|
|
 |
|
|
|
Security+ Certification Training Kit
|
|
|
Author
|
|
Microsoft Corporation with Andy Ruth and Kurt Hudson
|
|
|
Pages
|
512
|
|
Disk
|
1 Companion CD(s)
|
|
Level
|
All Levels
|
|
Published
|
01/29/2003
|
|
ISBN
|
9780735618220
|
|
Price
|
$59.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
A+ certification, 2
acceptable use policy, 319
access control
administrative access, 111, 113
biometric mechanisms, 282-84
concepts, 240
DAC, 241
identification and authentication and, 64
MAC, 242
methods of, 243
physical security, 101, 280-82
RBAC, 242-43
review questions, 243-44
access control lists. See ACLs (access control lists)
access denied errors, 140
access points (APs), wireless, 124-25
access points, to networks. See also intrusion points
internal/external, 23
minimizing, 25
access policies, 316
account lockout policies, 259
accountability policies, 316-17
ACK scans, 351
ACK segments, 53
Acknowledgement Number field, TCP header, 51
ACLs (access control lists)
DAC and, 240
file-level security with, 26
MAC and, 242
packet filtering and, 256-57
privilege management and, 292-93
active content, 205-09
ActiveX, 207
Java applets, 205-06
JavaScript, 206
overview of, 205
signing, 208-09
active response, 374-75
ActiveX, 207
Address Resolution Protocol. See ARP (Address Resolution Protocol)
administrative access
to routers, 113
to switches and bridges, 111
AES algorithm, 68
AH (Authentication Header), 359
alerts, 247, 262
algorithms
asymmetric. See asymmetric algorithms
hash, 67, 74-75, 247
overview of, 66-67
SSL/TLS and, 203
symmetric, 67-68, 75
ANI (Automatic Number Identification), 151
anomaly detection, 373-74
anonymous FTP servers, 216
antitheft mechanisms, mobile devices, 140
antivirus policy, 318. See also viruses
Apher Trojan, 357
application filtering firewalls, 116
Application layer
communication flow through TCP/IP protocol stack, 40
DARPA model, 38
vulnerabilities, 60
Application layer (Layer 7), OSI model, 37
application service providers (ASPs), 320
application-based IDS, 371-72
applications. See also software
digital certificates and, 80
hardening and securing, 26
Internet applications, 21
system architecture documentation and, 324
updates, 249-50
APs (access points), wireless, 124-25
ARP (Address Resolution Protocol), 39, 345
ARP cache poisoning
as form of spoofing, 352
Network Interface layer vulnerabilities, 59
routers and, 113
switches and bridges and, 111-12
ARP scanning attacks, 346
ARP spoofing. See ARP cache poisoning
AS (authentication servers), Kerberos, 227
ASPs (application service providers), 320
ASR Data, forensic tools, 382
assets, identification and valuation, 330
asymmetric algorithms, 68-70
advantages/disadvantages, 69
authentication with, 75
communication integrity with, 75
list of, 69
nonrepudiation with, 76
public key cryptography and, 68-69
asymmetric encryption, 203
asymmetric key pairs, PKI, 79
attack signatures, 373
attackers. See hackers
attacks
back door, 356-57
buffer overflows, 204-05, 249, 262
costs of, 4
DDoS, 16, 352, 355
defending against, 24-25
DoS. See DoS (Denial of Service) attacks
encryption breaking, 360-61
exercise matching attacks to scans, 364
malicious code, 16-17, 361, 363-64
man-in-the-middle, 16, 59, 356
NIDS (network IDS) and, 370
password guessing, 16, 357-58
replay, 359
review questions, 365
scanning. See scanning attacks
session hijacking, 60, 361
social engineering. See social engineering
software exploitation, 361
source routing, 355-56
spoofing. See spoofing attacks
threats of, 14-15
types of, 16, 100
auditing. See also monitoring
enabling, 27, 259
overview of, 295
workstations, 140
authentication
biometric. See biometric authentication
CHAP, 120, 232-33
combining methods of, 235-36
credentials, 224
cross-realm, 227, 237
cryptography and, 75
database servers, 275
defined, 64
dial-up connections, 170-71
file and print server security, 271
FTP servers, 216
Kerberos. See Kerberos
LDAP servers, 273-74
NNTP servers, 272
passwords, 224-26
policy, 317
RADIUS, 120-21, 159-62
remote access and, 158-59
selection criteria, 235-36
SSL/TLS and, 202-03
strong authentication, 119, 235
TACACS, 119-20, 162-63
token-based, 232-33
user authentication, 26-27
Authentication Header (AH), 359
authentication servers (AS), Kerberos, 227
authenticators, Kerberos, 228
Authenticode, Microsoft, 208
Automatic Number Identification (ANI), 151
availability
C-I-A triad, 5-6, 11
high, 310
availability statement, 317
B
back door attacks, 356-57
backups
business continuity management and, 310
disaster recovery and, 287-88
magnetic tape as media for, 298
maintaining, 259
offsite storage of, 288
server security and, 262
baselines, 245-46
basic input/output systems (BIOS), 247
bastion hosts, 130-31, 265
BCM (business continuity management), 308-11
backups, 310
business continuity planning, 309
high availability and fault tolerance, 310
overview of, 308
review questions, 311-12
utilities, 311
benchmarks, 245-46
Bernhard, Frank, 4
biometric authentication
access control, 282-83
combining methods, 284
enrolling, 233
overview of, 27
smart cards and, 358
technologies, 283
verification process, 233-34
BIOS (basic input/output systems), 247
birthday paradox attacks, 360-61
Blowfish algorithm, 68
bridge CA architecture, 90-91
bridges
ARP cache poisoning and, 111-12
compromising, 111-12
gaining administrative access to, 111
overview of, 110
securing, 112
browsers
ActiveX support, 207-08
Application layer vulnerabilities, 60
cookies, 209
TCP/IP communication flow and, 39-41
brute force password guessing, 16, 357
buffer overflows
defending against, 204-05, 262
as most common security exploit, 249
business continuity management. See BCM (business continuity management)
C
CA (certification authority)
auditing function of, 96
defined, 80
guarantee of certificates by, 231
overview of, 82
as source of digital certificates, 27
CA trust models, 86-93
bridge architecture, 90-91
hierarchical architecture, 88-89
mesh architecture, 86-88
overview of, 86
review questions, 92-93
cable
coaxial, 104-05
fiber optic, 106-07
review questions, 107-08
twisted-pair, 105-06
cache poisoning, DNS, 269-70
Callback Control Protocol (CBCP), 150-51
Caller ID, 151
CATV (community antenna television), 149
CBCP (Callback Control Protocol), 150-51
CC (Common Criteria), 1
CCM (change and configuration management) policy, 324
CD-Rs/CD-RWs, 300-302
archiving data, 301
erasing, 301-02
overview of, 300-301
preventing abuse of, 301
cellular networking, 287
Center for Internet Security (CIS), 245-46, 259
centralized management, 294-95
CER (crossover error rate), biometrics, 234
CERT (Computer Emergency Response Team)
DoS tools, 352
on e-mail sniffers, 188
malicious HTML code, 361
scanning tools, 250
security alerts, 247
security baseline information, 246
on session hijacking, 361
