Index

 < Free Open Study > 



Boldface page numbers indicate a review question about the topic.

A

Abstraction, 287–289, 293

Access

access rights, 16, 28, 270–271

anonymous users, 77–78

defined, 16

discretionary access, 21, 31

remote access, 56–59

see also Access control; Authentication

Access control, 47–49, 52, 236

Bell-LaPadula (B-L) model, 21

Biba, 21–22

centralized access control, 43, 221

centralized vs. decentralized, 221

Clark-Wilson model, 22

cryptography and, 153–154

defined, 16

Discretionary Access Control (DAC), 29

information security control types, 33

Lattice-Based Access Control (LBAC), 31

Mandatory Access Control (MAC), 30–31

Microsoft Windows NT / 2000 DAC, 29–30

nondiscretionary, 30–31

non-interference model, 22

physical security and, 201

privilege management and, 217–221

Remote Authentication Dial-In User Service (RADIUS), 32

role-based access control (RBAC), 31

systems for, 20–22

Task-Based Access Control (TBAC), 32

Terminal Access Controller Access Control System (TACACS), 32–33

Access Control Entries (ACEs), 30

Access Control Lists (ACLs), 16, 29–30, 43, 46–47, 220, 236

Access rights

aggregation of, 270–271, 292, 299

defined, 16

types of file system access rights, 28

Accreditation, 284, 298

ACEs (Access Control Entries), 30

ACLs (Access Control Lists), 29–30, 43, 46–47, 220

defined, 16

ActiveX controls, 73–74, 83, 250, 291

Addresses and addressing

ARP, 114–115

IPv6 addresses, 145, 146

Network Address Translation (NAT), 128–129

TCP / IP, 112–114

Address Resolution Protocol (ARP), 114–115

Administrative access controls, 33

Administrative law, 302, 320

Advanced Encryption Standard (AES), 156, 165, 185

defined, 16

Advertisements, illegal, 310

AES (Advanced Encryption Standard). See Advanced Encryption Standard (AES)

Agents, 250–252, 294–295

Aggregation of rights, 270–271, 292, 299

AI (Artificial Intelligence), 277

ALE (Annualized Loss Expectancy), 225, 243–244

Algorithms, 184–185, 189, 190

Advanced Encryption Standard (AES), 156, 157, 185

asymmetric (public-key) algorithms, 160–163, 189

Blowfish and Twofish, 158

CAST, 160

cryptography and, 154–165

Data Encryption Standard (DES), 156–157, 184

defined, 16, 181

Diffie-Hellman (DH), 162

Elgamal, 162–163

GOST, 160

hash algorithms, 163–165, 182, 184

IDEA, 158–159

MARS, 159

MD5, 165

Rijndael algorithm, 157, 181

RSA algorithm, 161–162, 181, 185

RSA RC series, 159–160, 190

Secure Hash Algorithm (SHA), 164, 182

Serpent, 158

Skipjack, 158

TEA, 160

testing passwords with, 35

triple DES, 157

Annualized Loss Expectancy (ALE), 225, 243–244

Anycast addressing, 113

Applets, 72–73, 83, 89, 249–250

Application layer of OSI, 96

Application proxies, 127–128, 136

Applications

ActiveX controls, 250

agents, 250–252

applets, 249–250

CIA Triad and, 262–263

distributed computing environments (DCEs) and, 248–249, 291

hardening, 155, 291

hosting of, 249

Java applications, 249–250, 291, 293

knowledge-based systems, 275–277

local / non-distributed computing environments, 253–254

modes of operation, 289–290

objects in OOP, 252–253

updates, 255–257, 291

see also Databases; Logic bombs; System development; Viruses; Worms

ARP (Address Resolution Protocol), 114–115

Artificial Intelligence (AI), 277

Assembly language, 284–285

Asynchronous Transfer Mode (ATM) switches, 131, 135

ATM (Asynchronous Transfer Mode), 131, 135

Attacks, 50, 51, 324, 325

birthday attacks, 36

brute force attacks, 35–36

buffer overflow attacks, 16, 36, 69, 90–91

business and financial attacks, 307

data diddling, 307, 323

defined, 16

degradation of service, 38–39

Denial of Service (DoS) attacks, 18, 36–38, 44, 50

dictionary attacks, 38

FTP vulnerabilities to, 79, 259

fun attacks, 306, 319, 324

grudge attacks, 306, 327

inference attacks, 271, 292, 296

land attacks, 38

man-in-the-middle attacks, 38, 79

methods described, 35–40

password crackers, 39

penetration testing, 234

ping of death attacks, 37

replay attacks, 38–39

routing configuration and, 128

salami attacks, 307–308, 319, 324

Smurf attacks, 37–38

sniffers, 39–40

social engineering, 40

spamming, 40

spoofing attacks, 19, 37–38, 40, 46, 258

SYN attacks, 36–37

TCP / IP hijacking, 39

teardrop attacks, 37

terrorist attacks, 307, 310, 319, 325

weak key attacks, 45

see also Intrusion detection

Attributes, database, 264

Auditing, 41–42

Authentication, 51–53

biometrics, 17, 22, 27–28, 53, 196

cryptography and, 152

defined, 16

described, 22–28

Kerberos V5 protocol, 25–26, 52

multi-factor authentication, 44–45

mutual authentication, 45

passwords and, 23–24

remote access and, 57

Single Sign-On (SSO) systems, 26–27, 220–221, 235, 242

Strong User Authentication (SUA), 22

token-based authentication, 24–25

Authorization

access rights and, 28

defined, 16

described, 28

Availability, 212–213



 < Free Open Study > 



The Security+ Exam Guide. TestTaker's Guide Series
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net