Академический Документы
Профессиональный Документы
Культура Документы
INDEX
1113
1114
Index
1115
1116
IP spoofing, 886 B
mail bombing, 1086
backdoors, 1085–1087
man-in-the-middle
background checks, 137–138
attacks, 1086
backups, 1066–1067
password sniffing, 885–886
choosing a software backup
ping of death, 1086
facility, 806
salami attacks, 884
data backup alternatives,
slamming, 1087
801–803
smurf, 1010–1011
differential process, 802
SYN floods, 1011–1012
electronic backup solutions,
teardrop, 1012–1013, 1087
803–806
traffic analysis, 1087
full backup, 802
wardialing, 1086
hardware, 796
wiretapping, 887–888
incremental process, 802
See also hacking
software, 796–797
attenuation, 512, 522–523
bandwidth, 506, 519
audit committee, responsibilities, 130
Bank of America, 27
auditing, 237
base registers, 297, 298
physical access, 468–469
baseband, 507–508, 525
protecting audit data and log
Basel II Accord, 858
information, 246
baselines, 113–114
review of audit information, 245
See also security policies
auditors
Basic Security Theorem, 335
compliance auditors, 90
bastion hosts, 560
responsibilities, 134
BCP. See business continuity plan (BCP)
authentication, 158, 160–161, 669
BEDO DRAM, 300
open system authentication
Bell-LaPadula model, 333–336
(OSA), 623
vs. Biba model, 338
protocols, 614–616
Biba model, 336–338
shared key authentication
vs. Bell-LaPadula model, 338
(SKA), 623
biometrics, 179–182, 183–184
Authentication Header (AH), 750
crossover error rate (CER),
authoritative sources, 175
179–180
authorization, 158, 195, 669
facial scans, 183
access criteria, 195–196
fingerprints, 182
creep, 197
hand geometry, 182
availability, 59–60
hand topography, 183
and access control, 157
iris scans, 182
Available Bit Rate (ABR), 595
keyboard dynamics, 183
awareness, security-awareness training,
palm scans, 182
139–142
Index
1117
1118
Index
1119
1120
Index
1121
1122
Index
1123
1124
Index
1125
1126
Index
1127
1128
Index
1129
1130
Index
1131
1132
Index
1133
Open Database Connectivity (ODBC), 920 mean time to repair (MTTR), 1058
open network architecture, 484 media controls, 1048–1053
Open Shortest Path First (OSPF), 534 network and resource availability,
open system authentication (OSA), 623 1056–1070
open systems, 372 RAID, 1061–1062
See also closed systems RAIT, 1063
Open Systems Interconnection reference remote access security, 1044
model. See OSI model security and network personnel,
operating system fingerprinting, 1080 1031–1032
operating systems, architecture, single points of failure,
287–294, 310–311 1058–1060
Operation French Fry, 26 Storage Area Networks (SANs),
operational goals, 66 1063–1064
operations security, 1027–1028 system controls, 1037–1038
accountability, 1032–1033 system hardening, 1042–1044
administrative management, trusted recovery, 1038–1040
1028–1031 unexplained or unusual
asset identification and management, occurrences, 1035
1036–1037 unscheduled initial program loads
assurance levels, 1034 (rebooting), 1036
clipping levels, 1033 See also backups
clustering, 1064–1065 Orange Book, 49, 355–356,
configuration management, 357–358
1045–1048 Division A, 361
contingency planning, 1070 Division B, 360–361
data leakage, 1054–1055 Division C, 359
deviations from standards, Division D, 359
1035–1036 and the Rainbow Series, 361–362
Direct Access Storage Devices, Red Book, 362–364
1060–1061 ORBs, 970–971
environmental controls, 1070 order of concepts, 63
grid computing, 1065–1066 Organisation for Economic Co-operation
Hierarchical Storage Management and Development (OECD), 50–51
(HSM), 1067–1069 guidelines and transborder
input and output controls, information flow rules,
1040–1041 128, 845
licensing, 1043 organizational security model, 65–67
MAID, 1063 CobiT, 69–72
mainframes, 1070–1072 COSO framework, 69–70
mean time between failures frameworks, 69–73