on SNMP vulnerabilities, 251
on social engineering attacks, 362
on software exploits, 191
SSH passwords, 359
on UDP DoS attacks, 251
vulnerability reports, 334
Windows NT Configuration Guidelines, 259
certificate revocation list (CRL), 82
certificate signing request (CSR), 232
certificates. See also cryptography
auditing, 95
defined, 80
destroying, 95
digital security and, 27
enrollment and distribution, 94
key management, 96-98
life cycle, 94-96
mutual authentication and, 231
overview of, 81
publication points, 80
renewal, 95
review questions, 98
revoking, 95
validating, 94-95
certification authority. See CA (certification authority)
certification prerequisites, for Security+, 2
CGI (Common Gateway Interface), 210-12
exploits, 210-11
overview of, 210
protections, 211-12
scripts, 265
chain of custody, 30-31, 384
change and configuration management (CCM) policy, 324
CHAP (Challenge Handshake Authentication Protocol), 120, 232-33
Chappell, Laura, 345
chargen, 251
checksum. See hash algorithms
Checksum field
ICMP header, 47
IGMP header, 47
TCP header, 51
UDP header, 50
C-I-A triad
availability, 5-6, 11
communication protocols and, 22
confidentiality, 5-6, 11
cryptography and, 64
Information Systems (IS) group, 12
integrity, 5-6, 11
intrusions and, 343
IS specialist focus on, 12
overview of, 5-6
threats to, 19
CIAC (Computer Incident Advisory Capability), 247, 355
CIFS (Common Internet File System), 218
ciphertext, 65
circuit-level firewalls, 116
CIS (Center for Internet Security), 245-46, 259
classification policy, 324-26
disposal and destruction, 326
notification of compromises, 325
retention and storage, 326
type of information handled by, 325-26
client computers
defined, 3
FTP clients, 216-17
Web clients and, 209-10
coaxial cable
compromising, 104
eavesdropping on, 105
overview of, 104
code development practices, 204-05
Code field, ICMP header, 46-47
Common Criteria (CC), 314-15
Common Gateway Interface. See CGI (Common Gateway Interface)
Common Internet File System (CIFS), 218
common name, LDAP objects, 273
Common Vulnerabilities and Exposures (CVE), 247
communication. See also telecommunications
Internet, 34-35
securing integrity with asymmetric algorithms, 75
securing integrity with hash algorithms, 74
security, 147-86
security education, 337
TCP/IP flow, 39-41
communication protocols
attacks against, 21-22
security of, 25
community antenna television (CATV), 149
Compact Flash, 304
companies. See organizations
company data, 4-5
complex passwords
components of, 225
cracking, 358
overview of, 102
router security, 114
setting and changing, 258
switch and bridge security, 112
CompTIA certification, 2
Computer Cop, forensic tools, 382
Computer Emergency Response Team. See CERT (Computer Emergency Response Team)
Computer Incident Advisory Capability (CIAC), 247, 355
Computer Security Division, NIST, 250
computer security incident response team (CSIRT), 380
Computer Security Resource Center (CRSC), 246
computer technology purchasing guidelines, 316
confidential information, classification policy and, 325
confidentiality
C-I-A triad, 5-6, 11
cryptography and, 73-74
defined, 64
connections, remote access
configuring, 153
Internet connections, 152
mediums for, 149-53
requirements, 156-58
telephone connections, 150-51
types of, 148-49
connectivity devices, monitoring, 141
cookies
compromising Web servers/clients, 209-10
defined, 209
protecting against, 210
cost analysis
attacks, 4
authentication methods, 235
biometric authentication, 234
impact assessment, 332-33
Internet remote access, 152
long distance connections, 151
network infrastructure security, 102
risk management planning, 8-9
tokens, 232-33
counterattacks, 375
Crack, 358
CRC (cyclic redundancy check), 43
CRL (certificate revocation list), 82
crossover error rate (CER), biometrics, 234
cross-realm authentication, 227, 237
CRSC (Computer Security Resource Center), 246
cryptanalysts, 65
cryptographic keys, 65
cryptography
algorithms and, 66-67
asymmetric algorithms, 68-70
C-I-A triad and, 64
confidentiality function of, 64, 73-74
hash algorithms, 67
identification and authentication function of, 64, 75
integrity function of, 64, 74-75
nonrepudiation function of, 64, 76
overview of, 64-66
public key cryptography, 68
review questions, 64, 71-72, 76-77
standards and protocols, 70-71
symmetric algorithms, 67-68
Web site resources for, 70-71
CSIRT (computer security incident response team), 380
CSR (certificate signing request), 232
Culp, Scott, 101
CVE (Common Vulnerabilities and Exposures), 247
Cybersnitch, forensic tools, 382
cyclic redundancy check (CRC), 43
D
DAC (discretionary access control), 240-41
DARPA (Defense Advanced Research Projects Agency) model
compared with OSI model, 38
layers of, 38-39
mapping TCP/IP to, 37-38
data. See also information security
preserving (forensics), 30
securing integrity with hash algorithms, 74-75
value of company information, 4-5
data centers, SLA, 321
data encryption. See encryption
Data Link layer (Layer 2), OSI model, 36, 110
Data Offset field, TCP header, 51
data repositories
databases, 274-75
directory services, 273-74
data sniffers. See protocol analyzers
database servers
securing, 274-75
vulnerabilities, 274
datagrams. See IP datagrams
DDNS record spoofing, 269
DDoS (distributed denial of service), 16, 352, 355. See also DoS (Denial of Service) attacks
decentralized management, 294-95
decryption, 65. See also encryption
default-allow/deny rules, 117
Defense Advanced Research Projects Agency. See DARPA (Defense Advanced Research Projects Agency) model
defense-in-breadth approach, 117
defense-in-depth approach, 116-17
demilitarized zones (DMZ). See perimeter network security zone
DES algorithm, 68, 360
Destination IP Address field, IP datagrams, 45, 115
Destination Port field
TCP header, 51
UDP header, 50
DHCP servers
securing, 271-72
vulnerabilities, 271
dial-up remote access. See telephone connections
dictionary attacks, 16, 357
Diffie-Hellman algorithm, 69
digital certificates. See certificates
digital signatures, 208-09
Digital Subscriber Lines (DSL), 149
directories
OUs and, 273
permissions, 257-58
protecting FTP server directory, 266-67
protecting Web server directory, 265
directory enumeration attacks, 264
directory services, 273-74
disaster recovery, 287-90
alternate sites, 289
backups, 287-88
offsite storage, 288
plan, 289-90
secure recovery, 288-89
disasters, as threat, 14
discretionary access control (DAC), 240-41
disk imaging, 259
distributed denial of service (DDoS), 16, 352, 355. See also DoS (Denial of Service) attacks
DMZ (demilitarized zones). See perimeter network security zone
DNS cache poisoning, 269, 270
DNS servers
securing, 269-70
vulnerabilities, 268-69
dnsspoof utility, 269
documentation
asset identification and, 330
change and configuration management, 324
