Index

Numbers

3-leg perimeter DMZ (Demilitarized Zones), 126

3DES (Data Encryption Standard), 329-331

10 tape rotation backup scheme, 381

802.1X, 235

authentication procedure, 225-226

connection components, 225

EAP, 224-226

A

AAA (Accounting, Authentication, Authorization)

accounting, 4, 152

authentication, 4-5, 222

captive portals, 230

CHAP, 230-231, 235

cloud security, 135

context-aware authentication, 223

deauthentication attacks. See Wi-Fi disassociation attacks

definition, 218

Diameter port associations with, 152

EAP, 224-226

extranets, 127

HMAC, 339

identification, 218

inherence factors, 219

intranets, 127

Kerberos, 151, 227-229, 235

knowledge factors, 219

LDAP, 226, 235

LEAP, 226

localized authentication, 224-229, 235

MFA, 223

MS-CHAP, 230

multifactor authentication, 230, 394

mutual authentication, 227

networks, 48

nonces, 161

PAM, Kerberos, 229

PEAP, 225-226

physical security, 218

possession factors, 219

RADIUS, 152, 234-235

reduced sign-ons, 223

remote authentication, 230-235

Remote Desktop Services, 229

servers, 48, 225

SSO, 223-224

TACACS+, 151, 234-235

web of trust, 356

authorization, 4

biometric readers, 221-222, 236

definition, 218

Diameter, port associations with, 152

FIM, 223

fingerprint readers/scanners, 222

RADIUS, port associations with, 152

ABAC (Attribute-Based Access Control), 248

accepting

cookies, 93

risk, 271

access (unauthorized), 4

access control, 245

ABAC, 248

ACL, permissions, 253

Administrator accounts, 257-258

Bell-LaPadula, 247

Biba, 247

CAPTCHA, 261

centralized access control, 248

Clark-Wilson, 247

Ctrl+Alt+Del at logon, 258

DAC, 245-248

DACL, 253

decentralized access control, 248

files/folders

copying, 256

moving, 256

groups, 253

guest accounts, 258

implicit deny, 249

job rotation, 250

least privilege, 249

MAC, 246-248

mobile devices, 50

passwords, 256

Administrator accounts, 257-258

guest accounts, 258

permissions

ACL, 253

DACL, 253

inheritance, 255

Linux file permissions, 254

NTFS permissions, 253, 256

privilege creep, 254

propagating, 255

SACL, 253

user access recertification, 255

policies

Account Lockout Threshold Policy, 260

Default Domain Policy, 258

passwords, 258-261

RBAC, 247-248

SACL, 253

separation of duties, 250

UAC, 261

users, 251

access recertification, 255

Account Expiration dates, 252

ADUC, 251

multiple user accounts, 253

passwords, 256-257

time-of-day restrictions, 252

usernames, 256-257

Account Expiration dates, 252

Account Lockout Threshold Policy, 260

accounting

AAA, 4

Diameter, port associations with, 152

RADIUS, port associations with, 152

ACK packets

SYN floods, 156

TCP/IP hijacking, 160

ACL (Access Control Lists)

