Kanban methodology, 1107–1108
KDC (Key Distribution Center), 405, 768–772
KDD (knowledge discovery in database), 1176–1177
KDFs (Key Derivation Functions), 353
Kerberos protocol, 405, 768–776
Kerckhoffs’ principle, 342–343
kernel flaws, 875
kernel proxy firewalls, 594, 596
key agreement, 381
key, bump, 949
Key Derivation Functions (KDFs), 353
Key Distribution Center (KDC), 405, 768–772
key escrow, 407
key exchange, 381
key exchange protocol, 383
key input, 909
key loggers, 1178
key management, 404–407
key performance indicators (KPIs), 903–905, 1060–1063
key recovery, 407
key ring, 689–690
key risk indicators (KRIs), 903, 905
key/algorithm relationship, 352
keys
asymmetric, 353, 356, 358, 364–366, 398
foreign. See foreign keys
primary. See primary keys
public, 353, 356, 689–690, 757
rules for, 407
session, 770
storage, 408
symmetric, 354–355, 364–368, 398, 666
keys, master (locks), 947
keyspaces, 341
keystream generators, 360, 361, 362
keystroke dynamics, 750
keystroke monitoring, 818
knapsack algorithms, 387
knowledge discovery in database (KDD), 1176–1177
knowledge-based IDS, 823–824
KPIs (key performance indicators), 903–905, 1060–1063
KRIs (key risk indicators), 903, 905
L
L2TP (Layer 2 Tunneling Protocol), 651–653, 656, 657
Land attack, 824
landscaping, 950–951
LANs (local area networks), 490, 526, 531, 569
laptop computers
data at rest, 216–217
protecting from access/loss, 439–440
tracking software for, 440
last in, first out (LIFO), 275
law enforcement agencies, 1039
laws. See also legal entries
common law system, 59–60
computer crime laws, 45–47
copyright law, 64–65
customary law system, 60
vs. ethics, 165–166
Federal Information Security Management Act, 75–76
intellectual property, 62–70
mixed law system, 61–62
overview, 73–75
privacy. See privacy laws
religious law system, 60–61
trade secret law, 63–64
trademark law, 65
lawyers, 74
Layer 2 Tunneling Protocol (L2TP), 651–653, 656, 657
layered OS architecture, 292–293, 296
LDAP (Lightweight Directory Access Protocol), 732, 1159
LDAP directory, 735–736
LEAP (Lightweight Extensible Authentication Protocol), 670
leased lines, 620–624
leashes, 566
least significant bit (LSB), 349
legacy applications, 299
legal department, 74
legal systems, 58–62. See also law entries
civil law system, 58
common law system, 59–60
customary law system, 60
mixed law system, 61–62
physical security and, 420, 427
religious law system, 60–61
liability issues, 62, 1053–1060
liability scenarios, 1056–1058
licensing issues, 938–939, 965
life cycle, data, 229
life safety, 414–415
life-cycle assurance standards, 931
life-cycle models, 190–193
life-cycle security components, 41–42
LIFO (last in, first out), 275
lighting, exterior, 953–955
Lightweight Directory Access Protocol. See LDAP
Lightweight Extensible Authentication Protocol (LEAP), 670
limit register, 282
Linder, Doug, 1077
line conditioners, 445
linear cryptanalysis, 412
linear topology, 524
Link Control Protocol (LCP), 633
link encryption, 685–687
linking, 1137–1138
link-state routing protocols, 564, 565
Linux operating systems, 888
LLC (Logical Link Control), 490
load, 429
local access, 940–941
local area networks. See LANs
local bridge, 568
Locard’s exchange principle, 1042
lock bumping, 949
locking data, 1167
locks, 941–949
administrative responsibilities, 947
automatic, 434
cipher, 945–946
circumventing, 947–948
device locks, 946–947
mechanical, 942–946
overview, 941–942
raking, 947–948
strengths, 948–949
log events, 929
log files
access logs, 964
audit logs, 814–818, 878–881, 929
diagnostic, 935
function logs, 929
monitoring, 932
transaction logs, 1173
log reviews, 878–881
log scrubbers, 1183
logic bombs, 1186
logical controls, 8–9
Logical Link Control (LLC), 490
logical partitions, 504
logon screen, fake, 836
“low and slow” attacks, 825
LSB (least significant bit), 349
Lucifer project, 339
M
MAC (mandatory access control), 729, 789–795, 928, 1171
MAC (Media Access Control), 490, 729
MAC (message authentication code), 389–393, 668, 729, 936
MAC addresses, 539
Mac OS X, 888
MAC Security standard (MACSec), 509–510
machine languages, 1116–1117
MACSec (MAC Security standard), 509–510
magnetic fields, 222
MAID (massive array of inactive disks), 977–978
mail server, 556. See also e-mail
mailbox data, 890
mainframe computers, 522
maintenance hooks, 333
maintenance/release phase, 1084, 1095–1096, 1097
malformed packets, 696
malicious data, 820
malware, 1178–1194
adware, 1184
antimalware software, 1187–1190
botnets, 1184–1185
crimeware toolkits, 1186–1187
in e-mail, 1178
logic bombs, 1186
main elements, 1182
money-making schemes, 1178–1179
overview, 1178–1179
rootkits, 1182–1184
signatures, 1187
spyware, 1184
as threat agent, 106
trojan horses, 1186
viruses, 1179–1181
vulnerabilities, 106
worms, 1182
MAN wireless standard, 675
management
BCP support, 154
executive. See executive management
layers of responsibility, 199–203
roles, 199–203
security and, 87
security-awareness training, 158
support for BCP, 138–139, 145–146
management actions, 911
Management Information Base (MIB), 545–547
management review, 908–911
mandatory access control (MAC), 729, 789–795, 928, 1171
man-in-the-middle (MitM) attacks, 217–218
MANs (metropolitan area networks), 534, 536, 614–617, 660
mantraps, 434
manual testing, 1094–1095
markup languages, 779–784
mashups, 1140
masquerading, 603
massive array of inactive disks (MAID), 977–978
master keys, 947
master security policies, 87–89
matrices, 797
MAU (Multistation Access Unit), 534
maximum period time of disruption (MPTD), 150–151
maximum tolerable downtime (MTD), 150–151, 1002–1005
maximum transmission unit (MTU), 507, 526
MD4 hash function, 394
MD5 hash function, 394–395
mean time between failures (MTBF), 971–972, 973
mean time to repair (MTTR), 972–973
measurements, 903
media
access controls, 222
clearing/purging, 220–221
documenting changes, 222
environmental conditions, 222
environmental issues, 219
erasing, 220–221
examples of, 219
integrity, 223
inventorying, 223
labeling, 223
lifespan, 223
physical destruction of, 220
sanitized, 221
tracking, 221
Media Access Control (MAC), 490, 729
media access technologies, 526–536
media controls, 219–224
media gateway, 636
media management, 221–224
media sharing, 527
meet-in-the-middle attacks, 414
memory
BEDO DRAM, 259
buffer overflows, 265–269, 875, 1092
cache, 261
DDR SDRAM, 260
DRAM, 258–259
EDO DRAM, 259
EEPROM, 260–261
EPROM, 260
hierarchy, 281
management, 280–285
NVRAM, 408
persistent, 408–409
PROM, 260
ROM, 260–261
SDRAM, 259
SRAM, 259
static, 408–409
types of, 258–270
versatile, 408–409
virtual, 283–285
volatile, 218
memory caches, 218
memory cards, 758
memory leaks, 270
memory management, 280–285
memory manager, 281–282
memory protection, 269–270, 283
Menezes-Qu-Vanstone (MQV), 383
mesh topology, 525
message authentication code (MAC), 389–393, 668, 729, 936
message integrity, 388–399
CBC-MAC function, 391–392, 393
overview, 388
message-oriented middleware (MOM), 1136
metadata
business process, 190
classification levels, 193–198
in data dictionary, 1164, 1165
data mining/data warehousing, 1174–1176
system, 190
meta-directories, 734–735, 736
Metro Ethernet, 615–617
metropolitan area networks. See MANs
MIB (Management Information Base), 545–547
MIC values, 668
microarchitecture, 287
microcomputers, 522
microdot, 350
microkernel OS model, 293–294, 296, 297
microprobing, 761
Microsoft Point-to-Point Encryption (MPPE), 650–651
military data classifications, 194, 195–196
military-oriented frameworks, 25–26
MIME (Multipurpose Internet Mail Extensions), 688–689
MIMO (multiple input, multiple output), 674, 682
