Index
A
A/C maintenance, 350
acceptable use policies, 339
access control entries (ACEs), 122
access control lists (ACLs), 122
DACLs (discretionary access control lists), 122
DACs (discretionary access controls), 142–144
RBACs (role-based access controls), 142–144
RBACs (rule-based access controls), 144
access controls. See also authentication; logical access controls; remote access
account expiration, 127
ACEs (access control entries), 122
ACLs (access control lists), 122
anonymous access, 146
best practices, 144–145
DACs (discretionary access controls), 142–144
DACLs (discretionary access control lists), 122
Group Policy, 123–124
group-based, 119–121
distribution groups, 120
security groups, 120
ITSEC (Information Technology Security Evaluation Criteria), 142
logging, 234–235
MACs (mandatory access controls), 142–144
flooding, ARP poisoning, 87–88
NACs (network access controls), 95–96
passwords
disadvantages, 146
domains, 125–126
networks, 124–125
system hardening, 156
vulnerabilities, 64
physical, 128
print and file sharing, 121–122, 209–210
null sessions, Windows, 78
RBACs (role-based access controls), 142, 144
RBACs (rule-based access controls), 144
TCSEC (Trusted Computer System Evaluation Criteria), 142–143, 206
time-of-day restrictions, 126–127
user-based, 119–121
access requestors (ARs) NACs (network access controls), 95
ACEs (access control entries), 122
Acid Rain Trojan, 32
ACLs (access control lists), 122
DACLs (discretionary access control lists), 122
DACs (discretionary access controls), 142–144
RBACs (role-based access controls), 142–144
RBACs (rule-based access controls), 144
Active Directory, 58
Group Policy, 123
group-based, 120
active IDSs (intrusion-detection systems), 194
add grace period (AGP), DNS kiting, 85
Address Resolution Protocol (ARP)
poisoning, 87–88
port stealing, 88
advertising-supported software, 34–35
adware, 34–35
AES (Advanced Encryption Standard)
symmetric key algorithms, 62, 266
weak encryption, 171
agents, 224
AGP (add grace period), DNS kiting, 85
AH (Authentication Header) protocol, IPsec (Internet Protocol Security), 179–180, 225, 294
AirSnort, 63
ALE (annual loss expectancy), 131–132
algorithms. See specific algorithms
annual loss expectancy (ALE), 131–132
annualized rate of occurrence (ARO), 132
anomaly-based monitoring, 228
anonymous access, 146
FTP (File Transfer Protocol), 59
system hardening, 156
answers (practice exams)
exam 1, 389–410
exam 2, 439–465
antispam software, 112–113
antivirus logging, 236
antivirus software, 111–112
APIDSs (application protocol-based intrusion-detection systems), 199
APIPA (Automatic Private IP Addressing), 92
APIs (application programming interfaces), null sessions, 79
application hardening, 206, 208–210
application layer, OSI (Open Systems Interconnection) model, 179
application protocol-based intrusion-detection systems (APIDSs), 199
application-level gateway proxy-service firewalls, 100–101
application security, 230–231
archive bits, 320
ARO (annualized rate of occurrence), 132
ARP (Address Resolution Protocol)
poisoning, 87–88
port stealing, 88
ARs (access requestors) NACs, 95
asset identification, 129
asymmetric key encryption algorithms, 152, 253–255, 260
ECC (Elliptic curve cryptography), 269
El Gamal asymmetric encryption algorithm, 268
bit strengths, 269
key management, 256
RSA (Rivest, Shamir, and Adleman) asymmetric encryption algorithm, 177–178, 180, 268–269, 295
attack signature, 194
auditing system security, 236–237
group policies, 241–242
storage and retention, 240–241
user access and rights, 237–238
best practices, 239–240
authentication basics, 146–147. See also access controls; logical access controls; remote access
Authentication Header (AH), IPsec (Internet Protocol Security) protocol, 179–180, 225, 294
Authenticode signature, 52
Automatic Private IP Addressing (APIPA), 92
awareness training policies, 346–347, 356–357
B
back doors, 64
backup power generators, 311
backup schemes, 320–322
Badtrans worm, 31
baselines/baselining, 220–221
application hardening, 206, 208–210
logging procedures, 230
network hardening, 206–208
operating system hardening, 206–207
OVAL (Open Vulnerability Assessment Language), 205
penetration testing, 205
risk management, 203–204
identifying vulnerabilities, 204–205
penetration testing, 205
system hardening, 158
Basic Input/Output System (BIOS) security, 38–40
bastion hosts, 102
behavior-based IDSs (intrusion-detection systems), 196–197
behavior-based monitoring, 227–228
benchmarking, 220
biometrics, 153–154
BIOS (Basic Input/Output System) security, 38–40
BitTorrent file-sharing application, 56
blind FTP. See anonymous FTP access
blind spoofing, 80
Blowfish Encryption Algorithm, 177, 266
Bluejacking, 172–173
Bluesnarfing, 172–173
Bluetooth connections, 60–61, 172
Bluetooth technology
handheld device security, 41
Bonk DoS (denial-of-service) attacks, 83
boot sector viruses, 30–31
bridge CA (certificate authority) model, 285
browser security, 55
add-ins, 55
session hijacking, 55
XXS (cross-site scripting), 55–56
buffer overflows
browser security, 56
CGI (common gateway interface) scripts, 54
JVM (Java Virtual Machine), 51
LDAP (Lightweight Directory Access Protocol), 58
buffer overflow attacks, 28–29, 31
BUGTRAQ, 131
business continuity planning, 308–309
C
CA (certificate authority), 260, 281
ActiveX controls, 52
bridge CA model, 285
certificate life cycles, 286–287
CPS (certificate practice statement), 283–284
certificate life cycles, 286–287
cross-certification CA model, 285
digital certificates, 152, 282
certificate policies, 283–287
hierarchical CA model, 285
Kerberos authentication, 149
key management, 287–292
registration authorities, 282
single CA model, 284–285
Cabir worm, 41
cable modem risks, 97
cable shielding, 352
California Online Privacy Protection Act of 2003 (OPPA), 343
carrier sense multiple access with collision avoidance (CSMA/CA) connectivity, 61
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), 270
CDs
removable storage device security, 42
cell phone security, 41–42
centralized key management, 287
certificate authority. See CA (certificate authority)
certificate policies, 283–287
certificate practice statement (CPS), 283–284
certificate life cycles, 286–287
certificate revocation lists (CRLs), 284, 290
certification (CompTIA), 11. See also exams (practice)
candidate qualifications, 12–14
educational background, 14–16
hands-on experience, 16–18
exam preparation, 19
anxiety, 23
exam day, 23–24
readiness assessment, 21–22
study tips, 19–20
CGI (common gateway interface) scripts, 54
profiling, 54
chain of custody, 333–334
change management, 340–341
SLAs (service level agreements), 345
CHAP (Challenge-Handshake Authentication Protocol), 150
PPP (Point-to-Point Protocol), 150
versions, 151
Chargen protocol, 74–76
Fraggle DoS (denial-of-service) attacks, 82
ports, commonly used, 75
chemical fire suppression systems, 349
CIA triad, 257
availability, 259
confidentiality, 257–258
integrity, 258–259