DACL, 253

firewall rules, 176

permissions, 253

routers, 123

SACL, 253

active interception, malware delivery, 19

active reconnaissance (security analysis), 275

ActiveX controls, 94

acts (legislative policies), 412-413

ad blocking, browser security, 92

ad filtering, 38

ad hoc network, WAP, 205

adapters (network), 376

adaptive frequency hopping, 209

add-ons, 94

ActiveX controls, 94

malicious add-ons, 94

managing, 94

addresses (email), preventing/troubleshooting spam, 27

administration

account passwords, 257-258

centrally administered management systems, 61

CVE, 139

guest accounts, passwords, 258

HIDS, 37

offboarding, 50

onboarding, 50

removable media controls, 41

rootkits, 16

Alureon rootkits, 17

definition of, 17

Evil Maid Attack, 17

preventing/troubleshooting, 28

security plans, 5

administration interface (WAP), 202

ADUC (Active Directory Users and Computers), 251

adware, 16

AES (Advanced Encryption Standard), 42, 204, 326, 329-331

agents, SNMP, 301

aggregation switches, 122

agile model (SDLC), 100

agreements, copies of (DRP), 384

AH (Authentication Headers), IPsec, 360

air gaps, 402-403

aisles (HVAC), facilities security, 400

ALE (Annualized Loss Expectancy), quantitative risk assessment, 273

alerts, performance baselining, 298

ALG (Application-Level Gateways), 177

algorithms

3DES, 329-331

AES, 326, 329-331

asymmetric algorithms, 327

Diffie-Hellman key exchange, 333

RSA, 331-332

Blowfish, 331

CBC, 326

ciphers, 325

DEA, 329

defining, 325

DES, 329-331

ECC, 333-334

ECDHE, 333

genetic algorithms, 336

HMAC, 339

IDEA, 329

MD5, 338

password hashing

birthday attacks, 341

key stretching, 342

LANMAN hashing, 339-340

NTLM hashing, 340

NTLMv2 hashing, 340

pass the hash attacks, 341

RC

RC4, 330-331

RC5, 331

RC6, 331

RIPEMD, 338

RSA, 331-332

SHA, 338-339

symmetric algorithms, 326

3DES, 329

AES, 329-331

Blowfish, 331

DEA, 329

DES, 329-331

IDEA, 329

RC, 330-331

Threefish, 331

Twofish, 331

Threefish, 331

Twofish, 331

all-in-one security appliances, 181

altered host files, 163, 166

alternative controls. See compensating controls

Alureon rootkits, 16-17

always-on VPN (Virtual Private Network), 233

analytical monitoring tools, 302

Computer Management, 302

keyloggers, 304

net file command, 303

netstat command, 303

openfiles command, 302

static and dynamic analytical tools, 304

analyzing

data, incident response procedures, 423

passwords, 284-286

protocols, 283

risk, IT security frameworks, 425

security, active/passive reconnaissance, 274-275

Angry IP Scanner, 283

anomaly-based monitoring, 295-296

ANT sensors (HVAC), facilities security, 401

anti-malware

software, 6

updates, 73

anti-spyware, 24-25

antivirus software

preventing/troubleshooting

Trojans, 23

viruses, 20-23

worms, 23

Safe Mode, 23

anycast IPv6 addresses, 125

AP (Access Points)

