List of Figures

Chapter 2: Access Controls

Figure 2.1: Access Control

Figure 2.2: Obtaining Access Flowchart

Figure 2.3: Connecting to an FTP Site

Figure 2.4: FTP User ID

Figure 2.5: FTP Password

Figure 2.6: FTP Capture

Figure 2.7: Kerberos Required Components

Figure 2.8: Authentication Path for Logon Access in a Kerberos Realm

Figure 2.9: Resource Access in Kerberos Realms

Figure 2.10: RBAC Inheritance

Figure 2.11: Access Control Account Lifecycle

Figure 2.12: L0phtCrack Main Screen

Figure 2.13: L0phtCrack Accounts View

Figure 2.14: L0phtCrack Session Options

Figure 2.15: L0phtCrack Passwords Cracked

Figure 2.16: L0phtCrack All Passwords Cracked

Figure 2.17: MITM Attack

Chapter 3: Administration

Figure 3.1: The Life Cycle of Information Security

Figure 3.2: Impact of Effort on Information Assurance

Figure 3.3: Risk Relationship Pyramid

Figure 3.4: Process Layers Diagram

Chapter 4: Audit and Monitoring

Figure 4.1: The AppScan Test Progress Screen

Figure 4.2: AppScan Vulnerability Discovery Report

Figure 4.3: The Dialing Demon Splash Screen

Figure 4.4: The Dialing Demon Configuration Screen

Figure 4.5: The Dialing Demon Number Range Configuration Screen

Chapter 5: Risk, Response, and Recovery

Figure 5.1: Risk Management Cycle

Figure 5.2: Risk Mitigation Options

Figure 5.3: Primary Roles in an Investigation Involving Computer Forensics

Figure 5.4: The EnCase "Create an Evidence File" Screen

Figure 5.5: EnCase "Identification" Screen

Chapter 6: Cryptography

Figure 6.1: Diagram of the DES Encryption Algorithm

Figure 6.2: Diagram of Cipher Block Chaining

Figure 6.3: Diagram of Cipher Feedback Mode

Figure 6.4: Diagram of Electronic Code Book Mode

Figure 6.5: Diagram of Output Feedback Mode

Figure 6.6: The PKI Key Exchange

Figure 6.7: A Sample Drivers License

Figure 6.8: The "General" Tab of a Certificate

Figure 6.9: The "Details" Tab of a Certificate

Figure 6.10: A Two-Way Trust Relationship

Figure 6.11: A Chain of Trust

Figure 6.12: A Single CA Model

Figure 6.13: The Key Escrow Process

Chapter 7: Data Communications

Figure 7.1: The Path a Data Packet Takes as it Travels from Computer A to Computer B

Figure 7.2: A Complete TCP Handshake; A Connection with the Server is Opened and Logged

Figure 7.3: A SYN Scan does not Complete the TCP Handshake

Figure 7.4: The Star Topology: Each Device is Connected to a Central Hub/Switch

Figure 7.5: Bus Topology: Each Device on the Network Connected to a Single Central Backbone

Figure 7.6: The Tree Topology Combines the Star Topology and Bus Topology

Figure 7.7: The Tree Topology can Utilize Meshing to Increase Fault Tolerance

Figure 7.8: A Token Ring Topology

Figure 7.9: A Mesh Topology

Figure 7.10: A FDDI Ring Uses High-Speed Cabling and Contains Two Rings for Redundancy

Figure 7.11: A WAN is Two or More LANs that are Connected over a High Speed Line(s)

Figure 7.12: Diagram of an IP Header

Figure 7.13: Checking the Strength of an SSL Server

Figure 7.14: A DMZ is an Area in Between the Public Internet and the Private Network

Figure 7.15: A Packet Filtering Firewall

Figure 7.16: A Screened Host Firewall Provides Two Layers of Protection

Figure 7.17: A Screened Subnet Firewall with a DMZ

Figure 7.18: Stateful Inspection Technology

Figure 7.19: A VPN Creates a Virtual Tunnel Using Public Networks Like the Internet

Figure 7.20: IP Header that Includes Spoofed Source IP

Figure 7.21: NetBIOS Packet

Chapter 8: Malicious Code and Malware

Figure 8.1: TCP Uses a "Three-way Handshake" to Establish a Connection

Figure 8.2: Building a FTP-based Filter for Your Protocol Analyzer

Figure 8.3: Setting FTP as the Only Protocol to Capture with the Sniffer

Figure 8.4: Viewing Captured FTP Data

Figure 8.5: A Closer Look at the Captured Password