Index_A

Previous page
Table of content
Next page

A

acceptable use policies (AUPs), 146, 286

acceptance, 117

access control lists (ACLs)

Network layer and, 402

routers and, 448

access control systems, 30

administering, 68–73

methodologies for, 60

models of, 61–68, 112–114

monitoring, 71

access controls, 6–9, 29–100

modes of operation for, 133–135

objectives/parts of, 31–40

obtaining access to objects (exercise), 34–36

policies for, 56–58

specialty areas of (list), 7–9

access controls domain, 6–9

access problems, 132

account administration, 68

account request and tracking, 147

accountability, 38–40, 103

accreditation, 117

accuracy, 394

ACLs. See access control lists

acronyms, 22

active monitor, 421

active/passive network attacks, 456

Address Resolution Protocol (ARP protocol)

MAC address and, 402, 521

spoofing and, 521

Address Resolution Protocol tool (ARP tool), 289

administration domain, 9–12

administration. See security administration; password administration

administrative access control policy implementation, 58

Advanced Encryption Standard algorithm (AES algorithm), 335

agents, 510

AH protocol, 454

ALE (Annual Loss Expectancy), 263

algorithms, 330–342

alignment errors, 437

alternate sites, for business operations, 279

exercise for, 281

American Standard Code for Information Interchange (ASCII), 407

analyses

business impact, 183

cost/benefit, 265

crime scene, 292

trend, 215

Annual Loss Expectancy (ALE), 263

Annualized Rate of Occurrence (ARO), 263–267

exercise for, 266

anomaly detection, 213

antivirus software, 535–537

application exploits, 522–525

application filtering firewalls, 444

application gateways, overflow attacks and, 524

Application layer, 407

application layer gateways, 444

application viruses, 484

applications, access problems surrounding, 132

ARO (Annualized Rate of Occurrence), 263–267

exercise for, 266

ARP protocol, MAC address and, 402, 521

ARP spoofing, 521

exercise for, 438

ARP tool, 289

ARPAnet, 424

ASCII (American Standard Code for Information Interchange), 407

asset identification, 258–261

assumption of risk, 255

assurance, 37, 118

asymmetric encryption, 330–333

Asynchronous Transfer Mode (ATM), 427

attackers, 479

attacks, 8, 21, 73–82

Application layer and, 408

Data Link layer and, 402

DoS. See denial of service attacks

against network resources, 455–461

recognizing infected system and, 482

social engineering and, 526

Transport layer and, 403

audit daemon, 193

audit data sources, 192–211

audit device driver, 193

audit manager, 194

audit subsystem, 192–195

audit trails, 38, 196–198

auditing, 12–14, 175–228

importance of audit usages, 181

methods for, 190

process of according to DoD, 188

specialty areas of (list), 13

See also monitoring

auditing and monitoring domain, 12–14

auditors, 185–188

AUPs (acceptable use policies), 146, 286

authentication, 7, 34, 329

IPSec, 454

multifactor, 104

for remote access, 50–52

sniffing attacks and, 458

types of, 40–52

authentication audit trails, 39

authentication header protocol (AH protocol), 454

authentication logs, 39

authentication protocols, 433

authentication tokens, 47

authorization, 34

availability, 38, 112, 394

avoidance of risk, 255


Previous page
Table of content
Next page
SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135
Authors: Jeffrey Posulns, Robert J. Shimonski, Jeremy Faircloth
BUY ON AMAZON
Java I/O
Data Structures and Algorithms in Java
Mastering Delphi 7
Microsoft VBScript Professional Projects
Extending and Embedding PHP
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy