Index_S

Sabotage, 25

Safeback, 270, 271, 284

Safeguards

cost/benefit analysis of, 25

definition of, 6

Safe harbor issues, United States, 405

SAINT, 186

SAM, see Security Account Manager

SAMBA, 297

SamSpade, 179, 320, 321, 504

SARA, 186

SARs, see Suspicious Activity Reports

Satellite-linked Internet connections, 233

Schwartzkopf, Norman, 36

Screensaver passwords, 101, 151

SCSI drives, 274

SDLC, see Systems development lifecycle

SearchString, 286

Search warrants, 362, 363

SEC, see Securities Exchange Commission

Secret Service, 482

Secure Sockets Layer (SSL), 84, 193

Securities Exchange Commission (SEC), 178

database, 178

filings, 179

Security

Account Manager (SAM), 171

log entries, 304

policies, 456

through obscurity, 67

Separation of duties, 112, 391

September 11, 2001, 1

Server

FTP, 461, 463, 465

help desk, 100

proxy, 464, 466

reboots, unexplained, 253

Service mark protection, 346, 347

Service Set Identifier (SSID), 83, 207, 208, 209

Sexual harassment, 61

Shadow file, 166, 168

Shareware, 180

Shoars v. Epson America, Inc., 394-395

Shoulder surfing, 67

Single loss expectancy (SLE), 6, 21, 22

SirCam virus, 329

SiteScan, 200

Site Security Handbook RFC 2196, 451-501

abstract, 451

architecture, 459-468

firewalls, 466-468

network and service configuration, 461-466

objectives, 459-461

introduction, 452-455

audience, 453

basic approach, 454

definitions, 453-454

purpose, 453

related work, 454

risk assessment, 454-456

mailing lists and other resources, 495-496

CERT^TM advisory, 495

Internet firewalls, 495-496

USENET newsgroups, 496

VIRUS-L list, 495

World Wide Web pages, 496

ongoing activities, 493-494

security incident handling, 478-493

incident aftermath, 492-493

incident handling, 488-492

incident identification, 486-488

notification and points of contact, 481-486

preparing and planning for, 479-481

responsibilities, 493

security policies, 456-459

characteristics of good, 457-459

definition, 456-457

keeping policy flexible, 459

security services and procedures, 468-478

access, 472-475

auditing, 475-477

authentication, 468-471

authorization, 472

confidentiality, 471

integrity, 471-472

securing backups, 477-478

status, 451

tools and locations, 494-495

Slammer virus, 329

SLE, see Single loss expectancy

Smart cards, 66, 154

Smoke screen, 489

SMTP Service, 169

Smyth v. The Pillsbury Co., 394

SNA Server, 169

Snort, 504

Social engineering, 172, 174, 175, 390

Soft link, 280

Software

access, 67

antivirus, 103, 153, 190

configurations, default, 242

controls, 157

copyright sample, 62

destructive, 68

forensic, 247, 285

installation

employee, 68, 69

policies, 139

license, 153

manuals, 244

piracy, 343

support, 100

tools, critical incident response, 246

unauthorized, 101

vulnerability self-assessment, 153

Solaris, 139

SOP, see Standard Operating Procedure

Source code, 90

Spam, 6, 56, 63, 323

Speedy Trial Act, 371

Spoofing, 64

Spyware, 102

SQL Server, 169

SSID, see Service Set Identifier

SSL, see Secure Sockets Layer

Standard Operating Procedure (SOP), 42

Stockholders, risk assessment reviews by, 38

Strobe, 504

SUID/SGID files, comparison of, 314

SuperScan, 181, 504

Supply chains, handling privacy in, 389

Surge suppressor power strips, 246

Survivability, definition of, 69

Suspicious Activity Reports (SARs), 256

Suspicious browsing, 487

Symantec Ghost, 281, 302

Symbolic link, 280

System(s)

administration, remote, 202

attack(s)

most frequent, 230

recognition of, 70

threats, 22-23

white-hat, 172

controls, understanding of, 120

crashes, 486

definition of, 6

effectiveness, 119

efficiency, 119

flawed, 136

intrusions, 486

map, 250

monitoring structure, 244

owners, 333

risks, 171

security consultants, 173

Systems development lifecycle (SDLC), 71, 135, 151

benefits, 72

design phase, 72

development, 72, 86

disposition phase, 73

documentation, 73

implementation phase, 73

integration and test phase, 73

management controls, 73

methodology, 71

operations and maintenance phase, 73

planning phase, 72

requirements analysis phase, 72

system accreditation and certification, 74

system concept development phase, 72

vendor services and, 88