Index
Numbers
3-leg perimeter DMZ (Demilitarized Zones), 126
3DES (Data Encryption Standard), 329-331
10 tape rotation backup scheme, 381
802.1X, 235
authentication procedure, 225-226
connection components, 225
A
AAA (Accounting, Authentication, Authorization)
captive portals, 230
cloud security, 135
context-aware authentication, 223
deauthentication attacks. See Wi-Fi disassociation attacks
definition, 218
Diameter port associations with, 152
extranets, 127
HMAC, 339
identification, 218
inherence factors, 219
intranets, 127
knowledge factors, 219
LEAP, 226
localized authentication, 224-229, 235
MFA, 223
MS-CHAP, 230
multifactor authentication, 230, 394
mutual authentication, 227
networks, 48
nonces, 161
PAM, Kerberos, 229
physical security, 218
possession factors, 219
reduced sign-ons, 223
remote authentication, 230-235
Remote Desktop Services, 229
web of trust, 356
authorization, 4
biometric readers, 221-222, 236
definition, 218
Diameter, port associations with, 152
FIM, 223
fingerprint readers/scanners, 222
RADIUS, port associations with, 152
ABAC (Attribute-Based Access Control), 248
accepting
cookies, 93
risk, 271
access (unauthorized), 4
access control, 245
ABAC, 248
ACL, permissions, 253
Administrator accounts, 257-258
Bell-LaPadula, 247
Biba, 247
CAPTCHA, 261
centralized access control, 248
Clark-Wilson, 247
Ctrl+Alt+Del at logon, 258
DACL, 253
decentralized access control, 248
files/folders
copying, 256
moving, 256
groups, 253
guest accounts, 258
implicit deny, 249
job rotation, 250
least privilege, 249
mobile devices, 50
passwords, 256
Administrator accounts, 257-258
guest accounts, 258
permissions
ACL, 253
DACL, 253
inheritance, 255
Linux file permissions, 254
privilege creep, 254
propagating, 255
SACL, 253
user access recertification, 255
policies
Account Lockout Threshold Policy, 260
Default Domain Policy, 258
SACL, 253
separation of duties, 250
UAC, 261
users, 251
access recertification, 255
Account Expiration dates, 252
ADUC, 251
multiple user accounts, 253
time-of-day restrictions, 252
Account Expiration dates, 252
Account Lockout Threshold Policy, 260
accounting
AAA, 4
Diameter, port associations with, 152
RADIUS, port associations with, 152
ACK packets
SYN floods, 156
TCP/IP hijacking, 160
ACL (Access Control Lists)
DACL, 253
firewall rules, 176
permissions, 253
routers, 123
SACL, 253
active interception, malware delivery, 19
active reconnaissance (security analysis), 275
ActiveX controls, 94
acts (legislative policies), 412-413
ad blocking, browser security, 92
ad filtering, 38
ad hoc network, WAP, 205
adapters (network), 376
adaptive frequency hopping, 209
add-ons, 94
ActiveX controls, 94
malicious add-ons, 94
managing, 94
addresses (email), preventing/troubleshooting spam, 27
administration
centrally administered management systems, 61
CVE, 139
guest accounts, passwords, 258
HIDS, 37
offboarding, 50
onboarding, 50
removable media controls, 41
rootkits, 16
Alureon rootkits, 17
definition of, 17
Evil Maid Attack, 17
preventing/troubleshooting, 28
security plans, 5
administration interface (WAP), 202
ADUC (Active Directory Users and Computers), 251
adware, 16
AES (Advanced Encryption Standard), 42, 204, 326, 329-331
agents, SNMP, 301
aggregation switches, 122
agile model (SDLC), 100
agreements, copies of (DRP), 384
AH (Authentication Headers), IPsec, 360
aisles (HVAC), facilities security, 400
ALE (Annualized Loss Expectancy), quantitative risk assessment, 273
alerts, performance baselining, 298
ALG (Application-Level Gateways), 177
algorithms
asymmetric algorithms, 327
Diffie-Hellman key exchange, 333
Blowfish, 331
CBC, 326
ciphers, 325
DEA, 329
defining, 325
ECDHE, 333
genetic algorithms, 336
HMAC, 339
IDEA, 329
MD5, 338
password hashing
birthday attacks, 341
key stretching, 342
NTLM hashing, 340
NTLMv2 hashing, 340
pass the hash attacks, 341
RC
RC5, 331
RC6, 331
RIPEMD, 338
symmetric algorithms, 326
3DES, 329
Blowfish, 331
DEA, 329
IDEA, 329
Threefish, 331
Twofish, 331
Threefish, 331
Twofish, 331
all-in-one security appliances, 181
alternative controls. See compensating controls
always-on VPN (Virtual Private Network), 233
analytical monitoring tools, 302
Computer Management, 302
keyloggers, 304
net file command, 303
netstat command, 303
openfiles command, 302
static and dynamic analytical tools, 304
analyzing
data, incident response procedures, 423
protocols, 283
risk, IT security frameworks, 425
security, active/passive reconnaissance, 274-275
Angry IP Scanner, 283
anomaly-based monitoring, 295-296
ANT sensors (HVAC), facilities security, 401
anti-malware
software, 6
updates, 73
antivirus software
preventing/troubleshooting
Trojans, 23
worms, 23
Safe Mode, 23
anycast IPv6 addresses, 125
AP (Access Points)
Bluetooth AP, 209
evil twins, 203
isolating, WAP, 207
Rogue AP, 202
WAP, wireless network security
ad hoc networks, 205
administration interface, 202
AP isolation, 207
evil twins, 203
firewalls, 207
MAC filtering, 207
placement of, 205
PSK, 204
rogue AP, 202
SSID, 202
VPN, 205
wireless point-to-multipoint layouts, 206
WLAN controllers, 207
WPS, 205
WLAN AP, 209
Apache servers, 139
application-aware devices, 184
Application layer (OSI model), 120
applications
arbitrary code execution, 106
back office applications, securing, 98
backdoor attacks, 105, 109, 197
backward compatibility, 60
containerization, 76
directory traversals, 109
DLL injections, 108
Excel, securing, 98
firewalls, 178
geotagging, 49
HTTPS connection, 47
immutable systems, 100
input validation, 103
integer overflows, 105
key management, 48
LDAP injections, 108
logs, 307
memory leaks, 106
MMS attacks, 48
mobile apps, security, 98
network authentication, 48
NoSQL injections, 108
null pointer deferences, 106
Outlook, securing, 98
patch management, 97
programming
ASLR, 106
authenticity, 101
CIA triad, 100
code checking, 101
code signing, 101