Bluetooth AP, 209

evil twins, 203

isolating, WAP, 207

Rogue AP, 202

WAP, wireless network security

ad hoc networks, 205

administration interface, 202

AP isolation, 207

brute-force attacks, 205, 209

encryption, 203-204, 207

evil twins, 203

firewalls, 207

MAC filtering, 207

placement of, 205

PSK, 204

rogue AP, 202

SSID, 202

VPN, 205

wireless point-to-multipoint layouts, 206

WLAN controllers, 207

WPS, 205

WLAN AP, 209

Apache servers, 139

application-aware devices, 184

Application layer (OSI model), 120

applications

arbitrary code execution, 106

back office applications, securing, 98

backdoor attacks, 105, 109, 197

backward compatibility, 60

blacklisting, 48, 61

buffer overflows, 105, 109

code injections, 107-109

containerization, 76

directory traversals, 109

DLL injections, 108

encryption, 47, 52

Excel, securing, 98

firewalls, 178

geotagging, 49

HTTPS connection, 47

immutable systems, 100

input validation, 103

integer overflows, 105

key management, 48

LDAP injections, 108

logs, 307

memory leaks, 106

MMS attacks, 48

mobile apps, security, 98

network authentication, 48

NoSQL injections, 108

null pointer deferences, 106

OS hardening, 59-61

Outlook, securing, 98

patch management, 97

privilege escalation, 196-197

programming

ASLR, 106

authenticity, 101

CIA triad, 100

code checking, 101

code signing, 101

DevOps, 100-102

error-handling, 101

integrity, 101

minimizing attack surface area, 101

obfuscation, 101

passwords, 101

patches, 101

permissions, 101

principle of defense in depth, 101

principle of least privilege, 101

quality assurance policies, 100

SDLC, 99-102

secure code review, 100

secure coding concepts, 99

testing methods, 102-104

threat modeling, 101

trusting user input, 101

vulnerabilities/attacks, 105-109

proxies, 180

RCE, 106-109

removing, 59-60

security

back office applications, 98

DevOps, 100-102

encryption, 47, 52

Excel, 98

firewalls, 178

mobile apps, 98

network authentication, 48

Outlook, 98

patch management, 97

policy implementation, 96

SDLC, 99-102

secure coding concepts, 99

server authentication, 48

UAC, 95

Word, 98

server authentication, 48

service ports, 150

SMS attacks, 48

SQL injections, 107

transitive trust, 48

uninstalling, preventing/troubleshooting spyware, 24

unnecessary applications, removing, 59-60

user input, 101

whitelisting, 48, 61

Word, securing, 98

XML injections, 108

XSRF, 107-109

XSS, 107-109

zero day attacks, 109

APT (Advanced Persistent Threats), 8, 15

arbitrary code execution, 106

archive.org, 140

armored viruses, 14

ARO (Annualized Rate of Occurrence), quantitative risk assessment, 273

ARP poisoning, 164-166

ARP spoofing, 121

ASLR (Address Space Layout Randomization), 106

assessing

impact, 272

risk

defining risk, 271-272

impact assessment, 272

qualitative risk management, 272-274

qualitative risk mitigation, 272

quantitative risk management, 273-274

residual risk, 271

risk acceptance, 271

risk avoidance, 271

risk management, 271-272

risk reduction, 271

risk registers, 272

risk transference, 271

security analysis, 274-275

security controls, 275-276

vulnerabilities

defining vulnerabilities, 270

general vulnerabilities/basic prevention methods table, 279-280

IT security frameworks, 425

network mapping, 280-281

network sniffers, 283-284

OVAL, 279

password analysis, 284-286

penetration testing, 277-278

process of, 276-277

vulnerability scanning, 282-283

asymmetric algorithms, 327

Diffie-Hellman key exchange, 333

RSA, 331-332

attack guards, 156

attack surface, reducing, 62, 101

attack vectors, malware delivery, 18

attacks/vulnerabilities, programming

arbitrary code execution, 106

backdoor attacks, 105, 109

buffer overflows, 105, 109

code injections, 107-109

directory traversals, 109

DLL injections, 108

integer overflows, 105

LDAP injections, 108

memory leaks, 106

NoSQL injections, 108

null pointer dereferences, 106

RCE, 106-109

SQL injections, 107

XML injections, 108