classification policy, 324-26
due care practices, 322
human resources policy, 321-22
inventories, 324
logging process, 324
need to know basis, 323
policies and procedures, 315-20
review questions, 327
separation of duties, 323
service level agreements, 320-21
standards and guidelines, 314-15
system architecture, 323-24
DoS (Denial of Service) attacks
advisories, 251
defined, 16
e-mail servers, 268
HIDS and, 371
Internet layer vulnerabilities, 59
Network Interface layer vulnerabilities, 58
spoofing attacks based on, 352, 353-55
tools for preventing, 355
Transport layer vulnerabilities, 60
dropper virus, 363
DSL (Digital Subscriber Lines), 149
dsniff, 188, 212
due care/due diligence, 322
dynamic content. See active content
Dynamic NAT, 135
dynamic updates, DNS servers, 270
E
EAPOL (Extensible Authentication Protocol over LANs), 124
eavesdropping
on coaxial networks, 105
on fiber optic cables, 107
through hubs, 109
on twisted-pair networks, 106
echo, testing networked computers, 251
education. See security education
effective permissions, 294
EFS (Encrypting File System), 26
egress filtering, 354
EICAR (European Institute of Computer Anti-Virus Research), 364
8.3 compatible file names, 264
electromagnetic interference (EMI), 104
Elliptic curve cryptography, 69
e-mail gateways, 116, 268
e-mail relays, 268
e-mail security
electronic messaging, 188-90
e-mail application exploitation, 60
hoaxes, 195-96
PGP Freeware, 196-99
review questions, 199
scams, 193-95
S/MIME, 190
SMTP relay, 193
spam, 191-93
vulnerabilities, 191
e-mail servers
securing, 268
vulnerabilities, 267-68
EMI (electromagnetic interference), 104
employees
asset identification and, 330
human resources policy and, 321
EnCase, forensic tools, 382
Encrypting File System (EFS), 26
encryption
communication security and, 25
database servers, 275
file system security and, 258
LDAP servers, 274
NIDS and, 369
NNTP servers, 272
process, 65
server security and, 262
WEP and, 124
encryption breaking attacks, 360-61
enrollment process, biometric authentication, 234
environmental aspects, physical security, 285-87
fire suppression, 285-86
wireless networks and, 286-87
ESP (Encapsulating Security Payload), 359
Ethernet II headers, 42
European Institute of Computer Anti-Virus Research (EICAR), 364
export permissions, 258
Extensible Authentication Protocol over LANs (EAPOL), 124
external threats
defined, 15
examples of, 19
intrusion points and, 20-21
extranet security zone, 132-34
defined, 127
overview of, 132-33
security components for, 133
F
face recognition, 283
facial thermograms, 283
false acceptance rate (FAR), biometric authentication, 234
FAQ (Frequently Asked Questions), 337
FAR (false acceptance rate), biometric authentication, 234
FAT (File Allocation Table), 257
fault tolerance, 310
FBI (Federal Bureau of Investigation), 361
FCS (Frame Check Sequence), 41
Federal Bureau of Investigation (FBI), 361
Federal Information Processing Standards (FIPS), 70
Federal Trade Commission (FTC)
scam prevention, 194
spam prevention, 192
fiber optic cable, 106-07
compromising, 106-07
eavesdropping on, 107
overview of, 106
File Allocation Table (FAT), 257
file and print servers
securing, 271
vulnerabilities, 270
file system security
data encryption, 258
file and directory permissions, 257-58
overview of, 257
sharing files and folders and, 258
file transfer, 216-21
file sharing, 218-20
file trading, 220
FTP client security issues, 216-17
Kerberized FTP, 217
review questions, 220
Secure FTP, 217
files
local security, 26
permissions, 257-58
sharing, 218-20, 270
trading, 220
verifying integrity with MD5, 258-59
filtering
egress filtering, 354
ingress filtering, 355
FIN scans, 350
fingerprint scans, 283
FIPS (Federal Information Processing Standards), 70
fire suppression, 285-86
firewalls, 114-18
ACLs and, 256-57
application filtering, 116
blocking access to shares, 271
circuit-level, 116
database servers, 275
defined, 114
DHCP servers, 272
exploiting, 117-18
HIDS and, 370
NNTP servers, 272
overview of, 114
packet filtering, 114-15
policy, 318
proxy servers, 116
securing, 118
stateful inspection, 116
firmware updates, 247. See also network devices
Flags field
IP datagrams, 45
TCP header, 51
flashcards, 304-05
floppy disks, 304
folders, sharing, 258. See also files
forensics, 381-84
chain of custody, 384
collection of evidence, 381-84
defined, 30
overview of, 30-31, 381
preserving evidence, 384
tools, 382
Foundstone, forensic tools, 382
fraggle attacks, 354
Fragment Offset field, IP datagrams, 45
fragmentation
attackers' application of, 351
DoS attacks, 353
Internet layer vulnerabilities, 59
overview of, 49-50
Fragmentation Flag field, data packets, 115
Fragroute, NIDS attack tool, 370
Frame Check Sequence (FCS), 41
frames, Network Interface layer, 58
Frequently Asked Questions (FAQ), 337
FTC (Federal Trade Commission)
scam prevention, 194
spam prevention, 192
FTP bounce, 266
FTP clients, 60, 216-17
FTP (File Transfer Protocol)
clients, 60, 216-17
Kerberized FTP, 217
Secure FTP, 217
servers, 216, 266-67
FTP servers
securing, 266-67
vulnerabilities, 266
G
gateways. See firewalls
Good Times virus hoax, 195
Group Address field, IGMP header, 47
groups, 292-94
creating, 293-94
DAC and, 241
managing, 293
guidelines, 314-15
H
hackers
defined, 17
dial-up remote access and, 151
layered defense against, 24
telecommunications, 121-23
half-open scans, 350
hand geometry, 283
hard disks, 140, 302-03
hardening
operating system, 258-59
systems/applications, 26
hardware
key management and, 96-97
SLA, 321
system architecture documentation, 323-24
hardware security module (HSM), 96
hash algorithms
communication integrity with, 74
cryptography and, 67
data integrity with, 74-75
verifying updates, 247
Header Checksum field, IP datagrams, 45
Header Length field, IP datagrams, 44
headers
ICMP, 46-47
IGMP, 47
IP datagrams, 43-45
Network Interface layer frames and, 42
UDP, 50
HFNetChk (Network Security Hot Fix Checker), 250
hidden fields, CGI programs, 211
HIDS (host-based IDS), 370-72
advantages/disadvantages, 370-71
application-based IDS and, 371-72
deploying, 376
examples of, 372
overview of, 370
hierarchical CA architecture, 88-89
high availability, 310. See also availability
hijacking attacks. See session hijacking
hoaxes
defined, 363
e-mail vulnerabilities and, 195-96
honeypots/honeynets, 143
host information, 269
host membership queries, IGMP, 47
host membership reports, IGMP, 47
host-based IDS. See HIDS (host-based IDS)
hot pluggable hard disks, 303
hot sites, offsite storage, 288
hotfixes. See updates
HR (human resources)
information security and, 31
policy, 321-22
HSM (hardware security module), 96
HTML (Hypertext Markup Language), 206, 361
HTTP (Hypertext Transfer Protocol), 21, 25
HTTPS (Hypertext Transfer Protocol Secure), 25, 203-04
hubs, 109-10