CIFS (Common Internet File System), 121
CIM (Common Information Model) standard, 58
circuit-level gateway proxy-service firewalls, 100–101
classifications of data
auditing storage and retention, 240–241
information policies, 341–342
CLE (cumulative loss expectancy), 132
coaxial cables, 352
Code Red worm, 31
cold sites, 310–311
comma-separated value (CSV) format, 230
common gateway interface (CGI) scripts, 54
profiling, 54
Common Information Model (CIM) standard, 58
Common Internet File System (CIFS), 121
Compact Wireless Application Protocol (CWAP), 60
CompTIA certification, 11
candidate qualifications, 12–14
educational background, 14–16
hands-on experience, 16–18
exam preparation, 19
anxiety, 23
exam day, 23–24
readiness assessment, 21–22
study tips, 19–20
computer forensics, 332–333
chain of custody, 333–334
damage and loss controls, 335
first responders, 334–335
reporting and disclosure policies, 335–336
RFC (Request For Comments) 2350, 335
configuration baselines, 158
configuration change documentation, 340–341
SLAs (service level agreements), 345
content filtering, 102–103
continuous UPSs (uninterruptible power supplies), 312
clearing caches, 53
hijacking, 77
privacy issues, 53
session values, 53
tracking cookies, 53
copy backups, 321
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), 270
countermeasures, intrusions, 202
CPS (certificate practice statement), 283–284
certificate life cycles, 286–287
CRLs (certificate revocation lists), 284, 290
certificate status checks, 290
cross-certification CA (certificate authority) model, 285
cross-site scripting (XXS), 55–56
cryptographic hash algorithms, 180, 264
Cryptographic Message Syntax Standard, 278
Cryptographic Token Information Format Standard, 279
Cryptographic Token Interface Standard, 278
cryptography, 252
versus steganography, 256
CSMA/CA (carrier sense multiple access with collision avoidance) connectivity, 61
CSV (comma-separated value) format, 230
cumulative loss expectancy (CLE), 132
CWAP (Compact Wireless Application Protocol), 60
Cyber-Security Enhancement & Consumer Data Protection Act, 336
D
DACLs (discretionary access control lists), 122
DACs (discretionary access controls), 142–144
damage and loss controls, 335
Data Accountability and Trust Act, 336
Data Encryption Standard (DES) symmetric key algorithms, 177, 180, 265–266
data link layer, OSI (Open Systems Interconnection) model, 179
data-breach notification law, 336
DDoS (distributed denial-of-service) attacks, 36, 83–84
DNS poisoning, 86
decentralized key management, 287
declassification of media, 338
default account vulnerabilities, 64
default identification broadcast vulnerabilities, 64
degaussing media, 338
demilitarized zone (DMZ), 88–89
firewall placement, 116–117
VPNs (virtual private networks), 173
DEN (Directory Enabled Networking) standard, 58
denial of services (DoS)
ARP poisoning, 87
circuit-level gateway proxy-service firewalls, 101
zombies, 83
vulnerabilities, 65
DES (Data Encryption Standard) symmetric key algorithms, 177, 180, 265–266
DHCP (Dynamic Host Configuration Protocol), 92
dial-up access, 174
LDAP (Lightweight Directory Access Protocol), 176–177
RADIUS (Remote Authentication Dial-In User Service), 170, 175–176
TACACS+ (Terminal Access Controller Access Control System Plus), 170, 175–176
differential backups, 321
Diffie-Hellman Key Agreement Standard, 268, 278
digital certificates, 152, 282
certificate life cycles, 286–287
certificate policies, 283–284
CRLs (certificate revocation lists), 284, 290
certificate status checks, 290
HTTPS versus S-HTTP, 57
key management, 287–292
OCSP (Online Certificate Status Protocol)
certificate revocation, 284, 290
certificate status checks, 290
registration authority (RA), 152, 282
SSL (Secure Sockets Layer), 57–58
versus digital signatures, 260 X.509, 278–281
digital signatures, 258–261
nonrepudiation, 260
versus digital certificates, 260
Digital Subscriber Line (DSL) risks, 97
Directory Enabled Networking (DEN) standard, 58
Directory Service Markup Language (DSML), 58
disaster recovery, 306–308
backups, 320–322
physical access security, 162–163
policies, 307
SLAs (Service level agreements), 307, 319–320
system restoration, 323–324
disclosure policies, 335–336
discretionary access control lists (DACLs), 122
discretionary access controls (DACs), 142–144
disk arrays, 313–317
Distinguished Name (DN), 177
distributed denial-of-service (DDoS) attacks, 36, 83–84
DNS poisoning, 86
distribution groups, 120
DMZ (demilitarized zone), 88–89
firewall placement, 116–117
VPNs (virtual private networks), 173
DN (Distinguished Name), 177
DNS (domain name service)
application hardening, 209
Bonk attacks, 83
DMZ (demilitarized zone), 89
kiting, 85
logging procedures, 231–232
man-in-the-middle attacks, 81
poisoning, 85–86
ports, commonly used, 75
risks, 76
domain kiting, 85
DoS (denial of services)
vulnerabilities, 65
ARP poisoning, 87
circuit-level gateway proxy-service firewalls, 101
zombies, 83
dry-pipe fire suppression systems, 349
DSL (Digital Subscriber Line) risks, 97
DSML (Directory Service Markup Language), 58
due care knowledge/actions, 344
due diligence, 344–345
dumpster diving, 355–356
duplexing RAID, 314
Duronio, Roger, 37
Dynamic Host Configuration Protocol
(DHCP), 92
application hardening, 210
E
ECC (Elliptic curve cryptography) asymmetric encryption algorithm, 269
ECC (Error Correcting Code) RAID, 314
Echo protocol, 74
Fraggle DoS (denial-of-service) attacks, 82
ports, commonly used, 75
education of users, policies, 346–347, 356–357
802.11 wireless fidelity (Wi-Fi) standard, 60–61
802.11i WPA/WPA2 (Wi-Fi Protected Access), 62
802.1Q standard, 90
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 151
wireless networking, 170–173
El Gamal asymmetric encryption algorithm, 268
electromagnetic interference (EMI), 352
electronic and electromagnetic emissions, shielding, 350–351
coaxial cables, 352
plenum, 352
twisted-pair cables, 352
electronic mail. See email security
electrostatic discharge (ESD), 350
Elliptic curve cryptography (ECC) asymmetric encryption algorithm, 269
Elliptic Curve Cryptography Standard, 279
email security, 181
clients, 50–51
hoaxes, 183
MIME (Multipurpose Internet Mail Extension) protocol, 181
PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extension) protocol, 182
S/MIME (Secure Multipurpose Internet Mail Extension) protocol, 182
SMTP (Simple Mail Transfer Protocol), 181, 208–209
spam, 182–183
EMI (electromagnetic interference), 352
Encapsulated Secure Payload (ESP), IPsec (Internet Protocol Security), 179–180, 225, 294
encryption
nonrepudiation, 259–260
weak encryption, 171
whole disk encryption, 261–262
Trusted Platform Module, 262–263
Entrust CAs (certificate authorities), 281
environmental security controls
fire prevention/suppression, 348–349
HVAC systems, 350
shielding electronic and electromagnetic emissions, 350–353
Error Correcting Code (ECC), Hamming Code, RAID, 314
ESD (electrostatic discharge), 350
ESP (Encapsulating Security Payload) protocol, 179–180, 225, 294
Event Viewer, 221
Group Policy, 241–242
system logging, 233
system monitoring, 223–224
exams (practice). See also certification (CompTIA)
CompTIA Certification Programs link, 18
exam 1
answers, 389–410
questions, 365–387
exam 2
answers, 439–465
questions, 411–437
Microsoft’s Exam link, 16
preparation, 19
anxiety, 23
exam day, 23–24
readiness assessment, 21–22
study tips, 19–20
expiration access control, 145
Extended-Certificate Syntax Standard, 278
extranets, 90
F
facial geometry biometric authentication, 154
false acceptance rates (FAR), 154
false rejection rates (FRR), 154
Faraday cage shielding, 350–351
FAT (File Allocation Table)-based file systems, 206
FDE (full disk encryption), 261–262
Trusted Platform Module, 262–263
Federal Rules of Civil Procedure (FRCP)
data retention policies, 241
discovery processs and electronic data, 337
information classifications, 342
ferroresonant UPSs (uninterruptible power supplies), 312
Fifth Amendment, due process, 334, 345
File Allocation Table (FAT)-based file systems, 206
file and print services/sharing, 121–122
application hardening, 209–210
null sessions, 78
anonymous access, 59
application hardening, 209
application-level gateway proxy-service firewalls, 101
authentication, 59
DMZ (demilitarized zone), 89
ports, commonly used, 75
spoofing, 80
system hardening, 156
Finger protocol, 76
fingerprint biometric authentication, 154
fire prevention/suppression, 348–349
firewalls, 99–100, 207. See also personal firewalls
extranets, 90
Internet content filters, 118
logging, 235–236
placement, 116–117
protocol analyzers, 118
proxy-service, 116–118
application-level gateway, 100–101
circuit-level gateway, 100–101
software, 118
stateful-inspection, 100–101, 116
first responders, 334–335
floating pop-ups, 113
forensics, 332–333
chain of custody, 333–334
damage and loss controls, 335
first responders, 334–335
reporting and disclosure policies, 335–336
RFC (Request For Comments) 2350, 335
Fourteenth Amendment, due process, 334, 345
Fraggle DoS (denial-of-service) attacks, 82
frame tagging, 90–91
FRCP (Federal Rules of Civil Procedure)
data retention policies, 241
discovery processs and electronic data, 337
information classifications, 342
FRR (false rejection rates), 154
FTP (File Transfer Protocol)
anonymous access, 59
application hardening, 209
application-level gateway proxy-service firewalls, 101
authentication, 59
DMZ (demilitarized zone), 89
ports, commonly used, 75
spoofing, 80
system hardening, 156
FTP-Data protocol, 75
FTPS (FTP over Secure Sockets
Layer), 59
full disk encryption (FDE), 261–262
Trusted Platform Module, 262–263
G
GLB (Gramm-Leach-Bliley Act), 337
GNU Privacy Guard (GnuPG), 268
GnuPG (GNU Privacy Guard), 268
GPOs (Group Policy objects), 123–124
gpresult command, 242
Gramm-Leach-Bliley Act (GLB), 337
grandfather-father-son backups, 322
group policies, system hardening, 157
Group Policy, 123–124, 241–242
Group Policy objects (GPOs), 123–124
group-based access controls, 119–121
distribution groups, 120
security groups, 120
H
H.323 specification, 96
Hamming Code Error Correcting Code (ECC) RAID, 314
handheld device security, 41–42
hand geometry biometric authentication, 154
Handshake Protocol, TLS (Transport Layer Security), 185
hardening
application hardening, 206, 208–210
network hardening, 206
system hardening, 206–207
group policies, 157
nonessential services/protocols, 156
security settings, 157–158
updates, 156–157
hardware personal firewalls, 110
hardware/media disposal policies, 337–338
hardware/peripherals system threats
BIOS, 38–40
handheld devices, 41–42
network-attached storage, 42–43
removable storage devices, 40–42
storage area network, 42–43
USB devices, 40–41
hash algorithms, 263
LAN Manager and NT LAN Manager, 264–265
header signatures, NIDSs (network-based intrusion-detection systems), 197
Health Insurance Portability and Accountability Act (HIPAA) of 1996, 336
heat/smoke detection systems, 348
HIDSs (host-based intrusion-detection systems), 98–99, 199–201
hierarchical CA (certificate authority) model, 285
hijacking, 77–78
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 172
HIPAA (Health Insurance Portability and Accountability Act) of 1996, 336
honeypots/honeynets, 201–202
host-based HIDSs (intrusion-detection systems), 98–99, 199–201
host-based NACs (network access controls), 95
hotfixes, system hardening, 157
HR (human resources) policies, 346
HTML-enabled client security, 50
HTTP (Hypertext Transfer Protocol)
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
logging procedures, 231
ports, commonly used, 75
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 184, 293
DMZ (demilitarized zone), 89
ports, commonly used, 75
versus S-HTTP (Secure Hypertext Transport Protocol), 57, 185
hub vulnerabilities, 65
humidity monitoring, 350
Hunt program, man-in-the-middle attacks, 81
HVAC systems, 350
hybrid UPSs (uninterruptible power supplies), 312
Hypertext Transfer Protocol (HTTP), 75
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
logging procedures, 231
ports, commonly used, 75
hypervisors, 114–115
I
IAS (Internet Authentication Service), 235
IAX (Inter Asterisk eXchange) specification, 96
ICMP (Internet Control Message Protocol), ICMP (Internet Control Message Protocol) echoes, 219
ping, 218
smurf/smurfing, 82
traceroute, 219
ICS (Internet Connection Sharing), 92
IDEA (International Data Encryption Algorithm), 177, 180, 266
Identity proofing authentication, 155
IDSs (intrusion-detection systems), 194, 201–202
APIDSs (application protocol-based IDSs), 199
ARP poisoning, 88
behavior-based, 196–197
HIDSs (host-based IDSs), 199–201
honeypots/honeynets, 201–202
host-based (HIDSs), 98–99
incident handling, 202–203
knowledge-based, 195–196
network-based (NIDSs), 98–99
NIDSs (network-based IDSs), 197–199, 201
versus NIPS (network intrusionprevention system), 201
IEEE (Institute of Electrical and Electronics Engineers)
802.1x specifications, 61, 151
wireless networking, 170–173
IETF (Internet Engineering Task Force)
LDAP (Lightweight Directory Access Protocol), 176
PKIX Working Group, 277–279
WAP next standard research, 60
IIS (Internet Information Services) logging procedures, 231
IKE (Internet Key Exchange) protocol, 180, 225, 294
IM (instant messaging), 56–57, 183–184
IMAP (Internet Message Access Protocol), 208
iMode standard, 60
impact/risk assessment, 306
implicit deny access control, 144
Incident Response Team (IRT), 332
incremental backups, 321–322
independent data disk RAID, 316
Information Technology Security Evaluation Criteria (ITSEC), 142
informed spoofing, 80
initial sequence numbers (ISNs), hijacking, 77
inline NACs (network access controls), 95
instant messaging (IM), 56–57, 183–184
Institute of Electrical and Electronics Engineers (IEEE)
802.1x specifications, 61, 151
wireless networking, 170–173
Inter Asterisk eXchange (IAX) specification, 96
International Data Encryption Algorithm (IDEA), 177, 180, 266
International Telecommunications Union (ITU)