Ministry of Defence Architecture Framework (MODAF), 25–26
misuse case testing, 882–883
mitigation strategies, 999–1000
MitM (man-in-the-middle) attacks, 217–218
mixed law system, 61–62
mobile code, 1142–1146
ActiveX controls, 1144–1146
Java applets, 1142–1146
overview, 1142
risks, 1142
mobile devices
loss of, 439–440
security issues, 327–328
theft of, 234–235
tracking software for, 440
mobile IP, 805
mobile wireless, 678–685
cellular networks, 679–681
characteristics, 684
frequency range, 680–682
generations, 683–684
hacking mobile phones, 682
overview, 678–680
MODAF framework, 15
mode transitions, 294
modems
cable, 648–649
described, 644
dial-up connections, 644–645
war dialing and, 874
mold/mildew, 437
MOM (message-oriented middleware), 1136
monitoring
access control, 822–834
e-mail, 81–83
employees, 81–83
keystrokes, 818
risk, 97
security controls, 130
monolithic OS architecture, 291–292, 296, 297
motherboards, 261
motion detectors, 962
MPLS (Multiprotocol Label Switching), 511, 573, 574, 615–616
MPPE (Microsoft Point-to-Point Encryption), 650–651
MPTD (maximum period time of disruption), 150–151
MQV (Menezes-Qu-Vanstone), 383
MTBF (mean time between failures), 971–972, 973
MTD (maximum tolerable downtime), 150–151, 1002–1005
MTTR (mean time to repair), 972–973
MTU (maximum transmission unit), 507, 526
multicast routing, 506
multicast transmission, 536, 537–538
multihomed devices, 597
multiple input, multiple output (MIMO), 674, 682
multiplexing, 279–280, 617, 620
multiprocessing, 257–258
multiprogramming, 271
Multiprotocol Label Switching (MPLS), 511, 573, 574, 615–616
Multipurpose Internet Mail Extensions (MIME), 688–689
multiservice access technologies, 635–636
Multistation Access Unit (MAU), 534
multi-threaded applications, 276
N
namespaces, 732–733
naming distinctions, 280
NAT (network address translation), 506, 560–562
NAT servers, 561
National Institute of Standards and Technology. See NIST
National Security Agency (NSA), 370, 411
natural access control, 422–424
natural disasters, 100
natural surveillance, 424–425
natural territorial reinforcement, 425–426
natural threats, 148
NCPs (Network Control Protocols), 633
NDAs (nondisclosure agreements), 63, 155–156, 864
NDLP (network DLP), 231–232
near-line devices, 982
need-to-know principle, 765
negligence, 1056
.NET framework, 1137
network address, 504
network address translation. See NAT
network administrator, 14, 803, 926, 928–930
network attacks, 696–700
at different layers, 483
DNS hijacking, 699–700
flooding attacks, 696–697, 698
malformed packets, 696
overview, 696
ransomware, 698
sniffing attacks, 698–699
network cards, 491
Network Control Protocols (NCPs), 633
network database model, 1159–1160
network DLP (NDLP), 231–232
network eavesdropping. See sniffing
network encryption, 685–695
at different layers, 686
e-mail, 687–690
end-to-end encryption, 685–687
hardware vs. software cryptography, 687
link encryption, 685–687
MIME, 688–689
network interface card (NIC), 1183
network personnel, 928–929
network protocols/services
ARP, 539–540
CAN bus, 496–497
converged, 511–512
described, 480
DHCP, 540–543
DNP3, 496
DNS. See DNS
ICMP, 543–545
IP, 497
multi-layer, 495–497
OSI. See OSI entries
services, 538
SNMP, 545–547
TCP, 498–500
TCP/IP. See TCP/IP entries
network segregation, 810
network sniffers, 834
network stack, 19
network testing, 867
Network Time Protocol (NTP), 878–879
network topologies, 523–525
network-based IDS (NIDS), 822–823, 986
networking, 522–566
considerations, 523
emerging technologies, 477–478
evolution of, 522–523
extranets, 612–614
infrastructure, 523
intranets, 612–614
media access technologies, 526–536
overview, 477–478
protocols. See network protocols/services
remote connectivity, 644–659
networking devices, 567–612
bridges, 567–569
gateways, 576–577
PBXs, 577–581
routers. See routers
switches. See switches
networks
access to, 813–814
attacks on. See network attacks
automation and, 926
availability, 970–984
cellular, 679–681
cloud, 628
data in motion, 217–218
diagramming, 579–581
encryption. See network encryption
extranets, 612–614
internetworks, 569
intranets, 612–614
partitioned, 504
private, 628
SANs, 978–979
single points of failure, 973–980
social, 99
subnetting, 504–505
VANs, 613–614
VPNs. See VPNs
WANs. See WANs
wired, 660
wireless. See wireless networks
WLANs. See WLANs
next-generation firewall (NGFW), 595–596, 986
NGFW (next-generation firewall), 595–596, 986
NIC (network interface card), 1183
NIDS (network-based IDS), 822–823, 986
NIST (National Institute of Standards and Technology), 20, 21, 34, 370
NIST RMF (SP 800-37rl), 127–128
NIST SP 800-39, 95
NIST SP 800-55 standard, 163, 164
noise and perturbation, 326, 1171
noise, cables, 520–521
nondisasters, 1006
nondisclosure agreements (NDAs), 63, 155–156, 864
noninterference model, 310, 313
nonpracticing entities (NPEs), 66–67
nonrepudiation, 344
nonvolatile RAM (NVRAM), 408
normalization, 208
NPEs (nonpracticing entities), 66–67
NSA (National Security Agency), 370, 411
NTP (Network Time Protocol), 878–879
null ciphers, 348
number generator, 346
NVRAM (nonvolatile RAM), 408
O
OASIS (Organization for the Advancement of Structured Information Standards), 784
OAuth standard, 785
Object Linking and Embedding (OLE), 1137–1138
Object Linking and Embedding Database (OLE DB), 1162, 1163
Object Management Group (OMG), 1134
object request brokers (ORBs), 1134–1136
object reuse issues, 820
object-oriented analysis (OOA), 1128, 1129
object-oriented databases, 1159, 1160
object-oriented design (OOD), 1128
object-oriented programming. See OOP
object-relational database (ORD), 1161, 1162
access control and, 722
described, 722
encapsulated, 1124–1127
instantiated, 1121–1122
polyinstantiation, 1172–1173
specifications, 1126
versions of, 1172–1173
OC (optical carrier), 619, 622
Occupant Emergency Plan (OEP), 1063–1064
Occupational Safety and Health Administration (OSHA), 427
OCSP (Online Certificate Status Protocol), 401–402
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), 108, 112
ODBC (Open Database Connectivity), 1136, 1162
ODBC API, 1162
OECD (Organisation for Economic Co-operation and Development), 55–56
OEP (Occupant Emergency Plan), 1063–1064
OFB (Output Feedback) mode, 375–376
OFDM (orthogonal frequency-division multiplexing), 663, 672–673
Office of Government Commerce (OGC), 37
OGC (Office of Government Commerce), 37
OLE (Object Linking and Embedding), 1137–1138
OLE DB (Object Linking and Embedding Database), 1162, 1163
OLTP (online transaction processing), 1173–1174
OMG (Object Management Group), 1134
one-time password (OTP), 754–757
one-way functions, 385–386
one-way hash, 388–389, 395–396
Online Certificate Status Protocol (OCSP), 401–402
online encryption, 685–687
online safety, 901–902
online transaction processing (OLTP), 1173–1174
OOA (object-oriented analysis), 1128, 1129
OOD (object-oriented design), 1128
OOP (object-oriented programming), 1121–1128
benefits of, 1122–1123
cohesion and coupling, 1130–1131
data modeling, 1129
data structures, 1129–1130
encapsulation, 1124–1127
object specifications, 1126
overview, 1121–1123
polymorphism, 1128
Open Database Connectivity (ODBC), 1136, 1162
open message format, 357
open network architecture, 481
open proxies, 604–605
Open Shortest Path First (OSPF), 564
open system authentication (OSA), 665–666
open systems, 320–321, 482–483
Open Systems Interconnection. See OSI
Open Web Application Security Project (OWASP), 1097
OpenFlow, 611
OpenID standard, 784–785
open-source code, 13
operating systems, 271–300
architectures, 291–300
