Numbers
- 1000BaseT Ethernet
- maximum direct link distance, 110
- spanning distances, 93
- 2DES, vulnerabilities, 86
- 3DES, 218, 244, 249
- number of keys needed, 141
- 4G cellular networks, 169
A
- ABAC. See attribute-based access control (ABAC)
- access cards, physical security, 30–31
- access control
- access control lists (ACLs), 189, 191, 196, 251, 258
- access control matrix, 258
- access controls, 175. See also authentication
- ABAC, 189
- access granting, 141
- attacks, 132
- cloud-based applications, 11
- decentralized,
- default access,
- delegating rights, 15
- employee termination,
- excessive privileges, 170
- fingerprint scanning,
- firewalls, 10
- identity proofing,
- lattice-based, 192
- MAC,
- mandatory, 10
- medical records, 178
- models,
- new users,
- nondiscretionary,
- NTFS filesystems,
- object ownership, 13
- post-admission, 161
- principles, 178
- rule-based, 192
- scheme types, 177
- security principles, 33
- single sign-on,
- standalone file servers,
- subject/object model, 192
- superuser privileges, 34
- system types, , 15
- technologies,
- threats, 160
- types, 31, 146, 166, 171
- wireless networks, 156
- access permissions, best practices, 32
- account maintenance,
- accountability, 191
- accounting,
- ACK scans, 210, 242
- Active Directory, 204
- Group Policy, 203
- trust, , 156
- Active Directory Federation Services (ADFS), 245
- active wireless scanning, problems, 99
- Address Resolution Protocol (ARP), 182, 264
- ARP spoofing, 106
- OSI layer, 99
- penetration testing, 104
- ADFS (Active Directory Federation Services), 245
- administrative controls, 163, 199
- confidentiality of information, 19
- evaluating, 173
- security processes, 26
- administrative privileges, principles, 33
- Advanced Encryption Standard (AES), 218, 220, 245, 253, 257
- advanced persistent threat (APT), 210, 259
- system restoration options, 59
- adverse events, 212
- AES-256, 218
- aggregation of privileges, 200, 258
- aircrack-ng, 93
- algorithms
- AES, 218
- DES, 218
- encryption, 150
- hashing, 83
- nonrepudiation support, 88, 223
- obsolete cryptographic, 85
- symmetric cryptosystems, 84
- symmetric encryption keys, 88
- time-based, 190
- varying encryption key strength, 86
- alternate processing facilities, 185
- amplification attacks, 207
- annual rate of occurrence (ARO), 202, 204
- annualized loss expectancy, 202, 246
- annualized rate of occurrence, risk assessment, 38
- antimalware
- APTs, 210
- heuristic detection, 241
- heuristic-based, 250
- installation detection, 241
- application control technologies, 127
- application logs, 217
- application management, 177
- application threat modeling, 265
- application-level gateway firewall, 243
- applications, session management solutions, 127
- application control technologies, 132
- APT. See advanced persistent threat (APT)
- archive bit, backups, 164
- ARO. See annual rate of occurrence (ARO)
- ARP. See Address Resolution Protocol (ARP)
- asset valuation methods, 51, 203
- asymmetric cryptosystems, keys, 223
- asymmetric encryption systems, 161–162, 221
- keys, 222
- nonrepudiation, 223
- number of keys needed, 87
- session keys, 222
- asynchronous tokens, 190, 193
- attacks, 129. See also exploits; security
- access controls, 132
- amplification, 207
- ARP spoofing, 106
- automated password cracking, 88
- BEAST, 219
- bluesnarfing, 105
- botnets, 156
- brute-force, 205, 208, 240, 263
- buffer overflow, 30, 208
- collision, 221
- CRIME, 219
- cross-site scripting, 96
- cryptography, 85
- DDoS, 37
- denial-of-service, 33, 253
- denial-of-service, 240
- dictionary, 208, 240, 253
- DoS, 157
- eavesdropping, 197
- elevation of privilege threats, 47, 206
- employee trust, 155
- encryption technologies, 81
- exploit testing tools, 144
- IP spoofing, 111
- login attack types, 46, 50
- malware beaconing, 59
- man-in-the-middle, 208, 218, 240, 253
- meet-in-the-middle attack, 214, 222
- nslookup, 110
- packet injection, 218
- pass-the-hash, 262
- passwords, 151, 154
- penetration testing, 38
- plaintext, 222
- POODLE, 219
- preventing, 174, 182
- rainbow tables, 83, 139, 208, 243–244
- ransomware, 196
- repudiation, 206, 261
- spoofing, 206
- SQL injection, 41
- Stuxnet, 219
- teardrop, 240
- threat actors, 211
- TOC/TOU attack, 266
- types, 20
- between users and websites, 105
- VM escape exploits, 125
- web-based applications, 54
- wireless, 111
- wireless networks, 156
- zero-day, 53, 151
- zero-day vulnerabilities, 128
- attribute-based access control (ABAC), 189
- audit logging, 208, 260
- auditing, 195
- backup maintenance, 47
- backups, 206
- controls, 76
- SaaS, 182
- Windows audit log types, 165
- authentication, , , 163, 193, 248. See also access control
- availability risks, 11
- backend (VPNs), 98
- biometric, –4, 132
- CER, 240
- data gathering and, 240
- device-based, , 188
- dynamic knowledge-based, 190
- dynamic knowledge-based, 191
- ERR, 240
- FAR, –4, 240
- FRR, –4, 240
- identity platform types, 186
- knowledge-based, 191, 192
- log reviewing techniques, 54
- multifactor technologies, , 149
- OAuth,
- palm scans, 193
- password improvement, 11
- port-based, 95
- scans, 263
- techniques, , 189
- ticket-based, 12
- tokens presentation, 189
- tools, , 175
- Type 3 authenticators, 12
- voice pattern recognition, 142
- vulnerability scanners, 209
- Authentication Header, 262
- authorization, , 191, 193, 244. See also identity verification
- standalone file servers,
- tools, 153
- automated-account provisioning, 241
- availability attacks, 196
- availability control, 197
- awareness programs, 124, 255, 257
B
- backend authentication protocols, VPNs, 98
- backup media rotation schemes, 214, 245
- backup tape rotation schemes, 67
- backup tapes
- exposure, 220
- security when shipping, 87
- third-party storage, 82
- backups, 257
- APTs, 210
- archive bit, 164
- auditing, 206
- configuring, 68
- differential, 214
- electronic vaulting, 212, 215
- protecting, 81
- recovery schemes, 143
- scheduling, 167, 196
- bandwidth consumption, 211
- bare-metal virtualization environment, 121
- baseline security, 196, 198, 201, 263
- bastion host, 243
- BCP. See business continuity plans
- Bcrypt, 220
- beacons, 210
- BEAST attack, 219
- best evidence rule, 240, 246
- beyond-a-reasonable doubt evidence standard, 183
- BGP, 242
- BGP (Border Gateway Protocol), 254
- binary key spaces, 221
- binary keyspaces, 249, 252
- biometric authentication, –4, 132, 240, 245
- CER standard, 189
- crossover error rate, 188
- multifactor authentication, 192
- retina scans, 179
- tokens, 190
- BIOS, malware, 213
