|
|
CA (certificate authority), 332–333, 333. See also certificates
certificate practice statements, 337
certificate revocation, 337–338, 338
leaf, 339
LRA verifying identities for, 333–334, 334
non-repudiation and, 330
offloading work to RA, 333, 334
cabling, 141–151
coax, 141–144, 141, 142, 144, 505
fiber optic, 147–148, 147, 148
unshielded and shielded twisted pair cables, 145–146, 145, 146
UTP/STP cable specifications, 145–146
CAST algorithm, 321, 503
CBF (Critical Business Functions), 276, 277, 505
CCITT (Comité Consultatif Inernational Téléphonique et Télégraphique), 362
CCRA (Common Criteria Recognition Agreement), 505
CD-R (CD Recordable), 152
CD-ROM with book, xxv–xxvi
central office, 504
centralized key generation, 374–376, 375, 376
CERIAS (Center for Education and Research in Information Assurance and Security), 479
CERT Coordination Center (CERT/CC), 214–216, 479
certificate authority. See CA
Certificate Management Protocols (CMP), 367, 367
certificate policies, 429–431, 430
certificate practice statement (CPS), 337, 504
certificate revocation, 337–338, 338, 504
certificate revocation list (CRL), 337, 504
certificates, 335–337, 336. See also CA
CA and, 332
certificate content, 336, 336
certificate policies, 336–337, 504
certificate practice statement, 337, 504
defined, 14, 15, 504
overview, 335
revocation of, 337–338, 338, 504
certification, Security+, xxii–xxiii
Certification Magazine, 481
Certification Practice Statement (CPS), 431
CGI (Common Gateway Interface), 136, 505
chain of custody, 457–458, 504
Challenge Handshake Authentication Protocol (CHAP), 14, 14, 504
change agent, 469
change documentation, 464–465, 472–473, 504
change management, 467–474
change documentation, 464–465, 472–473, 504
change notification, 473–474
change staging, 471–472
justifying need for change, 469–470
overview, 467–468
scheduling changes, 471
sponsor, change agent, and target, 468–469
systematic change, 468
change notification, 473–474
CHAP (Challenge Handshake Authentication Protocol), 14, 14, 504
checkpoints, 504
checksum, 313, 504
CIO Magazine, 481
circuit-level proxy, 109
circuit switching, 504
Clark-Wilson model, 294–295, 295, 504
cleartext state, 319, 504
client/server networks, 504
clients
defined, 66, 504
FTP function as, 137
receiving web services on, 132
securing Windows 98, 222
thin, 153
vulnerability of IM, 197
clipper chip, 505
clustering, 403, 403, 505
CMP (Certificate Management Protocols), 367, 367
CO (Central Office), 116
coax, 141–144, 142, 144
baseband vs. broadband signaling, 143
construction of cable, 142
defined, 141, 505
coaxial cabling. See coax
code escrow, 422–423, 505
cold sites, 419, 505
collection of evidence, 458–459, 505
collusion, 505
Comité Consultatif Inernational Téléphonique et Télégraphique (CCITT), 362
Common Criteria (CC), 216–218, 371, 505
Common Criteria Recognition Agreement (CCRA), 505
Common Gateway Interface (CGI), 136, 505
communications, 141–151. See also monitoring communications
infrared, 148
instilling awareness of security issues, 474–475
microwave, 149–151, 150
radio frequency, 112, 148–149, 149, 523
of security standards, 481–482
companion viruses, 82, 505
compartmentalization, 426, 505
computer forensics, 454–460
chain of custody, 457–458, 504
collection of evidence, 458–459, 505
methodology for investigations, 455–457
acquiring evidence, 456
authenticating evidence, 456–457, 502
overview, 454–455
preservation of evidence, 458
Computer Fraud and Abuse Act, 483–484
Computer Security Act of 1987, 484