X.509 certificates, 279
Internet Authentication Service (IAS), 235
Internet Connection Sharing (ICS), 92
Internet Control Message Protocol (ICMP) echoes, 219
ping, 218
smurf/smurfing, 82
traceroute, 219
Internet Corporation for Assigned Names and Numbers (ICANN), DNS kiting, 85
Internet Engineering Task Force
(IETF)
LDAP (Lightweight Directory Access Protocol), 176
PKIX Working Group, 277–279
WAP next standard research, 60
Internet Information Services (IIS) logging procedures, 231
Internet Key Exchange (IKE) protocol, 180, 225, 294
Internet Message Access Protocol (IMAP), 208
Internet Protocol (IP) remote access, 174
Internet Protocol Security (IPsec), 206
AH and ESP services, 179–180
IKE (Internet Key Exchange), 180
NAT (Network Address Translation), 92
Network Monitor, 225
OSI network layer, 178–179
replay attacks, 81
spoofing, 80
VPNs (virtual private networks), 170, 173–174, 293–294
Internet Security and Accereration (ISA), 235–236
Internet Security Association and Key Management Protocol (ISAKMP), 225, 294
interprocess communication share (IPC$) null sessions, 78
intranets, 90
intrusion-detection systems (IDSs), 194, 201–202
APIDSs (application protocol-based IDSs), 199
ARP poisoning, 88
behavior-based, 196–197
HIDS (host-based IDSs), 199–201
honeypots/honeynets, 201–202
incident handling, 202–203
knowledge-based, 195–196
NIDS (network-based IDSs), 197–201
versus NIPS (network intrusion-prevention system), 201
IP (Internet Protocol) remote access, 174
IP addresses
classes, 92–94
IPv6, 93
NAT (Network Address Translation), 91–92
subnetting, 92–94
IPC$ (interprocess communication share) null sessions, 78
Ipconfig/Ifconfig utilities, 219
IPsec (Internet Protocol Security), 206
AH and ESP services, 179–180
IKE (Internet Key Exchange), 180
NAT (Network Address Translation), 92
Network Monitor, 225
OSI network layer, 178–179
replay attacks, 81
spoofing, 80
VPNs (virtual private networks), 170, 173–174, 293–294
iris profile biometric authentication, 154
IronKey, 173
IRT (Incident Response Team), 332
ISA (Internet Security Associate and Accereration), 235–236
ISAKMP (Internet Security Associate and Key Management Protocol), 225, 294
ISNs (initial sequence numbers), hijacking, 77
iStat nano, 224
ITSEC (Information Technology Security Evaluation Criteria), 142
ITU (International Telecommunications Union) X.509 certificates, 279
J
Java, 50–51
versus ActiveX controls, 52
versus JavaScript, 52
Java applets
buffer overflow attacks, 29
Java Virtual Machine (JVM), 50–51
buffer overflow attacks, 29
versus Java, 52
job rotation access control, 145
job rotation/cross-training, 342–343
Juggernaut program, 81
JVM (Java Virtual Machine), 50–51
buffer overflow attacks, 29
K
KDC (Key Distribution Center), 148–149
Kerberos authentication, 147–149
mutual authentication, 150
key management, 256
centralized versus decentralized, 287
certificates
M of N controls, 290
expiration, 289
and
renewal, 291
revocaton, 289
status checks, 290
suspension, 290
key escrow, 288
key pair recovery, 290
key pair storage, 287–288
keys for authentication, 291
keys for destruction, 291
keys for privacy, 291
multiple key pairs, 292
Kismet, 63
kiting, DNS, 85
knowledge-based IDSs (intrusion-detection systems), 195–196
L
L2TP (Layer 2 Tunneling Protocol), 294
LAN Manager (LM) hash algorithm), 264–265
LANalyzer, Novell, 225
Land DoS (denial-of-service) attacks, 82
Layer 2 Tunneling Protocol (L2TP), 294
LDAP (Lightweight Directory Access Protocol), 58, 176–177
Learntosubnet.com, 93–94
least privilege access control, 145
legislation and security policies, 336–337
Lightweight Directory Access Protocol (LDAP), 58, 176–177
link-local addresses, 93
Linux Slapper worms, 29
LLC (logical-link control) layer, OSI (Open Systems Interconnection) submodel, 179
logging procedures and evaluation, 229–230
access logging, 234–235
antivirus logging, 236
application security, 230–231
DNS, 231–232
firewall logging, 235–236
performance logging, 233–234
system logging, 233
logic bombs, 37–38
logical access controls. See also access controls; authentication; remote access
account expiration, 127
ACEs (access control entries), 122
ACLs (access control lists), 122
DACLs (discretionary access control lists), 122
Group Policy, 123–124
group-based, 119–121
distribution groups, 120
security groups, 120
passwords
domains, 125–126
networks, 124–125
print and file sharing, 121–122
SACLs (system access control lists), 122
time-of-day restrictions, 126–127
user-based, 119–121
logical-link control (LLC) sublayer, OSI (Open Systems Interconnection) model, 179
Love Bug virus, 30
M
macro viruses, 30–31
MAC (Media Access Control) sublayer, OSI (Open Systems Interconnection) model, 143, 179
flooding, ARP poisoning, 87–88
MACs (mandatory access controls), 142–144
malicious code. See malware, 28
malware (malicious code), 28
adware, 34–35
email security, 208–209
hoaxes, 183
logic bombs, 37–38
privilege escalation, 28–29, 64
protection techniques, 38
rootkits, 35–36
spyware, 32–33
Trojans, 32
viruses, 30–31
man-in-the-middle attacks, 80–81
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 172
ARP poisoning, 87
mandatory access controls (MACs), 142–144
masters, 83
MD2, MD4, MD5 Message Digest Series Algorithms, 76, 180, 264
Media Access Control (MAC) sublayer, OSI (Open Systems Interconnection) model, 143, 179
flooding, ARP poisoning, 87–88
media/hardware disposal policies, 337–338
Melissa virus, 31
Message Digest Series Algorithms (MD2, MD4, MD5), 76, 180, 264
Michelangelo virus, 31
Microsoft Active Directory. See Active Directive
MIME (Multipurpose Internet Mail Extension) protocol, 181, 295
MIMO (multiple-input multiple-output), 61
mirroring RAID, 314
Mocmex Trojan, 32
modem risks, 97
monitoring. See performance monitoring
Montreal Protocol, 349
Morris worm, 31
multifactor authentication, 154–155
multilevel access controls. See MACs
( (mandatory access controls)
multipartite viruses, 30
multiple-input multiple-output (MIMO), 61
Multipurpose Internet Mail Extension (MIME) protocol, 181, 295
mutual authentication, 150
N
NACs (network access controls), 95–96
Nagios enterprise monitoring, 221
NAS (network-attached storage), 42–43
NAS (network-area storage) firewall placement, 117
NAT (Network Address Translation), 91–92, 207
National Institute of Standards and Technology (NIST), 95, 332
NCSD (National Cyber Security Division), 205
net use/net view commands, 79
NetBIOS, 75
NetBIOS over TCP/IP, null sessions, 79
Netlogon.dll/Netlogon.log files, 236
Netscape Corporation
cookies, 52
JavaScript, 50
NetStumbler, 63
Network Access Control, McAfee, 234
network access controls (NACs), 95–96
Network Address Translation (NAT), 91–92, 207
network firewalls, 99–100
Internet content filters, 118
placement, 116–117
protocol analyzers, 118
proxy-service, 116–118
gateways, application-level, 100–101
gateways, circuit-level, 100–101
stateful-inspection, 100–101, 116
network hardening, 206–208
network interface cards (NICs), 198