- bit-by-bit acquisition, 211
- BitLocker, 180, 219
- BitTorrent, 217
- black box testing, 152, 201, 202, 241, 250, 258, 259
- blacklisting, 241, 262
- Blowfish, 220, 222
- bluesnarfing attacks, 105
- Bluetooth
- best practices, 105
- penetration testing, 101
- Border Gateway Protocol (BGP), 254
- botnet command and control systems, preventing connections, 125
- botnets
- attack types, 156
- detecting, 44
- repeat attacks, 66
- bridges, 250
- broadcast storms, 94
- brute-force password attacks, 151, 201, 205, 208, 240, 246, 263
- buffer overflow attacks, 30, 208, 209
- business continuity plans, 20, 184, 255, 266
- documentation, 63, 212
- goals, 163
- management approval, 217
- project scope, 73
- restoration after incident, 179
- risk acceptance, 146
- senior management role, 63
- stakeholders, 65
- strategies, 170
- tasks, 155
- team membership, 213
- training, 63, 212
- training intervals, 134
- business continuity roles, 241
- business impact analysis, 40
- assessment tools, 54
- metrics, 149
- qualitative tools, 210
- risk acceptance, 208
- business processes, 146
C
- CA. See certificate authority (CA)
- cable lengths, 178, 262, 266
- CAC, 13
- Capability Maturity Model (CMM), 207
- capability tables, 189
- capacitance motion detectors, 241
- captive portals, 252
- CAS (Central Authentication), 245
- Category 3 UTP cable, speed rating, 99
- Category 5e UTP cable, 240
- Category 6 cables, maximum distance, 185
- Category 6 UTP cable, 240, 266
- Category 7 UTP cable, 240
- CBC (Cipher Block Chaining), 245
- CCMP. See Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP)
- CDN. See content distribution network (CDN)
- cell phones
- mobile device management software, 169
- remote wiping, 169
- cellular networks
- encryption, 257
- security considerations, 169
- Central Authentication (CAS), 245
- central logging infrastructure, 41, 138
- centralized account control, 190
- centralized authentication records, 216
- CER standard, 189, 240
- Certificate Authority, digital certificate trust, 222
- certificate authority (CA), 162
- Certificate Revocation List, 223
- certificate revocation lists, 88, 222
- CFB (Cipher Feedback), 245
- chain of custody documentation, 213
- chain of custody forms, 211
- challenge/response process, token-based authentication, 12
- change control, 201
- change logs, 201
- change management, 23–24, 34, 247
- check/time of use, 266
- checklist review, 214, 216, 242, 251, 256, 259, 265
- Christmas tree scans, 210
- Cipher Block Chaining (CBC), 245
- Cipher Feedback (CFB), 245
- civilian data classifications, 77
- client-servers, securing data, 78–79
- clipping (logs), 210
- closed-circuit television, 198
- cloud computing, 249, 250, 251, 261
- IaaS, 160
- models, 137, 151
- object-based storage systems, 134
- responsibilities, 152
- service types, 177
- web-based email services, 178
- cloud e-commerce applications, technologies, 186
- cloud environments, 128
- cloud infrastructure, load balancers, 103
- cloud solutions, 128, 129
- cloud-based applications, access control, 11
- cloud-based services, types, 171
- CMM. See Capability Maturity Model (CMM)
- code analysis, 209, 257
- codes of ethics, 19, 195
- cold sites, 215
- collection phase, 246
- collision attacks, 221
- command-and-control servers, detecting botnets, 44
- command-line protocols, server administration, 81
- Common Access Card, 194
- Common Vulnerability and Exposure (CVE), 202
- compensating access controls, 199
- Compute as a Service, 262
- computer security incident response team (CSIRT), 61
- Computer Security Incident Response Team (CSIRT), roles, 211
- confidentiality breaches, 200, 252
- confidentiality controls, 197
- confidentiality of information, 19
- configuration control, 201
- conflicts of interest, codes of ethics, 19
- constrained interfaces, 262
- content distribution network (CDN), 217, 249
- context-dependent control, 262
- contract disputes, verbal agreements, 144
- control categories, 20
- control objective frameworks, 51
- corrective access controls, 199
- cost-benefit analysis, quantitative risk analysis, 210
- Counter (CTR), 245
- Counter Mode Cipher Block Chaining Message Authentication Mode Protocol, (CCMP), 109
- credential management systems, 190
- credentials, management,
- credit card numbers, 219
- CRIME attack, 219
- cross-site scripting attacks, 96
- crossover error rate, 188
- cryptographic algorithms
- keys, 151
- nonrepudiation support, 88
- cryptographic erase, 210
- cryptographic tools, defense-in-depth, 76
- cryptography
- attack types, 85
- cypher types, 86
- decryption keys, 147
- digital signatures, 147
- encryption keys, 147
- file transfer protocols, 89
- goals, 84, 85, 139, 154
- hash functions, 84
- inspection of algorithms, 85
- meet-in-the-middle attack, 214
- obsolete algorithms, 85
- substitution cyphers, 222
- symmetric cryptosystems, 84
- transposition cyphers, 222
- cryptosystems
- keys, 259
- symmetric encryption algorithms, 88
- crystal box penetration testing, 241, 258, 264
- cryptographic systems, 76
- CSIRT. See Computer Security Incident Response Team (CSIRT)
- CTR (Counter), 245
- CVE. See Common Vulnerability and Exposure (CVE)
- cyphers, 86
- cyryptographic algorithms, keys, 155
D
- DAC. See discretionary access control (DAC)
- compared to MAC,
- flexibility and scalability, 31
- DARPA TCP/IP model, compared to OSI, 108
- data, categories, 79
- data at rest, 78–79, 219
- data breaches, 23
- data centers
- physical safety, 65
- risk assessment, 37
- Data Encryption Standard (DES), 218
- data in motion, 110, 219
- data in transit, 220
- data integrity monitoring, 205
- Data Link layer, 181, 263
- data minimization, 217
- data remanance, 116
- data retention, electronic signatures, 81
- data storage, 198
- data streams, 263
- data tampering, solutions, 47
- database servers, fault tolerance, 66–67
- datagrams, 263
- DDoS. See distributed denial-of-service (DDoS) attacks
- de-encapsulation, 244
- decentralized access control, , 151, 189, 250
- decryption keys, 147
- symmetric cryptosystems, 89
- defense in depth, 196, 197
- denial-of-service (DoS) attacks, 99, 205, 240, 253
- amplification attacks, 207
- filtering, 205
- fragmented TCP packets, 104
- security goals, 93
- SYN floods, 157
- types, 33
- deprovisioning, 241
- DES encryption. See Data Encryption Standard (DES)
- 2DES vulnerabilities, 86
- 3DES, 244
- alternative tools, 81
- encryption key bits, 221
- key bit size, 84
- meet-in-the-middle attacks against, 222
- design review phase, 201
- destroying data, 210
- detection phase (incident response), 216