compromising, 109
overview of, 109
securing, 110
human resources (HR)
information security and, 31
policy, 321-22
Hypertext Markup Language (HTML), 206, 361
Hypertext Transfer Protocol (HTTP), 21, 25
Hypertext Transfer Protocol Secure (HTTPS), 25, 203-04
I
IANA (Internet Assigned Numbers Authority), 263
ICAT, 250, 334
ICMP address mask scan, 347
ICMP echo, 347
ICMP flood attacks, 353
ICMP headers, 46-47
ICMP (Internet Control Message Protocol), 347
ICMP Message Type field, 115
ICMP router solicitation, 347
ICMP scanning attacks, 347
IDE (Integrated Drive Electronics) disks, 303
IDEA algorithm, 68
identification function, cryptography, 64, 75
Identifier field, IP datagrams, 45
IDS (intrusion detection system)
active response, 374-75
anomaly detection, 373-74
deploying, 375-78
host-based, 370-72
implementing, 142
misuse detection, 373
network-based, 368-70
overview of, 367
passive response, 375
review questions, 378
IDWG (Intrusion Detection Working Group), 367
IEEE 802.11, 182
IEEE 802.11b, 124, 286-87
IEEE 802.1q (VLANs), 135
IEEE 802.1x (wireless networks), 182-84
IEEE (Institute of Electrical and Electronic Engineers), 286
IETF (Internet Engineering Task Force)
cryptographic standards, 70
IDWG and, 367
RADIUS and, 120
SSL and, 201
IGMP headers, 47-48
ILOVEYOU virus, 15
IM (Instant messaging), 212-13
imaging disks, 259
impact assessment, 332-33
incident response
computer security incident response team, 380
forensics and, 381-84
legal actions, 384
overview of, 380
policy, 320, 381
prioritizing response actions, 385
review questions, 385
information security
Human Resources and, 31
vulnerability and, 24
information systems, 330
Information Systems and Technology Department, University of Waterloo, 259
Information Systems (IS) group
focus on C-I-A triad, 12
security issues addressed by, 3
Information Systems Security Association (ISSA), 322
information technology system and network maintenance policy, 318
infrastructure. See network infrastructure
ingress filtering, 355
Instant messaging (IM), 212-13
Institute of Electrical and Electronic Engineers. See IEEE (Institute of Electrical and Electronic Engineers)
Integrated Drive Electronics (IDE) disks, 303
Integrated Services Digital Network (ISDN), 149
integrity
C-I-A triad, 5-6, 11
cryptography and, 74-75
defined, 64
internal threats
defined, 15
examples of, 19
intrusion points and, 20-21
International Organization for Standardization (ISO). See OSI (Open System Interconnection) model
Internet access, 3
Internet applications, 21
Internet Assigned Numbers Authority (IANA), 263
Internet communication, TCP/IP, 34-35
Internet connections, remote access, 152
Internet Control Message Protocol. See ICMP (Internet Control Message Protocol)
Internet Engineering Task Force. See IETF (Internet Engineering Task Force)
Internet Explorer
ActiveX support, 207-08
cookies and, 209
Internet layer
communication flow through TCP/IP protocol stack, 41
DARPA model, 39
vulnerabilities, 59
Internet Protocol. See IP (Internet Protocol)
Internet Security Scanner (ISS), 250
Internet security zone, 127, 128
Internet Service Providers. See ISP (Internet Service Providers)
intranet Web servers, 263
intranets, 128
intruders. See hackers
intrusion detection
defined, 367
tools, 372
intrusion detection system. See IDS (intrusion detection system)
Intrusion Detection Working Group (IDWG), 367
intrusion points, 20-23
communication protocols, 21-22
defined, 20
examples of, 23
internal/external, 20-21, 23
Internet applications and, 21
network infrastructure and, 20-21
review questions, 22
intrusions, defined, 343
inventories, 324
IP address spoofing, 16, 59, 352
IP datagrams, 43-46
corruption, 59
defined, 37
following from source to destination, 53
fragmentation, 49-50
IP headers, 43-45
payloads, 46
RFC 791 and, 33
IP (Internet Protocol), 37
IP Options and Padding field, IP datagrams, 45
IP Options Setting field, data packets, 115
IP Protocol ID field, data packets, 115
IP-directed broadcasts, disabling unnecessary, 355
iris scans, 283
IS (Information Systems) group
focus on C-I-A triad, 12
security issues addressed by, 3
ISDN (Integrated Services Digital Network), 149
ISO (International Organization for Standardization). See OSI (Open System Interconnection) model
ISP (Internet Service Providers)
DoS attacks and, 355
remote access and, 152
SLA, 320
ISS (Internet Security Scanner), 250
ISSA (Information Systems Security Association), 322
J
Java applets, 205-06
Java Virtual Machine (VM), 205
JavaScript, 206
John The Ripper, 358
jokes, 363
K
KDC, 228
Kerberized FTP, 217, 267
Kerberos, 226-32
authentication process, 228-30
functions of, 228
mutual authentication, 231
overview of, 226-27
protocol, 217
terminology, 227-28, 237-38
key encapsulation, 98
key escrow, 97
key management
centralized vs. decentralized, 97
recovery, 97-98
software/hardware storage, 96-97
Web site resource for, 96
keys, cryptographic, 65
L
land attacks, DoS, 353
LANs (local area networks)
protocols, 41
security zones and, 128
SLA, 320
law. See legal issues
Layer 1 (Physical layer), OSI model, 36
Layer 2 (Data Link layer), OSI model, 36, 110
Layer 3 (Network layer), OSI model, 36, 112
Layer 4 (Transport layer), OSI model, 36
Layer 5 (Session layer), OSI model, 36
Layer 6 (Presentation layer), OSI model, 37
Layer 7 (Application layer), OSI model, 37
LDAP (Lightweight Directory Access Protocol) servers
securing, 273-74
vulnerabilities, 273
leases, DHCP, 271-72
legal issues
human relations and privacy, 30
incident response, 384
Length field, UDP header, 50
LFM (log file monitor), 141, 367
life cycle, certificates, 94-95
Lightweight Directory Access Protocol. See LDAP (Lightweight Directory Access Protocol) servers
Linux
back door attacks, 357
disabling inactive services, 252-53
file sharing, 218
listing active services, 251-52
removing unnecessary programs, 254
SFTP and, 217
LLC (Logical Link Control) layer, 36
local area networks. See LANs (local area networks)
log file monitor (LFM), 141, 367
logging
enabling, 259, 262
policy, 324
system logs, 140
logic bombs, 363
Logical Link Control (LLC) layer, 36
logical security, vs. physical security, 102
logon processes
certificates and, 81
single sign-on, 294-95
long distance connections, 151
loose source and record route (LSRR), 356
LOphtcrack, 358
LSRR (loose source and record route), 356
M
MAC address spoofing, 58
MAC (mandatory access control), 240, 242
MAC (Media Access) layer, Data Link layer
MAC addresses, 39, 110, 346
OSI model, 36
MAC (message authentication code), 74
magnetic tape, 298-300
erasing, 300
overview of, 298
preventing abuse of, 300
protecting data on, 299
technologies, 299
Mailsnarf, 188
malicious code
attacks, 363-64
defined, 16-17
HTML and, 361
types of, 17
mandatory access control (MAC), 240, 242
man-in-the-middle attacks
defined, 16