network intrusion-prevention system (NIPS), 99
versus NIDSs (network-based intrusion-detection systems), 201
network layer, OSI (Open Systems Interconnection) model, 178–179
Network Monitor, Microsoft Windows Server, 221, 225–226
Network News Transfer Protocol (NNTP), 209
network-area storage (NAS) firewall placement, 117
network-attached storage (NAS), 42–43
network-based intrusion-detection systems (NIDSs), 98–99, 197–199
versus NIPS (network intrusion-prevention system), 201
New Technology File System (NTFS), 206
NICs (network interface cards), 198
NIDSs (network-based intrusion-detection systems), 98–99, 197–201
Nimda worm, 31
NIPS (network intrusion-prevention system), 99
versus NIDSs (network-based intrusion-detection systems), 201
NIST (National Institute of Standards and Technology), 95, 332
nonrepudiation, 259–260
digital signatures, 260
VoIP (voice over Internet Protocol), 97
Notification of Risk to Personal Data Act, 336
nslookup utility, 218
NT LAN Manager (NTLM) hash algorithm, 264–265
NTFS (New Technology File System), 206
null sessions
APIs (application programming interfaces), 79
IPC$ (interprocess communication share), 78
print-sharing services (Windows), 78
RPCs (remote procedure calls), 79
O
OCSP (Online Certificate Status Protocol)
certificate revocation, 284, 290
certificate status checks, 290
offsite tape storage backups, 322
one-time pad (OTP) encryption algorithms, 267
Online Privacy Protection Act of 2003, California (OPPA), 343
online UPSs (uninterruptible power supplies), 312
Open Systems Interconnection (OSI) model, 178–179
Open Vulnerability Assessment Language (OVAL), 205
OpenPGP encryption algorithms, 268
operating system hardening. See system hardening
OPPA (Online Privacy Protection Act of 2003), California, 343
orange book. See TCSEC
organizational security
backups, 320–322
business continuity planning, 308–309
disaster recovery, 306–308
physical access security, 162–163
policies, 307
SLAs (service level agreements), 307, 319–320
redundancy, 306–309
backup power generators, 311
cold sites, 310–311
connections, 319
hot sites, 309–311
ISPs (Internet service providers), 318–319
RAID, 313–317
server clusters, 318
servers, 317–318
single points of failure, 313
site selection, 310
UPSs (uninterruptible power supplies), 311–313
warm sites, 310–311
system restoration, 323–324
security policies
acceptable use, 339
awareness training, 346–347, 356–357
change documentation, 340–341
computer forensics, 332–336
cross-training, 342–343
due care knowledge/actions, 344
due diligence, 344–345
due process, 345
electronic and electromagnetic emissions, shielding, 350–353
fire prevention/suppression, 348–349
hardware/media disposal, 337–338
HR (human resources), 346
HVAC systems, 350
incident response procedures, 332
information classification levels, 341–342
job rotation, 342–343
legislation, 336–337
mandatory vacations, 342–343
passwords, 339–340
PII (personally identifiable information), 343
separation of duties, 342–343
SLAs (service level agreements), 345
social engineering risks, 353–356
user education, 346–347, 356–357
OSI (Open Systems Interconnection) model, 178–179
OTP (one-time pad) encryption algorithms, 267
out-of-band NACs (network access controls), 95
OVAL (Open Vulnerability Assessment Language), 205
P2P (peer-to-peer) networking, 56
Packet Internet Grouper (ping), 218–219
ping DoS (denial-of-service) attacks, 82
ping flood DoS (denial-of-service) attacks, 82
packet sniffing, 195–196
packet-filtering firewalls, 100, 116
palm geometry biometric authentication, 154
PAP (Password Authentication Protocol), 150
parallel transfer RAID, 315
Parental Controls, Vista, 102
passive IDSs (intrusion-detection systems), 194, 205
Password Authentication Protocol (PAP), 150
Password-Based Cryptography Standard, 278
passwords, 152–153
domains, 125–126
networks, 124–125
security policies, 339–340
system hardening, 156
pathping command, 220
PBX (Private Branch Exchange) systems, 96
PDA security, 41–42
PDPs (policy decision points) NACs, 95
peer-to-peer (P2P) networking, 56
penetration testing, 205
PEPs (policy enforcement points) NACs, 95
performance benchmarking, 220
Performance console, Microsoft, 221–222
Performance Logs and Alerts, 234
performance monitoring, 221–222
application security, 230–231
logging procedures and evaluation, 229–230
access logging, 234–235
antivirus logging, 236
baselines, 230
DNS, 231–232
firewall logging, 235–236
performance logging, 233–234
system logging, 233
methodologies, 226–227
anomaly-based, 228
behavior-based, 227–228
signature-based, 229
system security, 222–224
tools
Ipconfig/Ifconfig, 219
Netstat, 218
nslookup, 218
pathping, 220
ping (Packet Internet Grouper), 218–219
Telnet, 219
tracert/traceroute, 218–219
Perl language, CGI scripts, 54
permissions and rights
group-based controls, 119–121
distribution groups, 120
security groups, 120
user-based controls, 119–121
Personal Data Privacy and Security Act of 2007, 336
hardware, 110
software, 110–111
Personal Information Exchange Syntax Standard, 279
personally identifiable information (PII), 343
PGP (Pretty Good Privacy), 258, 282, 295
PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extension) protocol, 182
phishing, 354
physical access security, 158–162
access controls, 128
evacuations, 162–163
facilities, 160–161
physical barriers, 160
physical layer, OSI (Open Systems Interconnection) model, 179
PII (personally identifiable information), 343
ping (Packet Internet Grouper), 218–219
ping DoS (denial-of-service) attacks, 82
ping flood DoS (denial-of-service) attacks, 82
PKCS (Public Key Cryptography Standards), 278–279
PKI (public key infrastructure), 206, 254, 276. See also PKCS; PKIX
CA (certificate authority), 281 bridge CA model, 285
cross-certification CA model, 285
hierarchical CA model, 285
single CA model, 284–285
CPS (certificate practice statement), 283–284
certificate life cycles, 286–287
digital certificates, 152, 282
certificate life cycles, 286–287
certificate policies, 283–287
certificate revocation, 284, 290
certificate status checks, 290
CRLs (certificate revocation lists), 284, 290
OCSP (Online Certificate Status Protocol), 284, 290
versus digital signatures, 260
X.509, 278–281
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 293
DMZ (demilitarized zone), 89
ports, commonly used, 75
versus S-HTTP (Secure Hypertext Transport Protocol), 57, 185
IPsec (Internet Protocol Security), 206
AH and ESP services, 179–180
IKE (Internet Key Exchange), 180
NAT (Network Address Translation), 92
Network Monitor, 225
OSI network layer, 178–179
replay attacks, 81
spoofing, 80
VPNs (virtual private networks), 170, 173–174, 293–294
key management, 287–292
L2TP (Layer 2 Tunneling Protocol), 294
PGP (Pretty Good Privacy), 258, 282, 295
PPTP (Point-to-Point Tunneling Protocol), 293
registration authorities, 282
S/MIME (Secure/Multipurpose Internet Mail Extensions), 182, 294–295
SMTP (Simple Mail Transfer Protocol), 295
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