- detective controls, 242, 247, 252
- deterrence, 256
- device authentication, 188
- device fingerprinting, 240
- device-based authentication,
- devices
- inventories, 211
- mobile vulnerabilities, 124
- network protocols, 163
- network traffic controlling, 152
- uniquely identifying, 132
- dictionary attacks, 208, 240, 253
- differential backups, 214, 245, 255
- Diffie-Hellman protocol, 220
- symmetric encryption keys, 221
- digital certificates, 188, 254. See also self-signed certificates
- certificate revocation lists, 87, 88, 222
- encryption keys, 83–84
- keys, 162
- self-signed, 217
- standards, 86
- trust requirements, 87, 222
- X.509 standard, 222
- digital content management, 196
- digital labels, 218
- digital signatures, 147, 196, 249, 254
- creating, 247
- cryptographic algorithm support, 86
- nonrepudiation, 247
- private encryption keys, 221
- repudiation and, 248
- symmetric encryption algorithms, 222
- direct evidence, 217
- directive controls, 247, 252
- directory traversal attack, 210
- disaster recovery plans, 68, 136, 183, 242, 256
- calculating acceptable loss, 138
- checklist review, 214
- completing, 215
- facility selection, 164
- full interruption tests, 214
- parallel tests, 214
- process completion, 69
- recovery capabilities, 69
- recovery techniques, 69
- response tests, 172
- risk acceptance, 208
- tabletop exercise, 214
- test types, 166
- testing, 154
- variables, 146
- disaster recovery tests, 67, 70
- disclosure (incident response), 211–212
- discovery, 248
- discretionary access control (DAC), 191, 192, 194, 195, 199, 244, 261
- discretionary account provisioning, 240
- distributed denial of service (DDoS) attacks
- defenses, 125
- NTP Services, 37
- security goals, 93
- DNS. See Domain Name System (DNS)
- documentary evidence, 217
- best evidence rule, 240
- hearsay rule, 240
- documentation
- business continuity plans, 63, 212
- centralized authentication records, 216
- chain of custody forms, 211, 213
- emergency response guidelines, 212
- forensic investigations, 162
- Information Technology Infrastructure Library (ITIL), 207
- ISO 27002, 207
- lessons learned phase, 217
- NIST 800 series, 198
- NIST SP 800-12, 202
- NIST SP 800-122, 219
- NIST SP 800-53A, 202
- postmortem incident review, 72
- provider-customer relations, 170
- SLAs, 215
- types, 172
- vital records, 197
- Domain Name System (DNS), 182, 264
- door locks, 32
- DoS. See denial-of-service (DoS) attacks
- driver’s license numbers, 219
- dual power supply, 244
- dynamic knowledge-based authentication, 190–191
E
- eavesdropping attacks, 197
- ECB (Electronic Codebook), 245
- education. See also training
- EFS. See Encrypting File System (EFS)
- egress filtering policies, 104
- egress monitoring, 145
- electromagnetic field, capacitance motion detectors, 241
- electromagnetic interference (EMI), 264
- Electronic Codebook (ECB), 245
- electronic discovery reference model, 144
- electronic signatures, 220
- electronic vaulting, 212, 215
- elevation of privilege threats, 47, 205, 206
- email, 149
- confidential data, 112
- confidentiality, 180
- encryption, 82, 220
- integrity, 166
- embedded device analysis, 214
- emergency response guidelines, 136, 212, 242, 261
- Encapsulating Security Payload (ESP), 221, 262
- Transport mode, 223
- Tunnel mode, 223
- encapsulation, 254
- encrypted viruses, 257
- Encrypting File System (EFS), 219
- encryption, 197, 247, 248
- algorithms, 80, 150
- asymmetric systems, 161–162
- cellular networks, 257
- DES alternative tools, 81
- DES key size, 84
- digital signature support, 86
- email, 82, 220
- full disk, 180, 263
- logs, 243
- metrics, 148
- proprietary data, 78
- protecting backups, 81
- protecting sensitive information, 217
- public keys, 247
- RADIUS, 218
- stolen devices, 242
- technologies, 80
- traffic sniffing, 218
- unencrypted networks, 253
- USB thumb drives, 82
- Web of Trust, 217
- encryption keys, 85, 147, 151
- 3DES, 141
- AES length, 157, 168
- asymmetric encryption systems, 87
- binary key spaces, 221
- digital certificates, 83–84, 162
- digital signatures, 147
- private key storage, 160
- private messages, 162
- symmetric cryptosystems, 171
- symmetric encryption algorithms, 88
- TLS, 87
- varying key strength, 86
- WEP, 105
- enterprise devices, message logging standards, 40
- enterprise resource planning (ERP), port scanning, 117
- entitlement (privileges), 194
- erasing data, 210
- ERP. See enterprise resource planning (ERP)
- escalating (incident response), 211
- ESP. See Encapsulating Security Payload (ESP)
- ESP (IPSec), transport mode, 88
- espionage, 200
- Ethernet
- cabling, 133
- jam signals, 109
- spanning distances, 93
- topologies, 93
- Ettercap, 246
- EU GDPR, personal information, 115
- EU-U.S. Privacy Shield, 249
- events, criteria, 210
- evidence. See forensic evidence
- best evidence rule, 246
- chain of custody documentation, 213
- civil investigations, 265
- criminal investigations, 265
- criteria, 214
- direct, 217
- expert opinion, 216–217
- forensic investigation standards, 181
- handling, 210
- hearsay rule, 240
- operational investigations, 265
- parole evidence rule, 240, 246
- real, 217, 246
- regulatory investigations, 265
- testimonial, 240
- evidence documentary, 217
- evolution testing, 202
- excessive provisioning, 254
- exiftool, analyzing JPEGs, 58
- expert opinion evidence, 216–217
- exploits. See also attacks
- CVE, 208
- Metasploit, 209
- social engineering and, 260
- testing tools, 144
- exposure factor (risk assessment), 37, 201, 255
- external audit, 260
- extranets, , 188
F
- failover clusters, 213
- FAR (authentication), –4, 188, 240
- fault tolerance, 195
- fault-tolerant systems, RAID 5, 63
- FCoE (Fibre Channel over Ethernet), 249
- federated identity management, technologies, 10
- fences, 196
- fiber-optic cable, 264
- Fibre Channel over Ethernet (FCoE), 249
- file attributes, Linux,
- file encryption, 217
- file integrity monitoring, 217
- file servers
- accessing, 10
- accessing securely, 21
- integrity controls, 22
- File Transfer Protocol (FTP), 219, 244
- file transfer protocols, cryptography, 89
- FileVault, 220
- filtering, beacons, 210
- fingerprint scanning, 248
- automated system, 240
- errors,
- fingerprinting, devices, 240
- fire detection technologies, 28, 198
- fire extinguishers, 30
- Class B, 242
- liquid-based fires, 136
- fire suppression systems, 29, 140, 196, 198, 244, 253
- fires
- liquid-based, 136, 242
- suppression mechanisms, 160
- FireSheep, 253
- firewalls, 196
- access control, 10
- application-level, 243
- architectures, 98
- availability issues, 110