XSRF, 107-109

XSS, 107-109

zero day attacks, 109

attestation, BIOS, 41

auditing

audit trails, 307

computer security audits, 304

files, 305-306

independent security auditors, 305

logging

application logs, 307

audit trails, 307

DFS Replication logs, 307

DNS Server logs, 307

file maintenance/security, 310-311

firewall logs, 309

Syslog, 309-310

system logs, 307

viewing security events, 306

manual auditing, 304

monitoring and, 294

SIEM, 314

system security settings, 311-314

AUP (Acceptable Use Policies), 414, 417

authentication, 5, 222

AAA, 4

captive portals, 230

CHAP, 235

MS-CHAP, 230

RAS authentication, 230-231

cloud security, 135

context-aware authentication, 223

deauthentication attacks. See Wi-Fi, disassociation attacks

definition, 218

Diameter, port associations with, 152

EAP, 224

EAP-FAST, 226

EAP-MD5, 226

EAP-TLS, 226

EAP-TTLS, 226

LEAP, 226

PEAP, 225-226

extranets, 127

HMAC, 339

identification, 218

inherence factors, 219

intranets, 127

Kerberos, 151, 227-229, 235

knowledge factors, 219

LDAP, 226, 235

LEAP, 226

localized authentication, 224

802.1X, 224-226, 235

Kerberos, 227-229, 235

LDAP, 226, 235

mutual authentication, 227

Remote Desktop Services, 229

MFA, 223

MS-CHAP, 230

multifactor authentication, 230, 394

mutual authentication, 227

networks, 48

nonces, 161

PAM, Kerberos, 229

PEAP, 225-226

physical security, 218

possession factors, 219

RADIUS, 234

port associations with, 152

RADIUS federation, 234-235

reduced sign-ons, 223

remote authentication

RADIUS, 234-235

RAS, 230-231, 235

TACACS+, 234-235

VPN, 231-233

Remote Desktop Services, 229

servers, 48, 225

SSO, 223-224

TACACS+, 151, 234-235

web of trust, 356

authenticators (802.1X), 225

authenticity, programming security, 101

authorization

AAA, 4

biometric readers, 221-222, 236

definition, 218

Diameter, port associations with, 152

FIM, 223

fingerprint readers/scanners, 222

RADIUS, port associations with, 152

automated monitoring, 295

automated systems, war-dialing, 393

automatically updating browsers, 87

automating cyber-crime. See crimeware

availability

CIA triad, 4, 100

VoIP, 132

avoiding risk, 271

awareness training, 5, 416-417

B

back office applications, securing, 98

Back Orifice backdoor attacks, 15, 19

back-to-back firewall/DMZ configurations, 177

back-to-back perimeter networks, 127

backdoors

backdoor attacks, 15, 19, 105, 109

malware delivery, 19

RAT, 19

wired network/device security, 197

backups, 6

battery backups, 372

data, 375

10 tape rotation backup scheme, 381

differential data backups, 380

disaster recovery, 379-382

full data backups, 379

grandfather-father-son backup scheme, 381

incremental data backups, 379-380

snapshot backups, 382

Towers of Hanoi backup scheme, 381

disaster recovery

data backups, 379-382

drills/exercises, 384

DRP, 383-384

fire, 382

flood, 383

loss of building, 383

power loss (long-term), 383

theft/malicious attacks, 383

generators, 372-373

hard disks, 72

redundancy planning

backup generators, 372-373

battery backups, 372

data, 374-376

employees, 379

fail-closed, 370

fail-open, 370

failover redundancy, 369

networks, 376-378

power supplies, 370-371

single points of failure, 369

standby generators, 373

succession planning, 379

websites, 378

unsavable computers, malware, 27

backward compatibility, 60

badware, 25

baiting, social engineering attacks, 394-396

banner grabbing, 283

baselining, 70-71

alerts, 298

baseline reporting, 297

Performance Monitor, 297-298

standard loads, 297

System Monitor, 299

battery backups, 372

battery-inverter generators, 373

BCC (Blind Carbon Copy), preventing/troubleshooting spam, 27

BCP (Business Continuity Plans), 383

behavior-based monitoring, 296

Bell-LaPadula access control model, 247

BER (Basic Encoding Rules) format, certificates, 353

BIA (Business Impact Analysis), BCP, 384

Biba access control model, 247

biometric readers, physical security, 221-222, 236

BIOS (Basic Input/Output System)

