| < Free Open Study > |
|
Boldface page numbers indicate a review question about the topic.
Abstraction, 287–289, 293
Access
access rights, 16, 28, 270–271
anonymous users, 77–78
defined, 16
discretionary access, 21, 31
remote access, 56–59
see also Access control; Authentication
Access control, 47–49, 52, 236
Bell-LaPadula (B-L) model, 21
Biba, 21–22
centralized access control, 43, 221
centralized vs. decentralized, 221
Clark-Wilson model, 22
cryptography and, 153–154
defined, 16
Discretionary Access Control (DAC), 29
information security control types, 33
Lattice-Based Access Control (LBAC), 31
Mandatory Access Control (MAC), 30–31
Microsoft Windows NT / 2000 DAC, 29–30
nondiscretionary, 30–31
non-interference model, 22
physical security and, 201
privilege management and, 217–221
Remote Authentication Dial-In User Service (RADIUS), 32
role-based access control (RBAC), 31
systems for, 20–22
Task-Based Access Control (TBAC), 32
Terminal Access Controller Access Control System (TACACS), 32–33
Access Control Entries (ACEs), 30
Access Control Lists (ACLs), 16, 29–30, 43, 46–47, 220, 236
Access rights
aggregation of, 270–271, 292, 299
defined, 16
types of file system access rights, 28
Accreditation, 284, 298
ACEs (Access Control Entries), 30
ACLs (Access Control Lists), 29–30, 43, 46–47, 220
defined, 16
ActiveX controls, 73–74, 83, 250, 291
Addresses and addressing
ARP, 114–115
IPv6 addresses, 145, 146
Network Address Translation (NAT), 128–129
TCP / IP, 112–114
Address Resolution Protocol (ARP), 114–115
Administrative access controls, 33
Administrative law, 302, 320
Advanced Encryption Standard (AES), 156, 165, 185
defined, 16
Advertisements, illegal, 310
AES (Advanced Encryption Standard). See Advanced Encryption Standard (AES)
Agents, 250–252, 294–295
Aggregation of rights, 270–271, 292, 299
AI (Artificial Intelligence), 277
ALE (Annualized Loss Expectancy), 225, 243–244
Algorithms, 184–185, 189, 190
Advanced Encryption Standard (AES), 156, 157, 185
asymmetric (public-key) algorithms, 160–163, 189
Blowfish and Twofish, 158
CAST, 160
cryptography and, 154–165
Data Encryption Standard (DES), 156–157, 184
defined, 16, 181
Diffie-Hellman (DH), 162
Elgamal, 162–163
GOST, 160
hash algorithms, 163–165, 182, 184
IDEA, 158–159
MARS, 159
MD5, 165
Rijndael algorithm, 157, 181
RSA algorithm, 161–162, 181, 185
RSA RC series, 159–160, 190
Secure Hash Algorithm (SHA), 164, 182
Serpent, 158
Skipjack, 158
TEA, 160
testing passwords with, 35
triple DES, 157
Annualized Loss Expectancy (ALE), 225, 243–244
Anycast addressing, 113
Applets, 72–73, 83, 89, 249–250
Application layer of OSI, 96
Application proxies, 127–128, 136
Applications
ActiveX controls, 250
agents, 250–252
applets, 249–250
CIA Triad and, 262–263
distributed computing environments (DCEs) and, 248–249, 291
hardening, 155, 291
hosting of, 249
Java applications, 249–250, 291, 293
knowledge-based systems, 275–277
local / non-distributed computing environments, 253–254
modes of operation, 289–290
objects in OOP, 252–253
updates, 255–257, 291
see also Databases; Logic bombs; System development; Viruses; Worms
ARP (Address Resolution Protocol), 114–115
Artificial Intelligence (AI), 277
Assembly language, 284–285
Asynchronous Transfer Mode (ATM) switches, 131, 135
ATM (Asynchronous Transfer Mode), 131, 135
Attacks, 50, 51, 324, 325
birthday attacks, 36
brute force attacks, 35–36
buffer overflow attacks, 16, 36, 69, 90–91
business and financial attacks, 307
data diddling, 307, 323
defined, 16
degradation of service, 38–39
Denial of Service (DoS) attacks, 18, 36–38, 44, 50
dictionary attacks, 38
FTP vulnerabilities to, 79, 259
fun attacks, 306, 319, 324
grudge attacks, 306, 327
inference attacks, 271, 292, 296
land attacks, 38
man-in-the-middle attacks, 38, 79
methods described, 35–40
password crackers, 39
penetration testing, 234
ping of death attacks, 37
replay attacks, 38–39
routing configuration and, 128
salami attacks, 307–308, 319, 324
Smurf attacks, 37–38
sniffers, 39–40
social engineering, 40
spamming, 40
spoofing attacks, 19, 37–38, 40, 46, 258
SYN attacks, 36–37
TCP / IP hijacking, 39
teardrop attacks, 37
terrorist attacks, 307, 310, 319, 325
weak key attacks, 45
see also Intrusion detection
Attributes, database, 264
Auditing, 41–42
Authentication, 51–53
biometrics, 17, 22, 27–28, 53, 196
cryptography and, 152
defined, 16
described, 22–28
Kerberos V5 protocol, 25–26, 52
multi-factor authentication, 44–45
mutual authentication, 45
passwords and, 23–24
remote access and, 57
Single Sign-On (SSO) systems, 26–27, 220–221, 235, 242
Strong User Authentication (SUA), 22
token-based authentication, 24–25
Authorization
access rights and, 28
defined, 16
described, 28
Availability, 212–213
| < Free Open Study > |
|