[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] packet-filtering firewalls OSI Network layer packet-level authentication IPSec 2nd 3rd 4th 5th packet-sniffing instant messaging vulnerability 2nd unencrypted authentication FTP vulnerability packets screened host gateways 2nd screened subnet gateways 2nd password guessing attacks birthday brute force 2nd Crack tool dictionary John the Ripper tool L0phtCrack tool password policies Password-Based Cryptography Standard PKCS document #5 password-form authentication passwords character length/type recommendations secure characteristics of security policy planning strong/weak characteristics 2nd PBX telecom systems attacks protection measures 2nd PCAnywhere as tool in back door attacks PDAs (personal digital assistants) security measures Personal Information Exchange Syntax Standard PKCS document #12 PGP (Pretty Good Privacy) encryption schemes secure email transmission physical barriers biometric access cameras ceiling intrusion protection electromagnetic shielding frosted/ painted glass lock mechanisms physical security access control 2nd environment 2nd 3rd 4th 5th 6th 7th 8th 9th 10th facilities 2nd 3rd 4th 5th 6th 7th physical barriers 2nd social engineering 2nd 3rd 4th 5th 6th Domain 5.0 skill set (operational/organizational security) planning overview 2nd piggyback intruders facility security ping flood attack (DoS) ping utility (Packet Internet Grouper) diagnostic functions Ping utility port scanning PKCS #1 (RSA Cryptography Standard) #10 (Certification Request Syntax Standard) #11 (Cryptographic Token Interface Standard) #12 (Personal Information Exchange Syntax Standard) #13 (Elliptic Curve Cryptography Standard) #14 (Pseudo Random Generator) #15 (Cryptographic Token Information Format Standard) #3 (Diffie-Hellman Key Agreement) #5 (Password-Based Cryptography Standard) #6 (Extended-Certificate Syntax Standard) #7 (Cryptographic Message Syntax Standard) #8 (Private Key Information Syntax Standard) (Public Key Cryptography Standards) development by RSA Laboratories PKI (Public Key Infrastructure) 2nd Certificate Authorities (CAs) certificate policies 2nd Certificate Practive Statements (CPS) 2nd Certificate Revocation List (CRL) 2nd common uses information elements 2nd trust models 2nd 3rd vendors certificate lifecycles 2nd digital certificates authentication methods 2nd expiration dates 2nd revocation Domain 4.0 skill set (cryptography basics) keys escrow 2nd M of N control X.509 certificates plaintext attacks planning physical security overview 2nd Planning for PKI Point-to-Point Tunneling Protocol, [See PPTP] policies security acceptable use antivirus audit nondisclosure agreements passwords remote access server security wireless networks polymorphic viruses port scanning Ping utility attack signature port signatures network-based IDS ports http on TCP port 80 numbers commonly exploited 2nd PPTP (Point-to-Point Tunneling Protocol) 2nd VPN remote access 2nd 3rd 4th practice questions access control 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th attacks 2nd 3rd 4th 5th 6th 7th audit policies Chapter 8 (cryptography) 2nd 3rd 4th 5th 6th 7th 8th 9th 10th communication security 2nd 3rd 4th 5th 6th 7th 8th cryptography 2nd 3rd 4th 5th 6th 7th 8th 9th forensics infrastructure security 2nd 3rd 4th 5th 6th 7th intrusion detection 2nd 3rd 4th 5th 6th logs online vulnerabilities 2nd 3rd 4th 5th 6th 7th 8th 9th organizational security 2nd 3rd 4th 5th 6th 7th 8th 9th risk assessment security baselines 2nd 3rd security policies user education vulnerabilities practice resources Cram Session Web site ExamCram.com Web site MeasureUp Web site PrepLogic Web site Transcender Web site PrepLogic contacting PrepLogic Exam Competency Score PrepLogic Practice Tests exam simulation interface Examination Score Report Flash Remove mode starting Flash Review mode buttons options Practice Test mode Enable Item Review Button Enable Show Answer Button Randomize Choices starting studying in Practive test mode PrepLogic Exam Competency Score question quality removing from your computer reviewing exams software requirements study modes PrepLogic Practice Tests, Preview Edition PrepLogic Web site exam practice resources Pretty Good Privacy (PGP) 2nd 3rd preventing attacks back door methods 2nd brute force types malicious code 2nd war-dialing (modems) 2nd print servers services hardening measures 2nd privacy issues security policy planning private IP addresses Automatic Private IP Addressing (APIPA) private IP addressing network address translation (NAT) classes 2nd Private Key Information Syntax Standard PKCS document #8 private keys storage of hardware versus software 2nd privileges access control auditing 2nd single sign-on (SSO) 2nd access controls centralized versus decentralized management 2nd group -based role-based user-based Domain 5.0 skill set (operational/organizational security) profiling CGI script vulnerability protocols Certificate Enrollment Protocol (CEP) Certificate Management Protocol (CMP) Common Criteria Technology Security Evaluation Domain 4.0 skill set (cryptography basics) Federal Information Processing Standard (FIPS) Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Internet Protocol Security (IPSec) Internet Security Association and Key Management Protocol (ISAKMP) ISO 17799 ISO 17799 (Code of Practice for Information Security) 2nd 3rd Pretty Good Privacy (PGP) required determining 2nd routers Border Gateway Protocol (IGRP) Enhanced Interior Gateway Routing Protocol (EIGRP) Exterior Gateway Protocol (EGP) Interior Gateway Routing Protocol (IGRP) Open Shortest Path First (OSPF) Routing Information Protocol (RIP) Secure Multipurpose Internet Mail Extensions (S/MIME) Secure Sockets Layer (SSL) servers removing Transport Layer Security (TLS) unnecessary disabling 2nd vulnerabilities LDAP SSL 2nd TLS 2nd Wired Equivalent Privacy (WEP) Wireless Transport Layer Security (WTLS) XML Key Management Specification (XKMS) proxy service firewalls application-level gateway circuit-level gateway Pseudo Random Generator PKCS document #14 public key algorithms [See also asymmetric algorithms] Public Key Cryptography Standards, [See PKCS] public key encryption digital certificates authentication 2nd Public Key Infrastructure, [See PKI]2nd [See PKI] public keys storage of hardware versus software 2nd |