ports, commonly used, 75
SSH (Secure Shell), 295–296
DMZ (demilitarized zone), 89
FTP over SSH (Secure Shell), 59, 178
ports, commonly used, 75
versions, 178
SSL (Secure Sockets Layer), 185, 292–293
browser security, 55
FTPS (FTP over SSL), 59
hijacking, 78
TLS (Transport Layer Security)
standards, 277
TLS (Transport Layer Security), 57–58, 292–293
PKIX (public key infrastructure based on X.509 certificates), 277–281
plenum, 352
Point-to-Point Protocol (PPP)
CHAP (Challenge-Handshake Authentication Protocol), 150–151
remote access, 171
Point-to-Point Tunneling Protocol (PPTP), 293
poisoning
ARP (Address Resolution Protocol), 87–88
DNS (domain name service), 85–86
policy decision points (PDPs) NACs, 95
policy enforcement points (PEPs) NACs, 95
polymorphic viruses, 30
pop-up blockers, 113–114
POP3 (Post Office Protocol 3), 208
DMZ (demilitarized zone), 89
ports, commonly used, 75
port signatures, NIDSs (network-based intrusion-detection systems), 197
port stealing, ARP, 88
Portmap protocol, 75
Post Office Protocol 3 (POP3), 208
DMZ (demilitarized zone), 89
ports, commonly used, 75
PPP (Point-to-Point Protocol)
CHAP (Challenge-Handshake Authentication Protocol), 150–151
remote access, 171
PPTP (Point-to-Point Tunneling Protocol), 293
CompTIA Certification Programs link, 18
exam 1
answers, 389–410
questions, 365–387
exam 2
answers, 439–465
questions, 411–437
Microsoft‘s Exam link, 16
preparation, 19
anxiety, 23
exam day, 23–24
readiness assessment, 21–22
study tips, 19–20
presentation layer, OSI (Open Systems Interconnection) model, 179
Pretty Good Privacy (PGP), 258, 295
digital certificates, 282
Pretty Good Privacy/Multipurpose Internet Mail Extension (PGP/MIME) protocol, 182
print and file services
application hardening, 121–122, 209–210
null sessions, Windows, 78
printers, UPSs (uninterruptible power supplies), 313
Private Branch Exchange (PBX) systems, 96
private key encryption algorithms, 254–255
Private-Key Information Syntax Standard, 278
buffer overflow attacks, 28–29, 31
group-based controls, 119–121
distribution groups, 120
security groups, 120
user-based controls, 119–121
profiling, 54
program viruses, 30
promiscuous-mode network traffic analysis, 63
protocol analyzers, 103, 118, 225
proxy servers, 101–102
proxy-service firewalls, 116–118
application-level gateway, 100–101
circuit-level gateway, 100–101
ps tool, UNIX, 225
Pseudo Random Number Generation, 279
Public Key Cryptography Standards (PKCS), 278–279
public key encryption algorithms, 254–255, 260
public key infrastructure (PKI), 206, 254, 276. See also PKCS; PKIX
CA (certificate authority), 281
bridge CA model, 285
cross-certification CA model, 285
hierarchical CA model, 285
single CA model, 284–285
CPS (certificate practice statement), 283–284
certificate life cycles, 286–287
digital certificates, 152, 282
certificate life cycles, 286–287
certificate policies, 283–287
certificate revocation, 284, 290
certificate status checks, 290
CRLs (certificate revocation lists), 284, 290
OCSP (Online Certificate Status Protocol), 284, 290
versus digital signatures, 260
X.509, 278–281
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 293
DMZ (demilitarized zone), 89
ports, commonly used, 75 versus S-HTTP (Secure Hypertext Transport Protocol), 57, 185
IPsec (Internet Protocol Security), 206
AH and ESP services, 179–180
IKE (Internet Key Exchange), 180
NAT (Network Address Translation), 92
Network Monitor, 225
OSI network layer, 178–179
replay attacks, 81
spoofing, 80
VPNs (virtual private networks), 170, 173–174, 293–294
key management, 287–292
L2TP (Layer 2 Tunneling Protocol), 294
PGP (Pretty Good Privacy), 258, 282, 295
PPTP (Point-to-Point Tunneling Protocol), 293
registration authorities, 282
S/MIME (Secure/Multipurpose Internet Mail Extensions), 182, 294–295
SMTP (Simple Mail Transfer Protocol), 295
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
ports, commonly used, 75
SSH (Secure Shell), 295–296
DMZ (demilitarized zone), 89
FTP over SSH (Secure Shell), 59, 178
ports, commonly used, 75
versions, 178
SSL (Secure Sockets Layer), 185, 292–293
browser security, 55
FTPS (FTP over SSL), 59
hijacking, 78
TLS (Transport Layer Security)
standards, 277
TLS (Transport Layer Security), 57–58, 292–293
questions (practice exams)
exam 1, 365–387
exam 2, 411–437
R
RA (registration authority), 152
radio frequency interference (RFI), 352
RADIUS (Remote Authentication Dial-In User Service), 151
ports, commonly used, 75
RAID, 313–317
RARP (Reverse Address Resolution Protocol), 87
RAS (remote-access service), 173
RBACs (role-based access controls), 142, 144
RBACs (rule-based access controls), 144
RC (Rivest Cipher) symmetric key encryption algorithms, 266
RCA4 (Rivest Cipher 4), 62
RDN (Relative Distinguished Name), 177
RDP (Remote Desktop Protocol), 178
Record Protocol, TLS (Transport Layer Security), 185
record-retention policies, 337
redundancy, 306–309
backup power generators, 311
cold sites, 310–311
connections, 319
hot sites, 309–311
ISPs (Internet service providers), 318–319
RAID, 313–317
server clusters, 318
servers, 317–318
single points of failure, 313
site selection, 310
UPSs (uninterruptible power sup-plies), 311–313
warm sites, 310–311
registration authority (RA), 282
digital certificates, 152
Relative Distinguished Name (RDN), 177
remote access. See also access controls; authentication; logical access controls; remote access
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 170–173
IP (Internet Protocol), 174
IPsec (Internet Protocol Security), 206
AH and ESP services, 179–180
IKE (Internet Key Exchange), 180
NAT (Network Address Translation), 92
Network Monitor, 225
OSI network layer, 178–179
replay attacks, 81
spoofing, 80
VPNs (virtual private networks), 170, 173–174, 293–294
L2TP (Layer 2 Tunneling Protocol), 170–171, 174
PPP (Point-to-Point Protocol), 171
PPTP (Point-to-Point Tunneling Protocol), 170–171, 174
RADIUS (Remote Authentication Dial-In User Service), 151
ports, commonly used, 75
RAS (remote-access service), 173
RDP (Remote Desktop Protocol), 178
SSH (Secure Shell), 170, 177–178, 295–296
DMZ (demilitarized zone), 89
FTP over SSH (Secure Shell), 59, 178
ports, commonly used, 75
versions, 178
TACACS+ (Terminal Access Controller Access Control System Plus), 151, 170, 175–176
ports, commonly used, 75
VPNs (virtual private networks)
IPsec (Internet Protocol Security), 170, 173–174, 178
L2TP (Layer 2 Tunneling Protocol), 170
PPTP (Point-to-Point Tunneling Protocol), 170
quarantines, 173
Remote Authentication Dial-In User Service (RADIUS), 151
ports, commonly used, 75
Remote Desktop Protocol (RDP), 178
remote procedure calls (RPCs), null sessions, 79
remote-access service (RAS), 173
removable storage device security, 40–42
replay attacks, 81
report of incident policies, 335–336
Request For Comments (RFC) 2350, 335
restoration plans, 323–324
Resultant Set of Policy (RSoP) tool, 242
retina scan biometric authentication, 154
Reverse Address Resolution Protocol (RARP), 87