error-handling, 101
integrity, 101
minimizing attack surface area, 101
obfuscation, 101
passwords, 101
patches, 101
permissions, 101
principle of defense in depth, 101
principle of least privilege, 101
quality assurance policies, 100
secure code review, 100
secure coding concepts, 99
threat modeling, 101
trusting user input, 101
vulnerabilities/attacks, 105-109
proxies, 180
security
back office applications, 98
Excel, 98
firewalls, 178
mobile apps, 98
network authentication, 48
Outlook, 98
patch management, 97
policy implementation, 96
secure coding concepts, 99
server authentication, 48
UAC, 95
Word, 98
server authentication, 48
service ports, 150
SMS attacks, 48
SQL injections, 107
transitive trust, 48
uninstalling, preventing/troubleshooting spyware, 24
unnecessary applications, removing, 59-60
user input, 101
Word, securing, 98
XML injections, 108
zero day attacks, 109
APT (Advanced Persistent Threats), 8, 15
arbitrary code execution, 106
archive.org, 140
armored viruses, 14
ARO (Annualized Rate of Occurrence), quantitative risk assessment, 273
ARP spoofing, 121
ASLR (Address Space Layout Randomization), 106
assessing
impact, 272
risk
impact assessment, 272
qualitative risk management, 272-274
qualitative risk mitigation, 272
quantitative risk management, 273-274
residual risk, 271
risk acceptance, 271
risk avoidance, 271
risk reduction, 271
risk registers, 272
risk transference, 271
vulnerabilities
defining vulnerabilities, 270
general vulnerabilities/basic prevention methods table, 279-280
IT security frameworks, 425
OVAL, 279
vulnerability scanning, 282-283
asymmetric algorithms, 327
Diffie-Hellman key exchange, 333
attack guards, 156
attack surface, reducing, 62, 101
attack vectors, malware delivery, 18
attacks/vulnerabilities, programming
arbitrary code execution, 106
directory traversals, 109
DLL injections, 108
integer overflows, 105
LDAP injections, 108
memory leaks, 106
NoSQL injections, 108
null pointer dereferences, 106
SQL injections, 107
XML injections, 108
zero day attacks, 109
attestation, BIOS, 41
auditing
audit trails, 307
computer security audits, 304
independent security auditors, 305
logging
application logs, 307
audit trails, 307
DFS Replication logs, 307
DNS Server logs, 307
file maintenance/security, 310-311
firewall logs, 309
system logs, 307
viewing security events, 306
manual auditing, 304
monitoring and, 294
SIEM, 314
system security settings, 311-314
AUP (Acceptable Use Policies), 414, 417
AAA, 4
captive portals, 230
CHAP, 235
MS-CHAP, 230
cloud security, 135
context-aware authentication, 223
deauthentication attacks. See Wi-Fi, disassociation attacks
definition, 218
Diameter, port associations with, 152
EAP, 224
EAP-FAST, 226
EAP-MD5, 226
EAP-TLS, 226
EAP-TTLS, 226
LEAP, 226
extranets, 127
HMAC, 339
identification, 218
inherence factors, 219
intranets, 127
knowledge factors, 219
LEAP, 226
localized authentication, 224
mutual authentication, 227
Remote Desktop Services, 229
MFA, 223
MS-CHAP, 230
multifactor authentication, 230, 394
mutual authentication, 227
networks, 48
nonces, 161
PAM, Kerberos, 229
physical security, 218
possession factors, 219
RADIUS, 234
port associations with, 152
reduced sign-ons, 223
remote authentication
Remote Desktop Services, 229
web of trust, 356
authenticators (802.1X), 225
authenticity, programming security, 101
authorization
AAA, 4
biometric readers, 221-222, 236
definition, 218
Diameter, port associations with, 152
FIM, 223
fingerprint readers/scanners, 222
RADIUS, port associations with, 152
automated monitoring, 295
automated systems, war-dialing, 393
automatically updating browsers, 87
automating cyber-crime. See crimeware
availability
VoIP, 132
avoiding risk, 271
awareness training, 5, 416-417
B
back office applications, securing, 98
Back Orifice backdoor attacks, 15, 19
back-to-back firewall/DMZ configurations, 177
back-to-back perimeter networks, 127
backdoors
backdoor attacks, 15, 19, 105, 109
malware delivery, 19
RAT, 19
wired network/device security, 197
backups, 6
battery backups, 372
data, 375
10 tape rotation backup scheme, 381
differential data backups, 380
full data backups, 379
grandfather-father-son backup scheme, 381
incremental data backups, 379-380
snapshot backups, 382
Towers of Hanoi backup scheme, 381
disaster recovery
drills/exercises, 384
fire, 382
flood, 383
loss of building, 383
power loss (long-term), 383
theft/malicious attacks, 383
hard disks, 72
redundancy planning
battery backups, 372
employees, 379
fail-closed, 370
fail-open, 370
failover redundancy, 369
single points of failure, 369
standby generators, 373
succession planning, 379
websites, 378
unsavable computers, malware, 27
backward compatibility, 60
badware, 25
baiting, social engineering attacks, 394-396
banner grabbing, 283
alerts, 298
baseline reporting, 297
standard loads, 297
System Monitor, 299
battery backups, 372
battery-inverter generators, 373
BCC (Blind Carbon Copy), preventing/troubleshooting spam, 27
BCP (Business Continuity Plans), 383
behavior-based monitoring, 296
Bell-LaPadula access control model, 247
BER (Basic Encoding Rules) format, certificates, 353
BIA (Business Impact Analysis), BCP, 384
Biba access control model, 247
biometric readers, physical security, 221-222, 236
BIOS (Basic Input/Output System)
attestation, 41
boot order, 40
external ports, disabling, 40
flashing, 39
measured boot option, 40
passwords, 39
root of trust, 40
secure boot option, 40
updates, 73
birthday attacks, 341
bit torrents, malware delivery, 18
BitLocker, disk encryption, 42-43
black book phone number encryption, 323-324
black-box testing, 102
black hats, 7
Blackhole exploit kit, 18
blackhole lists, 158
blackholes, 158
blacklists
applications, 61
OS hardening, 61
preventing/troubleshooting spam, 27
blackouts (power supplies), 371
blind hijacking, 160
blocking cookies, 93
Blowfish, 331
blue hats, 7