Internet layer vulnerabilities, 59
tools used for, 356
man-made disasters, 14
mathematical attacks, 16, 357
Maximum Response field, IGMP header, 47
MBSA (Microsoft Baseline Security Analyzer), 250
MD4 (Message Digest) algorithm, 67
MD5 (Message Digest) algorithm
hash algorithms, 67
remote authentication, 232-33
verifying file integrity, 260
verifying updates, 247
Media Access layer. See MAC (Media Access) layer, Data Link layer
Melissa virus, 16, 191, 254
Memory Sticks, 304
mesh CA infrastructure, 86-88
message authentication code (MAC), 74
Message Digest algorithms. See MD4 (Message Digest) algorithm; MD5 (Message Digest) algorithm
Microsoft
scanning tools, 250
Web site for security information, 246
Microsoft Authenticode, 208
Microsoft Baseline Security Analyzer (MBSA), 250
Microsoft File and Printer Sharing, 218, 270
Microsoft Knowledge Base, 208
Microsoft Software Update Services, 250
Microsoft Windows. See Windows operating systems
mishaps, 14
misuse detection, 373
mitigation, risk management, 7
mobile devices, protecting, 140
modems
protecting system from exploits, 123-24
removing/disabling unnecessary, 259
monitoring. See also auditing
connectivity devices, 141
enabling, 259
log file monitor (LFM), 141, 367
network monitors, 255
physical security and, 101
servers, 141
workstations, 139-40
Morris Worm, 16
Msgsnarf, 212
multicast delivery, IGMP protocol, 47
multifactor authentication, 119
multilevel security, 242
multipartite virus, 363
mutifactor authentication, 235
mutual authentication, Kerberos, 231
N
NAT, 134-36
configurations, 135
functioning of, 135-36
overview of, 134
port-mapping table, 136
National Computer Security Center (NCSC), 246
National Institute for Standards and Technology. See NIST (National Institute for Standards and Technology)
National Oceanic and Atmospheric Administration (NOAA), 340
National Security Agency. See NSA (National Security Agency)
Native Intelligence, Inc., 340
natural disasters, 14
NCSC (National Computer Security Center), 246
need to know basis, 323
NetBIOS (Network Basic Input/Output System), 270
Netscape, 209
netstat command, 251-52
Network Basic Input/Output System (NetBIOS), 270
network counters, 140
network devices, 247-57
ACLs and, 256-57
disabling promiscuous mode, 255
disabling unnecessary protocol stacks, 254-55
disabling unnecessary services and protocols, 251-53
disabling unnecessary systems, 256
removing unnecessary programs, 254
review questions, 260-61
updating, 247-49
Network File System (NFS), 218, 219, 270
network IDS. See NIDS (network IDS)
network infrastructure
coaxial cable, 104-05
configuration information, 102
connectivity device monitoring, 141
defined, 20
exploit identification, 125
extranet security zone and, 132-34
fiber optic cable, 106-07
firewalls, 114-18
honeypots and honeynets, 142-43
hubs, 109-10
Internet security zone and, 127-28
intrusion detection, 142
intrusion points, 20-21
mobile devices, 140
modems, 123-24
NAT implementation, 134-36
overview of, 100
perimeter security zone and, 127-32
physical equipment, 101-03
remote access and, 118-21
review questions, 103, 107-08, 125, 137-38, 144
routers, 112-14
security of, 25-26
servers, 141
switches and bridges, 110-12
technique selection for, 137
telecommunications hacking, 121-23
twisted-pair cable, 105-06
VLANs, 136-37
wireless access points (APs), 124-25
workstations, 139-40
Network Interface layer
communication flow through TCP/IP protocol stack, 41
DARPA model, 39
frames of, 41-43
vulnerabilities, 58-59
Network layer (Layer 3), OSI model, 36, 112
network maintenance policy, 318
Network Monitor
ARP scan, 346
exercise capturing information with, 54-55
network monitors, 255
network scanners, 345
Network Security Hot Fix Checker (HFNetChk), 250
network services. See services
network sniffers. See protocol analyzers
Network+ certification, 2
networking concepts
communication protocols, 21-22
Internet applications, 21
network infrastructure, 20-21
network security, overview of, 3-4
networks, defined, 3
NFS (Network File System), 218, 219, 270
NIDS (network IDS), 368-70
attacks on, 370
deploying, 375
examples of, 369
functions of, 368
limitations of, 368-69
network infrastructure security and, 141
NIDS sensors, 376-77
overview of, 367
Nigerian money laundering scam, 193
NIST (National Institute for Standards and Technology)
Computer Security Division, 250
cryptographic standards, 70
on CSIRT, 380
CVE (Common Vulnerabilities and Exposures), 247
on IDS, 377
risk management document, 334
security education, 339-40
Web site, 1
NNTP servers
securing, 272-73
vulnerabilities, 272
NOAA (National Oceanic and Atmospheric Administration), 340
nonrepudiation, 64, 76
notification, classified information compromised, 325
novices (hackers), 17
NSA (National Security Agency)
cryptographic standards, 70
operating system security guidelines, 259
security baseline information, 246
NTFS (NT file system)
data encryption, 258
file and directory level security, 257
NULL scans, 351
O
offsite storage
of backups, 288
hot vs. cold sites, 289
Open System Interconnection model. See OSI (Open System Interconnection) model
Open Web Application Security Project (OWASP), 359
operating systems. See also by individual type
active services, 251-52
data encryption, 258
disabling inactive services, 252-53
file and directory permissions, 257
file and print servers, 270
hardening, 258-59
removing unnecessary programs, 254
security guidelines, 259
system architecture documentation, 324
updates, 249-50
operational security, 279-312
business continuity management. See BCM (business continuity management)
chain of custody, 30-31
physical security. See physical security
preserving data, 30
privilege management. See privilege management
removable media. See removable media
Optional Data field, ICMP header, 47
Options and Padding field, TCP header, 51
organizational security
documentation. See documentation
risk assessment. See risk assessment
security education. See security education
organizational units (OUs), 273
organizations
human relations and privacy issues, 30-31
value of company information, 4-5
OSI (Open System Interconnection) model, 35-37
compared with DARPA model, 38
layers of, 36-37
mapped to TCP/IP, 35
OUs (organizational units), 273
OWASP (Open Web Application Security Project), 359
P
packet filtering firewalls, 114-15, 256
packet sniffing attacks. See also protocol analyzers
database servers, 274
e-mail servers, 267
LDAP servers, 273
password protection from, 102
Web servers, 263
wireless networks, 124
packets, tracing from source to destination, 53
passive response, 375
passwd, 358
password authentication, 224-26
password checking tools, 358
password guessing attacks, 357-58
defending against, 358
defined, 16
types of, 357-58
passwords
access control with, 102
