|
|
S/FTP (Secure FTP), 138
S-HTTP (Secure Hypertext Transport Protocol), 133, 371
S/MIME (Secure MIME), 368
SAM (Security Accounts Manager), 526
sandbox, 134, 526
SANS Institute, 480
scanning, 200–201, 526
scheduling changes, 471
screened host, 526
Secure Electronic Transaction (SET), 368, 368, 526
Secure FTP (S/FTP), 138
Secure Hash Algorithm (SHA), 319, 526
Secure Hypertext Transport Protocol (S-HTTP), 133, 371, 526
Secure MIME (S/MIME), 368
secure networks. See networks
Secure Shell. See SSH
Secure Socket Layer (SSL), 133, 365, 365, 526
secure web Internet connections, 133
Secure WLAN Protocol (SWP), 526
Security Accounts Manager (SAM), 526
security audit, 526
security baselines, 216–218
security concepts, 2–48. See also authentication; certificates
access control, 11–12, 259–266, 439–440
about, 259
biometrics, 265–266, 503
in cryptographic systems, 330–331
DAC, 12, 440, 506
defined, 11, 500
evaluating security systems, 264–265
MAC, 11, 62, 439–440
overview, 439
partitioning, 263–264, 264
perimeter security, 261–262, 261, 521
physical barriers for, 259, 260, 521
RBAC, 12, 440, 525
security zones, 262–263, 263
antivirus software, 11–12, 85–86, 501
authentication, 12–19
biometric devices, 18
certificates, 14, 15, 504
CHAP, 14, 14, 504
common protocols and services, 20–21
Kerberos, 16, 16, 515
multi-factor systems of, 17, 17, 19, 517
nonessential protocols and services, 21
overview, 12–13
security tokens, 15, 15, 527
setting up, 18–19
smart cards, 17, 18, 154, 383–384
username/password, 13
exam essentials, 38–40
information security, 2–9, 4
defined, 2–4, 513
management and policies, 6–9
operational security, 4, 5–6, 6, 520
physical security, 4–5, 4
prevention, detection, and response goals, 9–10
key terms, 40–41
overview, 36–38
review question answers, 47–48
review questions, 42–46
security topologies, 21–36
business requirements addressed when designing, 31–35, 33
design goals of, 22–34
NAT, 29, 29
security zones, 23–27, 25, 26, 27
tunneling, 29–30, 30
VLANs, 28, 28, 533
vulnerabilities, 35–36
Security Enhanced Linux (SELinux), 226
security logs, 88, 526
security management, 453–497. See also security policies and
procedures
best practices and documentation, 460–467
defined, 460, 503
designating areas of responsibility, 466
enforcing policies, 466–467
organizational security policies, 460–465
preventive security measures, 466
resource allocation, 465–466
change management, 467–474
change documentation, 464–465, 472–473, 504
change notification, 473–474
change staging, 471–472
justifying need for change, 469–470
overview, 467–468
scheduling changes, 471
sponsor, change agent, and target, 468–469
systematic change, 468
computer forensics, 454–460
chain of custody, 457–458
collection of evidence, 458–459, 505
methodology for investigations, 455–457
overview, 454–455
preservation of evidence, 458, 522
exam essentials, 488–489
exam objectives, 453
keeping pace with security standards, 476–482
areas of professional responsibility, 477–478
helpful websites, 479–480
trade publications, 480–481
key terms, 489–490
overview, 454, 486–488
privacy and security regulations, 482–486
Computer Fraud and Abuse Act, 483–484
Computer Security Act of 1987, 484
Cyber Security Enhancement Act, 485
Cyberspace Electronic Security Act, 484–485
FERPA, 484
Gramm Leach Bliley Act of 1999, 483, 510
HIPAA, 482–483, 511
international laws, 485–486
Patriot Act, 485
processes of, 460
review question answers, 496–497
review questions, 491–495