CPU architecture integration, 287–291
described, 271
input/output device management, 285–287
memory management, 280–285
process management, 271–280
protection mechanisms, 288–290
running multiple, 300
virtual machines, 298–300
operational assurances, 930–931
operational responsibilities, 931–933
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), 108, 112
operations department role, 924–925
optical carrier (OC), 619, 622
optical fiber, 675
optical wireless, 675–676
ORBs (object request brokers), 1134–1136
ORD (object-relational database), 1161, 1162
ORDBMS, 1161
Organisation for Economic Co-operation and Development (OECD), 55–56
Organization for the Advancement of Structured Information Standards (OASIS), 784
organizational changes, 229
organizational security policy, 87–89
organizations
changes in, 968–969
culture, 902–903
liability issues, 1053–1060
nonprofit, 138
priorities, 138
revenues and, 138
types of, 138
understanding, 136
orthogonal frequency-division multiplexing (OFDM), 663, 672–673
OSA (open system authentication), 665–666
OSHA (Occupational Safety and Health Administration), 427
OSI (Open Systems Interconnection) model, 479–497
application layer, 480, 483–484, 492
device types and, 494–495
networking languages and, 516–517
overview, 479–480
presentation layer, 484–485, 492
protocols/functions, 480–483, 492–494
vs. TCP/IP, 480
transport layer, 480, 487–488, 493
OSPF (Open Shortest Path First), 564
OTP (one-time password), 754–757
out-of-band interface, 1147
Output Feedback (OFB) mode, 375–376
overlapping fragment attacks, 603
overlays, 612
overwriting data, 214
overwriting media, 212–214, 219–221
OWASP (Open Web Application Security Project), 1097
P
PaaS (Platform as a Service), 322, 969–970
packet filtering, 584
packet switching, 625, 626–627
packet-filtering firewalls, 582–585, 596
packets
communication, 499
encapsulation, 482
flooding, 696–697
ICMP, 696
malformed, 696
transmission of, 536–538
Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, 693
pages, 283–284
pair programming, 1107
palm scans, 749
PAP (Password Authentication Protocol), 657, 658
paper records, 235–236
parallel computing, 323
parallel test, 894
parallelism, 323
parameter validation, 1152–1153
partitions, 504
passive attacks, 408
passive infrared (PIR) system, 961
passphrase, 757
password aging, 753
Password Authentication Protocol (PAP), 657, 658
password checkers, 753
password generators, 751, 754–757
password management, 739–745
password-guessing attacks, 772
passwords, 751–761
attacks on, 751–752
cleartext, 835
cognitive, 754
community strings, 546–547
cracking, 753
dynamic, 754
encrypted, 753
expired, 753
guessing, 772
lifetime of, 752
limiting logon attempts, 753
one-time, 754–757
plaintext, 752
SSO, 741–742
synchronization, 739, 740, 741
vulnerabilities, 99
weak, 753
web applications, 1148
PAT (port address translation), 561
patch management, 988–991
patches
described, 988
reverse engineering, 990
security issues, 1083
subnets, 990
unmanaged, 988–989
patent law, 65–67
patent trolls, 66–67
patents, 65–67
path traversal, 1149
Patriot Act, 78
pattern matching, 823
Payment Card Industry Data Security Standard. See PCI DSS
PBXs (private branch exchanges), 577–581, 874
PCI DSS (Payment Card Industry Data Security Standard), 80–81
PCI-DSS regulation, 1060
PCR (Platform Configuration Registers), 408
PEAP (Protective EAP), 670
penetration testing, 860, 869–873, 877
penetration tests, 873, 1193–1194
perimeter, defined, 987
Perimeter Intrusion Detection and Assessment System (PIDAS), 952
perimeter protection, 304, 810, 941, 950–960
permanent virtual circuits (PVCs), 629
permissions. See also privileges
authorization creep and, 765
directories, 876
files, 876
groups, 763
MAC and, 789
managing, 742
modifying, 888
need-to-know principle, 765
RBAC and, 792–793
persistent cookie, 1152
persistent memory, 408–409
personal information, 1056–1057
Personal Information Protection and Electronic Documents Act (PIPEDA), 72, 79
personal privacy protection, 83
personally identifiable information (PII), 70, 71, 84, 85, 191, 202
personnel. See also users
accountability, 814–818, 929–930
background checks, 156–157
business continuity plans and, 153
clearance level, 196
collusion, 155
data leakage and, 225–226
degrees vs. certification, 159
disgruntled, 54, 100–101, 149, 157
education, 159
employee data, 215
executives. See executive management
hiring practices, 155–157
improper termination, 83
job rotation, 926–927
layers of responsibility, 199–206
monitoring, 81–83
need to know and, 927
network, 928–929
nondisclosure agreements, 155–156
outsourcing, 1014
prescreening, 82
privacy issues, 81–83
reference checking, 156
risks, 154
roles. See roles
rotation of duties, 155
security precautions, 154–159, 928–929
security training, 157–159, 809, 899
separation of duties, 154–155, 925–926, 1094
supervisory structure, 809
tasks, 925–926
terminations, 157
testing/evaluating skills, 155
threats, 106
personnel access controls, 949–950
personnel controls, 809
personnel security, 154–159, 928–929
personnel testing, 867
PGP (Pretty Good Privacy), 689–690
pharming, 838
PHI (protected health information), 84
phishing attacks, 836–840, 1178
phone hackers (phreakers), 579
photoelectric device, 450, 451
phreakers (phone hackers), 579
physical access controls, 222, 1063
physical controls, 9, 808, 810–811
physical damage, 94
physical media, 214
physical security, 940–964
auditing physical access, 963–964
bollards, 953
CCTV systems, 955–960
CPTED approach, 419–426
external boundary protections, 950–960
facility. See facility security
fencing, 951–953
fire suppression, 448–449, 452–453
guard dogs, 963
importance of, 937
intrusion detection systems, 960–962
landscaping and, 950–951
lighting options, 953–955
locks, 941–949
modes, 941
natural access control, 422–424
natural surveillance, 424–425
natural territorial reinforcement, 425–426
perimeter protection, 304, 810, 941, 950–960
personnel access controls, 949–950
safes, 440
security guards, 962–963
security zones, 423
target hardening, 421
threats, 414
physical security program
CPTED and, 420–426
designing, 426–439
facility/site. See facility security
goals, 416–417
performance metrics, 417–418
planning for, 419–420
physical testing, 867
PID (process identification), 280
PIDAS (Perimeter Intrusion Detection and Assessment System), 952
PII (personally identifiable information), 70, 71, 84, 85, 191, 202
Ping of Death, 696
PIPEDA (Personal Information Protection and Electronic Documents Act), 72, 79
PIR (passive infrared) system, 961
pirated software, 68–70, 939, 965
PKCS (Public Key Cryptography Standards), 689
PKI (public key infrastructure), 383, 399–404, 670, 1116
plaintext attacks, 410
Platform as a Service (PaaS), 322, 969–970
Platform Configuration Registers (PCR), 408
PLCs (programmable logic controllers), 330–331
plenum areas, 453
plenum space, 522
point-to-point links, 620–624
Point-to-Point Protocol (PPP), 633–634, 644
Point-To-Point Tunneling Protocol (PPTP), 649–651, 652, 656, 657
policies
advisory, 90
antimalware, 1192
backups, 981
BCP, 142
data retention, 206–210
e-mail usage, 89
guidelines, 92
incident response, 996
informative, 90
regulatory, 90
routing, 566
security. See security policies
types of, 90
policy engines, 230
polling, 530
polyalphabetic algorithms, 337, 338
polyinstantiation, 1172–1173
polymorphism, 1128
polyvinyl chloride (PVC), 522
POODLE (Padding Oracle On Downgraded Legacy Encryption) attack, 693
POP (Post Office Protocol), 556
pop-ups, 838
port address translation (PAT), 561
port types, 500
portals, 778–779
portlets, 778–779