- connection status between packs, 139
- controls in SaaS environment, 126
- denial-of-service attacks, 106
- designs, 96, 108, 109
- iptables rulesets, 115–116
- logs, 241
- network communications, 98
- risk assessment, 39
- rule-based access control, 192
- rulebases, 107–108
- rules, 197
- static packet filters, 244
- traffic filtering, 138
- traffic inspecting, 111
- firmware, malware, 213
- flags (TCP), setting, 210
- footers, removing, 244
- forensic analysis, 264, 265
- forensic disk controller, 67, 213
- forensic evidence
- admissibility, 67
- civil cases, 62
- forensic hard drive images, 211
- forensic investigation
- beyond-a-reasonable doubt standard, 183
- documentation, 66, 162
- evidence handling, 210
- evidentiary standards, 181
- forms, 60
- imaging virtual machines, 61
- SQL injection attacks, 72
- types, 179
- forest trusts, 252
- format string vulnerabilities, testing, 37
- frames, 263
- fraud detection, 22
- FRR (authentication), –4, 188, 240
- FTP. See File Transfer Protocol (FTP)
- full disk encryption, 217, 219, 263
- full interruption tests, 216, 251, 256, 259, 265
- disaster recovery plans, 214
- full-mesh topologies, 106
- fully qualified domain names (FQDNs), 264
- fuzzers, 201, 207
G
- gateways, 250
- Google, identity integration, 173
- Google accounts
- OpenID, 190
- text message verification, 116
- Google Authenticator, 190
- GPG encryption, 220
- Grandfather/Father/Son, backup media rotation scheme, 214
- gray box penetration testing, 55, 152, 241, 250, 264
- Group Policy, 203, 244
H
- hack back activities, 215–216
- hard drives
- acquisition types, 211
- analyzing content, 59
- cryptographic erase, 210
- forensic analysis, 68
- forensic images, 211
- handling evidence, 210
- laptop security, 126
- purging, 59
- RAID 5, 63
- software write blockers, 211
- write blockers, 211
- hardening network systems, 118
- hardware, warm sites, 254
- hardware tokens, 190
- hardware write blockers, 211
- hashing, 196
- algorithms, 83
- cryptographic hash functions, 84
- evidence handling, 210
- functions, 221
- log file integrity, 217
- malware identification, 118
- MD5, 218
- password hashing flaws, 175
- salts, 221, 223
- technologies, 82
- headers, removing, 244
- healthcare providers, data types, 181
- hearsay rule, 240
- heartbeat sensors, 260
- help desk, password change incidents, 11
- heuristic-based antimalware software, 152, 241, 250, 262
- high microwave frequency signal transmissions, motion detectors, 147
- hosting services, 72
- hosts file, malware changes, 117
- hot sites, 215, 255, 266
- hot spots, security, 110
- HTTP port 80, 204
- HTTP server, application log, 252
- HTTPS, port 443, 204
- hypervisor, 260
I
- (ICS)2 code of ethics, 139, 195, 200
- IDEA algorithm, 220, 249
- identification, , 191
- identification cards. See pass cards
- identification phase, 246
- identification tools, 261
- Identity as a Service (IDaaS), 154, 252, 259
- identity integration, 173
- identity proofing, , 190, 195, 257
- identity systems, accountability, 204
- identity verification. See also authorization
- biometric, –4
- OAuth,
- processes,
- RESTful API,
- IDS. See intrusion detection systems (IDS)
- implicit deny, 189
- in-band monitoring, 254
- Incident classification, keylogging, 58
- incident classification scheme, unauthorized users, 62
- incident investigations, 70
- information gathering, 69
- incident recovery, 210
- incident response
- alerts, 71
- analyzing JPEGs, 58
- communication process, 62
- CSIRT leader role, 211
- damage control, 71
- detection stage, 212, 216
- disclosure, 211–212
- efficiency, 70
- file integrity monitoring, 71
- improving, 61
- intrusion detection systems, 64
- lessons learned phase, 216
- limiting scope, 70
- memory imaging, 211
- mitigation phase, 215
- phases, 71, 145, 164
- post discovery, 210
- postmortem documentation, 72, 217
- postmortems, 211
- priorities, 58
- project scope and planning phase, 217
- remediation, 213
- repeat botnet attacks, 66
- stages, 212
- steps, 213
- types of evidence, 72
- incidents, Reporting phase, 246
- incremental backups, 245
- information classification systems, security baselines, 28
- information disclosure, 205
- information security. See also security
- control objective frameworks, 51
- data breaches, 23
- load balancing, 23
- overlapping security controls, 24
- principles, 21, 32
- Wireshark, 25
- Information Technology Infrastructure Library (ITIL), 207
- Infrastructure as a Service, 241, 247, 251, 253, 259, 262
- cloud computing, 160
- data remanence, 116
- port scanning, 119
- provider responsibilities, 129
- removing data from drives, 126
- secure encrypted connections, 123
- vendor responsibilities, 147
- inheritable trusts, 190
- insurance, 263, 266
- intangible evidence, 214
- integrity breaches, 200
- integrity controls, 196
- international network security, 103
- interrogations, compared to interviews, 215
- interviews, compared to interrogations, 215
- intrusion detection systems (IDS), 39, 49, 203
- incident response, 64
- logs, 204, 216
- security events, 206
- TCP connections, 44
- technologies, 173
- unencrypted FTP traffic, 101
- virtualized environments, 125
- wireless, 102
- inventories, devices, 211
- IP addresses
- nonroutable IP addresses, 209
- types, 161, 178
- IP spoofing attacks, 111
- ipconfig, 101
- IPsec, 178
- configuration, 83
- ESP transport mode, 88
- IPsec tunnels, 219
- iptables, firewall rulesets, 115–116
- ISO 27002 standard, 207
- ITIL. See Information Technology Infrastructure Library (ITIL)
J
- jam signals, Ethernet, 109
- John the Ripper, 58, 210
K
- Kerberos, 193, 241, 245, 252
- Kerckhoff’s principle, 221
- key management, 253
- key risk indicators, 203
- keyloggers, 19, 22, 196
- NIST incident classification, 58
- knowledge-based authentication, 191, 192
L
- labels, 245
- access control, 10
- MAC, 14
- landline phones, 247
- lattice-based access control, 192, 244, 261
- LDAP, 193
- LEAP protocol, WPA, 107
- least privilege, 191, 196, 200, 246, 263
- lessons learned phase (incident response), 216
- document distribution, 217
- Linux
- discretionary access control, 194
- file attributes,
- iptables-based firewall rulesets, 115–116
- John the Ripper, 210
- message logging standards, 40
- password testing, 58
- security, 208
- setting permissions, 13
- liquid-based fires, 242
- load balancers, 103, 244
- load balancing, 196
- local file inclusions, 209
- local scans, 210
- locks, 200
- log management systems, 204
- logging
- application settings, 40
- archiving logs, 203
- audit, 208
- auditing controls, 76