Bluetooth
adaptive frequency hopping, 209
AP, 209
frequency hopping, 209
NFC, 209
boot order, BIOS, 40
botnets
malware delivery, 19
ZeroAccess botnet, 19
bots, 15
BPA (Business Partner Agreements), 418
bridges, 122
broadcast storms, 299
brownouts (power supplies), 371
browsers
automatically updating, 87
choosing, 87
company requirements, 87
functionality, 87
HTTP connections, 47
HTTPS connections, 47
OS, determining, 87
PAC files, 180
preventing/troubleshooting spyware, 24
recommendations, 87
security, 88
ad-blocking, 92
add-ons, 94
advanced security settings, 94-95
LSO, 93
mobile devices, 92
passwords, 95
pop-up blocking, 92
security zones, 92
temporary files, 94
updates, 92
vulnerabilities/fixes, 87
brute-force attacks
password cracking, 286
buildings
loss of (disaster recovery), 383
security
butt sets, wiretapping, 200
BYOD (Bring Your Own Device), mobile device security, 49-52
C
CA (Certificate Authorities), 353
chain of trust, 356
CRL, 355
CSR, 353
horizontal organization, 356
key escrow, 355
key recovery agents, 355
mapping certificates, 355
pinning certificates, 354
revoking certificates, 355
social engineering and, 355
validating certificates, 353
verifying certificates with RA, 355
VeriSign certificates, 353-354
web of trust, 356
cable loops, switches, 122
cabling
interference
crosstalk, 199
EMI, 198
RFI, 199
PDS, 201
twisted-pair cabling, 198
crosstalk, 199
wiretapping, 200
UTP cabling, 199
wired network/device security, 198-201
wiring closets, 201
CAC (Common Access Cards). See smart cards
Caesar Cipher, 323
Cain & Abel, password cracking, 285
California SB 1386, 413
CallManager, privilege escalation, 196
CAM (Content Addressable Memory) tables, MAC flooding, 121
Camtasia 9, 60
Camtasia Studio 8, 60
CAN (Controller Area Networks), vehicles and facilities security, 402
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), 261
captive portals, 230
network traffic, incident response procedures, 423
screenshots, incident response procedures, 423
system images, incident response procedures, 422
video, incident response procedures, 423
cardkey systems, 220
carrier unlocking, mobile devices, 45
CASB (Cloud Access Security Brokers), 136
CBC (Cipher Block Chaining), 326
CBC-MAC (Cipher Block Chaining Message Authentication Code) protocol, 204
CCI (Co-Channel Interference). See crosstalk
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), 204
CCTV (Closed-Circuit Television), 219
cell phones. See mobile devices
cellular networks, 210
centralized access control, 248
centrally administered management systems, 61
CER (Canonical Encoding Rules) format, certificates, 353
CER (Crossover Error Rates), biometric readers, 222
certificates
digital certificates
CA, 353
CRL, 355
CSR, 353
key escrow, 355
key recovery agents, 355
mapping, 355
pinning, 354
revoking, 355
validation, 353
verifying with RA, 355
VeriSign certificates, 353-354
web of trust, 356
post-certification process, 438
public key cryptography, 328
chain of custody (evidence collection), 422
change management policies, 414-417
CHAP (Challenge-Handshake Authentication Protocol), 235
MS-CHAP, 230
PPTP and, 359
session theft, 160
cheat sheets, exam preparation, 434-435
checkpoints, VM disk files, 77
Christmas Tree attacks, 157
chromatic dispersion, 201
availability, 4
confidentiality, 3
integrity, 4
secure code review, 100
CIDR (Classless Interdomain Routing), 129
cipher locks, 220
ciphers
algorithms as, 325
Caesar Cipher, 323
defining, 325
RC
RC5, 331
RC6, 331
stream ciphers, 326
Vernam ciphers. See one-time pads
circuit-level gateways, 177
Cisco routers, 122
Clark-Wilson access control model, 247
clean desk policy, 397
clearing (data removal), 419-420
clear-text passwords, 301
CLI (Command-Line Interface), closing open ports, 154
clickjacking, 160
client-side attacks, 162
closets (wiring), 201
cloud computing
community clouds, 135
CSP, 134
definition, 133
DLP systems, 39
hybrid clouds, 134
IaaS, 134
MaaS, 134
P2P networks and, 137
PaaS, 134
private clouds, 134
public clouds, 134
SaaS, 133
SECaaS, 134
security
authentication, 135
CASB, 136
data access security, 135
encryption, 136
passwords, 135
programming standardization, 136
server defense
email servers, 138
file servers, 137
FTP servers, 140
network controllers, 137
services, 136
social media and, 136
XaaS, 134
clusters
cluster tips, 420
data remanence, 420
failover clusters, 377
load-balancing clusters, 378
code checking, programming security, 101
code injections, 109
DLL injections, 108
LDAP injections, 108
NoSQL injections, 108
SQL injections, 107
XML injections, 108
XSRF, 107
XSS, 107
code signing, programming security, 101
coding
ASLR, 106
authenticity, 101
CIA triad, 100
code checking, 101
code signing, 101
error-handling, 101
integrity, 101
minimizing attack surface area, 101
obfuscation, 101
passwords, 101
patches, 101
permissions, 101
principle of defense in depth, 101
principle of least privilege, 101
quality assurance policies, 100
SDLC
agile model, 100
V-shaped model, 100
secure code review, 100
secure coding concepts, 99
testing methods
black-box testing, 102
compile-time errors, 102
dynamic code analysis, 104
fuzz testing, 104
gray-box testing, 102
input validation, 103
penetration tests, 102
runtime errors, 103
sandboxes, 102
SEH, 103
static code analysis, 104
stress testing, 102
white-box testing, 102
threat modeling, 101
trusting user input, 101
vulnerabilities/attacks
arbitrary code execution, 106
directory traversals, 109
DLL injections, 108
integer overflows, 105
LDAP injections, 108
memory leaks, 106
NoSQL injections, 108
null pointer dereferences, 106
SQL injections, 107
XML injections, 108
zero day attacks, 109
cold and hot aisles (HVAC), facilities security, 400
cold sites, 378
collecting/preserving evidence (incident response procedures), 422-424
collisions, MD5, 338
command-line scripting, network attacks, 162
