Index
Numbers
1G, 344
2G, 345
3DES (Triple-DES), 246, 255–257
3G, 345
4G, 345
10 Steps to Cyber Security, 63
64-bit key, 246
802.1AE (MACsec), 306
802.1AR, 306
802.1X, 352
802.11 wireless networks, 346–348
Bluetooth, 350
encryption, 351
topologies, 348
wireless protection mechanisms, 352–354
802.11a, 348
802.11ac, 349
802.11b, 349
802.11g, 349
802.11n, 349
802.15, 349
802.16, 349
A
AaaS (Authentication as a Service), 377
absolute addressing, 181
acceptable risk, 147
acceptable use policies (AUPs), 154, 495, 519, 523
acceptance testing and implementation, SDLC (System Development Life Cycle), 551–552
access, 375
to BCP (business continuity plan), 621
controlling, managing users, 495
network access control devices, 355
firewall designs, 359
firewalls, 355
physical access, controlling, 524–525
remote access, 502
CHAP (Challenge Handshake Authentication Protocol), 360
EAP (Extensible Authentication Protocol), 360–361
PAP (Password Authentication Protocol), 360
PPP (Point-to-Point Protocol), 360
unauthorized access, 448
access control lists (ACLs), 397–398
access control models, 403
centralized access control, 403–404
RADIUS (remote authentication dial-in user service), 404–405
TACACS (Terminal Access Controller Access Control System), 406
decentralized access controls, 407
access control threats, 448
eavesdropping, 453
shoulder surfing, 453
spoofing, 453
unauthorized access, 448
access controls
CDAC (content-dependent access control), 403
DAC (discretionary access control), 397–398
LBAC (lattice-based access control), 403
MAC (mandatory access control), 398–400
RBAC (role-based access controls), 401–402
rule-based access controls, 402
access logs, 434
accessibility, to facilities, 77
account management, 391
accountability, 375, 408, 518, 525. See also auditing
monitoring and auditing controls, 518
clipping level, 496
ACLs (access control lists), 397–398, 402
acoustical detection, 106
acquire, computer forensics, 475–477
active sniffing, 440
ActiveX, 564
activity blockers, 510
Address Resolution Protocol (ARP), 306
address space layout randomization (ASLR), 219–220
adhoc mode, 348
administrative controls, 154
administrative law, 124
administrative support teams, 534
ADSL (asymmetric digital subscriber line), 340
Advanced Encryption Standard (AES), 255, 257–258
advanced persistent threats (APTs, 439, 462
advisory policies, 151
AES (Advanced Encryption Standard), 255, 257–258
agent based, SIEM (security information and event management), 522
agentless, SIEM (security information and event management), 522
aggregation, databases, 567, 568–569
agile development methods, 557–558
AH (authentication header), 282, 363
AI (artificial intelligence), 570
AIC (availability, integrity, confidentiality), 29
air conditioning, facilities, 98–99
air intakes, 81
alarm systems, 106
IDS (intrusion detection systems), 106–107
monitoring and detection, 107–108
alarms, silent hostage alarms, 95
ALE (annual loss expectancy), 139–140
asymmetric algorithms, 247
DSA (digital signature algorithm), 271
dynamic routing, 334
Merkle-Hellman Knapsack, 264
symmetric algorithms, 247, 250–251
alpha tests, 551
alternate routing, 607
ALU (arithmetic logic unit (ALU), 176
American Society for Testing and Materials (ASTM), 84
analysis, computer forensics, 478
Anderson, James, 409
annual loss expectancy (ALE), 139–140
annual rate of occurrence (ARO), 139
annunciators, 87
anomaly-based IDS engines, 412
Anonymous, 437
antivirus, 56
antivirus software, 577
application layer
OSI (Open Systems Interconnection) model, 302
application security testing, 429
application servers, 186
application switches, 330
application transactions, monitoring, 520–521
application whitelisting, 56
application-level proxy, 356
application/process layer controls, securing TCP/IP, 280
APTs (advanced persistent threats), 439, 462
architecture, security architecture. See security architecture
archive bits, 512
area concerns, facilities, 77–78
arithmetic logic unit (ALU), 176
ARO (annual rate of occurrence), 139
ARP (Address Resolution Protocol), 306, 310
ARP poisoning, 446
artificial intelligence, 570–571
ASLR (address space layout randomization), 219–220
assemblers, 564
asset placement, in facilities, 82
asset security, 28
assisted password reset, 391
assurance classes, 210
ASTM (American Society for Testing and Materials), 84
asymmetric algorithms, 247
asymmetric cryptography, 236
asymmetric digital subscriber line (ADSL), 340
asymmetric encryption, 259–261, 272
versus symmetric encryption, 264–265
asynchronous attacks, 220
asynchronous replication, 611
asynchronous token devices, 382–383
asynchronous transfer mode (ATM), 307
ATM (asynchronous transfer mode), 307, 337
ATO (Authorization to Operate), 118
atomicity, 569
attack surface, 571
attacks, 126. See also threats
availability attacks, 437
birthday attack, 287
brute force attacks, 378
chosen ciphertext, 287
chosen plaintext, 287
ciphertext-only attack, 287
covert channels, 221
cryptographic attacks, 285–288
data diddling, 435
dictionary attacks, 378
differential cryptanalysis, 287
directory traversal attacks, 223
VoIP (voice over IP), 344
financial attacks, 575
hybrid attacks, 451
inference attacks, 284
injection attacks, 225
key clustering, 287
known plaintext attack, 287
linear cryptanalysis, 287
logic bombs, 575
man-in-the middle attack, 288
brute-force crack, 451
rainbow tables, 452
pharming attacks, 447
phishing, 454
replay attack, 288
rubber hose attack, 288
salami attacks, 575
side channel attack, 288
social engineering attacks, 454–455
spear phishing, 454
state attacks, 220
attenuation, 327
attributes, databases, 567
attribute-value pairs (AVPs), 404