attestation, 41

boot order, 40

external ports, disabling, 40

flashing, 39

measured boot option, 40

passwords, 39

root of trust, 40

secure boot option, 40

updates, 73

birthday attacks, 341

bit torrents, malware delivery, 18

BitLocker, disk encryption, 42-43

black book phone number encryption, 323-324

black-box testing, 102

black hats, 7

Blackhole exploit kit, 18

blackhole lists, 158

blackholes, 158

blacklists

applications, 61

OS hardening, 61

preventing/troubleshooting spam, 27

blackouts (power supplies), 371

blind hijacking, 160

block ciphers, 326, 331

blocking cookies, 93

Blowfish, 331

blue hats, 7

Bluetooth

adaptive frequency hopping, 209

AP, 209

bluejacking, 46, 209

bluesnarfing, 46, 210

frequency hopping, 209

NFC, 209

boot order, BIOS, 40

boot sector viruses, 13, 23

botnets

malware delivery, 19

mobile devices, 45, 51

ZeroAccess botnet, 19

bots, 15

BPA (Business Partner Agreements), 418

bridges, 122

broadcast storms, 299

brownouts (power supplies), 371

browsers

automatically updating, 87

choosing, 87

company requirements, 87

functionality, 87

HTTP connections, 47

HTTPS connections, 47

MITB attacks, 160-161, 165

OS, determining, 87

PAC files, 180

pop-up blockers, 35, 38

preventing/troubleshooting spyware, 24

recommendations, 87

security, 88

ad-blocking, 92

add-ons, 94

advanced security settings, 94-95

content filtering, 91-92

cookies, 92-93

LSO, 93

mobile devices, 92

passwords, 95

policy implementation, 88-89

pop-up blocking, 92

proxy servers, 91-92

security zones, 92

temporary files, 94

updates, 92

user training, 90-91

updates, 87, 92

vulnerabilities/fixes, 87

brute-force attacks

password cracking, 286

WAP, 205, 209

buffer overflows, 105, 109

buildings

loss of (disaster recovery), 383

security

fire suppression, 398-400

HVAC, 400-403

shielding, 401-403

vehicles, 402-403

butt sets, wiretapping, 200

BYOD (Bring Your Own Device), mobile device security, 49-52

C

CA (Certificate Authorities), 353

chain of trust, 356

CRL, 355

CSR, 353

horizontal organization, 356

key escrow, 355

key recovery agents, 355

mapping certificates, 355

pinning certificates, 354

revoking certificates, 355

social engineering and, 355

validating certificates, 353

verifying certificates with RA, 355

VeriSign certificates, 353-354

web of trust, 356

cable loops, switches, 122

cabling

coaxial cabling, 198-200

data emanation, 199-201

fiber-optic cabling, 198, 201

interference

crosstalk, 199

EMI, 198

RFI, 199

PDS, 201

STP cabling, 199, 401

twisted-pair cabling, 198

crosstalk, 199

wiretapping, 200

UTP cabling, 199

wired network/device security, 198-201

wiretapping, 200-201

wiring closets, 201

CAC (Common Access Cards). See smart cards

caching proxies, 179-180

Caesar Cipher, 323

Cain & Abel, password cracking, 285

California SB 1386, 413

CallManager, privilege escalation, 196

CAM (Content Addressable Memory) tables, MAC flooding, 121

Camtasia 9, 60

Camtasia Studio 8, 60

CAN (Controller Area Networks), vehicles and facilities security, 402

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), 261

captive portals, 230

capturing

network traffic, incident response procedures, 423

packets, 283, 299

screenshots, incident response procedures, 423

system images, incident response procedures, 422

video, incident response procedures, 423

cardkey systems, 220

carrier unlocking, mobile devices, 45

CASB (Cloud Access Security Brokers), 136

CBC (Cipher Block Chaining), 326

CBC-MAC (Cipher Block Chaining Message Authentication Code) protocol, 204

CCI (Co-Channel Interference). See crosstalk

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), 204

CCTV (Closed-Circuit Television), 219

cell phones. See mobile devices

cellular networks, 210

centralized access control, 248

centrally administered management systems, 61

CER (Canonical Encoding Rules) format, certificates, 353

CER (Crossover Error Rates), biometric readers, 222

certificates

digital certificates

CA, 353

chain of trust, 352, 356

CRL, 355

CSR, 353

key escrow, 355

key recovery agents, 355

mapping, 355

pinning, 354

PKI, 351-353, 356

revoking, 355

validation, 353

verifying with RA, 355

VeriSign certificates, 353-354

web of trust, 356

post-certification process, 438

public key cryptography, 328

chain of custody (evidence collection), 422

change management policies, 414-417

CHAP (Challenge-Handshake Authentication Protocol), 235

MS-CHAP, 230

PPTP and, 359

RAS authentication, 230-231

session theft, 160

cheat sheets, exam preparation, 434-435

checkpoints, VM disk files, 77

Christmas Tree attacks, 157

chromatic dispersion, 201

CIA triad, 3, 100

availability, 4

confidentiality, 3

integrity, 4

secure code review, 100

CIDR (Classless Interdomain Routing), 129

cipher locks, 220

