Page 845 - StudyBook.pdf

P. 845

Index

A Active FTP, 330, 347 Anti-virus software
real-time scans by, 149
Active server pages, 307
AAA, 4-5 ActiveX updates, 657–658
Acceptable use policies authentication certificates used by, 290 Applets, 288, 292. See also ActiveX
code of ethics vs., 699 bugs in, 295 Application hardening
description of, 682–685 client-level protection, 297 description of, 482, 499–500
summary of, 749 “container” applications, 289 hotfixes, 500
Access controls, 293–294 patches, 501
file system, 486–487 dangers associated with, 292–294 service packs, 501
privilege management. See Privilege definition of, 289 summary of, 516
management developer responsibilities, 301 updates, 500–501
single sign-ons, 708–709, 750 disabling controls, 300–301 Application layer gateways, 360,
Access control Internet Explorer default setting for, 367–368, 414, 418
alarms, 610 292 Application-based attacks, 92
authentication vs., 4, 45 Java vs., 290–292 ARP spoofing. See Address resolution
definition of, 6 network-level protection, 296–297 protocol spoofing
disadvantages of, 709 old versions of, 296 Asset(s)
discretionary, 6–7 preventing problems with, 303–306 due care policies for use of, 685–687
identification card for, 609 security zones, 297–300 identification of, 649–651, 661, 680
mandatory, 8-9 summary of, 347 risk assessments for, 651–654
methods of, 609 unsigned controls, 291 Asymmetric cryptography
network communications and, 438 vulnerabilities, 293–296 authentication issues, 546–547
password protection, 610–615 weakness of, 291 encryption algorithms
RBAC, 6–8 Adapter unit interface, 402 description of, 533–535
restricted access policies, 676–677 Address resolution protocol spoofing, Diffie–Hellman algorithm, 535–536
role-based, 9, 714 70–71, 223, 225, 375–376 El Gamal algorithm, 537
roles used for, 705 Address space layout randomization, 65 man-in-the-middle attacks, 544
rule-based, 9 Ad-hoc network configuration, Rivest, Shamir, & Adleman
security policies, 680–681 181–182, 241 algorithm, 537
summary of, 43 Administrative accounts, 704–705 summary of, 548
unauthorized starting up of machines, Administrator symmetric algorithms vs., 534–535
615 passwords for, 694 non-repudiation issues, 547
user account configurations, 612–614 vulnerabilities for, 135 Attack(s)
web server, 256–257 Advanced encryption standard, 234, active, 56–78, 91–92, 198–199
Access control, authentication, and 531–532 amplification, 60
auditing Adware, 89–90 application-based, 92
access control. See Access control AES. See Advanced encryption standard backdoor, 86–88, 94
auditing. See Auditing AH. See Authentication header birthday, 122
authentication. See Authentication Air quality, 624–625, 662 bounce, 334
definition of, 3 AirCrack, 112–113 brute force. See Brute force attack
description of, 2–3 AirSnort, 112 buffer overflow, 65, 95, 119, 122, 313
goals of, 3 Alarms, 610 classification of, 56
summary of, 42–43 Algorithms code. See Code attacks
Access control lists block ciphers, 526, 534 day zero, 150
configuration of, 498–499 classification of, 534 denial of service, 57–59
definition of, 426 definition of, 526 dumpster diving, 75, 92, 95, 620, 697
description of, 304, 371 description of, 526–527 eavesdropping, 79, 134, 221, 245–246
firewall use of, 498 El Gamal, 537 file traversal, 503
function of, 430, 498 encryption. See Encryption algorithms Fluhrer, Mantin, and Shamir, 112
packet filters and, 430 Fortezza, 278 logic bombs, 89, 260–261
security concerns, 516–517 hashing, 534, 538–540 lunchtime, 581–582
Access logs, 610 international data encryption, Man-in-the-Middle (MITM). See
Access points 531–532 Man-in-the-Middle attack
definition of, 377 one-time pad, 547, 551 Metasploit, 394–396
placement of, 377–378 Rijndael, 531–532 mixed-threat, 57, 92
questions regarding, 247 Rivest, Shamir, & Adleman, 537 passive. See Passive attacks
rogue, 224, 243 signature, 534 password. See Password attacks
Access requests, 691 stream ciphers, 526, 534, 551 phishing, 73–74, 152–155, 622
Accidental Trojan horses, 292 strength of, 533 replay, 68, 121
ACK packet, 60–61 summary of, 549 resource consumption, 59–60
ACLs. See Access control lists Amplification attacks, 60 rootkits, 86, 94
Active attacks, 56–78, 91–92, 198–199. Annual loss expectancy, 652–654, 661 session hijacking, 67–68
See also specific attack Annualized rate of occurrence, 652, 661 smurf, 60
Active Directory, 339 Anonymous FTP, 332–333 sniffing. See Sniffing
829

840 841 842 843 844 845 846 847 848 849 850