audio detection, 106
audit controls, 525
audit logs, 434
audit reduction and correlation tools, 518
audit reduction tools, 408–409
auditing, 408. See also accountability
user activities, 519
auditors, roles and responsibilities, 33
AUPs (acceptable use policies), 154, 495, 519, 523
computer forensics, 477
something you are (Type 3), 385–390
something you have (Type 2), 381
asynchronous token devices, 382–383
strong authentication, 390
something you know (Type 1), 377–379
Authentication as a Service (AaaS), 377
authentication header (AH), 282, 363
authentication service, 394
authority, social engineering, 162
access controls, 397
CDAC (content-dependent access control), 403
DAC (discretionary access control), 397–398
LBAC (lattice-based access control), 403
MAC (mandatory access control), 398–400
RBAC (role-based access controls), 401–402
rule-based access controls, 402
Authorization to Operate (ATO), 118
automated backups, 512
availability, 29
calculating, 606
availability attacks, 437
avoiding system failures, 543
checks and application controls, 543–544
failure states, 544
AVPs (attribute-value pairs), 404
awareness
BCP (business continuity plan), implementing, 619
B
social networking, 157
automated backups, 512
cloud computing backups, 613
continuous backups, 609
data replication, 611
database shadowing, 612
differential backups, 512, 609
electronic vaulting, 612
incremental backups, 512–513, 609
media-rotation strategies, 611–612
on-demand backups, 512
remote journaling, 612
SAN (storage area network), 613
tape rotation methods, 513
badges, employee access control, 94–95
baseband, 322
risk management, 152
Basic Rate Interface (BRI), 338
BC (business continuity), 588
defined, 590
BCP (business continuity plan), 588, 589–591
access to, 621
assessing potential loss, 595–598
BIA (business impact analysis), 593–595
awareness and training, 619
monitoring and maintenance, 621–622
plan design and development, 615
employee services, 617
interacting with external groups, 616–617
personnel mobilization, 615–616
process responsibilities, 622
project management and initiation, 591–593
backup and restoration, 609–611
business process recovery, 600–601
data and information recovery, 608–609
facility and supply recovery, 601
user recovery, 605
behavioral-based IDS, 412, 528–529
Berlin Wall, 83
Bernay, Mark, 465
best evidence, 482
BIA (business impact analysis), 593–595
assessing, potential loss, 595–598
reputation, 599
vulnerability assessments, 595
Tibetan monks, 203
biometric access controls, 96–97
considerations before deploying, 389–390
usage patterns, 388
biometrics, authentication, 385–390
birthday attack, 287
blackbox testing, 428
blackbox tests, 552
blacklists, 506
blind tests, 429
block ciphers, 237, 240, 247–248
Blowfish, 250
bluejacking, 350
bluesnarfing, 350
Bluetooth, 350
bogon filtering, 333
boolean operators, stream ciphers, 248
BootP (Bootstrap Protocol), 315
fast-flux botnets, 445
BPA (Business Partnership Agreement), 119
The Brain, 456
Brewer and Nash model, 205
BRI (Basic Rate Interface), 338
bridges, 328
British Standard (BS) 7799, 216
broadband, 322
brute force attacks, 378
brute-force crack, 451
buffer overflows, 219–220, 574–575
buffers, 574
bus, I/O bus standards, 183–184
bus topology, 319
business continuity. See BC (business continuity)
business continuity plan. See BCP (business continuity plan)
business impact analysis (BIA), 593–595
business operations, threats to, 588–589
Business Partnership Agreement (BPA), 119
business process recovery, 600–601
business reference model, 215
BYOD (bring your own device), 226
BYOT (bring your own technology), 226
C
C, 564
C#, 564
C+, 564
C++, 564
CA (Certificate Authority), 272–273
CaaS (Communication as a Service), 503
Cable Internet access, 340
cable specifications, LAN cabling, 323–324
cabling
coaxial cable, 322
fiber-optic cable, 324
LANs (local area networks), 322–324
multimode fiber, 324
plenum-grade cable, 324
single-mode fiber, 324
CAC (Common Access Card), 95
Caesar’s cipher, 237
CAIN (confidentiality, availability, integrity, nonrepudiation), 29
calculating, availability, 606
CALEA (Communications Assistance for Law Enforcement Act), 441
CAM (content addressable memory), 329
campus area networks (CANs), 325
Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), 207
CANs (campus area networks), 325
capability lists, reference monitors, 191
Capability Maturity Model (CMM), 558–560
Capability Maturity Model Integration (CMMI), 559–560
capability tables, 402
cards
employee access control, 94–95
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), 320
carriers, steganography, 244
CASE (Computer-Aided Software Engineering), 557
CAST (Carlisle Adams/Stafford Tavares), 251
categories of
cloud computing models, 504
threats to business operations, 589
CBC (Cipher Block Chaining) mode, 253, 270
CBF (critical business function), 590
CCDs (charged coupled devices), 87
CCMP, 353
CCTV (closed-circuit television), 76–77
perimeter controls, 87
CDAC (content-dependent access control), 403
CDDI (Copper Distributed Data Interface), 320
CDI (constrained data items), 204
CDs (compact discs), 183
central processing unit. See CPU (central processing unit)
centralized access control, 403–404
RADIUS (remote authentication dial-in user service), 404–405
TACACS (Terminal Access Controller Access Control System), 406
CER (crossover error rate), 386
CERT (Computer Emergency Response Team), 467
Certificate Revocation List (CRL), 273–274
certificates
operations and maintenance, SDLC (System Development Life Cycle), 552–553
CFAA (Computer Fraud and Abuse Act), 123
CFB (Cipher Feedback) mode, 253–254
chain of custody, 478
