466
reboots, unexplained, 253
Service mark protection, 346, 347
Service Set Identifier (SSID), 83, 207, 208, 209
Sexual harassment, 61
Shadow file, 166, 168
Shareware, 180
Shoars v. Epson America, Inc., 394-395
Shoulder surfing, 67
Single loss expectancy (SLE), 6, 21, 22
SirCam virus, 329
SiteScan, 200
Site Security Handbook RFC 2196, 451-501
abstract, 451
architecture, 459-468
firewalls, 466-468
network and service configuration, 461-466
objectives, 459-461
introduction, 452-455
audience, 453
basic approach, 454
definitions, 453-454
purpose, 453
related work, 454
risk assessment, 454-456
mailing lists and other resources, 495-496
CERTTM advisory, 495
Internet firewalls, 495-496
USENET newsgroups, 496
VIRUS-L list, 495
World Wide Web pages, 496
ongoing activities, 493-494
security incident handling, 478-493
incident aftermath, 492-493
incident handling, 488-492
incident identification, 486-488
notification and points of contact, 481-486
preparing and planning for, 479-481
responsibilities, 493
security policies, 456-459
characteristics of good, 457-459
definition, 456-457
keeping policy flexible, 459
security services and procedures, 468-478
access, 472-475
auditing, 475-477
authentication, 468-471
authorization, 472
confidentiality, 471
integrity, 471-472
securing backups, 477-478
status, 451
tools and locations, 494-495
Slammer virus, 329
SLE, see Single loss expectancy
Smart cards, 66, 154
Smoke screen, 489
SMTP Service, 169
Smyth v. The Pillsbury Co., 394
SNA Server, 169
Snort, 504
Social engineering, 172, 174, 175, 390
Soft link, 280
Software
access, 67
antivirus, 103, 153, 190
configurations, default, 242
controls, 157
copyright sample, 62
destructive, 68
forensic, 247, 285
installation
employee, 68, 69
policies, 139
license, 153
manuals, 244
piracy, 343
support, 100
tools, critical incident response, 246
unauthorized, 101
vulnerability self-assessment, 153
Solaris, 139
SOP, see Standard Operating Procedure
Source code, 90
Spam, 6, 56, 63, 323
Speedy Trial Act, 371
Spoofing, 64
Spyware, 102
SQL Server, 169
SSID, see Service Set Identifier
SSL, see Secure Sockets Layer
Standard Operating Procedure (SOP), 42
Stockholders, risk assessment reviews by, 38
Strobe, 504
SUID/SGID files, comparison of, 314
SuperScan, 181, 504
Supply chains, handling privacy in, 389
Surge suppressor power strips, 246
Survivability, definition of, 69
Suspicious Activity Reports (SARs), 256
Suspicious browsing, 487
Symantec Ghost, 281, 302
Symbolic link, 280
System(s)
administration, remote, 202
attack(s)
most frequent, 230
recognition of, 70
threats, 22-23
white-hat, 172
controls, understanding of, 120
crashes, 486
definition of, 6
effectiveness, 119
efficiency, 119
flawed, 136
intrusions, 486
map, 250
monitoring structure, 244
owners, 333
risks, 171
security consultants, 173
Systems development lifecycle (SDLC), 71, 135, 151
benefits, 72
design phase, 72
development, 72, 86
disposition phase, 73
documentation, 73
implementation phase, 73
integration and test phase, 73
management controls, 73
methodology, 71
operations and maintenance phase, 73
planning phase, 72
requirements analysis phase, 72
system accreditation and certification, 74
system concept development phase, 72
vendor services and, 88
| < Day Day Up > |
|