- authentication logs reviewing techniques, 54
- bastion host, 243
- central logging infrastructure, 41, 138
- clipping, 210
- encrypting logs, 243
- firewalls, 241
- hashing files, 217
- inconsistent timestamps, 209–210
- inconsistencies, 53
- log files, 135
- log management systems, 44, 175
- log review, 243
- log rotation, 243
- log storage, 243
- logged-in users, 141
- login attack types, 46
- message logging standards, 40
- modification, 256
- NTP, 203
- passwords,
- remote journaling, 215
- reviewing network traffic information, 51
- sampling, 210
- security incidents, 37
- time sequencing, 42, 203
- transaction, 215
- types, 155
- Windows reboots, 49
- logic bombs, 248
- logical acquisition, 211
- logins, 244
- logs, Windows, 255
M
- macro viruses, 129
- magnetic stripe card, 261
- malware, 130, 172
- analysis types, 116
- APTs, 210
- BIOS, 213
- built-in propagation mechanisms, 152
- detection tools, 115
- distribution domains, 120
- finding replaced files, 119
- firmware, 213
- hashing packages, 118
- heuristic-based antimalware software, 152
- hiding viruses, 168
- host file changes, 117
- scan results, 130
- signature-based detection, 259
- testing applications, 174
- testing functionality, 123
- types, 148, 173
- malware beaconing, 59
- malwr.com, 120
- man-in-the-middle attacks, 208, 218, 240, 246, 253
- mandatory access control (MAC), 10, 188, 189, 192, 194, 199
- assigning classifications, 141
- mandatory vacation programs, 196
- mantraps, 182, 199, 264
- markup languages, standards-based, 164
- MAU (multistation access unit), 248
- maximum tolerable downtime (MTD), 213, 215, 243, 246, 249
- maximum tolerable outage (MTO), 249
- MBSA. See Microsoft Baseline Security Analyzer (MBSA); Microsoft Baseline System Analyzer (MBSA)
- MD5 hash function, 218
- collision attacks, 221
- security of, 222
- MDM. See mobile device management (MDM)
- Media Access Control (MAC)
- access control,
- compared to DAC,
- flexibility and scalability, 31
- labels, 14
- OSI layer, 112
- media analysis, 214
- medical records, 219
- meet-in-the-middle attack, 214, 222
- memory imaging, 211
- message logging standards, 40
- messaging systems, 24
- metadata, 218
- Metasploit, 52, 203, 209, 246
- Microsoft Baseline Security Analyzer (MBSA), 204
- Microsoft Baseline System Analyzer (MBSA), results evaluation, 118–119
- military computer systems, System High mode, 169
- minimum security standards, 180
- Mirai, 260
- mirroring (RAID), 163
- mitigation phase (incident response), 215
- mobile device management (MDM), 136, 241
- cell phones, 169
- technologies, 135
- mobile devices
- applying consistent security settings, 126
- vulnerabilities, 124
- mobile phones, 247
- modes of operation, DES, 142
- motion detectors, 134
- capacitance, 241
- high microwave frequency signal transmissions, 147
- wave pattern, 247
- MTD. See maximum tolerable downtime (MTD)
- multifactor authentication technologies, , 149, 192
- multipartite viruses, 248, 257
- multistation access unit (MAU), 248
- mutation testing, 206
- mutual assistance, 255
N
- NAT. See network address translation (NAT)
- National Institute of Standards and Technology (NIST)
- adverse events criteria, 212
- assessing security and privacy controls, 38
- incident classification, 58
- sanitization and disposition guidelines, 27
- security incident criteria, 210
- SP 800 series documentation, 198
- SP 800-12, 202
- SP 800-122, 219
- SP 800-53A, 202
- SP 800-92, 175
- threat information types, 62
- NDAs. See nondisclosure agreements (NDAs)
- need to know, 262
- Nessus, 150, 204, 249
- NetBIOS services, 204
- netbots, forensic investigations, 70
- Netflow, 204, 211, 216
- netstat, output, 124
- Network Access Control. See access control
- Network Access Control (NAC), 249
- network address translation (NAT), 242
- troubleshooting routers, 98
- network communications
- bandwidth consumption, 211
- broadcast storms, 94
- disabling SSID broadcasting, 108
- eavesdropping,
- Ethernet topologies, 93
- firewalls, 98
- hotels, 102
- logging and reviewing, 51
- monitoring inbound traffic, 136
- protocol beacons, 210
- simultaneous transmissions, 111
- sniffing traffic, 95
- network devices, message logging standards, 40
- network flows, 208
- network infrastructure, separating from control layer, 150
- network monitoring, bandwidth tools, 60
- Network Time Protocol (NTP), 203, 244
- network traffic. See network communications
- network-enabled printers, 206
- networks
- cable lengths, 178
- cellular security considerations, 169
- device protocols, 163
- failover clusters, 213
- International network security, 103
- Internet access tools, 101
- services, 165
- specialized,
- topologies, 93–97, 102, 148, 153
- unencrypted, 253
- new users
- access control,
- default access,
- default privileges, 15
- object availability, 13
- Nikto, 203, 246
- NIST. See National Institute of Standards and Technology (NIST)
- NIST SP 800-12, 202
- NIST SP 800-122, 219
- NIST SP 800-53A, 202
- Nmap, 48, 206, 208
- default ports, 208
- port scanning, 106
- results, 52
- non-IP protocols, 106
- nondisclosure agreements (NDAs), 195
- nondiscretionary access control, , 244
- noninheritable trusts, 190
- nonregression testing, 202
- nonrepudiation, 197, 222, 248
- asymmetric encryption algorithm, 223
- cryptographic algorithms, 88
- digital signatures and, 247
- goals, 150
- nonroutable IP addresses, 209
- nontransitive trusts, 190
- nslookup, attacks, 110
- NTFS filesystems, access control,
- NTP. See Network Time Protocol (NTP)
- NTP services, DDoS attacks, 37
O
- OAuth, 193
- object-based storage systems, 134, 241
- objects, 189
- new user availability, 13
- ownership, 13
- types of,
- OFB (Output Feedback), 245
- one-way trusts, 190
- OpenID, 193
- OpenID Connect, 194
- OpenID standard, 190
- OpenVAS, 150, 204, 249
- operational investigations, 263
- OS fingerprinting, 208
- OSI layers, 94, 112, 139, 145
- compared to DARPA TCP/IP model, 108
- Data Link, 181
- datagrams, 180
- headers and footers, 161
- layer 6, 109
- MAC addresses, 112
- order, 95
- packet traversal, 101
- TCP, 164
- UDP, 164
- OSPF (Open Shortest Path First), 254
- out-of-band identity proofing, 190, 195, 254
- Output Feedback (OFB), 245
P
- P2P CDNs, 217
- packet capture data, 216
- packet filters, 243
- packet injection, 218
- packet sniffing, 211
- packets, 246
- tracking connection status, 139
- palm scans, 193
- parallel tests, 216, 251, 256, 259, 265
- disaster recovery plans, 214
- parameter checking, 199
- parole evidence rule, 240, 246
- partial backups, 255
- pass cards, 176
- security, 15