chaining, 253
Challenge Handshake Authentication Protocol (CHAP), 360, 404
change control process, 561–562
change management, 498–500, 561–562
changeover techniques, 553
CHAP (Challenge Handshake Authentication Protocol), 360, 404
charged coupled devices (CCDs), 87
charts, Gantt charts, 560
checklists, BCP (business continuity plan), 620
checks and application controls, 543–544
chief security officer, roles and responsibilities, 32
Chinese Wall model, 205
chosen ciphertext, 287
chosen plaintext, 287
CIA (confidentiality, integrity, and availability), 28
Cialdini, Robert, 162
Cipher Block Chaining mode, 253
cipher block chaining-Message Authentication Code (CBC-MAC), 270
cipher-based message authentication code (CMAC), 270
ciphers
Caesar’s cipher, 237
concealment ciphers, 241
polyalphabetic cipher, 238–239
rotation cipher, 237
running key cipher, 241
symmetric substitution ciphers, 240
transposition ciphers, 240
ciphertext-only attack, 287
CIR (committed information rate), 337
circuit switching, WANs (wide area networks), 337
DSL (digital subscriber line), 339–340
ISDN (Integrated Services Digital Network), 338
POTS (Plain Old Telephone Service), 338
circuit-level proxy, 357
CIRT (Computer Incident Response Team), 467
CISC (Complex Instruction Set Computing), 178
Citadel, 461
civil law, 124
Clark-Wilson model, 204
classification approach, knowledge extraction, 36
classifying information, 46
cleaning crews, 94
cleartext, 236
cleartext protocols, sniffing, 441
click-wrap license agreements, 50
client’s role, in PKI (public key infrastructure), 276–277
climatology, facilities, 77
closed systems, 192
closed-circuit television (CCTV), 76–77
cloud computing, 341–342, 503–504
cloud computing backups, 613
cloud computing models, 504
cloud-based storage, 39
clouds, 185
CMAC (cipher-based message authentication code), 270
CMM (Capability Maturity Model), 558–560
CMMI (Capability Maturity Model Integration), 559–560
coaxial cable, 322
COBIT (Control Objectives for Information and related Technology), 37–38, 218, 427
COBOL (Common Business Oriented Language), 564
CoCOM (Coordinating Committee for Multilateral Export Controls), 285
cognitive passwords, 380
cohesion addresses, 549
COI (conflict of interest), 205
cold sites, 603
collisions, 269
hashing, 268
combination locks, 90
committed information rate (CIR), 337
Committee for Sponsoring Organizations of the Treadway Commission (COSO), 168
Common Access Card (CAC), 95
Common Business Oriented Language (COBOL), 564
common computer ethics fallacies, 167
common law, 123
Common Object Request Broker Architecture (CORBA), 566
communication
LANs (local area networks). See LANs (local area networks)
standards, 327
VoIP (voice over IP), 343
Communication as a Service (CaaS), 503
communication loss, physical security, 75
communication protocols, 318–319
Communications Assistance for Law Enforcement Act (CALEA), 441
communications attack, 126
communications teams, 534
compact discs (CDs), 183
comparative analysis, 450
comparing
quantitative assessments, and qualitative assessments, 145–146
symmetric encryption, and asymmetric encryption, 250, 264–265
UDP (User Datagram Protocol), and TCP, 313
compartmentalized systems, 400
compartmented, security modes of operation, 193
compensating access controls, 155
compilers, 564
completeness check, 544
Complex Instruction Set Computing (CISC), 178
components of, IDS (intrusion detection systems), 413, 529
Computer Emergency Response Team (CERT), 467
Computer Ethics Institute, 165
computer forensics, 472, 473, 474
analysis, 478
authentication, 477
Computer Fraud and Abuse Act (CFAA), 123
Computer Security Incident Response Team (CSIRT), 467
Computer-Aided Software Engineering (CASE), 557
concealment ciphers, 241
confidential
military data classification, 47
public/private data classification, 48
confidentiality, 28
cryptography, 235
reciprocal agreements, 605
security models, 199
symmetric encryption, 250
confidentiality, integrity, and availability (CIA), 28
configuration lockdown, 56
configuration management, 498–500
conflict of interest (COI), 205
confusion, 248
consistency, 569
social engineering, 163
constrained data items (CDI), 204
construction of facilities, 78
doors, walls, windows, and ceilings, 79–81
contact smart cards, 383
contactless smart cards, 383
content addressable memory (CAM), 329
Content Scrambling System (CSS), 286
content switches, 330
content-dependent access control (CDAC), 403
content-services switches, 330
contingency planning, 511, 516–517
continuing professional education (CPE), 128
Continuity of Operations (COOP), 118
continuous backups, 609
continuous lighting, 88
Control Objectives for Information and related Technology (COBIT), 37–38, 218, 427
control units, 177
control zones, 524
controlling, physical access, 524–525
controlling access, 495
access controls, categories of, 155–156
administrative controls, 154
application/process layer controls, security TCP/IP, 280
biometric access controls, 96–97
checks and application controls, 543–544
data lifecycle control, 37
environmental controls, 98
host to host layer controls, securing TCP/IP, 280–282
Internet layer controls, securing TCP/IP, 282–283
manual authorization input control, 520
monitoring and auditing controls, 518–519
auditing user activities, 519
controlling physical access, 524–525
emanations, 524
keystroke monitoring, 523
monitoring application transactions, 520–521
NAC (Network Access Control), 522
SIEM (security information and event management), 521–522
network access layer controls, securing TCP/IP, 283–284
physical controls, 155
physical port controls, 82
preventative controls, 550–551