(MTBF), 1057 operational planning, 66
1134
Index
1135
1136
Index
1137
1138
Index
1139
1140
Index
1141
1142
Index
1143
1144
U viruses, 996–997
antivirus software, 1001–1004
UDP, 498–502
immunizers, 1002
unauthorized disclosure of information,
visual recording devices, 461–464
247–248
Voice over IP (VoIP), 598–599, 600
uncertainty, 98
voice prints, 183
unconstrained data items (UDIs), 339
See also biometrics
unicast transmission, 524–525
voltage regulators, 434
uninterruptible power supplies. See UPSs
VPNs, 608–609
United States v. Jeansonne, 26
vulnerabilities
unshielded twisted pair (UTP) cabling,
buffer overflows, 1096
520, 521
defined, 61
Unspecified Bit Rate (UBR), 595
file and directory permissions, 1097
UPSs
file descriptor attacks, 1096
online UPS systems, 430–431
kernel flaws, 1095
standby, 431
race conditions, 1096–1097
U.S. government, and security, 31–33
relationship of threats and
user errors, 88
vulnerabilities, 87
user managers, responsibilities, 132
symbolic links, 1096
user mode, 285
vulnerability testing, 1087–1090
user provisioning, 175
penetration testing, 1090–1094
users, 338
schedule, 1098
responsibilities, 134
V W
WAM. See web access management (WAM)
value of information and assets, 85–86
WANs, 46, 583
costs that make up the value, 86–87
CSU/DSU, 589
value-added networks (VAN), 580
dedicated links, 586–587
vandalism, 980
protocols, 583
Variable Bit Rate (VBR), 595
T-carriers, 586–587
ventilation, 438
telecommunications evolution,
verification 1:1, 160–161
583–586
video cards, RAM, 318
WAP, 635–636
virtual circuits, 593
gap in the WAP, 636
virtual directories, 167
war driving for WLANs, 639–640
Virtual LANs (VLANs), 543, 544–545
wardialing, 264, 603–604, 1086,
virtual machines, 315
1094–1095
Java Virtual Machine (JVM), 316
watchdog timers, 227, 292
virtual mapping, 295–296
water sprinklers, 445–446
virtual memory, 306–307
waterfall development method, 952
virtual private networks. See VPNs
Index
1145
[ THE BEST ]
in Microsoft Certification Prep
LICENSE AGREEMENT
THIS PRODUCT (THE “PRODUCT”) CONTAINS PROPRIETARY SOFTWARE, DATA AND INFORMATION (INCLUDING
DOCUMENTATION) OWNED BY THE McGRAW-HILL COMPANIES, INC. (“McGRAW-HILL”) AND ITS LICENSORS. YOUR
RIGHT TO USE THE PRODUCT IS GOVERNED BY THE TERMS AND CONDITIONS OF THIS AGREEMENT.
LICENSE: Throughout this License Agreement, “you” shall mean either the individual or the entity whose agent opens this package. You
are granted a non-exclusive and non-transferable license to use the Product subject to the following terms:
(i) If you have licensed a single user version of the Product, the Product may only be used on a single computer (i.e., a single CPU). If you
licensed and paid the fee applicable to a local area network or wide area network version of the Product, you are subject to the terms of the
following subparagraph (ii).
(ii) If you have licensed a local area network version, you may use the Product on unlimited workstations located in one single building
selected by you that is served by such local area network. If you have licensed a wide area network version, you may use the Product on
unlimited workstations located in multiple buildings on the same site selected by you that is served by such wide area network; provided,
however, that any building will not be considered located in the same site if it is more than five (5) miles away from any building included in
such site. In addition, you may only use a local area or wide area network version of the Product on one single server. If you wish to use the
Product on more than one server, you must obtain written authorization from McGraw-Hill and pay additional fees.
(iii) You may make one copy of the Product for back-up purposes only and you must maintain an accurate record as to the location of the
back-up at all times.