- types, 140–141
- pass-the-hash attacks, 262
- passive scanning, 102
- passwords, 10
- automated password cracking attacks, 88
- brute-force attacks, 151, 201, 205, 208
- complexity, 250
- cracking attacks, 154
- dictionary attacks, 208
- directory traversal attack, 210
- expiration, , 192
- hash salts, 182, 221, 223
- hashing flaws, 175
- help desk incidents, 11
- identity and access management, 12
- improving, 11
- improving strength, 179
- John the Ripper, 210
- laptop security, 126
- length, 251
- mandatory, 242
- patching, 202
- mobile devices, 261
- SQL injection attacks, 41
- terminology, 128
- testing software patches, 39, 172
- web server vulnerabilities, 39
- Windows 2012 servers, 115
- rainbow table attacks, 83, 139
- reset tools, 192
- rotation,
- sharing, 252
- testing, 58
- path disclosures, 209
- payloads, 244
- Payment Card Industry Data Security Standard (PCI DSS), 219
- payment cards, 25
- PCI DDS. See Payment Card Industry Data Security Standard (PCI DSS)
- penetration testing, 38, 48
- black box, 201, 202
- crystal box, 241
- false ARP data, 104
- gray box, 55
- hashed password attacks, 177
- hazards of, 206
- IP addresses, 209
- Metasploit, 52, 209
- Nmap, 208
- Nmap results, 52
- nonroutable IP addresses, 209
- preparation, 49
- scan types, 54
- steps, 206
- STRIDE, 166
- training assessment, 148
- types, 135, 171, 181
- white box, 241
- wireless networks, 93
- Penetration testing, Bluetooth, 101
- permissions, 188
- resource-based controls and, 256
- setting on Linux server, 13
- personal health information (PHI), 266
- personal identity verification (PIV) cards, 194
- personally identifiable information (PII), 19, 79, 183, 195, 220, 246, 266
- PGP. See Pretty Good Privacy (PGP)
- PHI (personal health information), 266
- phishing, 253
- photo metadata, 210
- physical controls, 242
- physical infrastructure hardening, 20
- Physical layer, 246
- physical security, 137, 154
- access cards, 30–31
- fences, 31, 196
- fire suppression systems, 140
- goals, 167
- locks, 200
- motion detectors, 29, 134
- pass cards, 15, 176
- types, 144
- wiring closets, 30
- PII. See personally identifiable information (PII)
- ping flood attack, 248
- ping utility, filtering results, 105
- plaintext attacks, 222
- Platform as a Service, 251, 253, 259, 261, 262
- PMBOK. See Project Management Body of Knowledge (PMBOK) Guide
- point-of-sale terminals, 134
- polymorphic viruses, 257, 260
- POODLE attack, 219
- port 20 (TCP), 204
- port 22 (SSH), 204
- port 43 (TCP), 203
- port 443 (HTTPS), 204
- port 80 (HTTP), 204
- port scanning, 208, 248
- coverage issues, 53
- ERP, 117
- Infrastructure as a Service, 119
- Nmap, 206
- Nmap results, 52, 106
- system identification, 45
- TCP ports, 47, 170
- tools, 39
- UDP ports, 170
- port-based authentication, 95
- Portmon, 211
- ports
- intrusion prevention, 45
- status messages, 207
- syslog service, 172
- unencrypted FTP traffic, 101
- post-admission access control, 161, 254
- postmortem reviews, 217
- preaction fire suppression systems, 198
- preservation phase, 246
- Pretty Good Privacy (PGP), 217, 220
- preventive controls, 247, 252
- private encryption keys, 223
- confidentiality, 221
- storage, 160
- private information, 218
- private IP addresses, 262
- private messages, encryption keys, 162
- private networks, non-IP protocols, 106
- privilege creep, 13, 242, 248, 254
- privileged access review, 249
- privileges, , 241
- default for new users, 15
- employee position changes, 170
- entitlement, 194
- excessive, 258
- least privilege, 246
- probability/impact matrix, 260
- procedures, 259
- processing phase, 246
- production code, conflicting modifications, 34
- project management, 207
- project scope, business continuity planning, 73
- project scope and planning phase (incident response), 217
- proprietary data, encryption, 78
- proprietary information, 218
- protected health information (PHI), 264
- protected information, types, 145
- protecting information, 217
- protocols, 182
- backend authentication, 98
- beacons, 210
- Diffie-Hellman, 220
- DoS attacks, 157
- messaging systems, 100
- network devices, 163
- secure file transfers, 183
- ticket-based authentication, 12
- timestamp inconsistencies, 140
- provisioning, 133–134, 194, 260
- automated-account, 241
- deprovisioning, 241
- discretionary provisioning, 240
- excessive, 254
- reprovisioning, 241
- role changes and, 241
- self-service, 241
- workflow-based, 240
- provisioning diagram, 133
- Proximity cards, 244
- public encryption keys, 223, 247, 254
- public information, 218
- purging, cryptographic erase, 210
Q
- qualitative risk assessment, 183, 207, 260, 265
- quantitative risk analysis, 54, 207
- cost-benefit analysis, 210
- matrix, 64
R
- race conditions, 209
- RADIUS authentication, 193, 218, 241
- alternatives for Cisco network gear, 135
- VPNs, 77
- RADIUS servers, monitoring traffic, 104
- RAID, 195, 196, 255, 266
- RAID 5, 63, 153, 212
- rainbow table attacks, 83, 139, 208, 243–244
- rainbow tables, 251, 262
- ransomware, 196
- prevention techniques, 120
- RARP. See Reverse Address Resolution Protocol (ARP)
- read-only attributes, 196
- real evidence, 217, 246
- record retention, 198
- records management programs, 197
- recovery point objective (RPO), 215, 243, 247
- recovery time objective (RTO), 215, 243, 246, 263, 266
- registration, 194, 250
- regression testing, 201, 202, 206, 259
- release control, 201
- remediation phase, 255
- remote access
- tools, 97
- VPM, assessing security, 77
- vulnerabilities, 127
- remote journaling, 215
- remote mirroring, 215
- remote scans, 210
- remote wipes, 242, 258
- Reporting phase, 246
- reprovisioning, 241
- repudiation, 205, 206, 261
- request control process, 201
- reset tools (passwords), 192
- resource exhaustion attacks, 124
- resource planning, security testing, 34
- resource-based controls, 256
- RESTful API, identity verification,
- retina scans, 263
- biometric authentication, 179
- Reverse Address Resolution Protocol (RARP), OSI layer, 99
- RFC 1918, nonroutable IP addresses, 209
- RFID devices, 193
- rights,
- delegating, 15
- employee job changes, 148
- rights management, 189
- RIP (routing information protocol), 254
- risk acceptance, 205, 208, 247, 258
- risk assessment, 207
- annualized loss expectancy, 38
- annualized rate of occurrence, 38
- approaches, 51
- asset valuation methods, 51
- business continuity plans, 146
- data centers, 37
- exposure factor, 37
- firewalls, 39
- formulas, 53, 208
- high probability/impact incidents, 213
- metrics, 42, 142, 145
- qualitative, 183