privacy controls, 43
process controls, 520
technical controls, 155
telecommunication controls, 503
blacklists, 506
graylists, 506
whitelists, 506
COOP (Continuity of Operations), 118, 531
Coordinating Committee for Multilateral Export Controls (CoCOM), 285
coordination teams, 534
Copper Distributed Data Interface (CDDI), 320
copyrights, 34
length of, 121
CORBA (Common Object Request Broker Architecture), 566
Corpus Juris Civilis, 125
corrective access controls, 155
COSO (Committee for Sponsoring Organizations of the Treadway Commission), 168
cost, data governance policies, 31
counter measure selection, risk assessment, 146–149
covering tracks, 439
covers, steganography, 244
covert storage channel attacks, 221
covert timing channel attacks, 221
Cowen, Fred, 456
CPE (continuing professional education), 128
CPTED (Crime Prevention Through Environmental Design), 76–77
CPU (central processing unit), 176–180
advancements, 177
cracking, password attacks, 450
cramming, 509
credentials, Kerberos, 394
evidence life cycles, 483
computer forensics, 474
procedures, 473
how computer crime has changed, 464–465
incident response team, 468
interrogations, 480
interviews, 480
investigating computer crime, 466–467
investigations, 479
jurisdiction over computer crime, 467
negligence, 483
surveillance, 479
Crime Prevention Through Environmental Design (CPTED), 76–77
crimes, computer crimes, 125–128
criminal activities, physical security, 75
critical business function (CBF), 590
criticality prioritization, 594
CRL (Certificate Revocation List), 273–274
crossover error rate (CER), 386
cross-site request forgery (CSRF), 223
cross-site scripting (XSS), 223
crosstalk, 327
crypters, 460
cryptographic algorithm, 236
cryptographic keys, 236
AES (Advanced Encryption Standard), 257–258
asymmetric encryption, 259–261
confidentiality, 235
DES (Data Encryption Standard), 252
CBC (Cipher Block Chaining) mode, 253
CFB (Cipher Feedback) mode, 253–254
ECB (Electronic Cookbook) mode, 253
OFB (Output Feedback) mode, 254
DSA (digital signature algorithm), 271
ECC (Elliptical Curve Cryptosystem), 263
El Gamal, 263
email protection mechanisms, 277
PGP (Pretty Good Privacy), 278
encryption
Feistel Network, 242
CBC-MAC (cipher block chaining-Message Authentication Code), 270
CMAC (cipher-based message authentication code), 270
HAVAL, 269
HMAC (Hashed Message Authentication Code), 269–270
MAC (Message Authentication Code), 269
secure hashing algorithms, 269
integrity, 235
integrity verification, 266–267
Merkle-Hellman Knapsack, 264
NSA (National Security Agency), 242
PAIN (privacy, authentication, integrity, and nonrepudiation), 235
quantum cryptography, 242
steganography operations, 244–245
TCP/IP, 279
application/process layer controls, 280
host to host layer controls, 280–282
Internet layer controls, 282–283
network access layer controls, 283–284
CSIRT (Computer Security Incident Response Team), 467
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 320
CSRF (cross-site request forgery), 223
CSS (Content Scrambling System), 286
CTCPEC (The Canadian Trusted Computer Product Evaluation Criteria), 207
customary law, 125
cut-through switches, 330
cybercriminals, 127
Cybersecurity Strategy of the European Union, 63
cyberterrorists, 127
D
DAC (discretionary access control), 397–398
damage assessment teams, 534
DARPA (Defense Advanced Research Projects Agency), 467
DASD (direct access storage device), 513
data
decommissioning, 45
organizing, 35
data access, terminated employees, 33
data and information recovery, 608–609
data at rest, encryption, 52–54
data centers, 82
temperatures of, 98
military data classification, 47–48
public/private data classification, 48
data custodians, roles and responsibilities, 32, 34–35
data de-duplication (DDP), SAN (storage area network), 41
data diddling, 435
data documentation, 35
data entry specialists, 493
data execution preventions (DEP), 219–220
data governance policies, 30–31
data input validation, 543
data lifecycle control, 37
data link layer, OSI (Open Systems Interconnection) model, 299–300
data management, 30
Data Over Cable Service Interface Specification (DOCSIS), 340–341
data owner identification, 34
data owners, roles and responsibilities, 32
roles and responsibilities, 33–34
data protection, 28
Data Protection Authority, 121
data reference model, 215
data remanence, 45
data replication, 611
encryption, 52
information handling requirements, 43
privacy impact assessment, 42–43
cloud-based storage, 39
information handling requirements, 43
NAS (network attached storage), 38–39
SAN (storage area network), 38–39, 39–41
data warehousing, 35
database administrators, 493
database attacks, 446
artificial intelligence, 570–571
integrity, 569
transaction processing, 569–570
database servers, 186
database shadowing, 612
databases
inference, 569
DBMS (database management system), 566
DDoS (distributed denial of service) attacks, 443
DDoS attacks, 437
DDP (data de-duplication), SAN (storage area network), 41
DDR (double data rate), 182
DDR2, 182
DDR3, 182
DDR4, 182
dead analysis, 478
decentralized access controls, 407
decommissioning, data, 45
DeCSS, 286
DECT (Digital Enhanced Cordless Communication), 354
dedicated, security modes of operation, 193
de-encapsulation, 304
default routes, 334
Defense Advanced Research Projects Agency (DARPA), 467
defense of breadth, 72
delay alarms, 80
Delphi technique, 144
deluges, water sprinklers, 105
NAT (Network Address Translation), 358
denial-of-service (DoS) attacks, 442–443
denial-of-service (DoS) testing, 429
DEP (data execution prevention), 219–220
Department of Defense
security modes of operation, 193–194