community clouds, 135
company policies
data sensitivity
DHE, 412
equipment recycling/donation policies, ISA, 419
example of, 411
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
vendor policies
BPA, 418
ISA, 418
MoU, 418
compatibility (backward), 60
compensating controls, 276
compile-time errors, 102
compliance
GRC, 413
licensing compliance violations, 423
CompTIA exams
exam preparation checklist, 433-435
grading scale, 432
post-certification process, 438
registration, 434
Computer Management, 302
computers
maintaining, 73
security audits, 304
confidence tricks (cons), social engineering, 393
confidential information, classifying (data sensitivity), 412
confidentiality (CIA triad), 3, 100
configuration baselines, 70-71
configuring
managing configurations, 68
PAC files, 180
routers, secure configurations, 122
conserving hard disk space, 60
console (WAP). See administration interface
consolidating services, 99
contacts, DRP, 383
containerization (applications), 76
containment phase (incident response procedures), 421
content filtering, 38
Internet, 181
routers, 123
context-aware authentication, 223
contingency planning. See BCP; ITCP
contracts
BPA, 418
ISA, 418
MoU, 418
cookies
accepting/blocking, 93
definition of, 92
Flash cookies. See LSO
persistent cookies, 92
privacy alerts, 93
session hijacking, 93
session theft, 159
tracking cookies, 93
XSS, 93
COOP (Continuity of Operations Plan). See BCP
COPE (Corporate Owned, Personally Enabled) mobile devices, security, 49
copying files/folders, 256
corrective controls, 276
crashes. See system failure
crimeware, 18. See also malware
critical systems/data, hierarchical lists of (DRP), 384
critical updates, 66
CRL (Certificate Revocation Lists), 355
cross-site scripting. See XSS
crosstalk, cabling, 199
cryptanalysis attacks (password cracking method), 286
cryptography. See also encryption
asymmetric key algorithms, 327
black book phone number encryption, 323-324
Caesar Cipher, 323
ciphers
algorithms as, 325
block ciphers, 326
defining, 325
stream ciphers, 326
ECDHE, 333
hash functions, 337
HMAC, 339
MD5, 338
RIPEMD, 338
keys
defining, 325
DEK, 330
Diffie-Hellman key exchange, 327, 333
KEK, 330
key stretching, 342
managing, 328
MEK, 330
private key cryptography, 325
public key cryptography, 325-328
quantum cryptography, 334
steganography, defining, 328
symmetric key algorithms, 326
cryptoprocessors. See HSM
CSO (Chief Security Officers), disaster recovery planning, 384
CSP (Cloud Service Providers), 134
CSR (Certificate Signing Requests), 353
CSU (Channel Service Units), 123
Ctrl+Alt+Del at logon, 258
custody, chain of (evidence collection), 422
CVE (Common Vulnerabilities and Exposures), 139
cyber-crime, automating. See crimeware
cyber-criminals, 8
CYOD (Choose Your Own Device), mobile device security, 49
D
DAC (Discretionary Access Control), 245-248
DACL (Discretionary Access Control Lists), 253
damage/loss control (incident response procedures), 422
Darkleech, 139
darknet, 137
data access security, cloud security, 135
data analysis, incident response procedures, 423
data at rest, defining, 322
10 tape rotation backup scheme, 381
differential data backups, 380
disaster recovery
10 tape rotation backup scheme, 381
differential data backups, 380
full data backups, 379
grandfather-father-son backup scheme, 381
incremental data backups, 379-380
snapshot backups, 382
Towers of Hanoi backup scheme, 381
full data backups, 379
grandfather-father-son backup scheme, 381
incremental data backups, 379-380
snapshot backups, 382
Towers of Hanoi backup scheme, 381
data centers, mantraps, 394
data encryption, 6
asymmetric key algorithms, 327
Blowfish, 331
CBC, 326
ciphers
algorithms as, 325
block ciphers, 326
defining, 325
stream ciphers, 326
cryptography
black book phone number encryption, 323-324
Caesar Cipher, 323
quantum cryptography, 334
data at rest, defining, 322
data in transit, defining, 322
data in use, defining, 322
DEA, 329
defining, 325
Diffie-Hellman key exchange, 327, 333
ECB, block ciphers, 326
ECDHE, 333
IDEA, 329
defining, 325
DEK, 330
Diffie-Hellman key exchange, 327, 333
KEK, 330
key stretching, 342
managing, 328
MEK, 330
private key cryptography, 325
public key cryptography, 325-328
password hashing
birthday attacks, 341
key stretching, 342
NTLM hashing, 340
NTLMv2 hashing, 340
pass the hash attacks, 341
PGP, 335
PKI
defining, 351
IPsec, 360
PPTP, 359
S/MIME, 357
SSH, 359
PRNG, 336
RC
RC5, 331
RC6, 331
steganography, defining, 328
symmetric key algorithms, 326
Threefish, 331
Twofish, 331
web of trust, 356
data exfiltration, 257
data handling (DHE), sensitive data, 412
data in transit, defining, 322
data in use, defining, 322
data labeling, MAC, 247
Data Link layer (OSI model), 119
data redundancy
RAID 0, 374
RAID 0+1, 375
RAID 10, 375
data removal, 6
destroying storage media (physical data removal), 420
purging, 420
data sensitivity
data handling (DHE), 412
data storage segmentation, mobile devices, 49
data validation. See input validation
databases (relational)
normalization, 108
DDoS (Distributed Denial-of-Service) attacks, 158, 165
DEA (Data Encryption Algorithm), 329
deauthentication attacks (Wi-Fi). See disassociation attacks (Wi-Fi)
decentralized access control, 248
default accounts, wired network/device security, 195
Default Domain Policy, 258
defragmenting hard disks, 72
DEK (Data Encryption Keys), 330
deleting data
destroying storage media (physical data removal), 420
purging, 420
delivery systems (malware)
active interception, 19
attack vectors, 18
backdoors, 19
bit torrents, 18
botnets, 19
Easter eggs, 20
email, 18
exploit kits, 18
FTP servers, 18
instant messaging, 18
keyloggers, 18
logic bombs, 20
media-based delivery, 18
memory cards, 18
optical discs, 18
P2P networks, 18
privilege escalation, 19
smartphones, 18
software, 18
threat vectors, 18
time bombs, 20