- quantitative analysis, 54
- response behavior types, 45
- types, 174
- risk avoidance, 201, 247
- risk management, 197, 203, 204
- accepting risks, 52
- insurance, 179, 184
- intrusion detection systems, 39
- key risk indicators, 203
- strategies, 46, 170
- transference, 169
- risk mitigation strategies, 149, 203, 247
- risk transference, 258, 263, 266
- rogue devices, identifying, 61
- role-based access control, 194, 205, 244
- roles, 244
- root-cause analysis (incident response), 213
- routers, 250
- RPO. See recovery point objective (RPO)
- RSA cryptosystems, 249, 266
- digital signatures, 222
- key lengths, 186
- RST flag (TCP), 94
- RTO. See recovery time objective (RTO)
- rule-based access control, 192, 194, 244, 261
- rules of evidence, 132
- rwx file attribute,
S
- sabotage, 200
- SAINT, 150
- salts, 221, 223, 260–261, 265
- SAML, 193. See Security Assertion Markup Language (SAML)
- sampling (logs), 210
- sandboxes, 260
- sanitation, 198
- scanning
- available services, 38
- Christmas tree, 210
- intrusion detection, 44
- local scans, 210
- penetration testing, 54
- ports, 39
- remote scans, 210
- Xmas, 210
- zero-day vulnerabilities, 53
- scheduled backups, 196
- SCP file transfer protocol, 220
- scripting attacks, 96
- Secure Copy (SCP), 223
- secure file transfers, protocols, 183
- Secure Shell (SSH), 220, 244
- Secure Sockets Layer (SSL), 218
- security. See also attacks; information security
- access control principles, 33
- access restrictions, 144
- access types, 142
- administrative privileges, 33
- administrative processes, 26
- awareness programs, 124
- best practices, 32
- cellular networks, 169
- change management, 23–24
- configuration documentation, 22
- configurations, 26
- controls, 184
- DAC compared to MAC, 31
- data breaches, 23
- door locks, 32
- employee knowledge, 26
- false vendors, 21
- file server access, 21
- format string testing, 37
- fraud detection, 22
- hot spots, 110
- incident information, 37
- information sanitation, 198
- information security principles, 21
- International network security, 103
- keyloggers, 19, 22
- Linux, 208
- mantraps, 199
- measuring effectiveness, 168
- messaging systems, 24, 100
- military computer systems, 169
- motion detectors, 29
- NIST 800 series documentation, 198
- NIST incident criteria, 210
- out-of-date devices, 176
- pass cards, 15, 176
- passwords, 179
- payment cards, 25
- physical, 144, 154, 167
- physical infrastructure hardening, 20
- physical locks, 200
- privileged access reviews, 150
- profiles, 198
- resource planning testing, 34
- security baselines, 28
- shipping backup data, 87
- stolen laptops, 125
- technical controls, 23
- tools, 129
- training, 198
- voice pattern recognition, 142
- VPN access issues, 96
- workstations, 26
- Security Assertion Markup Language (SAML), 192
- security cards, 30–31
- security controls, 199
- buffer overflow attacks, 30
- categories, 31–32
- long-term maintenance, 19
- security events, 207
- security incidents, 68
- effects, 214
- NIST criteria, 210
- security information and event management (SIEM), 243, 261
- security labels, 219–220
- security policies
- enforcing, 151
- exceptions, 25
- verifying compliance,
- security standards, 180
- security baselines, compliance, 41
- segregation of duties, 200
- self-service provisioning, 241
- self-signed certificates, 76, 217, 222. See also digital certificates
- senior management roles, 212
- sensitive information, 218
- separation of duties, 196, 200, 261, 262
- serial ports, monitoring, 211
- Serpent, 219
- server administration, command-line protocols, 81
- server clustering, 196
- service accounts, security, 180
- Service as a Service, port scanning, 117
- service bureaus, 215
- service fingerprints, 209
- service level agreements (SLAs), 215, 243, 247, 258
- Service Provisioning Markup Language (SPML), 255
- services (network), 165
- session keys, TLS, 222
- session management solutions, 127
- SFTP file transfer protocol, 220, 265
- shared keys, transaction identification problems, 205
- shared tenancy model, 243
- shortcut trusts, 252
- SIEM. See security information and event management
- signature-based detection, 191, 259
- signatures, vulnerability scanning, 209
- simulation tests, 242
- single loss expectancy, 202
- Single Loss Expectancy (SLE), 245
- single point of failure, 140
- single sign-on, , 260
- browser-based, 192
- federated identity management, 10
- implementations, 142
- Six Cartridge Weekly, backup media rotation scheme, 214
- Skipjack, 249
- SLA. See service level agreements (SLAs)
- SLE (Single Loss Expectancy), 245
- smart cards, 190, 193, 199
- smoke testing, 202
- SMTP (Simple Mail Transfer Protocol), 263
- snapshotting (incident response), 211
- SNMP (Simple Network Management Protocol), 211, 261
- SOAP (Simple Object Access Protocol), 255
- social engineering, 248, 252
- Social Security numbers, 219
- software, restricting use, 134
- software analysis, 214
- software approval technologies, 129
- Software as a Service, 251, 253, 259, 262
- auditing, 182
- firewall controls, 126
- software testing, test design, 49
- software tokens, 190
- software write blockers, 211
- software-defined networking (SDN), 247, 249
- SP 800-150 (NIST), 62
- sparse acquisition, 211
- spoofing, 205, 206
- SQL injection attacks, 41
- forensic investigations, 72
- software logs analysis, 217
- sqlmap, 203, 208
- SSH. See Secure Shell (SSH)
- SSID broadcasting, 253
- SSL. See Secure Sockets Layer (SSL)
- standards
- digital certificates, 86
- X.509, 222
- standards-based markup languages, 164
- star topology, 148, 251
- stateful inspection firewall, 244
- static analysis testing, 201, 206
- static packet filters, 243, 244
- static tokens, 190
- stealth viruses, 257
- stolen devices, 242
- STRIDE, 184
- application threat modeling, 182
- attack types, 49
- categories, 205
- penetration testing, 166
- spoofing and, 266
- threat mitigation, 47
- threat types, 176
- striping with parity (RAID 5), 212
- Stuxnet worm, 219
- subject/object model, 145, 192, 258
- substitution cyphers, 222
- superuser privileges, 34
- supply chain management, 195
- switches, 250
- symmetric cryptosystems, 249
- algorithms, 84
- decryption keys, 89
- digital signatures, 222
- formula for number of keys, 222
- keys, 171, 223
- nonrepudiation, 223
- symmetric cyphers, 220
- symmetric encryption algorithms, 220
- symmetric keys, shared, 205
- SYN floods, 253
- SYN scans, 210
- synchronous soft tokens, 190
- synchronous tokens, 193
- syslog, 203, 243
- syslog events, 42, 136
- syslog service, UDP ports, 172