security awareness and education, 474–476
communications and awareness, 474–475
education, 475–476
security policies and procedures, 399–451
access control, 11–12, 259–266, 439–440
DAC, 12, 440, 506
MAC, 11, 62, 439–440
overview, 439
RBAC, 12, 440, 525
administrative, 7, 501
for business continuity, 401–420
disaster recovery, 405–420
emergency planning for utilities, 401–402
high availability, 402–405
business policies, 427–429
document disposal and destruction policies, 429
due care policies, 428
overview, 427
Physical Access Control policies, 428–429, 521
separation of duties, 428, 527
certificate policies, 429–431, 430
defined, 526
design requirements for security, 7
disaster recovery plans, 8, 8, 409–410
exam essentials, 441–443
exam objectives, 399–400
function of management and, 6–7
incident response policies, 431–432
information, 8
key terms, 443–444
overview, 279–280, 401, 440–441
personnel policies, 423–427
Acceptable Use policies, 425–426, 462–463, 500
background investigations, 427
ethics, 424–425
for hiring, 423–424
Need to Know policies, 426–427, 518
overview, 434
privacy and compartmentalized information policies, 426
termination policies, 424
privilege management, 432–439
auditing, 436–437, 437, 522
escalation audits, 438
privilege decision making, 435–436
reports to management, 439
single sign-on, 434–435, 435
usage auditing, 437–438
user and group role management, 432–433, 434
review question answers, 450–451
review questions, 445–449
security, 8
security policies, 8, 462
types of, 280–281
usage, 8
user management, 9
vendor support, 420–423
code escrow, 422–423, 505
overview, 421
service level agreements, 421–422
security professionals, 291–292, 526
security systems, evaluating, 264–265
security tokens, 15, 15, 527
security topologies, 21–36
business requirements addressed when designing, 31–35, 33
design goals of, 22–34
NAT, 29, 29
security zones, 23–27, 25, 26, 27
software and system vulnerabilities, 35–36
tunneling, 29–30, 30
VLANs, 28, 28, 533
security zones, 23–27, 25, 26, 27
access control with, 262–263, 263
defined, 23–24, 527
designing, 27
DMZ, 26, 27
extranets, 26, 26
Internet, 24–25, 25
intranet, 25, 25, 514
Security+ certification
about, xxii
advantages of, xxii–xxiii
Security+ exam, xxi–xlix
about the exam, xxiv
advantages of Security+ certification, xxii–xxiii
assessment test, xxxviii–xlv
assessment test answers, xlvi–xlix
how to prepare, xxi
testing providers for, xxiv
tips for taking, xxxvii
using CD and book, xxv–xxvi
weighting of exam objectives, xxvi–xxvii
segments, 527
SELinux (Security Enhanced Linux), 226
sensor, 176, 527
separation of duties, 428, 527
sequence number, 71–72, 71, 527
Sequenced Packet Exchange (SPX), 170, 527
Serial Line Internet Protocol (SLIP), 123, 527
server and client configuration, 527
server authentication, 122, 527
servers
backing up, 416–417, 416
change management
change documentation, 464–465, 472–473, 504
change notification, 473–474
change staging, 471–472
scheduling changes, 471
clustering in networked environment, 403, 403, 505
defined, 527
duplicate, 508
e-mail virus scanner on e-mail, 237
fail-over, 509
FTP function as, 137
hardening file and print, 240
illicit, 512
implementing secure, 217–218
preventing hijacking of SMTP relay, 136–137
proxy, 523
scheduling updates to, 473–474
securing connectivity of, 121
system recovery, 417–418
service accounts, 527
service level agreements (SLA), 421–422, 527
service packs, 232, 527
services
common, 20–21
defined, 527