ports
dynamic, 500
HTTP, 593
mapped to protocols, 500
registered, 500
SNMP, 547
TCP, 498–500
UDP, 498–500
positive drains, 446
Post Office Protocol (POP), 556
postmortem, 876–877
portable devices, 937–938
power failure, 441, 442–443, 945
power grid, 441–442
power losses, 440–441
power protection, 442–443
PPP (Point-to-Point Protocol), 633–634, 644, 650–653
PPTP (Point-To-Point Tunneling Protocol), 649–651, 652, 656, 657
premapped I/O, 286–287
presentation layer, 484–485, 492
Pretty Good Privacy (PGP), 689–690
preventive measures, 984–992
antimalware, 988
firewalls. See firewalls
honeypots, 991–992
intrusion detection. See IDS entries
intrusion prevention. See IPS entries
overview, 984–985
patch management, 988–991
preventive vs. recovery strategies, 1005
vs. recovery strategies, 1005
sandboxing and, 991
PRI (Primary Rate Interface) ISDN, 646, 647
primary image, media, 1046
primary keys
vs. foreign key, 1164–1166
relational databases, 1157–1158, 1159
Primary Rate Interface (PRI) ISDN, 646, 647
privacy, 70–83
considerations, 229
data owners and, 210–211
data processors and, 211
data remanence, 211–214
limiting collection of, 214–215
personally identifiable information, 70, 71
personnel, 81–83
protecting, 210–215
users, 83
Privacy Act of 1974, 75
Privacy Impact Ratings, 1086
privacy laws
considerations, 81
need for, 72–73
Privacy Act of 1974, 75
types of, 83
privacy risk assessment, 1086
private algorithms, 411
private branch exchanges (PBXs), 577–581, 874
Private data classification, 195
privilege accumulation, 887
privilege escalation, 1092
privileged mode, 255
privileges. See also permissions
accountability and, 929
buffer overflows and, 1092
considerations, 887–888
modifying, 888
running as root, 888
procedures, 93–94
process activity, 278–280
process domains, 291
process enhancement, 31
process identification (PID), 280
process isolation, 278–279
process management, 271–280
process management development, 37–45
process reengineering, 31
processes
described, 271
encapsulated, 279
scheduling, 277–278
states, 272–273
vulnerabilities, 99
procurement processes, 1059
profile updates, 744–745
profiling, 1042
program status word (PSW), 255
programmable I/O, 286
programmable logic controllers (PLCs), 330–331
programmable read-only memory (PROM), 260
programmers, 926
programming. See also code
code reviews, 884–885
defensive, 884–885
development phase, 1084, 1089–1093, 1097
improper/faulty practices, 1092
maintenance hooks, 333
object-oriented. See OOP
procedural vs. object-oriented, 1122–1123
“secure coding,” 1091
testing/validating, 1084, 1093–1095, 1097
programming languages, 1116–1132
assembly languages, 1117
compilers, 1119
high-level languages, 1117–1118
interpreters, 1120
machine languages, 1116–1117
natural languages, 1118
OOP. See OOP
overview, 1116–1118
very high-level languages, 1118
vulnerabilities in, 1120–1121
programs. See applications; software
project management
BCP, 143–144
in SDLC, 1084–1085
project sizing, 103
PROM (programmable read-only memory), 260
protected health information (PHI), 84
protection mechanisms, 119–122, 343–344
protection profiles, 314–315, 316
Protective EAP (PEAP), 670
protocol anomaly–based IDS, 826–827
protocols
considerations, 814
converged, 511–512
described, 21
ports mapped to, 500
routing protocols, 562–566
streaming, 641
prototype model, 1101
prototypes, 1101
provisioning
cloud assets, 969–970
considerations, 744
overview, 743
resources, 964–970
user, 744
proximate cause, 1056
proxy firewalls, 589–593
PSTN (public-switched telephone network), 479, 635
PSW (program status word), 255
public algorithms, 411
Public data classification, 195
public key cryptography, 364, 383
Public Key Cryptography Standards (PKCS), 689
public key infrastructure (PKI), 383, 399–404, 670, 1116
public keys, 353, 356, 689–690, 757
public-switched telephone network (PSTN), 479, 635
PVC (polyvinyl chloride), 522
PVCs (permanent virtual circuits), 629
Q
QA (quality assurance), 926
QA teams, 228
QC (quality control), 926
QL (query language), 1164
QoS (Quality of Service), 506, 630–631, 673
qualitative risk analysis, 112, 113, 116–119, 149
quality assurance. See QA
quality control (QC), 926
quality, of code, 1077–1078
Quality of Service (QoS), 506, 630–631, 673
quantitative risk analysis, 112–119
queries, DNS servers, 551–552
query language (QL), 1164
questions, comprehensive, 1213–1249
R
race conditions, 334, 726, 876
RAD (Rapid Application Development) model, 1104–1105
radio frequency interference (RFI), 443–444
radio-frequency identification (RFID), 761
radio-frequency (RF) wireless, 675
RADIUS (Remote Authentication Dial-in User Service), 801–807
RADSL (Rate-Adaptive Digital Subscriber Line), 648
RAID (redundant array of independent disks), 974–976
RAIT (redundant array of independent tapes), 978
raking, 947–948
RAM (random access memory), 258–260, 284
random access memory (RAM), 258–260, 284
Rapid Application Development (RAD) model, 1104–1105
RARP (Reverse Address Resolution Protocol) frames, 542–543
RARP servers, 543
RAs (registration authorities), 400, 402
Rate-Adaptive Digital Subscriber Line (RADSL), 648
RATs (remote access Trojans), 1186
RBAC (role-based access control), 791–794, 795
RB-RBAC (rule-based access control), 794–795
RC5 cipher, 379
RC6 cipher, 379
R&D (research and development), 207
read-only memory (ROM), 260–261
real loss, 439
real user monitoring (RUM), 881–882, 910
realms, 768–769
Real-time Transport Protocol (RTP), 639
reasonable expectation of privacy (REP), 82
reciprocal agreements, 1011
reconstitution phase, 1033–1034
records
defined, 75
described, 1160
paper, 235–236
recovery activation criteria, 1032–1033
recovery controls, 10
recovery plans, 1038
recovery point objective (RPO), 1003–1005, 1029
recovery process. See also disaster recovery; DRP
activation of, 1032–1033
after system crashes, 934–935
business process recovery, 1006
considerations, 1033
data leakage and, 228
facility recovery, 1006
files, 934
goal setting, 1034–1036
incidents, 1001
vs. preventive measures, 1005
security concerns, 935
supply/technology recovery, 1013–1015
trusted, 933–935
recovery teams, 1031–1038
recovery time objective (RTO), 1002–1005, 1029
redirect servers, 640
reduction analysis, 101–102
redundancy, 1029
redundant array of independent disks. See RAID
redundant array of independent tapes (RAIT), 978
reference monitor, 304–305, 306
referential integrity, 1167
registrar server, 640
registration authorities (RAs), 400, 402
regulations, 73–76, 81, 86, 87
regulatory policies, 90
relational database components, 1164–1166
relational databases, 1157–1158, 1159
relative addresses, 263
relay agent, 557–559
release/maintenance phase, 1084, 1095–1096, 1097
reliability, 1029
religious law system, 60–61
remediation, 1001–1002
remote access, 644–645, 803, 939–940
remote access Trojans (RATs), 1186
Remote Authentication Dial-in User Service (RADIUS), 801–807
remote bridge, 568
remote connectivity, 644–659
authentication, 657–659
cable modems, 648–649
dial-up connections, 644–645
ISDN, 645–647
overview, 644
tunneling protocols, 649–657
VPNs. See VPNs
remote journaling, 1026
remote logging, 880
Remote Procedure Call (RPC), 487, 1132, 1133
remote systems, 657, 939–940, 1186
remote systems administration, 939–940
remote terminal units (RTUs), 331, 496
REP (reasonable expectation of privacy), 82
replay attacks, 413, 751, 771, 1154
report generator, 1164
reports/reporting, 905–908
executive summaries, 907–908
“no input,” 936
overview, 905–906
technical report, 906–907
Request for Proposals (RFP), 1059
requirements gathering phase, 1084, 1085–1086, 1096
