|
|
Radio Frequency Interference (RFI), 272, 273, 273, 523
Radio Frequency (RF) communications, 112, 148–149, 149, 523
RADIUS (Remote Authentication Dial-In User Service), 125, 125, 524
RAID (Redundant Arrays of Independent Disks), 404–405, 406, 524
RAs (registration authorities), 333–335, 334, 524
RAS (Remote Access Services), 114–115, 115, 524
RBAC (Role-Based Access Control), 12, 440
RC encryption, 321
RC5 (Rivest Cipher 5), 525
real world scenarios
blocking social engineering attacks, 267
communicating security standards, 481–482
conducting risk assessments, 279
connecting remote network users, 127
controlling viruses, 86
corporate connections to business partners, 30–31
dealing with sensitive information, 467
detecting physical security breaches, 262
developing recovery plans, 420
dual-homed server-based proxy firewalls, 108–109
evaluating security systems, 264–265
handling bounced e-mail incidents, 189–190
helping users recover from viruses, 190–191
human error and cryptographic systems, 318
installing biometric devices, 265–266
inventories of computer equipment, 464, 516
performing usage audits, 438
PKI system implementation, 335
preventing spam, 235–236
purchasing SLA for new computers, 422
reducing logged traffic in audit files, 180
rogue servers, 241
scheduling updates to servers, 473–474
secure servers, 217–218
securing
dial-up connections to credit card centers, 366
FTP file transfers, 138–139
UNIX interactive users, 369–370
Windows 98 clients, 222
wireless devices, 269
selling old computers, 384–385, 462
SMTP relays, 136–137
temporary virtual smart cards, 383–384
thin clients for protecting workstations, 153
unauthorized software installation, 120–121
when to involve law enforcement, 459
reciprocal agreements, 419
record integrity of DNS servers, 238–239
recovering
keys
defined, 381–383, 381
M of N Control, 382–383, 516
system, 417–418
redundancy, 402–404, 403
Redundant Arrays of Independent Disks (RAID), 404–405, 406, 524
registration authorities (RA), 333–335, 334, 524
relying party, 430, 524
remote access protocol, 524
Remote Access Services (RAS), 114–115, 115, 524
remote access technologies, 123–127
802.1X wireless protocols, 112, 124, 193–194, 500
connecting remote network users with tunneling protocol, 127
PPP, 123–124
RADIUS, 125, 125, 524
SLIP, 123
TACACS/+, 125, 531
tunneling protocols, 126–127
VPNs, 124
Remote Authentication Dial-In User Service (RADIUS), 125, 125, 524
removable media vulnerabilities, 151–154
CD-R, 152
diskettes, 153
flash cards, 154
hard drives, 152–153
overview, 151
smart cards, 17, 18, 154, 383–384
tape, 151–152
renewing keys, 383
repairing damage after incident response, 190
replay attacks, 57–58, 58, 524
replication, 524
repository, 337, 524
repudiation attacks, 52–53, 524
resource allocation, 465–466
responses. See also active responses; passive responses
defined, 524
to information violations, 9–10
responsibility
designating areas of security, 466
for keeping pace with security standards, 477–478
restricted information, 289, 524
retrovirus, 81, 524
reverse DNS, 524
reverse engineering, 524–525
review question answers
assessment test answers, xlvi–xlix
attacks, 99–100
cryptography, 354–355, 397–398
infrastructure and connectivity, 165–166
monitoring communications, 211–212
secure networks, 255–256, 307–308
security concepts, 47–48
security policies and procedures, 450–451
review questions
assessment test, xxxviii–xlv
attacks, 94–98
cryptography, 349–353, 392–396
infrastructure and connectivity, 160–164
monitoring communications, 206–210
secure networks, 250–254, 302–306
security concepts, 42–46
security policies and procedures, 445–449
revocation
certificate, 337–338, 338, 504
defined, 525
key, 379–380
RF (Radio Frequency) communications, 112, 148–149, 149, 523
ad hoc RF network, 501
defined, 523
RF spectrum and, 112
RFC (Request for Comments), 360–361, 524
RFI (Radio Frequency Interference), 272, 273, 273, 523
RIP (Routing Information Protocol), 61, 111, 525
risk analysis, 525
risk assessments
as business’ security need, 32
components of, 278–279
conducting, 279
defined, 525
Rivest Cipher 5 (RC5), 525
roaming profiles, 525
robots, 239
Role-Based Access Control (RBAC), 12, 440, 525
roles in security process, 291–292
auditors, 292
custodian of data, 291
owner of data, 291
security professionals, 291–292
user of data, 291
root cause analysis, 455
routers, 110–111, 110, 111, 525
routes, 525
routing, 525
Routing Information Protocol (RIP), 61, 111, 525
routing table, 525
RSA asymmetric algorithm, 324
RSA cryptographic systems, 363, 525
RSA Data Security, Inc., 526
Rule Set-Based Access Control (RSBAC), 526
|
|