Page 853 - StudyBook.pdf
P. 853
Index 837
changing of, 692–693, 718 hard drives, 410–411 Presence aware applications, 147
cleartext internal threats, 608 Pre-shared key, 132
demonstration of, 13–16 multifaceted approach to, 693 Pretty good privacy, 140–142, 559
packet sniffing, 13–16 policies for, 680–681 Print servers, 506–508
definition of, 618 servers, 607–608 Privacy policies, 687–689, 749, 753
disabling of, 698 summary of, 659–660 Privacy-enhanced mail, 577
encrypted, 539 tailgating concerns, 619–620 Private addressing, 450
function of, 692 valuation considerations, 607 Private branch exchanges, 383–384, 415
Power-On, 615 workstations, 616 Private documents, 728
private keys protected by, 581 Piggybacking, 619–620 Private key
purpose of, 691–692 Ping flood, 225–226 definition of, 536, 559, 566
reusing of, 693 Pirated software, 688 password-protected, 581
screensavers protected with, 611–612 PKI. See Public key infrastructure protection of, 583
security level of, 22 Plaintext storage of, 580–583, 597
strong, 692, 749 description of, 526 Private-key information syntax standard,
Password attacks wired equivalent privacy protocol 577–578
brute force, 80–81 vulnerability to attacks, 202 Privilege management
description of, 56, 79 Plenum cabling, 408 administrative accounts, 704–705
dictionary-based, 81 Point-to-point protocol, 19 auditing, 711–714
offline, 80 Point-to-point tunneling protocol, definition of, 704
online, 80 122–127, 161–162, 384, 676 groups, 704–705
prevention of, 79 Policies purpose of, 672
summary of, 93 acceptable use, 682–685, 699, 749 single sign-ons, 708–709, 750
Password authentication protocol, 20, 381 code of ethics, 699, 750, 753 summary of, 747, 750
Password hashing, 80 creation of, 673–674, 701–703 user accounts, 704–705
Password management, 691, 749 definition of, 673 Privilege monitoring, 712
Password-based cryptography standard, disposal/destruction, 695–697, 749 Procedures
577 due care, 685–687, 749 creation of, 673–674
PAT. See Port address translation human resources, 697–699, 749 definition of, 673, 682
Patches, security, 135, 314–316, 489, 501 ignoring of, 679–680 ignoring of, 679–680
Payload, 130 incident response, 699–704, 750 notification, 729
P-boxes, 530 legal review of, 689 overview of, 672–675
PDAs. See Personal digital assistants management support for, 689 policies vs., 682
PERL, 307 “need to know,” 690–691, 749 purpose of, 673
Permutation operations, 530 overview of, 672–675 security, 682
Per-packet authentication, 192 privacy, 687–689, 749, 753 summary of, 747–750
Persistent cookies, 270 procedures vs., 682 updating of, 682
Personal digital assistants, 104, 399, 678 purpose of, 673 ProDiscover, 646
Personal information exchange file, 566 security Programming languages, 314
Personal information exchange syntax objective of, 675 Promiscuous mode, 218
standard, 578 personal equipment, 678–679 Protected extensible authentication
PGP, 140–142, 158, 162, 559 physical, 680–681 protocol, 109
Phishing, 73–74, 152–155, 273, 622. See restricted access, 676–677 Protected network, 433
also Web spoofing workstations, 677–680 Protocols. See also specific protocol
Phishing filter, 153–155 separation of duties, 689–690, 749 enabling and disabling of, 492–498
Phreakers, 384 storage, 729–730 RADIUS-supported, 118
Physical barriers, 615–617 summary of, 747–750 tunneling. See Tunneling protocols
Physical security POP3. See Post office protocol 3 e-mail Proxy FTP, 334
access control. See also Access control Pornography, 683 Proxy server, 443
alarms, 610 Port Public addressing, 450
identification card for, 609 definition of, 363 Public classification, of documents, 728
methods of, 609 FTP, 333, 363–364 Public information officer, 636
password protection, 610–615 list of, 362, 514 Public key
unauthorized starting up of logical, 363 certificate used for, 573
machines, 615 open, 491–492 definition of, 536, 559, 566
user account configurations, physical, 363 Public key cryptolography, 133
612–614 registered, 362 Public key distribution systems, 537
assessments of, 608–609 well-known, 362–364 Public key encryption, 537
biometrics, 26, 618, 659, 693 Port access entity, 189 Public key infrastructure
centralization vs. decentralization of Port address translation, 448 certificate authority
servers, 709–710 Port numbers, 364–365 intermediate, 564
corporate theft, 608, 648 PortalXpert Security, 345 root, 563–564
data, 617–618 Post office protocol 3 e-mail single models, 562–563, 596
definition of, 606, 680 description of, 11 subordinate, 563–564
design considerations for, 606–607 password protections, 12 description of, 21, 527
dumpster diving concerns, 75, 92, 95, sniffing vulnerabilities, 134 hierarchical model
620, 697 Power loss, 743–744 intermediate certificate authority,
elements of, 606 Power-based attacks, 531 564
employee education about, 619–620 Power-On password, 615 root certificate authority, 563–564
environment. See Environment PPTP, 123-127