best practices, 225-26
PBX system hacks, 122
policy, 317
sniffers, 266
user authentication and, 224-25
patches. See updates
payloads
IP datagrams, 46
Network Interface layer frames and, 42
PBX systems
hacking, 122
securing, 122
PDAs (personal digital assistants), 140
perceived value, company data, 5
perimeter network security zone, 127-32
defined, 127-28
DNS servers, 269
firewall configurations for, 129-32
FTP servers, 266
security components for, 132
Web servers, 265
permissions
effective permissions for users, 294
file and directory, 257-58
write permissions, 266
personal digital assistants (PDAs), 140
personal identification numbers. See PINs (personal identification numbers)
personnel. See employees
PGP (Pretty Good Privacy)
downloading and installing PGP Freeware, 196-98
overview of, 189
PGP Key pair, 198-99
verifying updates, 248
physical barriers, 282
Physical layer (Layer 1), OSI model, 36
physical security
access control, 280-84
configuration information, 102
disaster recovery, 287-90
environmental issues, 285-87
equipment, 101-02
review questions, 103, 290
social engineering and, 284-85
ping of death (POD), 353
ping scan, 347
PINs (personal identification numbers)
smart cards and, 305, 358
strong authentication and, 119
PKI (public key infrastructure), 79-85
applying, 82-84
CAs, 82
certificates, 81
components of, 79-80
review questions, 84-85
S/MIME and, 190
SSL and, 201
plaintext, 65
planning
business continuity management, 309
disaster recovery, 289-90
risk management, 8-10
POD (ping of death), 353
Point-to-Point Protocol (PPP), 150
policies, 315-27
acceptable use, 319
access, 316
accountability, 316-17
antivirus, 318
authentication, 317
availability statement, 317
change and configuration management, 324
classification, 324-26
computer technology purchasing guidelines, 316
policies, continued
firewall, 318
human resources, 321-22
incident response, 320, 381
information technology system and network maintenance, 318
overview of, 315
password, 317
privacy, 319
purposes of, 316
violations reporting, 318
polymorphic virus, 363
port manipulation attacks, 59
port mirroring, 111
ports
blocking LDAP ports, 274
matching to correct service, 275
PowerZip, 196
PPP (Point-to-Point Protocol), 150
Presentation layer (Layer 6), OSI model, 37
Pretty Good Privacy. See PGP (Pretty Good Privacy)
principal, Kerberos, 228
printer servers
securing, 271
vulnerabilities, 270
printers, sharing, 3
privacy
policy, 319
regulations, 31
Privacy Rights Clearinghouse, 31
private information, classification policy, 325
private keys, 27, 68-69
private Web servers, 263
privilege management
auditing, 295
centralized vs. decentralized, 294-95
review questions, 296
user, group, and role management, 292-94
privilege, rule of least, 257
procedures. See policies
programming errors, 249
programs, removing unnecessary, 254
promiscuous mode, disabling, 255
protocol analyzers
attackers gathering information with, 255
capturing e-mail, 188
capturing FTP packets, 216-17
eavesdropping on twisted-pair networks, 106
Protocol field, IP datagrams, 45
protocols
communication, 21-22
cryptographic, 70-71
disabling unnecessary, 251-53
stacks, 254-55
proxy server firewalls, 116
PSTN (Public Switched Telephone Network), 149
public information, classification policy, 325
public key cryptography
defined, 68
PKI as application of, 79
public key encryption, 203
public key infrastructure. See PKI (public key infrastructure)
public keys, 27, 68-69
Public Switched Telephone Network (PSTN), 149
public Web servers, 263
R
RA (registration authority), 80
radio frequency interference (RFI), 104
RADIUS (Remote Authentication and Dial-In User Service), 120-21, 159-62
RAID (redundant array of independent disks), 310
RAS (remote access servers), 118-19
RBAC (role-based access control), 240, 242-43
RC4 algorithm, 68
real value, company data, 5
realms, Kerberos, 227
recovery, key management certificates, 97-98
redundant array of independent disks (RAID), 310
registration authority (RA), 80
remote access, 118-21
centralized authentication, 158-59
configuring authentication, 170-71
configuring connections, 153
connection mediums, 149-53
connection requirements, 156-58
connection types, 148-49
factors to consider, 148
Internet connections, 152
RADIUS and, 120-21, 159-62
RAS servers and, 118-19
restrictions, 102
review questions, 154, 171-72
SSH and, 169-70
TACACS and, 119-20, 162-63
telephone connections, 150-51
VPNs and, 152, 163-69
remote access servers (RAS), 118-19
Remote Authentication and Dial-In User Service (RADIUS), 120-21, 159-62
remote authentication, CHAP, 232-33
remote ticket-granting server (RTGS), 227
removable media
CD-Rs/CD-RWs, 300-302
flashcards, 304-05
floppy disks, 304
hard disks, 302-03
magnetic tape, 298-300
overview of, 298
review questions, 306
smart cards, 305
replay attacks, 359
repositories. See data repositories
Request for Comment. See RFC (Request for Comment)
Reserved field, TCP header, 51
retinal scans, 283
review questions
access control, 243-44
attacks, 365
business continuity management, 311-12
CA trust models, 92-93
cable, 107-08
certificates, 98
cryptography, 71-72, 76-77
documentation, 327
e-mail security, 199
file transfer, 220
IDS (intrusion detection system), 378
incident response, 385
intrusion points, 22
network components, 260-61
network infrastructure, 125, 137-38, 144
networking and security concepts, 10-11
organizational and operational security, 32
physical security, 103, 290
PKI (public key infrastructure), 84-85
privilege management, 296
remote access, 154, 171-72
removable media, 306
risk assessment, 335
security education, 341
servers, 275-76
TCP/IP basics, 55-56
TCP/IP vulnerabilities, 61
threats, 18-19, 28
user security, 238-39
Web security, 214
wireless networks, 185-86
RFC (Request for Comment)
CSIRT (2350), 380
FTP (959), 216
ICMP address mask request and reply (950), 347
ICMP echo request and reply (792), 347
IP packets (791), 33, 355
router solicitation (1256), 347
SNMP (1643), 251
source routing (1812), 356
SSL (2246), 201
Web site, 1
X.509 PKI (2459), 79
RFI (radio frequency interference), 104
RIP (Routing Information Protocol), 113
RIP spoofing, 113, 352
risk assessment
asset identification and valuation, 330
authentication selection and, 235
calculating, 329
exercise, 334-35
impact assessment, 332-33
review questions, 335
threat assessment, 331-32
vulnerability assessment, 333-34
vulnerability reports, 334
risk calculation formula, 329
risk management, 6-8
cost factor in, 8-9
identifying potential risks, 7
mitigation, 7
planning, 8-10
process, 6-7
risks, defined, 7
rogue DHCP servers, 271
role-based access control (RBAC), 240, 242-43
role-based privilege management, 293
roles, privilege management, 292-94
root CA, 88
router solicitation, 347
routers, 112-14
ACLs and, 256-57
