|
|
packet collisions, 401
packet filtering firewalls, 443
Packet Internet Groper (PING) tool, 290
packet storms, 517
packets
Network layer and, 402
reset, 405
PAP protocol, 433
parallelizing encryption operations, 347
parasitic viruses, 485
passive/active network attacks, 456
Password Authentication Protocol (PAP), 433
passwords
administering, 7, 52–56
auditing, 55
authentication for, 40–42
keeping available in emergencies, 296
managing, 6, 54
selecting, 52
using to generate long keys, 377
PAT (Port Address Translation), 442
pattern recognition, 213
PDUs (Protocol Data Units), 518
penetration testing, 85–87, 201–206
auditors and, 187
tools for, 204
permissions, determining, 70
permutation operations, 335
PGP (Pretty Good Privacy), 333
PKI and, 356
phreakers, 480
PHY layer, 422
physical access, 132
control policy implementation for, 59
Physical layer, 396–401
Physical Medium Dependent (PMD), 422
physical security, 328
ping floods, 515
Ping of Death attacks, 514
ping storms, 515
PING tool, 290
PKCS (Public Key Cryptography Standards), 366
PKDS (Public Key Distribution Systems), 333
PKE (Public Key Encryption), 333
PKI (public key infrastructure), 355–358
plaintext, 326
plaintext attacks, 380, 381
plans
business continuity, 268–271
contingency, 268
disaster recovery, 268, 270–282
PMD (Physical Medium Dependent), 422
PMD layer, 422
points of entry, 443
Point-to-Point Protocol (PPP), 434
Point-to-Point Tunneling Protocol (PPTP), 452
policies, 144–148, 185
employment, 144–148
implementations of for access controls, 58
as tool for incident investigation, 285–289
polymorphic viruses, 484
Port Address Translation (PAT), 442
port scanning, 532–535
port scans, 403–405
ports, 532
PPP protocol, 434
PPTP protocol, 452
Presentation layer, 406
Pretty Good Privacy (PGP), 333
PKI and, 356
preventive access control policies, 56
primary data, collecting, 196
principle of least privilege, 107–109
vs. separation of duties, 122
private branch exchange attacks, 460
private keys, 331, 352
protecting, 371
storing, 369–371
privilege elevation logs/audit trails, 39
processing integrity, certifying, 121
ProDiscover data recovery software, 310
products. See tools
program viruses, 484
programming language code, 481
poor quality and, 523
proof of concept viruses, 509
Protocol Data Units (PDUs), 518
protocols, 24, 427–435
at Application layer, 407
authentication, 433
connection-oriented vs. connectionless, 427
at Network layer, 403
remote access, 434
at Session layer, 406
token ring, 419–424
at Transport layer, 403
types of, 427
proxy servers, 449
public information, 143
Public Key Cryptography Standards (PKCS), 366
Public Key Distribution Systems (PKDS), 333
public key encryption, 330–333
IPSec protocol and, 455
public key infrastructure (PKI), 355–358
public keys, 330, 352
encryption and, 455
|
|