DES (Data Encryption Standard), 246, 250, 252
CBC (Cipher Block Chaining) mode, 253
CFB (Cipher Feedback) mode, 253–254
ECB (Electronic Cookbook) mode, 253
OFB (Output Feedback) mode, 254
DES EDE2, 256
DES EDE3, 256
DES EEE2, 256
DES EEE3, 256
destruction
physical security, 74
detective access controls, 155
deterrent access controls, 155
developers, roles and responsibilities, 32
developing, security policies, 149–150
development methods, software development, 554
JAD (Joint Application Development), 555–556
MPM (Modified Prototype Model), 557
RAD (Rapid Application Development), 556
waterfall model, 554
DIACAP (DoD Information Assurance Certification and Accreditation Process), 213
dictionary attacks, 378
diesel fuel, 100
differential backups, 512, 609
differential cryptanalysis, 287
diffusion, 248
digital certificates, 274–276, 384–385
Digital Enhanced Cordless Communication (DECT), 354
digital signature algorithms (DSA), 271
digital signatures, 236, 270–271, 273
DSA (digital signature algorithm), 271
digital subscriber line (DSL), 339–340
digital video discs (DVDs), 183
direct access storage device (DASD), 513
direct evidence, 482
direct OS commands, 223
direct-access storage, 183
directory traversal attacks, 223
direct-sequence spread spectrum (DSSS), 347
physical security, 534
Disaster Recovery Institute (DRI), 588
disaster recovery life cycle, 531–532
disaster recovery managers, 532
disaster recovery plan. See DRP (disaster recovery plan)
disaster recovery teams, 533–534
disasters, defined, 590
discernment, 89
discretionary access control (DAC), 397–398
discretionary security property, 201
disgruntled employees, 127
disk encryption, 56
disposal
data custodians, 35
SDLC (System Development Life Cycle), 553, 554
distance-vector protocols, 334
distributed computing, 514
distributed denial of service (DDoS) attacks, 443
distribution of, symmetric keys, 249–250
diverse routing, 607
DIX (Digital, Intel, and Xerox), 318
DMCA (Digital Millennium Copyright Act), 51
DMZ (demilitarized zones), 357–358
NAT (Network Address Translation), 358
DNS (Domain Name Service), 315
DNS spoofing, 447
DNSSEC, 315
DOCSIS (Data Over Cable Service Interface Specification), 340–341
documentation
change control process, 561–562
data documentation, 35
DoD Information Assurance Certification and Accreditation Process (DIACAP), 213
dogs, perimeter controls, 89
Domain Name Service (DNS), 315
DoS (denial-of-service) testing, 429
DoS (denial-of-service) attacks, 442–443
VoIP (voice over IP), 344
double data rate (DDR), 182
double-blind tests, 429
drag and drop questions, 21
DRAM (Dynamic Random Access Memory), 181–182
Draper, John, 465
DRI (Disaster Recovery Institute), 588
DRP (disaster recovery plan), 589
dry contact switches, 106
dry pipes, water sprinklers, 104
DSA (digital signature algorithm), 271
DSD (dynamic separation of duties), 401
DSL (digital subscriber line), 339–340
DSL (very high data rate digital subscriber line), 340
DSSS (direct-sequence spread spectrum), 347
dual-homed gateways, 359
dual-use keys, 249
dumb cards, 95
duplicate check, 544
durability, 570
duress alarms, 95
DVD CCA (DVD Copy Control Association), 286
DVD Copy Control Association (DVD CCA), 286
DVDs (digital video discs), 183
dwell time, 347
dynamic NAT, 358
Dynamic Random Access Memory (DRAM), 181–182
dynamic routing, 334
dynamic separation of duties (DSD), 401
E
E1, 339
E3, 339
EA (enterprise architecture), 214–217
EALs (Evaluation Assurance Levels), 211
EAP (Extensible Authentication Protocol), 284, 360–361, 404
EAP-FAST, 361
EAP-Flexible Authentication via Secure Tunneling), 361
EAP-LEAP, 361
EAP-MD5, 361
EAP-PEAP, 361
EAP-SIM, 361
EAP-Subscriber Identity Module (EAP-SIM), 361
EAP-TTLS, 361
EAP-Tunneled Transport Layer Security (EAP-TTLS), 361
earthquakes, 73
eavesdropping, 453
VoIP (voice over IP), 344
eBay, passwords, 378
ECB (Electronic Cookbook) mode, 253
ECC (Elliptical Curve Cryptosystem), 263
Economic Espionage Act of 1996, 123
Edmondson, Dave, 154
education, security management, 160–161
EFF (Electronic Frontier Foundation), 254
EGP (Exterior Gateway Protocol), 336
EICER (European Institute of Computer Anti-virus Research), 577
El Gamal, 263
electric lock pick guns, 93
electrical, physical security, 81
electromagnetic (EMI) chambers, 78
electro-mechanical, 106
Electronic Cookbook mode, 253
Electronic Frontier Foundation (EFF), 254
electronic serial number (ESN), 345–346
electronic vaulting, 612
elliptic curve discrete logarithm problem, 263
elliptic curves, 263
Elliptical Curve Cryptosystem (ECC), 263
encryption, 55
email protection mechanisms, 277, 365
PGP (Pretty Good Privacy), 278
emanation security, 524
embedded device forensics, 472
embedded devices, 186
emergency funding, Katrina (hurricane), 617
emergency management teams, 534
emergency operations center (EOC), 601
emergency operations teams, 534
emergency power off (EPO), 100
emergency response teams, 534
emergency system restart, Orange Book, 501
EMI (electromagnetic interference) chambers, 78
employee access control, 94
badges, tokens, and cards, 94–95
biometric access controls, 96–97
employee services, BCP (business continuity plan), 617
employee-awareness programs, security management, 160
employees, terminated employees, security management, 159–160
encapsulated secure payload (ESP), 282
encapsulating security payload (ESP), 363
OOP (object-oriented programming), 565
encapsulation of process or objects, 179
802.11, 351
asymmetric encryption, 259–261
authentication, 235
disk encryption, 56
end to end encryption, 56
end-to-end encryption, 284
link encryption, 56
public key encryption, 260–261
software encryption, 54
symmetric encryption, 237, 249–252