ciphers

algorithms as, 325

block ciphers, 326, 331

Caesar Cipher, 323

defining, 325

RC

RC4, 330-331

RC5, 331

RC6, 331

stream ciphers, 326

one-time pads, 334-335

RC4, 330-331

Vernam ciphers. See one-time pads

circuit-level gateways, 177

Cisco routers, 122

Clark-Wilson access control model, 247

clean desk policy, 397

clearing (data removal), 419-420

clear-text passwords, 301

CLI (Command-Line Interface), closing open ports, 154

clickjacking, 160

client-side attacks, 162

closets (wiring), 201

cloud computing

community clouds, 135

CSP, 134

definition, 133

DLP systems, 39

hybrid clouds, 134

IaaS, 134

MaaS, 134

P2P networks and, 137

PaaS, 134

private clouds, 134

public clouds, 134

SaaS, 133

SECaaS, 134

security

authentication, 135

CASB, 136

data access security, 135

encryption, 136

passwords, 135

programming standardization, 136

server defense

email servers, 138

file servers, 137

FTP servers, 140

network controllers, 137

web servers, 139-140

services, 136

social media and, 136

XaaS, 134

clusters

cluster tips, 420

data remanence, 420

failover clusters, 377

load-balancing clusters, 378

coaxial cabling, 198-200

code checking, programming security, 101

code injections, 109

DLL injections, 108

LDAP injections, 108

NoSQL injections, 108

SQL injections, 107

XML injections, 108

XSRF, 107

XSS, 107

code signing, programming security, 101

coding

ASLR, 106

authenticity, 101

CIA triad, 100

code checking, 101

code signing, 101

DevOps, 100-102

error-handling, 101

integrity, 101

minimizing attack surface area, 101

obfuscation, 101

passwords, 101

patches, 101

permissions, 101

principle of defense in depth, 101

principle of least privilege, 101

quality assurance policies, 100

SDLC

agile model, 100

principles of, 100-102

V-shaped model, 100

waterfall model, 99-100

secure code review, 100

secure coding concepts, 99

testing methods

black-box testing, 102

compile-time errors, 102

dynamic code analysis, 104

fuzz testing, 104

gray-box testing, 102

input validation, 103

penetration tests, 102

runtime errors, 103

sandboxes, 102

SEH, 103

static code analysis, 104

stress testing, 102

white-box testing, 102

threat modeling, 101

trusting user input, 101

vulnerabilities/attacks

arbitrary code execution, 106

backdoor attacks, 105, 109

buffer overflows, 105, 109

code injections, 107-109

directory traversals, 109

DLL injections, 108

integer overflows, 105

LDAP injections, 108

memory leaks, 106

NoSQL injections, 108

null pointer dereferences, 106

RCE, 106-109

SQL injections, 107

XML injections, 108

XSRF, 107-109

XSS, 107-109

zero day attacks, 109

cold and hot aisles (HVAC), facilities security, 400

cold sites, 378

collecting/preserving evidence (incident response procedures), 422-424

collisions, MD5, 338

command-line scripting, network attacks, 162

community clouds, 135

company policies

data sensitivity

classifying data, 411-412

DHE, 412

legislative policies, 412-413

equipment recycling/donation policies, ISA, 419

example of, 411

personal security policies, 413

AUP, 414, 417

awareness training, 416-417

change management policies, 414-417

due care policies, 416-417

due diligence, infrastructure security, 416-417

due process policies, 416-417

mandatory vacations, 415-417

offboarding, 415

onboarding, 415-417

privacy policies, 414

separation of duties/job rotation policies, 415-417

user education, 416-417

vendor policies

BPA, 418

ISA, 418

MoU, 418

SLA, 417-418

compatibility (backward), 60

compensating controls, 276

compile-time errors, 102

compliance

GRC, 413

licensing compliance violations, 423

CompTIA exams

exam preparation checklist, 433-435

grading scale, 432

post-certification process, 438

registration, 434

taking exams, 435-437

Computer Management, 302

computers

maintaining, 73

security audits, 304

confidence tricks (cons), social engineering, 393

confidential information, classifying (data sensitivity), 412

confidentiality (CIA triad), 3, 100

configuration baselines, 70-71

configuring

managing configurations, 68

PAC files, 180

routers, secure configurations, 122

conserving hard disk space, 60

console (WAP). See administration interface

consolidating services, 99

contacts, DRP, 383

containerization (applications), 76

containment phase (incident response procedures), 421

content filtering, 38

browsers, 91-92

Internet, 181

routers, 123

context-aware authentication, 223

contingency planning. See BCP; ITCP

contracts

BPA, 418

ISA, 418

MoU, 418

SLA, 417-418

cookies

accepting/blocking, 93

definition of, 92

Flash cookies. See LSO

persistent cookies, 92

privacy alerts, 93

session hijacking, 93

session theft, 159

tracking cookies, 93

XSS, 93

COOP (Continuity of Operations Plan). See BCP