reverse social engineering risks, 353–354
RFC (Request For Comments) 2350, 335
RFI (radio frequency interference), 352
rights and permissions. See privileges
risk management, 128–129, 203–204
asset identification, 129
identifying vulnerabilities, 204–205
penetration testing, 205
risk and threat assessment, 130–131
risk calculations, 131–132
ROI calculations, 132–133
vulnerabilities, 131
Rivest Cipher (RC) symmetric key encryption algorithms, 266
Rivest Cipher 4 (RCA4), 62
Rivest, Ronald, 264
Rivest, Shamir, and Adleman (RSA) asymmetric encryption algorithm, 177–180, 268–269, 295
ROI (return on investment), 132–133
role-based access controls (RBACs), 142, 144
root CA (certificate authority), 285
RootkitRevealer, 36
rootkits, 35–36
Routing and Remote Access (RRAS), 235
RPCs (remote procedure calls), null sessions, 79
RRAS (Routing and Remote Access), 235
RROI (reduced return on investment), 132
RSA (Rivest, Shamir, and Adleman) asymmetric encryption algorithm, 177–180, 268–269, 295
RSA Certification Request Syntax Standard, 278
RSA Cryptography Standard, 278
RSA Security’s SecurID tokens, 153
RSoP (Resultant Set of Policy) tool, 242
rule-based access controls (RBACs), 144
S
S-HTTP (Secure Hypertext Transport Protocol) versus HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 57, 185
S/FTP (FTP over Secure Shell), 59, 178, 296
S/MIME (Secure/Multipurpose Internet Mail Extensions), 182, 294–295
SACLs (system access control lists), 122
sanitization of media, 338
SANs (storage-area networks), 42
firewalls
placement, 117
protocol analyzers, 118
virtualization, 115
SANS Institute, 131
Sarbanes-Oxley (SOX) legislation, 337
Sawmill, antivirus logging, 236
search and seizure laws, 334
secret key algorithms. See symmetric key encryption algorithms
Secure Copy (scp) utility, 177–178, 296
Secure Hash Algorithm (SHA, SHA-1), 180, 264
Secure Hypertext Transport Protocol (S-HTTP) versus HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 57
Secure Login (slogin) utility, 177, 295
Secure Multipurpose Internet Mail Extension (S/MIME) protocol, 182, 294–295
Secure Shell (SSH), 295–296
FTP over SSH (Secure Shell), 59, 178, 296
versions, 178
Secure Sockets Layer (SSL), 185, 292–293
browser security, 55
digital certificates, 282
FTPS (FTP over SSL), 59
hijacking, 78
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 57, 184–185, 293
Linux Slapper worms, 29
TLS (Transport Layer Security), 57–58
SecurID tokens, RSA Security, 153
security baselines
application hardening, 206–210
logging procedures, 230
network hardening, 206–208
operating system hardening, 206–207
OVAL (Open Vulnerability Assessment Language), 205
penetration testing, 205
risk management, 203–204
identifying vulnerabilities, 204–205
penetration testing, 205
system hardening, 158
security groups, 120
security identifiers (SIDs), 127–128
security templates, 157
Selected Attribute Types, 278
self-assessment for CompTIA certification
educational background, 14–16
hands-on experience, 16–18
Server Message Blocks (SMBs), 121
ports, commonly used, 75
server redundancy, 317–318
service level agreements (SLAs), 307, 319–320, 345
Service Location Protocol (SLP), 58
service-oriented architecture (SOA) authentication, 155
Session Initiation Protocol (SIP), 96
session layer, OSI (Open Systems Interconnection) model, 179
SHA (Secure Hash Algorithm), 180, 264
shared secret key algorithms. See symmetric key encryption algorithms
shielded twisted-pair (STP) cables, 352
shielding electronic and electromagnetic emissions, 350–351
coaxial cables, 352
plenum, 352
twisted-pair cables, 352
Shiva Password Authentication Protocol (SPAP), 150
short message service (SMS)
handheld device security, 41
shoulder surfing, 355
SIDs (security identifiers), 127–128
signature biometric authentication, 154
signature-based monitoring, 229
signatures, NIDSs (network-based intrusion-detection systems), 197, 201
Simple Mail Transfer Protocol (SMTP), 57, 295
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
ports, commonly used, 75
Simple Network Management Protocol (SNMP), 76
system hardening, 156
system monitoring, 224
vulnerabilities, 76–77
single CA (certificate authority) model, 284–285
single loss expectancy (SLE), 131–132
single points of failure, 313
single sign-on (SSO) authentication, 155
SIP (Session Initiation Protocol), 96
slag code. See logic bombs, 37
Slapper (Linux) worms, 29
SLAs (service level agreements), 307, 319–320, 345
SLE (single loss expectancy), 131–132
slogin utility, 177
SLP (Service Location Protocol), 58
SMBs (Server Message Blocks), 121
ports, commonly used, 75
smoke detection systems, 348
SMS (short message service)
handheld device security, 41
SMS (System Management Server), Microsoft, 225
SMTP (Simple Mail Transfer Protocol), 57, 295
application-level gateway proxy-service firewalls, 101
DMZ (demilitarized zone), 89
ports, commonly used, 75
smurf/smurfing DoS (denial-of-service) attacks, 82
SNMP (Simple Network Management Protocol), 76
system hardening, 156
system monitoring, 224
vulnerabilities, 76–77
SOA (service-oriented architecture) authentication, 155
social engineering risks, 353–354
awareness training, 356–357
dumpster diving, 355–356
hoaxes, 355
phishing, 354
shoulder surfing, 355
software personal firewalls, 110–111
SOX (Sarbanes-Oxley) legislation, 337
antispam software, 112–113
botnets, 36
SPAP (Shiva Password Authentication Protocol), 150
spoofing, 79–80
SPSs (standby power supplies), 312
Spyware, 32–33
SQL injections, 231
SSH (Secure Shell), 295–296
DMZ (demilitarized zone), 89
FTP over SSH (Secure Shell), 59, 178
ports, commonly used, 75
versions, 178
ssh utility, 177–178
SSL (Secure Sockets Layer), 185, 292–293
browser security, 55
digital certificates, 282
FTPS (FTP over SSL), 59
hijacking, 78
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 57, 184–185, 293
Linux Slapper worms, 29
TLS (Transport Layer Security), 57–58
SSO (single sign-on) authentication, 155
standby power supplies (SPSs), 312
stateful-inspection firewalls, 100–101, 116
statistical anomaly detection, 196
stealth viruses, 30
steam ciphers, 265–267
steganography, 256–257
versus cryptography, 256
Stoned virus, 31
Storage Computer Corporation RAID, 317
storage-area networks (SANs), 42–43
firewalls
placement, 117
protocol analyzers, 118
virtualization, 115
Storm botnet, 36
STP (shielded twisted-pair) cables, 352
string signatures, 197
striped disk array RAID, 314
subnetting, 92–94
subordinate CA (certificate authority), 285
Sun Microsystems, Java, 50
switch-based NACs (network access controls), 95
Symantec Antivirus Log Format, 236
symmetric key encryption algorithms, 177–178, 253–254
AES (Advanced Encryption Standard), 62, 266
bit strengths, 269
DES (Data Encryption Standard), 177, 180, 265–266
Kerberos authentication, 148
key management, 256
RC (Rivest Cipher), 266
RCA4 (Rivest Cipher 4), 62
steam or block ciphers, 265–267
3DES (Triple Data Encryption Standard), 266
SYN flood DoS (denial-of-service) attacks, 82
syslog, UNIX, 230
