SANS Security Policy Resource Web page, 159
Secret Internet Protocol Router Network (SIPRNET), 50
Secure File Transfer Protocol (SFTP), 253, 256
Secure Socket Layer (SSL) certificates, 131
Security
awareness, 14
content-based, 138 “39
device, 140
education, 13 “15
labels, 26 “27
the law and, 95 “114
mobile, 129 “50
operations, 59
personnel, 13 “15, 171
physical, 175 “77
system, 174 “75
training, 167
Web application, 85 “93
WLANs, 125 “26
Security architecture, 57 “59
components , 57 “58
importance, 57
Security checklist, WLAN, 183 “87
Security policies, 159 “77
Access Policy, 163
Accountability Policy, 164
Acquisition Guidelines Policy, 164
Authentication Policy, 164
Availability Statements, 164
awareness programs, 165 “67
components, 163 “65
definition of, 162
development, 160 “77
development steps, 160
e-mail, 172 “74
employee termination procedures, 170
establishment of, 24
functions, 314 “15
good, 163
IDSs and, 279
Information Technology System and Network Maintenance Policy, 164
Internet use, 172
personnel security, 171
physical security, 175 “77
protection identification, 161
protective measures implementation, 161 “65
purpose of, 162 “63
reviewing/assessing, 165
risk analysis, 167 “68
samples, 159 “60
sensitive information, 174
system security, 174 “75
threat likelihood determination, 161
training, 170 “71
Violations Reporting Policy, 164
warning banners, 170
See also WLANs
Segmentation devices, 260 “67
EEGs, 264
EWGs, 264 “67
firewalls, 262 “63
Layer 3 switches, 261 “62
routers, 260 “61
VPN concentrators , 262
Sensitive information, 174
Single sign-on domains, 140
Social engineering, 12 “16, 192 “93
against help desk personnel, 192 “93
defined, 192
goal, 12
policy, crafting , 15 “16
remote, 13
security personnel education, 13 “15
staff education, 13 “15
tactics, 15
Spoofing
ARP, 341, 354
DHCP IP, 352
IP, 340, 353
MAC, 201 “2, 324
SSH2, 253, 254
features in wireless infrastructure devices, 254
MAC algorithm, 255
Staff, educating , 13 “15
Subpoenas, for electronic evidence, 103 “4
Supporting infrastructures , 50
System security, 174 “75
hardening systems, 174 “75
network architecture, 175
user authentication and identification, 175
See also Security policies