nonessential, 21
session keys, 527
Session layer, 527–528
SET (Secure Electronic Transaction), 368, 368, 526
SHA (Secure Hash Algorithm), 319, 526
share-level security, 528
shielded twisted pair (STP) cables, 145–146, 145, 146, 528
shunning, 181
signal, 528
signal analysis/signal intelligence, 199–201
defined, 199
enumeration, 201
footprinting, 200, 238, 510
overview, 199–200
scanning, 200–201, 526
signal encoding, 528
signal method, 528
signed applets, 134–135, 528
SIM (Subscriber Identification Module), 269
Simple Mail Transfer Protocol (SMTP), 61, 129–130, 528
Simple Network Management Protocol (SNMP), 61, 139, 528
single loss expectancy (SLE), 470, 528
single sign-on (SSO), 434–435, 435, 528
site surveys, 196, 528
six-cartridge backup, 528
skipjack, 528
SLAs (service level agreements), 421–422, 527
SLE (single loss expectancy), 470, 528
SLIP (Serial Line Internet Protocol), 123, 527
smart cards, 17, 18, 154, 383–384
SMTP (Simple Mail Transfer Protocol), 61, 129–130, 528
SMTP relay, 136–137, 529
smurf attacks, 73–74, 74, 529
snapshot backups, 529
sniffers
10Base-T network with attached, 146, 146
about, 68–69, 118
active sniffing, 72
defined, 518, 529
FTP vulnerability to, 138
instant messaging vulnerability to, 198–199
vulnerability of coax to, 143
sniffing, 529
SNMP (Simple Network Management Protocol), 61, 139, 528
snooping, 51–52, 529
social engineering
defined, 86–87, 266–267, 529
impacts of, 318–319
sockets, 128, 529
software components and security, 105–106
software exploitation, 75–76, 529
software key storage and distribution, 377–378
spam
defined, 131, 529
getting mail addresses from newsgroups, 239
preventing, 235–236
spikes, 529
split-system key generation, 376
sponsors, 468–469
spoofing attacks, 56–57, 56, 529
SPX (Sequenced Packet Exchange), 170, 527
SQL Server, 244
SQL (Structured Query Language), 244
SSH (Secure Shell) protocol
connection process for, 369, 369
defined, 138, 526
as tunneling protocol, 126–127
SSL (Secure Socket Layer), 133, 365, 365, 526
SSO (single sign-on), 434–435, 435, 528
standards
communicating security, 481–482
cryptography protocols and, 358–373
CMP, 367, 367
common criteria, 371, 505
FIPS, 371, 510
HTTPS, 133, 371
IPSec, 371
ISAKMP, 366–367, 367
ISO 17799, 283–285, 372–373, 515
origins of encryption standards, 359–363
overview, 358–359
PGP encryption, 363, 370, 370, 522
PKIX/PKCS, 363–364
S-HTTP, 133, 371, 526
S/MIME, 368
SET, 368, 368, 526
SSH, 126–127, 138, 369, 369, 526
SSL, 133, 365, 365, 526
TLS, 365–366, 366
WEP, 195, 372
WTLS, 192, 192, 372
X.509 standard, 364–365, 430
encryption, 360–363
evaluating standards documents, 282
keeping pace with security, 476–478
overview, 279–280
standards documents, 281–282
working with policies, guidelines, and, 279–283
state table, 529
stateful inspection, 109–110
stateful packet filtering, 109–110, 529
static ARP table entry, 529
static routing, 530
status checking of suspended keys, 380
stealth ports, 530
stealth viruses, 80, 81, 530
steganography, 311, 312, 530
STP (shielded twisted pair) cables, 145–146, 145, 146, 528
strength, 325, 530
Structured Query Language (SQL), 244
Subscriber Identification Module (SIM), 269
subscribers, 430, 530
substitution ciphers, 311–312
surge protectors, 271, 530
switched, 530
switches, 112, 112
SWP (Secure WLAN Protocol), 526
Symantec Corporation, 479
symmetric algorithms, 320–322
symmetrical keys, 385, 385, 530
SYN flood, 530
system architecture, 464, 530
system logs, 463, 516
systematic change, 468
|
|