syslog-ng, Linux, 230
syslogd, UNIX and Linux, 233
Systat protocol, commonly used ports, 75
system access control lists (SACLs), 122
System Center Configuration Manager 2007, Microsoft, 234
system hardening, 206–207
nonessential services/protocols, 156
security settings, 157–158
updates, 156–157
system hardware/peripherals threats
BIOS, 38–40
handheld devices, 41–42
network-attached storage, 42–43
removable storage devices, 40–42
storage area network, 42–43
USB devices, 40–41
system logging, 233
System Management Server (SMS), Microsoft, 225
System Monitor, 221–222
system restoration, 323–324
system security audits, 236–237
group policies, 241–242
storage and retention, 240–241
user access and rights, 237–238
best practices, 239–240
T-Sight program, 81
TACACS+ (Terminal Access Controller Access Control System Plus), 151
ports, commonly used, 75
TCP handshake process, man-in-the-middle attacks, 80–81
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 172
ARP poisoning, 87
TCP ports, 74–75
TCP/IP hijacking, 77–78
DoS (denial-of-service) attacks, 82–83
802.1x, IEEE (Institute of Electrical and Electronics Engineers) standard, 172
TCSEC (Trusted Computer System Evaluation Criteria), 142–143, 206
Teardrop DoS (denial-of-service) attacks, 83
telecom systems, 96
telephony, 96
modem risks, 97
PBX (Private Branch Exchange) systems, 96
telecom systems, 96
VoIP (voice over Internet Protocol), 96–97
hijacking, 77
ports, commonly used, 75
TEMPEST (Transient Electromagnetic Pulse Emanation Standard) shielding, 350–351
templates, security, 157
Temporal Key Integrity Protocol (TKIP), 270
weak encryption, 172
ten-tape rotation backups, 322
Terminal Access Controller Access Control System Plus (TACACS+), 151
ports, commonly used, 75
tests. See exams (practice)
TGS (Ticket-Granting Server), 149
TGT (Ticket-Granting Ticket), 149
threat assessment, 130–131
3DES (Triple Data Encryption Standard) symmetric key algorithms, 266
Ticket-Granting Server (TGS), 149
Ticket-Granting Ticket (TGT), 149
time-of-day access restrictions, 126–127
TKIP (Temporal Key Integrity Protocol), 270
weak encryption, 172
TLS (Transport Layer Security), 185
Handshake Protocol, 292–293
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 293
Record Protocol, 292–293
SSL (Secure Sockets Layer), 57–58
VPNs (virtual private networks), 293
Tower of Hanoi backups, 322
TPM (Trusted Platform Module), 262–263
tracer/traceroute utilities, 218–219
tracking cookies, 53
Transient Electromagnetic Pulse Emanation Standard (TEMPEST) shielding, 350–351
Transport Layer Security (TLS), 185
Handshake Protocol, 292–293
HTTPS (HTTP over SSL/Hypertext Transfer Protocol over Secure Sockets Layer), 293
Record Protocol, 292–293
SSL (Secure Sockets Layer), 57–58
VPNs (virtual private networks), 293
transport layer, OSI (Open Systems Interconnection) model, 179
Triple Data Encryption Standard (3DES) symmetric key algorithms, 266
Trojan.W32.Nuker, 32
Trojans, 32
versus viruses and worms, 32
TrueCrypt, 173
trust hierarchy. See PKI (public key infrastructure)
trust models, CA (certificate authority)
bridge model, 285
cross-certification model, 285
hierarchical model, 285
single model, 284–285
Trusted Computer System Evaluation Criteria (TCSEC), 142–143, 206
Trusted Platform Module (TPM), 262–263
twisted-pair cables, 352
U
UAC (User Account Control), Vista, 86, 145
UDP (User Datagram Protocol) ports, 74–75, 77
DoS (denial-of-service) attacks
Bonk, 83
Fraggle, 82
Teardrop, 83
ULA (unique local addresses), 93
Unicode hash. See NT LAN Manager (NTLM) hash algorithm
uninterruptible power supplies (UPSs), 311–313
unique local addresses (ULA), 93
unshielded twisted-pair (UTP) cables, 352
UPSs (uninterruptible power supplies), 311–313
USB devices
encryption, 173
protocol analyzers, 103
USB device security, 40–41
User Account Controls (UACs), Vista, 86, 145
User Datagram Protocol (UDP) ports, 74–75, 77
DoS (denial-of-service) attacks
Bonk, 83
Fraggle, 82
Teardrop, 83
user education policies, 346–347, 356–357
user-based access controls, 119–121
usernames, 152–153
system hardening, 156
UTP (unshielded twisted-pair) cables, 352
V
vampire taps, 65
VeriSign CAs (certificate authorities), 281
certificate expiration, 289
digital certificates, 152
virtual local area networks (VLANs), 90–91
virtual machine monitors. See hypervisors
virtual private networks (VPNs)
demilitarized zone (DMZ), 173
extranets, 90
intranets, 90
IPsec (Internet Protocol Security), 170, 173–174, 178, 293–294
IPsec standard, 173–174
L2TP (Layer 2 Tunneling Protocol), 170, 294
PPTP (Point-to-Point Tunneling Protocol), 170
quarantines, 173
RAS (remote-access service), 173
TLS (Transport Layer Security), 293
virtualization, hypervisors, 114–115
viruses
antivirus software, 111–112
email security, 208–209
types, 30
versus Trojans and worms, 32
VLANs (virtual local area networks), 90–91
VMMs (virtual machine monitors). See hypervisors
vmstat tool, UNIX, 225
voiceprint biometric authentication, 154
VoIP (voice over Internet Protocol), 96–97
VPNs (virtual private networks)
demilitarized zone (DMZ), 173
extranets, 90
intranets, 90
IPsec (Internet Protocol Security), 170, 173–174, 178, 293–294
IPsec standard, 173–174
L2TP (Layer 2 Tunneling Protocol), 170, 294
PPTP (Point-to-Point Tunneling Protocol), 170
quarantines, 173
RAS (remote-access service), 173
TLS (Transport Layer Security), 293
W
W3C (World Wide Web Consortium) WAP standard, 60
WAE (Wireless Application Environment), 60
WAP (Wireless Application Protocol), 60–61
war chalking, 172
warm sites, 310–311
water-based sprinkler systems, 348–349
WEP (Wired Equivalent Privacy), 270
WEP (Wired Equivalent Privacy) standard, 61
security questioned, 62
weak encryption, 171
wet-pipe fire suppression systems, 348–349
whole disk encryption, 261–262
Trusted Platform Module, 262–263
Wi-Fi (wireless fidelity) standard, 60–61
Wi-Fi Protected Access (WPA), 270
Wi-Fi Protected Access (WPA/WPA2), 62
weak encryption, 172
Windows authentication hashing algorithms, 264–265
Wired Equivalent Privacy (WEP), 270
Wired Equivalent Privacy (WEP) standard, 61
security questioned, 62
weak encryption, 171
Wireless Application Environment (WAE), 60
Wireless Application Protocol (WAP), 60–61
wireless encryption algorithms, 270
wireless local area networks (WLANs), 61, 270
site surveys, 62–63
Wireless Markup Language (WML), 60
Wireless Session Layer (WSL), 60
Wireless Transport Layer (WTL), 61
Wireless Transport Layer Security (WTLS), 61
Wireshark, 225
WLANs (wireless local area networks), 61, 270
site surveys, 62–63
WML (Wireless Markup Language), 60
World Wide Web Consortium (W3C), WAP standard, 60
versus viruses and Trojans, 32
WPA (Wi-Fi Protected Access), 270
WPA/WPA2 (Wi-Fi Protected Access), 62
weak encryption, 172
WSL (Wireless Session Layer), 60
WTL (Wireless Transport Layer), 61
WTLS (Wireless Transport Layer Security), 61
X – Z
X.509 digital certificates, 277–28
HTTPS versus S-HTTP, 57
XXS (cross-site scripting), 55–56
Zbot, 37
zombies, 83