research and development (R&D), 207
residual risk, 123–124
resiliency, 231
resource provisioning, 964–970
resource records, 548
resources
access to, 929–930
availability, 3–4, 723, 970–984
releasing, 278
requests for, 277–278
responsibility, 1056
restarting system, 934
restoration teams, 1031–1038
restoring data, 1024–1025
restricted areas, 436
retina scans, 749
return pointer (RP), 266, 268, 275
reuse model, 1109
Reverse Address Resolution Protocol (RARP) frames, 542–543
reverse proxy, 606
RF (radio-frequency) wireless, 675
RFC 1087, 168
RFC 2460, 506–507
RFC 4987, 502
RFI (radio frequency interference), 443–444
RFID (radio-frequency identification), 761
RFP (Request for Proposals), 1059
ring topology, 523–524, 525, 536
ring wrap, 534
RIP (Routing Information Protocol), 564
risk
acceptance of, 124–125
acquired software, 1193–1194
backups, 228
categories, 94–95
data in motion, 217–218
data in use, 218–219
defined, 106
framing, 97
handling, 124–125
laptops, 216–217
loss potential, 106
monitoring, 97
preventive measures, 984–992
privacy, 1086
questions to ask, 104
recovery, 228
remote access, 940
response to, 97
storage devices, 216–217
third-party, 1058
total vs. residual, 123–124
risk analysis, 102–103
approaches to, 112–113
automated methods, 113
considerations, 146
performing, 123
physical security, 418–419, 432
process, 147
qualitative, 112, 113, 116–119, 149
quantitative, 112–119
risk/effectiveness of countermeasures, 121–122
uncertainty, 115
risk analysis team, 103–104
risk assessment, 102–126
described, 112
evaluation/process, 148–149
goals of, 148
main components, 148
methodologies for, 107–112
overview, 102–103
scenarios, 149
threats, 148–149
vs. vulnerability assessments, 113
risk framing, 97
risk management, 94–98
holistic, 95
ISRM policy, 95–96
process for, 97–98
tiers, 95
risk management frameworks (RMFs), 126–130
risk management process (RMP), 906
risk management program, 125
risk management team, 96–97
Rivest-Shamir-Adleman. See RSA
RMFs (risk management frameworks), 126–130
RMP (risk management process), 906
Robust Security Network. See WPA2
role-based access control (RBAC), 791–794, 795
roles, 199–206
associated tasks, 926
auditor, 206
CEO, 199–200
CFO, 200–201
change control analyst, 205
CIO, 201–202
CPO, 202
CSO, 202–203
data analyst, 205
data custodian, 204
data owner, 203–204
database security and, 1155, 1156
hierarchies, 793–794
overview, 925
security administrator, 205
supervisor, 205
system owner, 204
user, 206
user manager, 205
rollback operations, 1168
rollback plans, 990
rolling hot sites, 1013
ROM (read-only memory), 260–261
root user, 888
rootkits, 1182–1184
ROT13 cipher, 337
rotor cipher machine, 337–338
route flapping, 563
routers
attacks on, 566
border, 569
functionality, 578
multiple paths between, 973
overview, 569–571
protocols, 562–566
Routing Information Protocol (RIP), 564
routing policy, 566
routing protocol attacks, 566
routing protocols, 489, 562–566
routing tables, 489
RP (return pointer), 266, 268, 275
RPC (Remote Procedure Call), 487, 1132, 1133
RPO (recovery point objective), 1003–1005, 1029
RSA (Rivest-Shamir-Adleman) algorithm, 383–386, 399
RSA public key encryption, 689
RTCP (RTP Control Protocol), 641
RTO (recovery time objective), 1002–1005, 1029
RTP (Real-time Transport Protocol), 639
RTP Control Protocol (RTCP), 641
RTUs (remote terminal units), 331, 496
rule-based access control (RB-RBAC), 794–795
rule-based IDS, 827–829
rules, 90
RUM (real user monitoring), 881–882, 910
running key ciphers, 347–348
S
SaaS (Software as a Service), 322, 969–970, 1141
SABSA (Sherwood Applied Business Security Architecture), 15, 27–29
SAC (single-attached concentrator), 536
Safe Harbor Privacy Principles, 56–57
safe mode, 934
safeguards
control selection and, 120–123
described, 7
features, 121–122
guidelines, 55
safeguards rule, 79
salts, 753
salvage team, 1032
SAML (Security Assertion Markup Language), 781–784
SANs (storage area networks), 978–979
Sarbanes–Oxley Act (SOX), 37, 201–202
SAs (security associations), 653–654
SAS (single-attachment station), 536
SAS (Statement on Auditing Standards), 865
SAS 70, 126
SASDs (sequential access storage devices), 976–977
SASL (Simple Authentication and Security Layer), 557
satellite networks, 660, 678, 679
savepoints, 1168
S-boxes, 360
SBU (sensitive but unclassified), 195, 196
SCADA (supervisory control and data acquisition) systems, 331–332, 496
schemas, 1161
Scientific Working Group on Digital Evidence (SWGDE), 1040–1041
SCM (software configuration management), 1114–1115
scope
audits, 860–861
BCP, 141–144
project, 102–103
scope creep, 1085
screened host firewalls, 598, 601
screened-subnet architecture, 598–599, 601
script kiddies, 50
scripts, 1181
Scrum methodology, 1106–1107
SCSI technology, 512
scytale cipher, 336
SDLC (Synchronous Data Link Control), 631–632, 644, 1084–1097
SDN (software-defined networking), 609–612
SDRAM (synchronous DRAM), 259
SDSL (Symmetric DSL), 648
Search for Extraterrestrial Intelligence (SETI), 980
SEC (Securities and Exchange Commission), 37, 201–202
secondary storage, 283–284
Secret data classification, 195, 196
Secure Hash Algorithm (SHA), 395
secure message format, 357
Secure MIME (S/MIME), 689
Secure RCP (SRPC), 487
Secure RP (SRPC), 487
Secure Shell (SSH), 694–695, 1116
Secure Sockets Layer (SSL), 691, 692–693
Securities and Exchange Commission (SEC), 37, 201–202
security
assets. See asset protection
balanced, 5–6
clipping levels, 930
databases. See database security
defined, 202
deviations from standards, 932
distributed system. See distributed system security
facility. See facility security
firewalls. See firewalls
vs. functionality, 45
fundamental principles of, 3–6, 723–724
goals of, 3–6
industrial control systems, 330–332
Internet. See Internet security
investigations. See investigations
layer 2 protection, 509–511
layered approach, 9–10
mobile devices, 327–328
overview, 1–3
perimeter, 304, 810, 941, 950–960
physical. See physical security
preventative. See preventive measures
relationships, 7–8
remote access, 939–940
software. see software development security
terminology, 6–8
testing, 810
traffic-flow, 686
trusted computing base, 302–304
unusual/unexplained occurrences, 931–932
VoIP, 642–643
vulnerabilities, 98
web. See web security
web applications, 326–327
security administrator, 205, 789, 926–930, 1080, 1081
Security Assertion Markup Language (SAML), 781–784
security assessments, 860–863, 928
security associations (SAs), 653–654
security audits. See auditing; audits
security breaches, 48–49
security controls
administrative controls, 8, 11, 12
assessing, 129
availability controls, 5–6
classification controls, 197–198
compensating controls, 10, 11–13
confidentiality controls, 6
considerations, 1078
control definition, 7
cost/benefit analysis, 120
countermeasure definition, 7
data states and, 216–219
deterrent controls, 10
development, 33–37
implementing, 129
integrity controls, 6
logical controls, 8–9
media controls, 219–224
monitoring, 130
for protecting assets, 215–224
recovery controls, 10
selection of, 120–122, 128–129
soft controls, 8
vs. software controls, 1078
security controls development, 33–37
COBIT, 33–34
components, 15
COSO, 36–37
NIST SP 800-53, 34–35
security culture, 229, 902–903
security definitions, 6–8
security domains, xxxi–xxxii, 772–775, 776
security effectiveness, 31
security enterprise architecture, 30
security event management (SEM), 817
security frameworks, 13–45
security governance, 159–165
metrics, 160–165
overview, 159–160
security guards, 962–963
security information and event managers (SIEMs), 817, 880–881