typosquatting, 18
URL hijacking, 18
USB flash drives, 18
user error, 18
websites, 18
zip files, 18
zombies, 19
DER (Distinguished Encoding Rules) format, certificates, 353
DES (Data Encryption Standard), 329-331
designing networks
back-to-back perimeter networks, 127
bridges, 122
cellular networks, 210
cloud computing
community clouds, 135
CSP, 134
definition, 133
hybrid clouds, 134
IaaS, 134
MaaS, 134
P2P networks and, 137
PaaS, 134
private clouds, 134
public clouds, 134
SaaS, 133
SECaaS, 134
services, 136
social media and, 136
XaaS, 134
CSU, 123
DMZ
3-leg perimeter DMZ, 126
back-to-back perimeter networks, 127
documenting network design, 211
DSU, 123
extranets, 127
firewalls, back-to-back perimeter networks, 127
Internet, 126
intranets, 127
IP addresses, ports and, 153
LAN
routers, 122
WAN versus, 125
NAC, 128
NAT, 123
firewall effect, 123
private IPv4 addresses, 124
private IPv6 addresses, 124-125
public IPv4 addresses, 124
static NAT, 123
OSI model
TCP/IP model versus, 120
PAT, IPv4 addresses, 123
PBX equipment, 132
ports, 149
application service ports, 150
associated protocols table, 150-152
closing open ports, 154
dynamic ports, 149
FTP servers, 153
inbound ports, 150
IP addresses and, 153
outbound ports, 150
port zero security, 154
private ports, 149
ranges, 149
registered ports, 149
scanning for open ports, 154
TCP reset attacks, 155
unnecessary ports, 154
well-known ports, 149
protocols and port associations
associated protocols table, 150-152
Diameter, 152
DNS, 151
FCIP, 152
HTTP, 151
IMAP, 151
iSCSI, 152
Kerberos, 151
L2TP, 152
LDAP, 151
Ms-sql-s, 152
NetBIOS, 151
NNTP, 151
POP3, 151
PPTP, 152
RADIUS, 152
RDP, 152
RPC, 151
SMB, 152
SMTP, 151
SNMP, 151
SNMPTRAP, 151
SSH, 151
Syslog, 152
TACACS+, 151
Telnet, 151
TFTP, 151
routers
ACL, 123
Cisco routers, 122
content filtering, 123
firewalls, 123
IPS, 123
secure configurations, 122
secure VPN connectivity, 123
SATCOM, 211
switches, 120
aggregation switches, 122
ARP spoofing, 121
DHCP starvation attacks, 121
fail-open mode, 121
looping, 122
MAC spoofing, 121
physical tampering, 121
STP, 122
TCP/IP model versus OSI model, 120
telephony
PBX equipment, 132
VoIP, 132
VoIP, 132
VPN, WAP, 205
WAN
LAN versus, 126
routers, 122
wired network/device security
backdoors, 197
default accounts, 195
network attacks, 197
remote ports, 197
Telnet, 198
wireless network security
cellular networks, 210
documenting network design, 211
geofences, 211
GPS, 211
RFID, 210
SATCOM, 211
third-party wireless adapter connections, 202
VPN, 205
wireless transmission vulnerabilities, 208-209
destroying storage media (data removal), 420
detecting rootkits, 16
detective controls, 276
device drivers, updates, 66
DFS (Distributed File System) Replication logs, 307
DHCP snooping, 121
DHCP starvation attacks, 121
DHE (Data-Handling Electronics), sensitive data, 412
DHTML (Dynamic HTML), hover ads, 38
Diameter, port associations with, 152
dictionary attacks (password cracking method), 286
differential data backups, 380
Diffie-Hellman key exchange, 327, 333
CA, 353
CRL, 355
CSR, 353
key escrow, 355
key recovery agents, 355
mapping, 355
pinning, 354
PKI
BER format, 353
CA, 353
CER format, 353
DER format, 353
dual-sided certificates, 352
DV certificates, 352
EV certificates, 352
multidomain certificates, 352
OV certificates, 352
P12/PFX format, 353
PEM format, 353
SAN field, 352
single-sided certificates, 352
wildcard certificates, 352
X.509 standard, 351
revoking
CRL, 355
OCSP, 355
validation, 353
verifying with RA, 355
VeriSign certificates, 353-354
web of trust, 356
digital signatures, public key cryptography, 327
directory traversals, 109
disabling
default accounts, 195
external ports, 40
guest accounts, 195
hardware, virtualization, 77
LSO, 93
SSID broadcasting, 179
disassociation attacks (Wi-Fi), 209
disaster recovery
data backups
10 tape rotation backup scheme, 381
differential data backups, 380
full data backups, 379
grandfather-father-son backup scheme, 381
incremental data backups, 379-380
snapshot backups, 382
Towers of Hanoi backup scheme, 381
drills/exercises, 384
DRP
agreements, copies of, 384
BCP, 383
contacts, 383
critical systems/data, hierarchical lists of, 384
drills/exercises, 384
impact determination, 383
fire, 382
flood, 383
loss of building, 383
power loss (long-term), 383
theft/malicious attacks, 383
disaster-tolerant disk systems, RAID, 376
disk duplexing, 374
disk encryption
FDE, 42
SED, 42
diversion theft, social engineering attacks, 392, 395
DLL injections, 108
DLP (Data Loss Prevention), 38-39, 182-183
DMZ (Demilitarized Zones)
3-leg perimeter DMZ, 126
back-to-back configurations, 177
back-to-back perimeter networks, 127
firewalls, 177
DNS (Domain Name Servers)
amplification attacks, 158, 165
blackholes, 158
file network documentation, 211
logs, 307
pharming, 163
port associations with, 151
sinkholes, 158
unauthorized zone transfers, 163, 166
zone transfers, 176
DNSBL (DNS Blackhole Lists), 158
domain controllers
IE domain controller-managed policies, 89-90
KDC, tickets, 227
Default Domain Policy, 258
donating/recycling equipment policies, 419
door access, physical security
cardkey systems, 220
cipher locks, 220
mantraps, 221
proximity sensors, 221
security tokens, 221
smart cards, 221
DoS (Denial-of-Service) attacks, 155
flood attacks
UDP flood attacks, 156
Xmas attacks, 157
fork bombs, 157
permanent DoS attacks, 157
spoofed MAC addresses, 208
dot dot slash attacks. See directory traversals
double-tagging attacks, 131
downgrade attacks, 358
drive lock passwords, 40
driver updates, 66
DRM (Digital Rights Management), jailbreaking, 196
drones, facilities security, 403
DRP (Disaster Recovery Plans)
agreements, copies of, 384
BCP, 383
contacts, 383
critical systems/data, hierarchical lists of, 384
drills/exercises, 384
impact determination, 383
DSU (Data Service Units), 123
dual-sided certificates, 352
