Page 857 - StudyBook.pdf
P. 857
Index 841
Virus(es) spoofing prevention, 273 description of, 108, 183–184
anti-virus software for, 149, 657–658 Web root, 257 disadvantages of, 201
cell phone, 285 Web server encryption process, 185
description of, 82–83, 93 access control, 256–257 information resources, 205
e-mail attachment transport of, authorization concerns, 502–503 insecurity of, 238–239, 247
148–149, 158–159 backups, 261 IV reuse, 204, 239
Melissa, 149 bugs in, 275 keys, 206–210
text messaging device, 285 directories, 257–259 128-bit, 206, 245
Virus hoaxes, 152 exploitation of, 275–276 plaintext attack vulnerabilities, 202
VLANs. See Virtual local area networks hardening of, 501–503, 517 privacy created with, 184–186
Voicemail, 384 integrity of, 263 RC4 encryption algorithm, 202–203,
Volatile data lightweight directory access protocol- 239
definition of, 642 enabled, 345 shared-key authentication, 199
from memory, 644–645 lockdown of, 255–256 64-bit, 206, 245
preservation of, 642, 644–645, 647 logging activity, 261 stream ciphers used by
VPN. See Virtual private network operating system lockdown, 502 description of, 111
Vulnerabilities rogue, 263–268 vulnerability of, 203–205
acceptance of, 656–657 scripting vulnerabilities, 260–261 summary of, 240–241
ActiveX, 293–296 securing of, 349 vulnerabilities of
administrator, 135 software, 255 description of, 201–206, 233
coax cabling, 403 vulnerabilities, 260–261, 501–503, 517 information sources for, 245
code signing, 311 Web sites tools for exploiting, 112–113
common gateway interface, 322 acceptable use policies for, 683 wireless application protocol vs., 184
countermeasures for, 743 backup of, 305 Wireless access points
data modification, 134 education-based uses of, 721 definition of, 377
definition of, 656 privacy policies regarding visits to, placement of, 377–378
eavesdropping, 79, 134, 221, 245–246 688–689 rogue, 224, 243
802.1x, 111–113, 228 restricted access policies for, 676 Wireless application protocol
e-mail, 143–155 spoofing, 73 description of, 168, 177, 242
failure to fix, 657–658 Web spoofing, 272–275. See also Phishing vulnerabilities of, 200–201
identification of, 742–743 Web user accounts, 256–257 Wireless cells, 625–626
PGP, 142 Web-based security Wireless connectivity, 107
RADIUS, 119 overview of, 254–255 Wireless devices
RC4 encryption algorithm, 202–203 summary of, 346–347 connectivity between, 176
scanning for, 77, 92 Web-based vulnerabilities description of, 147–148
scripting, 260–261 ActiveX. See ActiveX Wireless local area networks
server, 398 description of, 286 description of, 108, 168, 176
service packs for repair of, 658, 663 Java, 286–289 802.11 standard. See 802.11
TACACS+, 121–122 Web-of-trust model, 561–562, 596 insecurity of, 238
threat and, 656 Well-known ports, 362–364 summary of, 238
user, 135 WEP. See Wired equivalent privacy wired equivalent privacy protocol, 108
wired equivalent privacy protocol, protocol Wireless markup language, 147
201–206 WEPCrack, 113 Wireless network
wireless application protocol, 200–201 WepLab, 112–113 access points, 175
wireless network, 200–206 “White-hat” hackers, 119 ad-hoc configuration of, 181–182, 241
wireless technology, 418 WiFi protected access, 108–109 architecture of, 173–176
workstations, 393–394 WiFi-complaint access points, 207–210 attacks on
Winamp, 394–396 active, 198–199
W Windows 2003 denial of service, 225–228
auditing in, 28–33 eavesdropping, 221, 245–246
WAP. See Wireless application protocol disabling non-essential services in, flooding, 225–228
War chalking, 377 38–41 hijacking, 223–225
War dialing Windows Vista identifying weaknesses, 215–217
definition of, 74, 211 address space layout randomization, 65 NetStumbler, 195–197, 211–215
dial-in numbers identified through, client connection in, 124–127 passive, 193–198
382 user accounts in, 612 selection of network for, 211–215
exercise involving, 378–381 Windows XP sniffing, 217–221
Wardriving auditing in, 28–33 spoofing, 198, 221–223
description of, 193–195, 211, 377 disabling non-essential services in, Bluetooth, 172, 399
software used for, 195–196 38–41 carrier sense multiple access with
Warm site, 739 full backup procedure, 734–735 collision avoidance, 174–176
Web browsers inventory creation, 725–726 communication in, 169–173
content filtering by, 306 static wired equivalent privacy protocol control frames, 182
cookies. See Cookie keys, 207–210 data encryption, 175–176
description of, 268–269 user accounts in, 612 data frames, 182
exploitation of, 268–276, 349 WinDump, 463–464 data link layer of, 173–174
Internet Explorer, 316–322 Wired equivalent privacy protocol demilitarized zone, 230, 237
programming language restrictions, 314 authentication uses of, 183 802.3, 174
security recommendations, 313–316, benefits of, 184, 205 802.11, 174–176
347 collisions effect on, 175