compromising, 113
Internet communication and, 34-35
overview of, 112
securing, 114
Routing Information Protocol (RIP), 113
RSA algorithm, 69
RSA Security, 190
RTGS (remote ticket-granting server), 227
running programs, defined, 254
S
Samba, 218
SANS Institute, 249, 361
SATAN (Security Administrator Tool for Analyzing Networks), 250
scams, 193-95
scanners. See network scanners
scanning attacks
ARP scanning, 346
ICMP scanning, 347
information provided by, 344
matching attacks to scans, 364
TCP scanning, 349-51
types of scanners, 345
UDP scanning, 348-49
scanning tools, 250, 263
screened hosts, 130-31
script injection, 210
scripts
CGI, 265
compromising, 211
JavaScript, 206
SCSI (Small Computer System Interface) disks, 303
secret information, classification policy, 325
secret keys, 68-69
secure electronic messaging, 188-90
overview of, 188-89
PGP and, 189-90
S/MIME and, 190
Secure Electronic Messaging System (SEMS), 189
Secure FTP (S/FTP), 217, 267
Secure HTTP (S/HTTP), 203
Secure IP Address field, IP datagrams, 45
secure mail, 81
Secure Multipurpose Internet Mail Extensions (S/MIME), 190
secure recovery, 288-89
Secure Shell (SSH), 169-70, 217
Secure Sockets Layer. See SSL (Secure Sockets Layer)
Security Administrator Tool for Analyzing Networks (SATAN), 250
Security Awareness Corporation, 340
security baselines, 245-46
security concepts
attackers, types of, 17
attacks, costs of, 4
attacks, types of, 16
auditing, 27
C-I-A triad, 5-6
data value, 4-5
defenses, 24-25
forensics and, 30-31
infrastructure security, 25-26
intrusion points, 20-23
malicious code, 16-17
network security, 3-4
privacy issues, 31
review questions, 10-11
risk management, 6-8
risk planning, 8-10
social engineering, 18
threats, 13-15
user authentication, 26-27
security devices, identifying, 144
security education
applying stages of, 340
communication, 337
education vs. training, 339
online resources, 339-40
overview of, 337
review questions, 341
training, 338-39
user awareness, 338
security guards, 101
security officers, 337
security tools, 255
security zones, 132-34
Internet security zone, 127-28
perimeter security zone, 127-32
SEMS (Secure Electronic Messaging System), 189
separation of duties, 323
Sequence Number field, TCP header, 51
Serial Line Internet Protocol (SLIP), 150
server side includes (SSI), 211
servers
defined, 3
DHCP, 271-72
DNS, 268-70
e-mail, 267-68
file and print, 270-71
FTP, 266-67
NNTP, 272-73
review questions, 275-76
securing and monitoring, 141
security tips for, 262-63
Web, 263-65
service level agreements (SLAs), 320-21
service packs. See updates
services
disabling inactive, 252-53
listing active, 251-52
matching ports to, 275
session hijacking, 60, 361
Session layer (Layer 5), OSI model, 36
S/FTP (Secure FTP), 217, 267
SHA-1 algorithm, 67
share permissions, 258
shares
exploits, 270
file and print server security, 271
files and folders, 218-20, 258
S/HTTP (Secure HTTP), 203
signature-based detection, 373
Simple Mail Transfer Protocol (SMTP), 193
Simple Network Management Protocol (SNMP), 141, 251
single sign-on, 294-95
SIV (system integrity verifier), 141, 367
SLAs (service level agreements), 320-21
SLIP (Serial Line Internet Protocol), 150
Small Computer System Interface (SCSI) disks, 303
smart cards
authentication with, 26
certificates and, 81
overview of, 305
PINs and, 358
tokens and, 233
Smart Media, 304
SMB (Server Message Block)
file sharing, 218, 270
replay attacks and, 359
SMBRelay tool, 356
S/MIME (Secure Multipurpose Internet Mail Extensions), 190
SMTP relay attacks, 193, 268
SMTP (Simple Mail Transfer Protocol), 193
smurf attacks, 354
sniffers. See also protocol analyzers
e-mail, 188
Internet connections, 152
passwords, 266
telephone connections, 151
SNMP (Simple Network Management Protocol), 141, 251
Snort, NIDS attack tool, 370
social engineering
IM and, 213
overview of, 18, 361-62
physical security and, 284-85
user education and, 226
software. See also applications
asset identification and, 330
documentation, 323-24
exploitation attacks, 361
storage, 96-97
updates, 249-50
Software Update Services, 250
Source IP Address field, data packets, 115
Source Port field
TCP header, 51
UDP header, 50
source routing attacks, 355-56
spam
defined, 191
filters, 192
reducing, 192
SMTP and, 193
Spam.org, 192
sparse virus, 363
speech recognition biometrics, 283
spoofing attacks
ARP cache poisoning, 59, 111-12
defined, 16
DNS servers and, 269
DoS, 353-54, 354-55
IP address spoofing, 59
MAC address spoofing, 58
RIP spoofing, 113
types of, 352
SQL injection, 274
SQL (Structured Query Language), 274
SSH (Secure Shell), 169-70, 217
SSHmitm attacks, 356
SSI (server side includes), 211
SSL (Secure Sockets Layer)
FTP and, 217
history of, 201
HTTPS and, 25
services of, 202-03
Web security with, 202
standards
cryptographic, 70-71
documentation and, 314-15
wireless networks, 176-77
stateful inspection firewalls, 116
Static NAT, 135
stealth virus, 363-64
Stick, NIDS attack tool, 370
stored procedures, 274
strong authentication, 119, 224, 235
Structured Query Language (SQL), 274
Supplemental Course Material CD-ROM, 1
switches, 110-12
ARP cache poisoning, 111-12
compromising, 111-12
gaining administrative access, 111
overview of, 110
securing, 112
symmetric algorithms
advantages/disadvantages, 68
authentication with, 75
list of, 68
shared secrets and, 67
symmetric encryption
confidentiality and, 73-74
integrity and, 74-75
symmetric key cryptography, 226
SYN floods, 350
SYN scans, 350
SYN segment, 52
SYN stealth scans, 350
SYN-ACK segment, 52
syntax layer, 37
system architecture documentation, 323-24
system integrity verifier (SIV), 141, 367
system logs, 140
systems
disabling unnecessary, 256
hardening, 26
security of, 26
T
TACACS (Terminal access Controller Access Control System), 162-63
TACACS+ (Terminal access Controller Access Control System Plus), 119-20
target-based IDS, 367
TCP
header fields, 51
port manipulation attacks, 59
ports, 263
three-way handshake, 52-53
TCP ASK scans, 351
TCP connect scans, 349
TCP Port Number field, data packets, 115
TCP scanning attacks, 349-51
TCP/IP (Transmission Control Protocol/Internet Protocol)
Application layer, 60
attacks on, 21
capturing information with Network Monitor, 54-55
communication flow through TCP/IP, 39-41
communication over Internet and, 34-35
DARPA model and, 37-39
fragmentation and, 49-50
ICMP fields, 46-47
IGMP fields, 47-48
Internet layer, 59
IP datagrams, 43-46
Network Interface layer, 41-43, 58-59
OSI model and, 35-37
review questions, 55-56, 61
SSL/TLS and, 202
TCP fields, 51-53
tracing packet from source to destination, 53
Transport layer, 59-60
UDP fields, 50
vulnerabilities. See vulnerabilities, TCP/IP
teardrop, DoS attacks, 353
telecommunications, 121-23. See also communication
dangers of hacking, 121
hacking PBX systems, 122