COPYRIGHT; RESTRICTIONS ON USE AND TRANSFER: All rights (including copyright) in and to the Product are owned by
McGraw-Hill and its licensors. You are the owner of the enclosed disc on which the Product is recorded. You may not use, copy, decompile,
disassemble, reverse engineer, modify, reproduce, create derivative works, transmit, distribute, sublicense, store in a database or retrieval
system of any kind, rent or transfer the Product, or any portion thereof, in any form or by any means (including electronically or otherwise)
except as expressly provided for in this License Agreement. You must reproduce the copyright notices, trademark notices, legends and logos
of McGraw-Hill and its licensors that appear on the Product on the back-up copy of the Product which you are permitted to make hereunder.
All rights in the Product not expressly granted herein are reserved by McGraw-Hill and its licensors.
TERM: This License Agreement is effective until terminated. It will terminate if you fail to comply with any term or condition of this
License Agreement. Upon termination, you are obligated to return to McGraw-Hill the Product together with all copies thereof and to purge
all copies of the Product included in any and all servers and computer facilities.
DISCLAIMER OF WARRANTY: THE PRODUCT AND THE BACK-UP COPY ARE LICENSED “AS IS.” McGRAW-HILL, ITS
LICENSORS AND THE AUTHORS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE RESULTS TO BE OBTAINED
BY ANY PERSON OR ENTITY FROM USE OF THE PRODUCT, ANY INFORMATION OR DATA INCLUDED THEREIN AND/OR
ANY TECHNICAL SUPPORT SERVICES PROVIDED HEREUNDER, IF ANY (“TECHNICAL SUPPORT SERVICES”).
McGRAW-HILL, ITS LICENSORS AND THE AUTHORS MAKE NO EXPRESS OR IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT TO THE PRODUCT.
McGRAW-HILL, ITS LICENSORS, AND THE AUTHORS MAKE NO GUARANTEE THAT YOU WILL PASS ANY
CERTIFICATION EXAM WHATSOEVER BY USING THIS PRODUCT. NEITHER McGRAW-HILL, ANY OF ITS LICENSORS NOR
THE AUTHORS WARRANT THAT THE FUNCTIONS CONTAINED IN THE PRODUCT WILL MEET YOUR REQUIREMENTS OR
THAT THE OPERATION OF THE PRODUCT WILL BE UNINTERRUPTED OR ERROR FREE. YOU ASSUME THE ENTIRE RISK
WITH RESPECT TO THE QUALITY AND PERFORMANCE OF THE PRODUCT.
LIMITED WARRANTY FOR DISC: To the original licensee only, McGraw-Hill warrants that the enclosed disc on which the Product is
recorded is free from defects in materials and workmanship under normal use and service for a period of ninety (90) days from the date of
purchase. In the event of a defect in the disc covered by the foregoing warranty, McGraw-Hill will replace the disc.
LIMITATION OF LIABILITY: NEITHER McGRAW-HILL, ITS LICENSORS NOR THE AUTHORS SHALL BE LIABLE FOR ANY
INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS BUT NOT LIMITED TO, LOSS OF ANTICIPATED PROFITS
OR BENEFITS, RESULTING FROM THE USE OR INABILITY TO USE THE PRODUCT EVEN IF ANY OF THEM HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL APPLY TO ANY CLAIM OR
CAUSE WHATSOEVER WHETHER SUCH CLAIM OR CAUSE ARISES IN CONTRACT, TORT, OR OTHERWISE. Some states do
not allow the exclusion or limitation of indirect, special or consequential damages, so the above limitation may not apply to you.
U.S. GOVERNMENT RESTRICTED RIGHTS: Any software included in the Product is provided with restricted rights subject to
subparagraphs (c), (1) and (2) of the Commercial Computer Software-Restricted Rights clause at 48 C.F.R. 52.227-19. The terms of this
Agreement applicable to the use of the data in the Product are those under which the data are generally made available to the general public
by McGraw-Hill. Except as provided herein, no reproduction, use, or disclosure rights are granted with respect to the data included in the
Product and no right to modify or create derivative works from any such data is hereby granted.
GENERAL: This License Agreement constitutes the entire agreement between the parties relating to the Product. The terms of any Purchase
Order shall have no effect on the terms of this License Agreement. Failure of McGraw-Hill to insist at any time on strict compliance with
this License Agreement shall not constitute a waiver of any rights under this License Agreement. This License Agreement shall be construed
and governed in accordance with the laws of the State of New York. If any provision of this License Agreement is held to be contrary to law,
that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.