COPE (Corporate Owned, Personally Enabled) mobile devices, security, 49

copying files/folders, 256

corrective controls, 276

cracking passwords, 284-286

crashes. See system failure

crimeware, 18. See also malware

critical systems/data, hierarchical lists of (DRP), 384

critical updates, 66

CRL (Certificate Revocation Lists), 355

cross-site scripting. See XSS

crosstalk, cabling, 199

cryptanalysis attacks (password cracking method), 286

cryptography. See also encryption

asymmetric key algorithms, 327

black book phone number encryption, 323-324

Caesar Cipher, 323

ciphers

algorithms as, 325

block ciphers, 326

defining, 325

stream ciphers, 326

defining, 323-325

ECC, 333-334

ECDHE, 333

hash functions, 337

HMAC, 339

MD5, 338

RIPEMD, 338

SHA, 338-339

keys

defining, 325

DEK, 330

Diffie-Hellman key exchange, 327, 333

KEK, 330

key stretching, 342

managing, 328

MEK, 330

PKI, 351-356

private key cryptography, 325

public key cryptography, 325-328

quantum cryptography, 334

steganography, defining, 328

symmetric key algorithms, 326

CryptoLocker, 15-17

cryptoprocessors. See HSM

CSO (Chief Security Officers), disaster recovery planning, 384

CSP (Cloud Service Providers), 134

CSR (Certificate Signing Requests), 353

CSU (Channel Service Units), 123

Ctrl+Alt+Del at logon, 258

custody, chain of (evidence collection), 422

CVE (Common Vulnerabilities and Exposures), 139

cyber-crime, automating. See crimeware

cyber-criminals, 8

CYOD (Choose Your Own Device), mobile device security, 49

D

DAC (Discretionary Access Control), 245-248

DACL (Discretionary Access Control Lists), 253

damage/loss control (incident response procedures), 422

Darkleech, 139

darknet, 137

data access security, cloud security, 135

data analysis, incident response procedures, 423

data at rest, defining, 322

data backups, 6, 375

10 tape rotation backup scheme, 381

differential data backups, 380

disaster recovery

10 tape rotation backup scheme, 381

differential data backups, 380

full data backups, 379

grandfather-father-son backup scheme, 381

incremental data backups, 379-380

snapshot backups, 382

Towers of Hanoi backup scheme, 381

full data backups, 379

grandfather-father-son backup scheme, 381

incremental data backups, 379-380

snapshot backups, 382

Towers of Hanoi backup scheme, 381

data centers, mantraps, 394

data disclosure acts, 412-413

data emanation, 199-201

data encryption, 6

3DES, 329, 331

AES, 326, 329-331

asymmetric key algorithms, 327

Blowfish, 331

CBC, 326

ciphers

algorithms as, 325

block ciphers, 326

defining, 325

stream ciphers, 326

cryptography

black book phone number encryption, 323-324

Caesar Cipher, 323

defining, 323-325

hash functions, 337-339

quantum cryptography, 334

data at rest, defining, 322

data in transit, defining, 322

data in use, defining, 322

DEA, 329

defining, 325

DES, 329-331

Diffie-Hellman key exchange, 327, 333

ECB, block ciphers, 326

ECC, 333-334

ECDHE, 333

IDEA, 329

keys

defining, 325

DEK, 330

Diffie-Hellman key exchange, 327, 333

KEK, 330

key stretching, 342

managing, 328

MEK, 330

PKI, 351-356

private key cryptography, 325

public key cryptography, 325-328

one-time pads, 334-335

password hashing

birthday attacks, 341

key stretching, 342

LANMAN hashing, 339-340

NTLM hashing, 340

NTLMv2 hashing, 340

pass the hash attacks, 341

PGP, 335

PKI

CA, 353-356

certificates, 351-353, 356

defining, 351

IPsec, 360

L2TP, 359-360

PPTP, 359

S/MIME, 357

SSH, 359

SSL/TLS, 357-358

PRNG, 336

RC

RC4, 330-331

RC5, 331

RC6, 331

RSA, 331-332

steganography, defining, 328

symmetric key algorithms, 326

Threefish, 331

Twofish, 331

web of trust, 356

data exfiltration, 257

data handling (DHE), sensitive data, 412

data in transit, defining, 322

data in use, defining, 322

data labeling, MAC, 247

Data Link layer (OSI model), 119

data redundancy

RAID 0, 374

RAID 0+1, 375

RAID 1, 374-375

RAID 5, 374-375

RAID 6, 375-376

RAID 10, 375

data remanence, 6, 420

data removal, 6

clearing, 419-420

destroying storage media (physical data removal), 420

purging, 420

data sensitivity

classifying data, 411-412

data handling (DHE), 412

legislative policies, 412-413

data storage segmentation, mobile devices, 49

data validation. See input validation

databases (relational)

normalization, 108

RDBMS, 107-108

DDoS (Distributed Denial-of-Service) attacks, 158, 165

DEA (Data Encryption Algorithm), 329

deauthentication attacks (Wi-Fi). See disassociation attacks (Wi-Fi)

decentralized access control, 248

default accounts, wired network/device security, 195

Default Domain Policy, 258

defense in depth, 6, 101

defragmenting hard disks, 72

DEK (Data Encryption Keys), 330

deleting data

clearing, 419-420

destroying storage media (physical data removal), 420

purging, 420

delivery systems (malware)