confidentiality, 250
end to end encryption, 56
end-of-life provisions, 35
end-to-end encryption, 284
enforcement, 377
Enigma machine, 242
enterprise architecture (EA), 214–215
entity relationship diagram (ERD), 547–548
entrapment, 482
warning banners, 510
enumeration, 438
environmental controls, facilities, 98
EOC (emergency operations center), 601
EPO (emergency power off), 100
equipment, network equipment, 328
bridges, 328
gateways, 333
hubs, 328
mirrored ports, 330
repeaters, 328
VLANs (virtual LANs), 331
equipment failure, physical security, 75
equipment lifecycle, 51–52, 101
ERD (entity relationship diagram), 547–548
escalation, 439
escalation of privilege, 439
escrow agreements, 611
ESN (electronic serial number), 345–346
ESP (encapsulated secure payload), 282
ESP (encapsulating security payload), 363
Estonia
attacks, 464
DDoS attacks, 443
Ethernet frame, 318
Ethernet II protocol, 318
ethical hackers, 430
common computer ethics fallacies, 167
Computer Ethics Institute, 165
IAB (Internet Architecture Board), 165–166
ISC2, 164
regulatory requirements, 167–168
European Institute of Computer Anti-virus Research (EICER), 577
European Union, Data Protection Authority, 121
Evaluation Assurance Levels (EALs), 211
event logs, 434
events, 468
evidence life cycles, crime, 483
evidence types, crime, 481–482
exam readiness, assessing, 18–19
exams. See also tests
drag and drop questions, 21
hotspot question format, 22–23
multiple-choice questions, 21
strategies for taking exams, question-handling strategies, 24–25
exclusive-or (XOR), 352
execution domain switching, 189
existence check, 544
expert systems, 570
exposed risk, 138
Extensible Authentication Protocol (EAP), 284, 360–361, 404
Extensible Markup Language (XML), 565
extensions, Diameter, 407
Exterior Gateway Protocol (EGP), 336
exterior gateway protocols, 336
external groups, interacting with, 616–617
extreme programming (XP), 558
F
facial recognition, 388
facial scans, 97
Facilitated Risk Assessment Process (FRAP), 144
facilities, 76
asset placement, 82
construction, 78
doors, walls, windows, and ceilings, 79–81
CPTED (Crime Prevention Through Environmental Design), 76–77
employee access control, 94
badges, tokens, and cards, 94–95
biometric access controls, 96–97
environmental controls, 98
heating, ventilating, and air conditioning, 98–99
location, 78
perimeter controls, 83
guards and dogs, 89
UPS (uninterruptible power supplies), 100
facility and supply recovery, 601
mobile sites, 604
reciprocal agreements, 604–605
subscription services, 601–603
factor analysis of information risk (FAIR), 130
fail safe, 195
fail soft, 195
fail-open state, 544
fail-safe locks, 80
fail-secure, 80
failure states, 544
FAIR (factor analysis of information risk), 130
fake login screens, 455
false acceptance rate (FAR), 386
false rejection rate (FRR), 386
FAR (false acceptance rate), 386
fast infection viruses, 576–577
fast-flux botnets, 445
fault tolerance, 513–514, 606–607
fax activity logs, 507
fax encryption, 507
fax servers, 507
FCoE (Fiber Channel over Ethernet), 40, 326
FCPA (Foreign Corrupt Practices Act), 168
FEA (Federal Enterprise Architecture), 215
Federal Enterprise Architecture (FEA), 215
Federal Information Processing Standards (FIPS), 61
Federal Information Security Management Act (FISMA), 59–60, 497
Federal Sentencing Guidelines of 1991, 123
federation, 392
Feistel, Horst, 242
Feistel Network, 242
FEMA (Federal Emergency Management Administration), phreakers, 508
FHSS (frequency-hopping spread spectrum), 347
Fiber Channel over Ethernet (FCoE), 40
fiber-optic cable, 324
fields, databases, 567
file servers, 186
File Transfer Protocol (FTP), 314
final tests, 552
finance teams, 534
financial attacks, 575
FIPS (Federal Information Processing Standards), 61
fire, 74
fire detectors, 81
fire drills, 102
fire escapes, physical security, 81
fire suppression, 101–102, 103
fire-detection equipment, 102–103
firewall designs, 359
firewalls, 355
stateful firewalls, 356
FISMA (Federal Information Security Management Act), 59–60, 497
floods, 73
food, disaster recovery, 605
Foreign Corrupt Practices Act (FCPA), 168
foreign government agents, 436
foreign keys, databases, 567
computer forensics, 474
analysis, 478
authenticate, 477
procedures, 473
FORTRAN, 564
fragment free switches, 330
fragmentation, 307
Frame Relay, 337
frameworks
FRAP (Facilitated Risk Assessment Process), 144
Free Space Optics (FSO), 608
frequency analysis, 238
frequency-hopping spread spectrum (FHSS), 347
Fresnel lens, 88
Friedman, William, 243
FRR (false rejection rate), 386
FSO (Free Space Optics), 608
FTP (File Transfer Protocol), 314, 357
FTP Secure (FTPS), 280
FTPS (FTP Secure), 280
full duplex, 327
full interruption, BCP (business continuity plan), 620
fully connected topology, 322
function tests, 552
functional requirements and planning, SDLC (System Development Life Cycle), 547–548
fuzzing, 552
fuzzy solutions, 570
G
G8 (Group of Eight), 497
GANs (Global Area Networks), 325
Gantt charts, 560
GAP in WAP, 354
garbage in, garbage out testing, 552
gateways, 333
Generation 1, 563
Generation 2, 563
Generation 3, 563
Generation 4, 563
Generation 5, 563
generations of languages (GLs), 562–563
generators, 100
GFS (grandfather-father-son), 513, 612
GLBA (Gramm-Leach-Bliley Act), 59
Global Area Networks (GANs), 325
Global System for Mobile Communications (GSM), 192
globally unique identifier (GUID), 479
GLs (generations of languages), 562–563
gold box, phreakers, 508
Gonzalez, Albert, 466
laws, standards, mandates, 58–60
resources
international resources, 61–63
government spies, 127
Graham Denning model, 205
Gramm-Leach-Bliley Act (GLBA), 59