security kernel, 305–307
security mechanisms, 119
security models, 307–313
security operations, 923–1075
administrative management, 925–930
assurance levels, 930–931
compliance programs, 1060–1063
configuration management, 933–940
considerations, 924
disaster recovery. See DRP
incident management, 993–1002
insurance, 1030–1031
investigations. See investigations
liability issues, 1053–1060
operational responsibilities, 931–933
overview, 923–924
physical security. See physical security
preventive measures, 984–992
recovery/restoration, 1031–1038
resource provisioning, 964–970
role of, 924–925
system hardening, 937–939
security plan, 1084–1085
security policies. See also policies
common hierarchy of, 89
defined, 87
implementation, 93–94
issue-specific, 88–89
locks/keys, 947
master, 87–89
multilevel, 306
organizational, 87–89
system-specific, 89–90
security principles, 723–724
security program development, 15
security programs
considerations, 2
control mechanisms, 11–12
documentation, 87
enforcing. See security governance
metrics, 160–165
policies for. See security policies
security risk assessment, 1086
security through obscurity, 13–14, 327, 1154
security training, 157–159, 809, 899
security zones, 423
security/sensitivity labels, 789, 790–791
segments, 502–503
SEM (security event management), 817
semantic integrity, 1167
Sender Policy Framework (SPF), 559
sensitive but unclassified (SBU), 195, 196
sensitive data, 820
sensitive data awareness, 229
Sensitive data classification, 195
separation of duties, 154–155, 925–926, 1094
September 11 attacks, 210
sequential access storage devices (SASDs), 976–977
server clusters, 979–980
servers
BOOTP, 543
C&C, 1185
clustered, 1029
NAT, 561
POP, 556
RARP, 543
redirect, 640
registrar, 640
SMTP, 556
TFTP, 983
voicemail, 642
service bureaus, 1009
service level agreements (SLAs), 151, 971
Service Organization Controls (SOC), 864–865
service organizations, 864
Service Provisioning Markup Language (SPML), 780–781
Service Set IDs (SSIDs), 665
service-oriented architecture (SOA), 783, 1138–1142
services, unnecessary, 938, 939
session cookie, 1152
session IDs, 1153–1154
Session Initiation Protocol (SIP), 635
session management, 1153–1154
SETI (Search for Extraterrestrial Intelligence), 980
SGML (Standard Generalized Markup Language), 779
SHA (Secure Hash Algorithm), 395
SHA-1 algorithm, 395
shadow files, 753
shared key authentication (SKA), 665–666
shareware, 68
Sherwood Applied Business Security Architecture (SABSA), 15, 27–29
shielded twisted pair (STP) cables, 518, 522
shoulder surfing, 5
shutdown, forced, 935
side-channel attacks, 412, 760
SIEMs (security information and event managers), 817, 880–881
Signaling System 7 (SS7) protocol, 635
signals, 512–514
signature dynamics, 749–750
signature-based detection, 1187
signature-based IDS, 823–824, 829
Simple Authentication and Security Layer (SASL), 557
Simple Mail Transfer Protocol. See SMTP
Simple Network Management Protocol (SNMP), 545–547
Simple Object Access Protocol (SOAP), 782–783, 1139–1140, 1141
simplex communication, 486, 880
simulation test, 894
single keys, 369
single loss expectancy (SLE), 114, 115, 905
single points of failure, 973–980
single sign-on (SSO), 741–742, 766–776
single-attached concentrator (SAC), 536
single-attachment station (SAS), 536
SIP (Session Initiation Protocol), 635, 638–641
site planning process, 415–439
SITT (Spectrum, Information Technologies and Telecommunications) standard, 479
situational awareness, 817
SKA (shared key authentication), 665–666
Skype, 641
SLAs (service level agreements), 151, 971
SLE (single loss expectancy), 114, 115, 905
smart cards, 758–761
smart grid, 441–442
smartphones, protecting, 234–235
S/MIME (Secure MIME), 689
smoke detectors, 437, 449, 450, 451
SMTP (Simple Mail Transfer Protocol), 399, 484, 555–556
SMTP authentication (SMTP-AUTH), 559
SMTP servers, 556
SMTP-AUTH (SMTP authentication), 559
sniffing attacks, 698–699
SNMP (Simple Network Management Protocol), 545–547
SNMP ports, 547
Snowden, Edward, 210
SOA (service-oriented architecture), 783, 1138–1142
SOAP (Simple Object Access Protocol), 782–783, 1139–1140, 1141
SOC (Service Organization Controls), 864–865
social engineering
obtaining passwords via, 752
overview, 899–901
phishing attacks. See phishing
social engineering attacks, 413
social networks, 99
sockets, 499
SOCKS proxy firewalls, 592
soft controls, 8
software. See also applications
academic, 68
assessing security of, 1193–1194
backing up, 1016–1018
bulk licenses, 68
commercial, 68
licensing issues, 938–939, 965
maintenance hooks, 333
most dangerous errors, 1091–1092
ransomware, 698
threats, 332–335
tracking, 965–966
Software as a Service (SaaS), 322, 969–970, 1141
Software Assurance Program, 1098
software attacks, 761
software backup facilities, 1018–1021
software configuration management (SCM), 1114–1115
software cryptography methods, 687
software deadlock, 278
software development, 1077, 1111–1116
software development models, 1098–1109
agile model, 1105–1108
Build and Fix model, 1099
cleanroom approach, 1109
exploratory model, 1108
incremental model, 1101–1102
JAD model, 1109
prototype model, 1101
RAD model, 1104–1105
reuse model, 1109
spiral model, 1102–1104
V-shaped model, 1100–1101
Waterfall model, 1099–1100
software development security, 1077–1212
access issues, 1082–1083
basics, 1078–1083
best practices, 1097–1098
building good code, 1077–1078
current methodology for, 1080
default settings and, 1082–1083
vs. functionality, 1082
implementation issues, 1082–1083
for multiple environments, 1080–1081
overview, 1077–1080
software libraries, 1131–1132
software piracy, 68–70
software requirements, 1087
software-defined networking (SDN), 609–612
SONET (Synchronous Optical Network), 614–615, 618, 619
source routing, 569
SOW (Statement of Work), 1085
SOX (Sarbanes–Oxley Act), 37, 201–202
Spafford, Eugene H., 1
spaghetti code, 1122–1123
spam detection, 1190–1192
Spam over Internet Technology (SPIT), 642
Spanning Tree Algorithm (STA), 569
spawning, 272
Spectrum, Information Technologies and Telecommunications (SITT) standard, 479
SPF (Sender Policy Framework), 559
Spiral model, 1102–1104
SPIT (Spam over Internet Technology), 642
split DNS, 553
split knowledge, 155
SPML (Service Provisioning Markup Language), 780–781
spoofing, at logon, 836
spoofing attacks, 559–560, 575, 603
spread spectrum, 661–663
sprinkler systems, 449, 453–454
sprints, 1107
SQL (Structured Query Language), 1150, 1160
SQL injection, 1150
SRAM (static RAM), 259
SRK (Storage Root Key), 408
SRPC (Secure RCP), 487
SS7 (Signaling System 7) protocol, 635
SSH (Secure Shell), 694–695, 1116
SSIDs (Service Set IDs), 665
SSL (Secure Sockets Layer), 80, 691, 692–693
SSO (single sign-on), 741–742, 766–776
STA (Spanning Tree Algorithm), 569
stack pointer, 275
stakeholders, 20, 200, 250, 251
Standard Generalized Markup Language (SGML), 779
standards, 90–94
state table, 585
state-based IDS, 824–825
stateful firewalls, 584, 585–588, 596
stateless firewalls, 584
stateless inspection, 584
Statement of Work (SOW), 1085
Statement on Auditing Standards (SAS), 865
states, 824–825
static analysis, 1092–1093, 1188
static electricity, 447
static mapping, 561
static RAM (SRAM), 259
static routing protocols, 563
statistical attacks, 413
statistical anomaly–based IDS, 825–826
statistical time-division multiplexing (STDM), 623
STDM (statistical time-division multiplexing), 623
stealth assessment, 873
storage area networks (SANs), 978–979
storage devices
data at rest, 216–217
data in use, 218–219
encryption, 216–217