due diligence, infrastructure security, 416-417
dumpster diving, social engineering attacks, 394-396
duties
segregation of, 276
DV (Domain Validation) certificates, 352
DyFuCA (Internet Optimizer), 17
dynamic and static analytical monitoring tools, 304
dynamic code analysis, 104
dynamic ports, 149
E
EAP (Extensible Authentication Protocol), 224-226
Easter eggs, malware delivery, 20
eavesdropping, social engineering attacks, 394-395
ECB (Electronic Codebook), block ciphers, 326
ECC (Elliptic Curve Cryptography), 333-334
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral), 333
educating users, 396-397, 416-417
elite hackers, 7
address links, preventing/troubleshooting spam, 27
BCC, preventing/troubleshooting spam, 27
blacklists, preventing/troubleshooting spam, 27
identity theft emails, 17
lottery scam emails, 17
malware delivery, 18
open mail relays, preventing/troubleshooting spam, 27
S/MIME, 357
spam
definition of, 17
honeypots, 182
preventing/troubleshooting, 28
whitelists, preventing/troubleshooting spam, 27
email servers, security, 138
emergency response detail (incident response procedures), 422
EMI (Electromagnetic Interference), cabling, 198
EMP (Electromagnetic Pulses), 402
employees
clean desk policy, 397
first responders (incident response procedures), 422
offboarding, 415
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
succession planning, 379
vetting, 397
emulators, 75
asymmetric key algorithms, 327
Blowfish, 331
CBC, 326
ciphers
algorithms as, 325
block ciphers, 326
defining, 325
stream ciphers, 326
cloud security, 136
cryptography
black book phone number encryption, 323-324
Caesar Cipher, 323
quantum cryptography, 334
data at rest, defining, 322
data in transit, defining, 322
data in use, defining, 322
DEA, 329
defining, 325
Diffie-Hellman key exchange, 327, 333
ECB, block ciphers, 326
ECDHE, 333
encrypted viruses, 14
FTP servers, 140
full device encryption, mobile devices, 46
hard drives
FDE, 42
SED, 42
IDEA, 329
keys
defining, 325
DEK, 330
Diffie-Hellman key exchange, 327, 333
KEK, 330
key stretching, 342
managing, 328
MEK, 330
private key cryptography, 325
public key cryptography, 325-328
mobile devices, 44
password hashing, 342
birthday attacks, 341
key stretching, 342
NTLM hashing, 340
NTLMv2 hashing, 340
pass the hash attacks, 341
PGP, 335
PKI
certificates, 351-353, 356-357
defining, 351
IPsec, 360
PPTP, 359
S/MIME, 357
SSH, 359
PRNG, 336
RC
RC5, 331
RC6, 331
steganography, defining, 328
symmetric key algorithms, 326
Threefish, 331
Twofish, 331
USB devices, 41
viruses, preventing/troubleshooting, 22
web of trust, 356
whole disk encryption, 72
end-of-chapter questions, exam preparation, 433
endpoint DLP systems, 39
enumeration, 283
ephemeral mode
Diffie-Hellman key exchange, 333
ECDHE, 333
equipment recycling/donation policies, 419
eradication phase (incident response procedures), 421
ERP (Enterprise Resource Planning), IT security frameworks, 425
compile-time errors, 102
programming security, 101
runtime errors, 103
SEH, 103
escrow, certificate keys, 355
ESP (Encapsulating Security Payloads), IPsec, 360
Ethernet
FCoE, 152
Ethernet switching. See switches
ethical hackers, 7
EV (Extended Validation) certificates, 352
audit trails, 307
failure to see events in security logs, 306
incidents versus, 420
SIEM, 314
evidence, collecting/preserving (incident response procedures), 422-424
Evil Maid Attack, 17
evil twins, WAP, 203
exams
preparing for
exam preparation checklist, 433-435
grading scale, 432
post-certification process, 438
registering for, 434
Excel (MS), securing, 98
exception-handling, SEH, 103
expenses/man hours, tracking (incident response procedures), 423
explicit allow firewall rule (ACL), 176
explicit deny firewall rule (ACL), 176
exploit kits, malware delivery, 18
exposing sensitive data, 104
external ports, disabling, 40
extranets, 127
F
F2F (Friend-to-Friend) networks, 137
facilities
loss of (disaster recovery), 383
security
fail-closed, redundancy planning, 370
fail-open, redundancy planning, 370
fail-open mode, switches, 121
failover clusters, 377
failover redundancy, 369
failure-resistant disk systems, RAID, 376
failure-tolerant disk systems, RAID, 376
failures
single points of (redundancy planning), 369
system failure, 5
false acceptances, biometric readers, 222, 236
false negatives
IDS, 37
IPS, 184
false positives
IDS, 37
NIPS, 184
false rejection, biometric readers, 222, 236
fault tolerance, 375
FCIP (Fiber Channel over IP), port associations with, 152
FCoE (Fibre Channel over Ethernet), 152
FDE (Full Disk Encryption), 42
FEXT (Far End Crosstalk), 199
file servers, security, 137
file systems, OS hardening, 71
fileless malware. See non-malware, 16
files/folders
copying, 256
IT folder
advanced security settings, 313-314
permissions, 313
log file maintenance/security, 310-311
moving, 256
net file command, analytical monitoring, 303
openfiles command, analytical monitoring, 302
filters
ad filtering, 38
Internet content filtering, 181
NAT filtering, 177
packet filtering, 176
Spam filters, 26
stateless packet filters, spoofing attacks, 176
web security gateways, 181
FIM (Federated Identity Management), 223
final network documentation, 211
fingerprint readers/scanners, physical security, 222
fingerprinting, 275
fire
disaster recovery, 382
suppression
special hazard protection systems, 400
sprinkler systems, 399
FireFox, secure connections, 354
firewalls
back-to-back perimeter networks, 127
closing open ports, 154
firewall effect, NAT, 123
flood guards, 156
IPFW, 35
iptables, 35
logs, 309
network perimeter security
ACL firewall rules, 176
ALG, 177
application firewalls, 178
back-to-back firewall/DMZ configurations, 177
basic implementation diagram, 175
circuit-level gateways, 177
firewall logs, 177
multihomed connections, 179
NAT filtering, 177
packet filtering, 176