grandfather-father-son (GFS), 513, 612
granularity, databases, 567–568
graybox testing, 428
graylists, 506
grounding devices, 98
Group of Eight (G8), 497
GSM (Global System for Mobile Communications), 192
guards, perimeter controls, 89
GUID (globally unique identifier), 479
guidelines, 153
H
hacker insurance, 135
hacker researchers, 436
ethical hackers, 430
skilled hackers, 436
half duplex, 327
hard changeovers, 553
hardening, 498
hardware device forensics, 472
hardware failures, 606
hardware keystroke loggers, 415–416, 523
Hardware Security Modules (HSM), 277
Harrison-Ruzzo-Ullman model, 205
hash, 236
hash values, 267
Hashed Message Authentication Code (HMAC), 269–270
hashed values, 576
hashes, 379
hashing, 575
collisions, 268
hashing algorithms, 267–268, 273
CBC-MAC (cipher block chaining-Message Authentication Code), 270
CMAC (cipher-based message authentication code), 270
HAVAL, 269
HMAC (Hashed Message Authentication Code), 269–270
MAC (Message Authentication Code), 269
secure hashing algorithms, 269
HAVAL, 269
HBA (host bus adapter), 40, 326
HDLC (High-Level data Link Control), 341
HDSL (high data rate digital subscriber line), 340
Health Insurance Portability and Accountability Act (HIPAA), 58
hearsay evidence, 482
HIDS (host-based intrusion detection systems), 411, 526, 527
hierarchical database management system, 567
hierarchical designs, 400
high data rate digital subscriber (HDSL), 340
High-Level Data Link Control (HDLC), 341
high-speed serial interface, 341
HIPAA (Health Insurance Portability and Accountability Act), 58
history of, encryption, 237–243
HMAC (Hashed Message Authentication Code), 269–270
horizontal privilege escalation, 439
host bus adapter (HBA) allocation, 40, 326
host to host layer controls, securing TCP/IP, 280–282
host-based firewalls, 56
host-based intrusion detection systems, 411
host-based intrusion detection systems (HIDS), 527
host-to-host layer, TCP/IP, 311
TCP (Transmission Control Protocol), 312–313
UDP (User Datagram Protocol), 313
Host-to-LAN tunnels, 55
hot fixes, 572
hotspot question format, 22–23
HSM (Hardware Security Modules), 277
HTML, 564
HTTP (Hypertext Transfer Protocol), 315–316, 357
hubs, 328
human safety, 590
hurricanes, 73
security, 81
hybrid attacks, 451
hybrid designs, 400
Hypertext Transfer Protocol (HTTP), 315–316
hypervisor, 185
I
I Love You virus, 464
IA (Interoperability Agreement), 118
IaaS (Infrastructure-as-a-service), 341, 503
IAB (Internet Architecture Board), 165–166
IAM (Information Assurance Methodology), 144
IANA (Internet Assigned Numbers Authority), 333
ICMP, 306
ICMP (Internet Control Message Protocol, 309–310
IDEA (International Data Encryption Algorithm, 251, 258
identity and access management, 374
account management, 391
federation, 392
password management, 391
profile management, 391
IDP (Intrusion Detection and Prevention), 414, 525
IDS (intrusion detection systems), 106–107, 409–410, 525–526
anomaly-based IDS engines, 412, 528
behavioral-based IDS, 412, 528–529
HIDS (host-based intrusion detection systems), 411, 527
NIDS (network-based intrusion detection systems), 410, 526–527
rule-based access controls, 412
signature-based IDS engines, 411, 528
IDSL (Internet digital subscriber line), 340
IEEE (Institute of Electrical and Electronics Engineers), 297
IETF (Internet Engineering Task Force), 166, Open Systems Interconnection model
IGMP (Internet Group Management Protocol), 310–311
IGRP (Internet Gateway Routing Protocol), 306
IKE (Internet Key Exchange), 363
IKE (IPSec Internet Key Exchange), 283
ILM (information lifecycle management), 33
IM (instant messaging), 364
IMAP (Internet Message Authentication Protocol), 316, 505
IMAPv4, 316
implementing
BCP (business continuity plan), 618–619
awareness and training, 619
IMSI (International Mobile Subscriber Identity), 345–346
incident response, 467–468, 530–531
teams, 468
incident response teams, 468, 534
incidents, 468
operational security incidents, responding to, 530
incremental backups, 512–513, 609
Industry Standard Architecture (ISA), 183
inference, 284
inference attacks, 284
information
classifying, 46
obsolete information, 48
Information Assurance Methodology (IAM), 144
information flow model, 199
information handling requirements, data security, 43
information lifecycle management. See ILM (information lifecycle management)
Information Systems Audit and Control Association (ISACA), 37–38, 218
information technology infrastructure library (ITIL), 61, 214
Information Technology Security Evaluation Criteria (ITSEC), 210
Infrastructure-as-as-service (IaaS), 341, 503
infrastructure-based NAC, 414, 522
initial program load (IPL), 501
initial sequence numbers (ISNs), 440
initialization vector (IV), 247
initiation, BCP (business continuity plan), 591–593
injection attacks, 225
input/output operations, 189
inputs, 520
insiders, threat actors, 435
instant messaging (IM), 364
insurance
BCP (business continuity plan), 617–618
hacker insurance, 135
intangible assets, 496
Integrated Services Digital Network (ISDN), 338
integrity, 29
cryptography, 235
referential integrity, 569
security models, 202
Clark-Wilson model, 204
semantic integrity, 569
integrity checking, 510
integrity verification, cryptography, 266–267
integrity verification procedures (IVPs), 204
intellectual property, protecting, 121
intellectual property rights, 34
interacting with external groups, BCP (business continuity plan), 616–617
Interconnection Security Agreement (ISA), 118
interface testing, 551
International Data Encryption Algorithm (IDEA), 258
International Organization for Standardization (ISO), 297
International Organization on Computer Evidence (IOCE), 473