risks, 216–217
storage keys, 408
Storage Root Key (SRK), 408
STP (shielded twisted pair) cables, 518, 522
strategic alignment, 29
stream ciphers, 359, 360–362, 363
streaming protocols, 641
striping, 975
Structured Query Language. See SQL
structured walk-through test, 894
stub, 983
Stuxnet worm, 478–479
subjects, 722
subkeys, 353
subnet mask, 503
subnets, 503–505
subnetting, 504–505
substitution ciphers, 335, 337, 350–353
supervisor role, 205
supervisory control and data acquisition (SCADA) systems, 331–332, 496
supervisory structure, 809
supply/technology recovery, 1013–1015
support role, 926
surveillance
computer, 1051
intrusion detection systems, 960–962
during investigations, 1051
natural, 424–425
physical, 1051
surveillance devices, 955–960
SVCs (switched virtual circuits), 629
swap space, 283–285
SWGDE (Scientific Working Group on Digital Evidence), 1040–1041
switch spoofing attacks, 575
switched environments, 831
switched virtual circuits (SVCs), 629
switching, 625–627
SWOT (Strengths, Weaknesses, Opportunities, Threats), 143–144
symbolic links, 875
symmetric algorithms, 369–380
vs. asymmetric algorithms, 353, 357, 358
Blowfish algorithm, 379
DES, 370–377
EAS, 378
pros/cons, 355
RC4/RC5/RC6, 379–380
RSA and, 383–384
using with asymmetric algorithms, 364–366
Symmetric DSL (SDSL), 648
symmetric keys, 354–355, 364–368, 398, 666
symmetric mode, 257–258
SYN caches, 502
SYN flooding, 502, 696–697, 698
SYN packets, 500, 502, 586–587, 697
SYN/ACK packets, 500, 586–587, 697
Synchronous Data Link Control. See SDLC
Synchronous Digital Hierarchy (SDH), 619
synchronous DRAM (SDRAM), 259
Synchronous Optical Network. See SONET
synchronous token device, 755–756
synchronous transmission, 514–515
synthetic transactions, 881–882
system access, 812
system administrators, 934–935
system architecture, 32, 248–252
system authentication, 391
system failure, 934–935
system metadata, 190
system owner role, 204
system reboot, 934
system restart, 934
system security architecture, 301–307
system sensing access control readers, 949–950
system services, 933
system-level events, 815–816
systems
bastion host, 596–597
classifications, 197
cold start, 934
connections between, 488
crashes/freezes, 933–935
cyber-physical, 328–330
defined, 249
distributed, 321
embedded, 329
forced shutdowns, 935
goals, 251
hardening, 937–939
Internet of Things, 329–330
locked-down, 938
open vs. closed, 320–321
sealing, 408
testing, 867
trusted recovery, 933–935
systems analyst, 926
systems evaluation, 313–318
T
tables
capability, 797–798
forwarding, 568–569
routing, 489
TACACS (Terminal Access Controller Access Control System), 801–805
TACACS+, 802–805
tactics, techniques, and procedures (TTPs), 100, 130
tape backups, 1016
tape drives, 978
tape librarian, 926
tape vaulting, 1026–1027
target hardening, 421
targeted tests, 873
tarpits, 607
taxonomy, 208
t-carriers, 620–621
TCB (trusted computing base), 302–304
TCG (Trusted Computing Group), 407
TCP (Transmission Control Protocol), 498–500
data structures, 502–503
described, 497
IP addressing, 503–506
overview, 498
stateful firewalls and, 586–587
TCP handshake, 500–502
TCP ports, 498–500
TCP sequence numbers, 502
TCP session hijacking, 502
TCP/IP (Transmission Control Protocol/Internet Protocol), 497–512
as Internet protocol, 691
IPv6 addressing, 506–509
vs. OSI, 480
overview, 497
VoIP integration with, 641–643
TDM (time-division multiplexing), 620
TDMA (time division multiple access), 681
teardrop attacks, 603
technical access controls, 222
technical controls, 8–12, 811–814, 865–866
technical reporting, 906–907
telecommunications, 479, 617–620
temperature, 222
TEMPEST (Transient Electromagnetic Pulse Emanation Standard), 821
templates, 1033
temporal isolation, 763
Temporal Key Integrity Protocol (TKIP), 667, 668
Teredo tunneling, 508
Terminal Access Controller Access Control System. See TACACS
termination, employee, 157
territorial reinforcement, 425–426
terrorist attacks, 210
tertiary sites, 1010
test-driven development, 1093
testing schedules, 877
testing/validation phase, 1084, 1093–1095, 1097
tests/testing. See also audits
acceptance testing, 1094
black box, 869
blind tests, 873
business continuity plan, 892–895
code reviews, 884–886
data backups, 892
gray box, 869
identity services and, 787
integration testing, 1094
interface testing, 886
misuse case, 882–883
network vulnerabilities, 867
penetration testing, 860, 869–873, 877, 1193
personnel vulnerabilities, 867
physical protection, 867
postmortem, 876–877
regression testing, 1094
security mechanisms, 810
synthetic transactions and, 881–882
system vulnerabilities, 867
targeted tests, 873
types of, 1094–1095
on virtual machines, 300
white box, 869
TFTP (Trivial File Transfer Protocol), 983
TGS (ticket granting service), 405, 768–769
The Open Group Architecture Framework. See TOGAF
theft, 439
thin clients, 775–776
thread management, 275–277
threat agents, 6–7
threat modeling, 98–102, 1088–1089, 1090
threats. See also specific threats
to access control, 834–840
defined, 6
described, 416
external, 416
facility/site, 414
identifying, 106–107
internal, 416
maintenance hooks, 333
manmade, 148–149
natural, 148
overview, 100
physical security, 414
software, 332–335
technical, 148–149
TOC/TOU attacks, 333–335
types of, 148–149
vulnerabilities and, 106–107
thunking, 298
ticket granting service (TGS), 405, 768–769
time division multiple access (TDMA), 681
time multiplexing, 279–280
Time to Live (TTL) values, 506
time-division multiplexing (TDM), 620
time-of-check/time-of-use (TOC/TOU) attacks, 333–335
timing attacks, 760
TKIP (Temporal Key Integrity Protocol), 667, 668
TLS (Transport Layer Security), 80, 217, 654–657, 691–693
TOC/TOU (time-of-check/time-of-use) attacks, 333–335
TOGAF (The Open Group Architecture Framework), 24–25
TOGAF model, 15
token devices, 754–757
token passing, 527
Token Ring technology, 534, 537
token-passing access methods, 528
token-passing technology, 534
Top Secret data classification, 195, 196
topology, 523
tort law, 62
ToS (Type of Service) capability, 506
total risk, 123–124
TPM (Trusted Platform Module), 407–409
Traceroute tool, 545
trade secret law, 63–64
trade secrets, 63–64
trademark law, 65
trademarks, 65
traffic anomaly–based IDS, 827
traffic shaping, 631
traffic-flow security, 686
training, security, 157–159, 809, 899
transaction logs, 1173
transaction persistence, 1157
transaction processing, 1173–1174
transactions
atomic, 936
synthetic, 881–882
well-formed, 309
Transient Electromagnetic Pulse Emanation Standard (TEMPEST), 821
translation bridge, 568
Transmission Control Protocol. See TCP
Transmission Control Protocol/Internet Protocol. See TCP/IP
transparent bridging, 568–569
transponders, 949–950
transport adjacency, 655
transport layer, 480, 487–488, 493, 498
Transport Layer Security (TLS), 80, 217, 654–657, 691–693
transposition ciphers, 350–353
trapdoor function, 385
trialware, 68
Triple-DES (3DES), 370, 377–378
Trivial File Transfer Protocol (TFTP), 983
Trojaned programs, 1183
trust, identity services and, 786
trusted components, 262, 288, 304
trusted computing base (TCB), 302–304
Trusted Computing Group (TCG), 407
trusted path, 303
Trusted Platform Module (TPM), 407–409
trusted processes, 255, 277, 288–290
trusted recovery, 933–935
trusted shell, 303
TTL (Time to Live) values, 506
TTPs (tactics, techniques, and procedures), 100, 130
tunneling protocols
IPSec, 653–654
tuples, 1160
twisted-pair cables, 518–519
two-phase commits, 1169
Type of Service (ToS) capability, 506
U
UAC (User Agent Client), 638
UBR (unspecified bit rate), 631