securing PBX systems, 122
telephone connections, 150-51
TFN (Tribe Flood Network), 352, 370
TGS (ticket-granting servers), Kerberos, 227
TGT (ticket-granting ticket), Kerberos, 228
The Ultimate Collection of Forensic Software (TUCOFS), 383
threats, 331-32
from attacks, 14-15
defined, 7
from disasters, 14
examples of, 19
identifying, 13-14, 331
rating likelihood of, 331-32
review questions, 18-19, 28
types of, 331
three-pronged firewalls, 129-30, 131
three-way handshake
CHAP, 232
TCP, 52-53, 349
Thwate, 190
ticket cache, Kerberos, 228
ticket-granting servers (TGS), Kerberos, 227
ticket-granting ticket (TGT), Kerberos, 228
tickets, Kerberos, 227
Time-to-Live (TTL) field, IP datagrams, 45
TLS (Transport Layer Security), 201-03
FTP and, 217
history of, 201
services of, 202-03
Web security with, 202
token-based authentication, 232-33
tools
DoS attacks, 355
forensics, 382
intrusion detection, 372
password checking, 358
scanning, 250
security, 255
Total Length field, IP datagrams, 44
TPEP (Trusted Product Evaluation Program), 246
training, 338-39
Transport layer
communication flow through TCP/IP protocol stack, 40-41
DARPA model, 38-39
UDP and TCP and, 50
vulnerabilities, 59-60
Transport layer (Layer 4), OSI model, 36
Transport Layer Security. See TLS (Transport Layer Security)
Tribe Flood Network (TFN), 352, 370
Trinoo, DDoS tools, 352
Triple DES algorithm, 68
Trojan horses
active content and, 205
as back door attacks, 357
defined, 17, 364
file trading and, 220
trust models. See CA trust models
trust paths, 86
trust relationships, 86
Trusted Product Evaluation Program (TPEP), 246
trusted third party (TTP)
certificates issued by, 81
PKI process and, 83
TTL (Time-to-Live) field, IP datagrams, 45
TTP (trusted third party)
certificates issued by, 81
PKI process and, 83
TUCOFS (The Ultimate Collection of Forensic Software), 383
twisted-pair cable, 105-06
compromising, 105
eavesdropping on, 106
overview of, 105
Type field
ICMP header, 46
IGMP header, 47
Type of Service field, IP datagrams, 44
U
UDP communication, 38
UDP flood attacks, 354
UDP Port Number field, 115
UDP scanning attacks, 348-49
UDP (User Datagram Protocol)
DoS attacks and, 251
header fields, 50
port manipulation attacks, 59
port scans, 348
ports, 263
SNMP communications and, 251
uninterrupted power supply (UPS), 311
UNIX
back door attacks, 357
disabling inactive services, 252-53
file sharing, 218-20
listing active services, 251-52
removing unnecessary programs, 254
security guidelines, 259
SFTP and, 217
TACACS authentication, 120
Unused field, IGMP header, 47
updates
archiving, 248
BIOS (Basic input/output systems), 247
checking for, 249-50
network devices, 247-9
operating systems and applications, 249-50
repairing programming errors, 249
testing and applying, 249
verifying, 247-48
upgrades. See updates
UPS (uninterrupted power supply), 311
Urgent Pointer field, TCP header, 51
user authentication, 26-27. See also authentication
User Datagram Protocol. See UDP (User Datagram Protocol)
user security, 223-44. See also access control
biometric authentication, 233-34
CHAP remote authentication, 232-33
combining authentication methods, 235-36
cross-realm authentication, 237
Kerberos authentication, 226-32
Kerberos terminology, 237-38
review questions, 238-39
token-based authentication, 232-33
user name and password authentication, 224-26
users
education, 18
privilege management, 292-94
security awareness programs for, 338
utilities, business continuity management, 311
V
vanilla TCP connect scans, 349
verification process, biometric authentication, 234
Verisign, 190
Version field
IGMP header, 47
IP datagrams, 44
VIGILANTe, 362
violations reporting policy, 318
virtual circuits, 36
virtual machines (VMs), 205, 256
Virtual Private Networks. See VPNs (Virtual Private Networks)
virus scanners, 268
viruses
antivirus policy, 318
automating virus definition updates, 250
back door attacks, 357
defined, 17, 364
ILOVEYOU virus, 15
Melissa virus, 16
types of, 363-64
VLANs, 136-37
VMs (virtual machines), 205, 256
VMWare, 256
voice pattern matching, 283
VPNs (Virtual Private Networks), 163-69
extranets and, 132-34
file and print server security, 271
remote access and, 152
replay attacks and, 359
vulnerabilities, TCP/IP, 58-61
Application layer, 60
Internet layer, 59
Network Interface layer, 58-59
Transport layer, 59-60
vulnerability
assessment, 333-34
database servers, 274
defined, 7-8
DHCP servers, 271
DNS servers, 268-69
e-mail, 191
e-mail servers, 267-68
FTP servers, 266
information security and, 24
LDAP servers, 273
NNTP servers, 272
Web servers, 264-65
vulnerability scanners, 255, 344-45
W
WAP (Wireless Application Protocol), 177-78
war dialing, 151
Web browsers. See also browsers
Application layer vulnerabilities, 60
TCP/IP communication flow and, 39-41
Web clients, 209-10
Web communications, 81
Web security, 201-15
active content, 205-09
buffer overflows, 204-05
CGI, 210-12
cookies, 209-10
HTTPS, 203-04
IM, 212-13
review questions, 214
SSL/TLS, 201-03
Web servers, 263-65
cookies and, 209-10
overview of, 263
tips for securing, 265
vulnerabilities, 264-65
Web sites
brute force attacks, 360
CC (Common Criteria), 1
code of ethics for human resources, 322
cryptography information, 70-71
cyber criminals, 195
Kerberized FTP, 217
key management, 96
malicious code and viruses, 364
Microsoft Software Update Services, 250
NIDS information, 370
NIST, 1
operating system security guidelines, 259
Packet Storm, 188
RFC (Request for Comment), 1
scam prevention, 193, 194
security baseline information from, 246
security education, 339-40
statistics on technology attacks, 331
Web site security, 81
Web spoofing, 352
webmitm attacks, 356
WEP (Wired Equivalent Privacy), 124, 178-81
wild, 364
Window field, TCP header, 51
Window scans, 351
Windows NT Configuration Guidelines, 259
Windows operating systems
data encryption, 258
disabling inactive services, 252-53
file and directory permissions, 257
file sharing, 218
listing active services, 251-52
PGP Key pair, 198-99
remote access connections, 153
removing unnecessary programs, 254
security guidelines for, 259
WINZIP, 196
Wired Equivalent Privacy (WEP), 124, 178-81
wireless access points (APs), 124-25
Wireless Application Protocol (WAP), 177-78
wireless cells, 287
wireless networks
compromising, 124-25
location of, 286
overview of, 174-76
review questions, 185-86
shielding, 286-87
speeds supported, 184
standards, 176-77, 182-84
terminology quiz, 185
WAP protocol, 177-78
WEP protocol, 178-81
wireless cells, 287
WLANs, 181-82
wiring closets, 110
WLANs, 181-82
workstations, securing and monitoring, 139-40
worms, 17, 364
write permissions, 266-67
X
X.509, 79, 82
XMAS scan, 351
Z
zombie software, 352
zone transfers, DNS, 268-69
zone update spoofing, 269
zones. See security zones
zoos, 364
Last Updated: January 13, 2003
|