international resources, for governance, 61–63
International Subscriber Identity (IMSI), 345–346
International Telecommunication Union-Telecommunications Standardization Sector (ITU-T), 297
Internet Architecture Board (IAB), 165–166
Internet Assigned Numbers Authority (IANA), 333
Internet Association and Key Management Protocol (ISAKMP), 283
Internet digital subscriber (IDSL), 340
Internet Engineering Task Force (IETF), 166, 297
Internet Gateway Routing Protocol. See IGRP (Internet Gateway Routing Protocol)
Internet key exchange (IKE), 363
Internet layer, TCP/IP, 306
ARP (Address Resolution Protocol), 310
ICMP (Internet Control Message Protocol, 309–310
IGMP (Internet Group Management Protocol), 310–311
IP (Internet Protocol), 306–309
Internet layer controls, securing TCP/IP, 282–283
Internet Message Authentication Protocol (IMAP), 316, 505
Internet Small Computer System Interface (iSCSI), 39–40, 325
Interoperability Agreement (IA), 118
interpreters, 564
interrogations, 480
interrupt-driven I/O, 180
Inter-Switch Link (ISL), 331
interviews, crime, 480
intrusion detection, 409
intrusion Detection and Prevention (IDP), 414
intrusion detection systems (IDS). See IDS (intrusion detection systems)
intrusion prevention systems, 414
intrusion prevention systems (IPSs), 530
investigating computer crime, 466–467, 479
invocation property, 202
I/O using DMA, 180
IOCE (International Organization on Computer Evidence), 473
IP (Internet Protocol), 306–309
IP addresses, 332
IPL (initial program load), 501
IPS (intrusion prevention systems), 414, 530
IPSec (IP Security), 55, 362–364
IPSec Internet Key Exchange), 283
iris recognition, 387
iris scans, 97
IS security steering committees, roles and responsibilities, 32
ISA (Industry Standard Architecture), 183
ISA (Interconnection Security Agreement), 118
ISACA (Information Systems Audit and Control Association), 37–38, 218
ISAKMP (The Internet Association and Key Management Protocol), 283
ISC2, ethics, 164
iSCSI (Internet Small Computer System Interface), 39–40, 325
ISDN (Integrated Services Digital Network), 338
ISL (Inter-Switch Link), 331
ISNs (initial sequence numbers), 440
ISO (International Organization for Standardization), 61–62, 297
ISO 9001, 62
ISO 27000, 217
ISO 27799, 62
ISO-certified, 62
isolation, 570
ITIL (information technology infrastructure library), 61, 214
ITSEC (Information Technology Security Evaluation Criteria), 210
ITU-T (International Telecommunication Union-Telecommunications Standardization Sector), 297
IV (initialization vector), 247
IVPs (integrity verification procedures), 204
J
JAD (Joint Application Development), 555–556
Japanese Purple Machine, 242, 243
mobile code, 573
JBOD (Just a Bunch of Disks), 516
JFK Records Act, 44
job rotation, 158
job titles, 494
Johansen, Jon Lech, 286
joins, 403
Joint Application Development (JAD), 555–556
jurisdiction over computer crime, 467
Just a Bunch of Disks (JBOD), 516
K
Katrina (hurricane), 600
emergency funding, 617
KDC (Key Distribution Center), 393, 394
weaknesses of, 395
Kerckhoff’s Principle, 286
Kerckhoff, Auguste, 286
key cards, employee access control, 94–95
key clustering, 287
Key Distribution Center (KDC), 393
key space, 246
key-bumping, 93
keys, dual-use keys, 249
keystroke monitoring, 415–416, 523
knowledge base, 570
known plaintext attack, 287
KryptoKnight, 396
L
L2F, 284
L2TP (Layer 2 Tunneling Protocol), 55, 284
land, DoS attacks, 442
languages, programming languages, 562–565
LANs (local area networks), 318
communication protocols, 318–319
LAN-to-LAN tunnels, 55
last mile protection, 607
lattice structure, 567
lattice-based access control (LBAC), 403
laws
administrative law, 124
civil law, 124
common law, 123
Corpus Juris Civilis, 125
customary law, 125
FISMA (Federal Information Security Management Act), 59–60
GLBA (Gramm-Leach-Bliley Act), 59
HIPAA (Health Insurance Portability and Accountability Act), 58–59
keystroke monitoring, 524
mixed law, 125
Napoleonic law, 125
religious law, 125
security, 123
SOX (Sarbanes-Oxley Act), 60
Layer 2 Tunneling Protocol (L2TP), 55, 284
layered protections, 72
LBAC (lattice-based access control), 403
LDAP (Lightweight Directory Access Protocol), 316, 404
LEAP (Lightweight Extensible Authentication Protocol), 361
legal compliance, data governance policies, 31
liability, data governance policies, 31
librarians, 493
lifecycles, equipment lifecycle, 51–52, 101
lighting, perimeter controls, 88–89
Lightweight Directory Access Protocol (LDAP), 316
Lightweight directory access protocol (LDAP, 404
Lightweight Extensible Authentication Protocol (LEAP), 361
liking, social engineering, 163
limit check, 543
Line Printer Daemon, 316
linear cryptanalysis, 287
link encryption, 56
link-state protocols, 335
link-to-link encryption, 285
Lipner model, 205
live analysis, 478
LKM (loadable kernel module), 461
loadable kernel module (LKM), 461
local area networks. See LANs (local area networks)
location, of facilities, 78
location redundancy, 326
SAN (storage area network), 40
lock pick sets, 93
lock shims, 94
locks
combination locks, 90
mechanical locks, 91
tumbler locks, 91
warded locks, 91
access logs, 434
audit logs, 434
centralized logging, 518
event logs, 434
system logs, 434
logic check, 544
logical attacks, 126
logs, security logs, 434
LOIC (Low Orbit Ion Cannon), 437, 444
Loki program, 221
longest running suppressed patent, 243
lookup tables, 329
loose source routing, 307
loss
potential loss, assessing, 595–598
threat analysis, 136
Low Orbit Ion Cannon (LOIC), 437, 444
low-level checks, 149
LPD (Line Printer Daemon), 316
LUC, 263
Lucifer, 252
LUN masking, 326
SAN (storage area network), 40
LuzSec, 465