UDDI (Universal Description, Discovery and Integration), 1139
UDP (User Datagram Protocol)
described, 497
how it works, 498–500
RTP and, 641
stateful firewalls and, 586–587
UDP port, 498–500
UL (Underwriters Laboratory), 953
UML (Unified Modeling Language), 882–883
uncertainty, in risk analysis, 115
Unclassified data classification, 195, 196
Underwriters Laboratory (UL), 953
unicast transmission, 536, 537
Unicode encoding, 1149
Unified Modeling Language (UML), 882–883
unified threat management (UTM), 607–608
Uniform Resource Locator. See URL
uninterruptible power supply (UPS), 438, 442–443
Universal Description, Discovery and Integration (UDDI), 1139
universal unique identifier (UUID), 1133
unshielded twisted pair (UTP) cables, 518–519, 522
unspecified bit rate (UBR), 631
UPS (uninterruptible power supply), 438, 442–443
URL (Uniform Resource Locator), 548, 837, 1138, 1148
URL encoding, 1149
URL hiding, 554
U.S. Department of Homeland Security (DHS), 1098
USA PATRIOT Act, 78
USB drives, 820
user accounts
adding, 887
modifying, 887–888
profile updates, 744–745
provisioning, 743–744
suspending, 888–889
User Agent Client (UAC), 638
User Agent Server (UAS), 638
user data files, 890
User Datagram Protocol. See UDP
user manager role, 205
user mode, 255
user profiles, 928
user provisioning, 744
user role, 206
user stories, 1106
user-activated readers, 949–950
user-level events, 816
usernames, 1148
users. See also personnel
accountability, 814–818, 929–930
data integrity and, 4
described, 206
disclosing sensitive information, 4
errors, 106
keystroke monitoring, 818
privacy, 83
shoulder surfing, 5
social engineering and. See social engineering
as threat agent, 106
UTM (unified threat management), 607–608
UTP (unshielded twisted pair) cables, 518–519, 522
UUID (universal unique identifier), 1133
V
vacations, mandatory, 155, 927
validation
client-side, 1149–1150
described, 1096
input, 1148–1152
parameter, 1152–1153
post-validation, 1153
pre-validation, 1153
vs. verification, 1096
validation/testing phase, 1084, 1093–1095, 1097
value-added networks (VANs), 613–614
VANs (value-added networks), 613–614
variable bit rate (VBR), 631
VBR (variable bit rate), 631
VDSL (Very High-Data-Rate Digital Subscriber Line), 648
vender processes, 1059–1060
vendor management, 1059
verification
described, 1096
vs. validation, 1096
Vernam cipher, 345
versatile memory, 408–409
Very High-Data-Rate Digital Subscriber Line (VDSL), 648
very small aperture terminal (VSAT), 678
viewpoint, defined, 250
Vigenère cipher, 337
virtual address memory mapping, 280
virtual circuits, 629
virtual directories, 735
virtual firewalls, 599–603
virtual LANs. See VLANs
virtual machine (VM) snapshots, 890–891
virtual machines, 298–300, 1188
virtual memory, 283–285
virtual private LAN service (VPLS), 617
virtual private networks. See VPNs
Virtual Router Redundancy Protocol (VRRP), 565
virtual swap space, 284
virus walls, 1193
visual recording devices, 955–960
VLAN hopping attacks, 575
VLANs (virtual LANs), 574–576, 615
VM (virtual machine) snapshots, 890–891
voice gateway, 636
Voice over IP. See VoIP
voice print, 750
voicemail servers, 642
voicemail system, 636
VoIP (Voice over IP)
vs. IP telephony, 637
multiservice access technologies, 635–636
security, 642–643
volatile memory, 218
voltage regulators, 445
VPLS (virtual private LAN service), 617
VPNs (virtual private networks), 649–657
IPSec, 653–654
overview, 649
remote administration and, 940
tunneling protocols, 649–657
uses for, 218
VRRP (Virtual Router Redundancy Protocol), 565
VSAT (very small aperture terminal), 678
V-shaped model, 1100–1101
vulnerabilities, 98–99
attacks, 100–101
common, 875–876
considerations, 332
examples of, 52–53
identifying, 106–107
information, 99
overview, 98
people, 99
processes, 99
programming languages, 1120–1121
reduction analysis, 101–102
threats, 100
threats and, 106–107
web environments, 1146–1154
websites, 1154
XSS, 1150
vulnerability assessments, 113
vulnerability scanners, 864, 871, 875, 876
vulnerability tests, 873
W
WAFs (web application firewalls), 327
WAM (web access management) software, 736–739
WAN technologies, 624–644
CSU/DSU, 624–625
H.323 gateways, 636–638
vs. LAN technologies, 617, 619
multiservice access technologies, 635–636
overview, 617–618
SIP, 638–641
summary, 643–644
switching, 625–627
virtual circuits, 629
X-25 protocol, 629
WANs (wide area networks), 617–644
dedicated links, 620–624
vs. LANs, 526
warez sites, 64–65
warm sites, 1008–1011
Wassenaar Arrangement, 57–58
watchdog timer, 275
water detectors, 438
water sprinkler systems, 449, 453–454
Waterfall model, 1099–1100
wave-division multiplexing (WDM), 624
WBS (work breakdown structure), 1085
WDM (wave-division multiplexing), 624
Web. See Internet; World Wide Web
Web 1.0, 1140
Web 2.0, 1140
web access management (WAM) software, 736–739
web application firewalls (WAFs), 327
web applications. See also applications
input validation, 1149–1152
passwords, 1148
security issues, 326–327
security principles, 1154
usernames, 1148
web browsers. See browsers
web pages, 691
web portals, 778–779
web proxy, 1152–1153
web proxy servers, 606
web security, 1146–1154
administrative interfaces, 1147
applications, 1154
authentication/access control, 1147–1148
input validation, 1148–1152
overview, 1146
parameter validation, 1152–1153
session management, 1153–1154
threats/vulnerabilities, 1146–1154
Web Services Description Language (WSDL), 1139
web-based clients, 612
websites. See also Internet
drive-by downloads, 900, 901–902
malicious code, 700
phishing scams. See phishing entries
script viruses, 1181
vulnerabilities, 1154
well-known ports, 593
WEP (Wired Equivalent Privacy), 665–667
white box testing, 869
white noise, 821
wide area networks. See WANs
Wi-Fi Protected Access (WPA), 667
Wi-Fi Protected Access II (WPA2), 667–668
Windows operating systems, 888
WIPO (World Intellectual Property Organization), 65
Wired Equivalent Privacy (WEP), 665–667
wired networks, 660
wireless communications techniques, 660–664
wireless IDS (WIDS), 986
wireless intrusion detection system (WIDS), 677
wireless LANs. See WLANs
wireless networks, 659–685
Bluetooth, 676–677
LANS. See WLANs
MANs, 660
wireless personal area networks (WPANs), 660, 676
wireless technologies, 659–685
Bluetooth, 676–677
mobile wireless. See mobile wireless
OFDM, 663
optical wireless, 675–676
overview, 659
spread spectrum, 661–663
wireless standards, 672–677
WLANs. See WLANs
WLANs (wireless LANs)
ad hoc, 664
Bluetooth, 676–677
collisions and, 660
components, 664–665
illustrated, 660
infrastructure, 664
wireless standards, 672–677
work breakdown structure (WBS), 1085
work recovery time (WRT), 1003–1004
working image, media, 1046
World Intellectual Property Organization (WIPO), 65
World Wide Web (WWW), 690, 779, 780, 1140
wormhold attack, 566
WPA (Wi-Fi Protected Access), 667
WPA2 (Wi-Fi Protected Access II), 667–668
WPANs (wireless personal area networks), 660, 676
write-once media, 880
WRT (work recovery time), 1003–1004
WSDL (Web Services Description Language), 1139
WWW (World Wide Web), 690, 779, 780, 1140
X
X.500 standard, 775
X.509 standard, 402
XACML (Extensible Access Control Markup Language), 783–784
xDSL, 648
XML (Extensible Markup Language), 779, 780
XML schemas, 1141
XOR (exclusive-OR), 345
XP (Extreme Programming), 1107
XSS (cross-site scripting), 1150
XSS attacks, 1150–1151
XSS vulnerabilities, 1150
XTACACS (Extended TACACS), 802
Z
Zachman Framework, 15, 22–24, 136
zero knowledge proof, 387–388
zero-day vulnerabilities, 1096
Zigbee protocol, 676
zone transfers, 549
zones
demilitarized. See DMZ
security, 811
trust, 580