- system administrators, configuration settings templates, 34
- system backups, avoiding errors, 66
- System High mode, security clearances, 169
T
- tabletop exercise, 216, 242, 251–252, 256, 259, 265
- disaster recovery plans, 214
- TACACS+ (Terminal Access Controller Access-Control System), 241
- tampering, 205
- tangible evidence, 214
- task-based access control, 194, 261
- TCP. See Transmission Control Protocol (TCP)
- TCP wrappers, 254
- teardrop attacks, 240
- technical access controls, 199
- Telnet, 219
- TEMPEST, 218
- testimonial evidence, 240
- testing methodologies, 152, 201, 250
- text messages, Google accounts, 116
- THC Hydra, 246
- threat actors, 211
- threat assessment, STRIDE categories, 205
- threat information types, NIST, 62
- threat modeling, 265
- threats, 203
- three-way handshake (TCP), 111, 137, 168, 242, 255, 257
- thumb drives, encryption, 82
- ticket-based authentication protocols, 12
- time-based algorithms, 190
- timestamps
- inconsistencies, 140, 209
- photo metadata, 210
- TLS. See Transport Layer Security (TLS)
- TOC/TOU attack, 266
- Token Ring, 248
- token-passing networks, 95
- tokens, 190
- access control,
- challenge/response process, 12
- presentation, 189
- topologies, 153, 248
- Ethernet, 93
- full-mesh, 106
- star, 251
- token-passing networks, 95
- Tower of Hanoi, backup media rotation scheme, 214
- trace logs, 208
- trade secret information, marking for identification, 77
- training. See also education
- business continuity plans, 63, 212
- security, 198
- transaction identification issues, 47, 205
- transaction logging, 215
- transactions
- remote mirroring, 215
- TLS, 77
- traffic sniffing, 218
- transitive trusts, 190
- Transmission Control Protocol (TCP), 163, 182, 264
- OSI layers, 164
- port 43, 203
- port scanning, 170
- ports and protocols, 103, 204
- RST flag, 94
- setting flags, 210
- three-way handshake, 111, 137, 168
- Transport layer, 263
- Transport Layer Security (TLS), 218, 219, 244, 255
- bank transactions, 77
- encryption keys, 87
- session keys, 222
- Transport mode, ESP, 223
- transposition cyphers, 222
- Trojan horses, 252
- Trojan horses, 248
- trust
- active Directory,
- digital certificate, 222
- digital certificates requirements, 87
- inheritable, 190
- noninheritable, 190
- nontransitive, 190
- one-way, 190
- relationships,
- self-signed certificates, 217
- transitive, 190
- Web of Trust, 217
- Tunnel mode, ESP, 223
- turnstiles, 266
- Type 1 authentication factors, 190
- Type 2 authenticators, 194
- Type 3 authenticators, 12
U
- UDP, 263. See User Datagram Protocol (UDP)
- unauthorized user access, 254
- incident classification scheme, 62
- unit testing, 259
- Unix, message logging standards, 40
- USB drives, encryption, 82
- user acceptance testing, 24
- User Datagram Protocol (UDP), 182, 264
- OSI layers, 164
- port 53, 50
- port scanning, 170
- ports, 204
- syslog ports, 172
- user IDs, 13
- usernames, 188, 261
- users
- access control,
- access permissions, 32
- accountability, 46
- offsite and availability, 11
- privileges,
- user IDs, 152
- validating identity, 167
V
- validation, 193
- digital certificates standards, 86
- parameter checking, 199
- user identity, 167
- verbal agreements, contract disputes, 144
- verification
- closed-circuit television, 198
- Google and text messages, 116
- virtual LANs (VLANs), 196
- virtual machines
- imaging, 61
- malware testing, 123
- virtual platforms
- management interface, 122
- monitoring tools, 122
- vulnerability scanning, 122
- virtual private networks (VPNs), 188, 196, 218
- access issues, 96
- accessing file servers, 10
- backend authentication protocols, 98
- RADIUS authentication, 77
- virtualization models, 128
- full guest operating systems, 71
- virtualization platforms
- modules, 173
- recovery after incidents, 126
- virtualized environments
- security issues, 125
- separating guest machines, 127
- virtualized operating systems, 124
- viruses, 149, 248
- encrypted, 257
- hiding from anti-malware software, 168
- macro viruses, 129
- multipartite, 248, 257
- polymorphic, 257, 260
- scan results, 130
- stealth viruses, 257
- vital records programs, 25
- VLANs, 242. See virtual LANs (VLANs)
- VM escape exploits, 125
- VMWare, security controls, 122
- voice pattern recognition, 142, 245
- VoIP phones, 103
- Volatility memory forensics framework, 211
- VPNs, 257. See virtual private networks (VPNs)
- vulnerabilities, 203, 248
- vulnerability scanning, 55, 202
- handling vulnerabilities, 46
- incorrect reporting, 38
- Metasploit, 209
- open source tools, 44
- remediating vulnerabilities, 44
- remote access vulnerabilities, 127
- remote compared to on site, 59
- signatures, 209
- software patching, 202
- sqlmap, 208
- types, 180
- unauthorized, 214
- validation, 205
- virtual systems patches, 121–122
- zero-day attacks, 53
- vulnerability testing, fuzzers, 201
W
- warm sites, 215, 254, 255, 259
- watermarks, 218
- wave pattern motion detectors, 247
- WDS. See Windows Deployment Services (WDS)
- web browsers, testing tools, 51
- web forms, format string testing, 37
- Web of Trust (WoT), 76, 217
- web servers
- patching vulnerabilities, 38
- recovery after incidents, 126
- self-signed certificates, 76
- single point of failure, 140
- SQL injection attacks, 41
- web vulnerability scanning, 55
- web-based applications, attack types, 54
- web-based email services, 178
- WEP encryption, keys, 105
- whaling, 252
- white box testing, 152, 241, 250, 258, 259, 264
- whitelisting, 240, 241, 262
- WiFi, captive portals, 252
- Windows
- audit record types, 165
- events, 206
- logging, 49
- native logging format, 203
- syslog events, 203
- Windows 10 Pro, preventing unallowed programs, 119
- Windows 2012 servers, checking patch status, 115
- Windows Deployment Services (WDS), 220
- Windows workstations, posts for externally initiated connections, 118
- wireless networks
- access control, 156
- attacks, 111
- hijacking, 156
- penetration testing, 93
- security standards, 97
- unencrypted, 156
- unintended accessibility, 94
- Wireshark, 25, 197
- wiring closets
- locations, 199
- security, 30
- workflow-based account provisioning, 240
- workstations
- access restrictions, 144
- imaging types, 61
- security, 26
- session management solutions, 127
- worms, 248, 250
- WoT. See Web of Trust (WoT)
- WPA, LEAP protocol, 107
- WPA2 PSK, 252, 253
- write blockers, 211
X
- X.509 standard, 222
- Xmas scans, 210
- XTACACS, 241
Z
- zero-day attacks
- Metasploit, 208
- prevention, 151
- zero-day vulnerabilities, 128
- zzuf, 203, 207
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.