Computer Security Institute (CSI), 480
computers. See also computer forensics
environmental control systems for, 270–271
inventories of computer equipment, 464, 516
location and security of facility, 269–270
power systems for, 271–272
purchasing SLA for new, 422
scheduling server updates, 473–474
selling old, 384–385, 462
confidentiality
of cryptographic systems, 325–326
defined, 346, 505
in security topologies, 22
configurations
changing with intrusion detection, 182, 183
configuration management, 463, 505
network protocol, 218–221
connection-oriented protocols, 66, 505
connectionless, 505
connections. See also web Internet connections
connection-oriented protocols, 66, 505
Internet, 127–139
e-mail, 129–130, 129–131
FTP, 137–139
overview, 127–128
ports and sockets, 128–129, 128
web, 131–137
process in TCP, 68
terminating when intruder detected, 181, 182
wireless
security of, 113
wireless access points, 112–113, 113, 534
connectors
BNC, 142
fiber optic, 147
T-connector on coax, 144
cookies, 135–136, 505
CPS (Certification Practice Statement), 337, 431
CRC (cyclical redundancy check), 506
Critical Business Functions (CBF), 276, 277, 505
CRL (certificate revocation list), 337, 504
cryptanalysis, 505
cryptanalysts, 310, 505
cryptographers, 310, 506
cryptographic algorithms, 319–324
asymmetric algorithms, 322–323, 323, 502
hashing, 319–320
symmetric algorithms, 320–322
cryptographic attacks, 343–345
cryptographic systems, 325–331
access control, 330–331
authentication, 328–329, 329
confidentiality of, 325–326
digital signatures, 327–328, 328
non-repudiation, 330
cryptography, 309–398
cryptographic algorithms, 319–324
asymmetric algorithms, 322–323, 323, 502
hashing, 319–320
symmetric algorithms, 320–322
cryptographic attacks, 343–345
cryptographic systems, 325–331
access control, 330–331
authentication, 328–329, 329
confidentiality of, 325–326
digital signatures, 327–328, 328
integrity of, 326–327, 326, 327
non-repudiation, 330
defined, 310, 506
exam essentials, 347, 388–390
exam objectives, 309, 357
key terms, 348, 391
managing keys, 373–386
centralized vs. decentralized key generation, 374–376, 375, 376
key destruction, 384
key escrow, 378–379
key expiration, 379
key revocation, 379–380
key storage and distribution, 376–378, 377
key suspension, 380
key usage, 385–386, 385
overview, 373–374
recovering and archiving keys, 381–383, 381
renewing keys, 383
mathematical, 313–315
myth of unbreakable codes, 316–319
overview, 345–346, 386–388
physical, 311–313
hybrid systems, 313
steganography, 311, 312
substitution ciphers, 311–312
transposition ciphers, 312
Public Key Infrastructure, 331–343
certificate authority, 332–333, 333
certificate revocation, 337–338, 338, 504
certificates, 335–337, 336
defined, 331–332
RAs and LRAs, 333–335
trust models, 338–343
quantum, 311, 315–316, 316, 523
review question answers, 354–355, 397–398
review questions, 349–353, 392–396
standards and protocols, 358–373
CMP, 367, 367
common criteria, 371, 505
FIPS, 371
HTTPS, 133, 371
IPSec, 371
ISAKMP, 366–367, 367
ISO 17799, 283–285, 372–373
origins of encryption standards, 359–363
overview, 358–359
PGP encryption, 363, 370, 370
PKIX/PKCS, 363–364
S-HTTP, 133, 371
S/MIME, 368
SET, 368, 368
SSH, 126–127, 138, 369, 369, 526
SSL, 365, 365
TLS, 365–366, 366
WEP, 195, 372
WTLS, 192, 192, 372
X.509, 364–365
CSO Magazine, 481
current keys, 381–382
custodian of data, 291, 506
Cyber Security Enhancement Act, 485
Cyberspace Electronic Security Act, 484–485
cyclical redundancy check (CRC), 506
|
|