SOHO router/firewall Internet sessions, 178
SPI, 176
web application firewalls, 179
NGFW, 359
personal firewalls, 35
IPFW, 35
iptables, 35
PF, 35
SOHO router/firewall configuration, 36
Windows Firewall, 35
ZoneAlarm, 35
PF, 35
routers, 123
SOHO routers, 123
spam firewalls, 26
updates, 73
WAP, 207
ZoneAlarm, 35
first responders (incident response procedures), 422
FIT (Failure In Time), quantitative risk assessment, 274
Flash
cookies. See LSO
malicious add-ons, 94
pop-up ads, 38
flash drives, encryption, 41
Flash Player Settings Manager, disabling LSO, 93
flashing, BIOS, 39
flood attacks
UDP flood attacks, 156
Xmas attacks, 157
flood guards, 156
flood, disaster recovery, 383
Fluke, 284
folders/files
copying, 256
IT folder
advanced security settings, 313-314
permissions, 313
log file maintenance/security, 310-311
moving, 256
net file command, analytical monitoring, 303
openfiles command, analytical monitoring, 302
forensics, incident response procedures
data analysis, 423
licensing reviews, 423
network traffic, 423
screenshots, 423
system images, 422
tracking man hours/expenses, 423
video, 423
witness statements, 423
fork bombs, 157
forward proxies, 180
frequency hopping, 209
FTP (File Transfer Protocol), 155
port associations with, 151
servers
malware delivery, 18
ports and, 153
protocol analysis, 300
security, 140
FTPS (FTP Secure), 155
full data backups, 379
full device encryption, mobile devices, 46
fuzz testing, 104
G
gas-engine generators, 373
Gates, Bill, 393
gateways
ALG, 177
circuit-level gateways, 177
web security gateways, 181
generators
battery-inverter generators, 373
fuel sources, 373
gas-powered generators, 373
permanently installed generators, 373
portable generators, 373
power output, 373
standby generators, 373
starting, 373
uptime, 373
genetic algorithms, 336
geofences, 211
GinMaster Trojan, 45
glass-box testing. See white-box testing
GLB (Gramm-Leach-Bliley) act, 413
Gnutella, firewall logs, 178
Google, name change hoax, 393
GPG (GNU Privacy Guard) and PGP, 335
GPMC (Group Policy Management Console), 90
GPS (Global Positioning Systems)
geofences, 211
mobile devices, 46
wireless network security, 211
GPT rootkits, preventing/troubleshooting, 25
grading scale, CompTIA exams, 432
grandfather-father-son backup scheme, 381
gray-box testing, 102
gray hats, 7
grayware, 16
GRC (Governance, Risk and Compliance), 413
GRE (Generic Routing Encapsulation), 233
Group Policies
GPMC, 90
Import Policy From window (Windows Server), 69
Local Group Policy Editor, 69
OS hardening, 69
groups, access control, 253
guessing (password cracking method), 285
guest accounts, disabling, 195
H
hackers. See also threat actors
black hats, 7
blue hats, 7
elite hackers, 7
ethical hackers, 7
gray hats, 7
thinking like a hacker, 6
white hats, 7
Hackers, 245
hacktivists, 8
Hanoi backup scheme, Towers of, 381
happy birthday attacks, 341
hard disks
backups, 72
conserving disk space, 60
data removal
destroying storage media (physical data removal), 420
purging, 420
defragmenting, 72
drive lock passwords, 40
encryption
FDE, 42
SED, 42
whole disk encryption, 72
fault tolerance, 375
maintaining, 73
restore points, 72
hardening OS, 59
applications
backward compatibility, 60
blacklisting, 61
whitelisting, 61
attack surface, reducing, 62
centrally administered management systems, 61
configuration management, 68
file systems, 71
Group Policies, 69
least functionality, 59
Linux, starting/stopping services, 64-65
MacOS/OS X, starting/stopping services, 64-65
messaging, 59
remote control programs, 60
Remote Desktop Connection, 60
Remote Desktop Services, 62
services
Remote Desktop Services, 62
TOS, 65
whitelisting applications, 61
Windows
Programs and Features window, 60
starting/stopping services, 63-65
Windows XP, 62
hashing
defining, 336
hash functions
cryptographic hash functions, 337-339
defining, 336
HMAC, 339
MD5, 338
one-way function, 337
password hashing
birthday attacks, 341
key stretching, 342
NTLM hashing, 340
NTLMv2 hashing, 340
pass the hash attacks, 341
process of, 336
RIPEMD, 338
system images, incident response procedures, 422
HAVA (Help America Vote Act of 2002), 413
hazard protection systems, 400
headers
AH, IPsec, 360
manipulation, 299
heuristic analysis, 296
HIDS (Host-based Intrusion Detection Systems), 35-37
hierarchical CA organization, 356
hierarchical lists of critical systems/data, DRP, 384
high availability, RAID arrays, 42
high-energy EMP (Electromagnetic Pulses), 402
hijacking sessions, XSS, 93
HIPAA (Health Insurance Portability and Accountability Act), 413
HIPS (Host Intrusion Prevention Systems), 184
HMAC (Hash-based Message Authentication Code), 339
hoaxes, social engineering attacks, 393-395
honeynets, 182
honeypots, 182
horizontal privilege escalation, 197
host files, DNS servers, 163, 166
hosted hypervisors, 75
HOSTS files, preventing/troubleshooting spyware, 25
hot and cold aisles (HVAC), facilities security, 400
hot sites, 378
hover ads (DHTML), 38
HSM (Hardware Security Modules), 43
HTTP (Hypertext Transfer Protocol), 91
connections, 47
port associations with, 151
proxies. See proxy servers
response packets, header manipulation, 299
HTTPS (Hypertext Transfer Protocol Secure), 47, 358
HVAC (Heating, Ventilation, Air Conditioning), facilities security, 400
ANT sensors, 401
shielding, 401
hybrid clouds, 134
Hyper-V, 77
hypervisors, 75
I
IA (Information Assurance). See risk, assessment; risk, management, 271
IaaS (Infrastructure as a Service), 134
ICMP flood attacks. See ping floods
IDEA (International Data Encryption Algorithm), 329
identification
authentication schemes, 218
biometric readers, 221-222, 236
cardkey systems, 220
definition, 218
FIM, 223
fingerprint readers/scanners, 222
identity proofing, 219
identity theft emails, 17
photo ID, 220
security tokens, 221
smart cards, 221
verifying. See authentication
identification phase (incident response procedures), 421
IDF (Intermediate Distribution Frame) rooms, wire closets, 201
IDPS (Intrusion Detection and Prevention Systems), 37
IDS (Intrusion Detection Systems)
false negatives, 37
false positives, 37
NIDS, 36
placement within networks, 184
promiscuous mode, 183
protocol analyzers, 185
signature-based detection, 36
statistical anomaly detection, 36
WIDS, 186
IE (Internet Explorer)
domain controller-managed policies, 89-90
Internet Explorer Maintenance Security, 89
security settings, 89
IF-THEN statements, genetic algorithms, 336
imaging
IMAP (Internet Message Access Protocol), port associations with, 151
immutable systems, 100
impact analysis (business), BCP, 384
impact assessment, 272
impact determination, DRP, 383
implicit deny (access control), 249
implicit deny firewall rule (ACL), 176
Import Policy From window (Windows Server), 69
in-band management, 301
inbound ports, 150
incident management, 420
incident response procedures
chain of custody (evidence collection), 422
collecting/preserving evidence, 422-424
containment phase, 421
damage/loss control, 422
emergency response detail, 422
eradication phase, 421
events versus incidents, 420
forensics
data analysis, 423
licensing reviews, 423
network traffic, 423
screenshots, 423
system images, 422
tracking man hours/expenses, 423
video, 423
witness statements, 423
identification phase, 421
initial incident management process, 422
lessons learned phase, 421
need-to-know, 424
preparation phase, 421
recovery phase, 421
incremental data backups, 379-380
information security
anti-malware software, 6
authentication, 5
backups, 6
data removal, 6
defense in depth, 6
encryption, 6
malware, 4
security plans, 5
social engineering, 5
system failure, 5
unauthorized access, 4
user awareness, 5
infrastructure security, due diligence, 416-417
inherence factors (authentication), 219
inheritance (permissions), 255
initial incident management process (incident response procedures), 422
instant messaging
malware delivery, 18
OS hardening, 59
spim, 17
integer overflows, 105
integrity (CIA triad), 4, 100-101
interference
cabling
crosstalk, 199
EMI, 198
RFI, 199
surveys, 207
internal information, classifying (data sensitivity), 412
Internet
content filtering, 181
messaging, 48
network design, 126
Internet Explorer
Maintenance Security, 89
Internet protocol suite. See TCP/IP
intranets, 127
IP addresses
ports and, 153
spoofing attacks, 159
IP proxies, 179
IP spoofing attacks, 123
IPFW (IP Firewall), 35
IPS (Intrusion Prevention Systems), 37
false negatives, 184
HIPS, 184
NIPS, 183
false positives, 184
protocol analyzers, 185
routers, 123
WIPS, 186
IPsec (Internet Protocol Security)
AH, 360
ESP, 360
SA, 360
transport mode, 360
tunneling mode, 360
iptables, 35
IPv4
firewall effect, 123
IronKey, 41
ISA (Interconnection Security Agreements), 418
iSCSI (Internet Small Computer Systems Interface), port associations with, 152
ISP (Internet Service Providers), redundancy planning, 377
ISSO (Information Systems Security Officers), disaster recovery planning, 384
IT folder
advanced security settings, 313-314
permissions, 313
IT security frameworks, 425
ITCP (IT Contingency Planning), 384
IV attacks, 208
J – K
jailbreaking, 92, 196. See also privilege escalation
DRM, 196
mobile devices, 50
jamming surveys, 207
job rotation
access control, 250
separation of duties policies, 415-417
KDC (Key Distribution Center), tickets, 227
KEK (Key Encryption Keys), 330
Kerberos, 227-229, 235, 326, 341
LDAP injections, 138
Microsoft Security Bulletins, 138
port associations with, 151
vulnerabilities, 138
keys
certificate keys, 355
cryptography
asymmetric key algorithms, 327
defining, 325
DEK, 330
Diffie-Hellman key exchange, 327, 333
KEK, 330
key stretching, 342
managing, 328
MEK, 330
private key cryptography, 325, 332
public key cryptography, 325-328, 331-334
QKD, 334
symmetric key algorithms, 326
web of trust, 356
management, 48
knowledge factors (authentication), 219
L
L2TP (Layer 2 Tunneling Protocol), 359-360
port associations with, 152
LAN (Local Area Networks)
bridges, 122
broadcast storms, 299
routers, 122
split tunneling, 233
VLAN
MAC flooding, 131
VLAN hopping, 130
WAN versus, 125
LDAP (Lightweight Directory Access Protocol), 226, 235
port associations with, 151
LEAP (Lightweight Extensible Authentication Protocol), 226
least functionality, 59
least privilege
access control, 249
principle of, 101
lessons learned phase (incident response procedures), 421
licensing
compliance violations, 423
reviewing, incident response procedures, 423
linemanls handsets. See butt sets
links (email), preventing/troubleshooting spam, 27
Linux
file permissions, 254
netstat command, analytical monitoring, 303
OS hardening, starting/stopping services, 64-65
patch management, 68
SELinux, 37
System Monitor, 299
tcpdump packet analyzer, 301
virus prevention/troubleshooting tools, 23
vulnerability scanning, 283
LM hashes. See LANMAN hashing
load-balancing clusters, 378
browser security, 88
LANMAN hashing, 340
Local Group Policy Editor, 69
localized authentication
802.1X, 235
authentication procedure, 225-226
connection components, 225
mutual authentication, 227
Remote Desktop Services, 229
locking systems, vehicles and facilities security, 403
lockout programs, mobile devices, 46
logic bombs, malware delivery, 20
logins
Ctrl+Alt+Del at logon, 258
logs
application logs, 307
audit trails, 307
DFS Replication logs, 307
DNS Server logs, 307
file maintenance/security, 310-311
network traffic logs, incident response procedures, 423
non-repudiation, 306
security events, failure to see events, 306
system logs, 307
long-term power loss, disaster recovery, 383
looping switches, 122
loss/damage control (incident response procedures), 422
loss of building, disaster recovery, 383
lottery scam emails, 17
Love Bug viruses, 17
LSO (Locally Shared Objects), 93