active interception, 19

attack vectors, 18

backdoors, 19

bit torrents, 18

botnets, 19

Easter eggs, 20

email, 18

exploit kits, 18

FTP servers, 18

instant messaging, 18

keyloggers, 18

logic bombs, 20

media-based delivery, 18

memory cards, 18

optical discs, 18

P2P networks, 18

privilege escalation, 19

smartphones, 18

software, 18

threat vectors, 18

time bombs, 20

typosquatting, 18

URL hijacking, 18

USB flash drives, 18

user error, 18

websites, 18

zip files, 18

zombies, 19

DER (Distinguished Encoding Rules) format, certificates, 353

DES (Data Encryption Standard), 329-331

designing networks

back-to-back perimeter networks, 127

bridges, 122

cellular networks, 210

cloud computing

community clouds, 135

CSP, 134

definition, 133

hybrid clouds, 134

IaaS, 134

MaaS, 134

P2P networks and, 137

PaaS, 134

private clouds, 134

public clouds, 134

SaaS, 133

SECaaS, 134

security, 135-140

services, 136

social media and, 136

XaaS, 134

CSU, 123

DMZ

3-leg perimeter DMZ, 126

back-to-back perimeter networks, 127

documenting network design, 211

DSU, 123

extranets, 127

firewalls, back-to-back perimeter networks, 127

Internet, 126

intranets, 127

IP addresses, ports and, 153

LAN

routers, 122

VLAN, 130-131

WAN versus, 125

modems, 131-132

NAC, 128

NAT, 123

firewall effect, 123

IPv4 addresses, 123-125

IPv6 addresses, 124-125

private IPv4 addresses, 124

private IPv6 addresses, 124-125

public IPv4 addresses, 124

static NAT, 123

OSI model

layers of, 119-120

TCP/IP model versus, 120

PAT, IPv4 addresses, 123

PBX equipment, 132

ports, 149

application service ports, 150

associated protocols table, 150-152

closing open ports, 154

dynamic ports, 149

FTP servers, 153

inbound ports, 150

IP addresses and, 153

outbound ports, 150

port zero security, 154

private ports, 149

ranges, 149

registered ports, 149

scanning for open ports, 154

TCP, 149-152

TCP reset attacks, 155

UDP, 149-152

unnecessary ports, 154

well-known ports, 149

protocols and port associations

associated protocols table, 150-152

Diameter, 152

DNS, 151

FCIP, 152

FTP, 151, 155

HTTP, 151

IMAP, 151

iSCSI, 152

Kerberos, 151

L2TP, 152

LDAP, 151

Ms-sql-s, 152

NetBIOS, 151

NNTP, 151

POP3, 151

PPTP, 152

RADIUS, 152

RDP, 152

RPC, 151

RTP, 152-153

SMB, 152

SMTP, 151

SNMP, 151

SNMPTRAP, 151

SSH, 151

Syslog, 152

TACACS+, 151

Telnet, 151

TFTP, 151

routers

ACL, 123

Cisco routers, 122

content filtering, 123

firewalls, 123

IPS, 123

secure configurations, 122

secure VPN connectivity, 123

SOHO routers, 122-123

SATCOM, 211

subnetting, 128-129

switches, 120

aggregation switches, 122

ARP spoofing, 121

DHCP starvation attacks, 121

fail-open mode, 121

looping, 122

MAC flooding, 121, 131

MAC spoofing, 121

physical tampering, 121

port security, 121-122

STP, 122

TCP/IP model versus OSI model, 120

telephony

modems, 131-132

PBX equipment, 132

VoIP, 132

VLAN, 130-131

VoIP, 132

VPN, WAP, 205

WAN

LAN versus, 126

routers, 122

wired network/device security

backdoors, 197

cabling, 198-201

default accounts, 195

network attacks, 197

passwords, 195-196

privilege escalation, 196-197

remote ports, 197

Telnet, 198

wireless network security

Bluetooth, 209-210

cellular networks, 210

documenting network design, 211

geofences, 211

GPS, 211

NFC, 209-210

RFID, 210

SATCOM, 211

third-party wireless adapter connections, 202

VPN, 205

WAP, 202-209

wireless protocols, 203-204

wireless transmission vulnerabilities, 208-209

destroying storage media (data removal), 420

detecting rootkits, 16

detective controls, 276

device drivers, updates, 66

DevOps, 100-102

DFS (Distributed File System) Replication logs, 307

DHCP snooping, 121

DHCP starvation attacks, 121

DHE (Data-Handling Electronics), sensitive data, 412

DHTML (Dynamic HTML), hover ads, 38

Diameter, port associations with, 152

dictionary attacks (password cracking method), 286

differential data backups, 380

Diffie-Hellman key exchange, 327, 333

digital certificates

CA, 353

CRL, 355

CSR, 353

key escrow, 355

key recovery agents, 355

mapping, 355

pinning, 354

PKI

BER format, 353

CA, 353

CER format, 353

chain of trust, 352, 356

DER format, 353

dual-sided certificates, 352

DV certificates, 352

EV certificates, 352

multidomain certificates, 352

OV certificates, 352

P12/PFX format, 353

PEM format, 353

SAN field, 352

single-sided certificates, 352

wildcard certificates, 352

X.509 standard, 351

revoking

CRL, 355

OCSP, 355

validation, 353

verifying with RA, 355

VeriSign certificates, 353-354

web of trust, 356

digital signatures, public key cryptography, 327

directory traversals, 109

disabling

default accounts, 195

external ports, 40

guest accounts, 195

hardware, virtualization, 77

LSO, 93

services, 63-65

SSID broadcasting, 179

disassociation attacks (Wi-Fi), 209

disaster recovery

data backups

10 tape rotation backup scheme, 381

differential data backups, 380

full data backups, 379

grandfather-father-son backup scheme, 381

incremental data backups, 379-380

snapshot backups, 382

Towers of Hanoi backup scheme, 381

drills/exercises, 384

DRP

agreements, copies of, 384

BCP, 383

contacts, 383

critical systems/data, hierarchical lists of, 384

drills/exercises, 384

impact determination, 383

fire, 382

flood, 383

loss of building, 383

power loss (long-term), 383

theft/malicious attacks, 383

disaster-tolerant disk systems, RAID, 376

disk duplexing, 374

disk encryption

BitLocker, 42-43

FDE, 42

SED, 42

diversion theft, social engineering attacks, 392, 395

DLL injections, 108

DLP (Data Loss Prevention), 38-39, 182-183

DMZ (Demilitarized Zones)

3-leg perimeter DMZ, 126

back-to-back configurations, 177

back-to-back perimeter networks, 127

firewalls, 177

DNS (Domain Name Servers)

amplification attacks, 158, 165

blackholes, 158

domain name kiting, 163, 166

file network documentation, 211

logs, 307

pharming, 163

poisoning, 162, 166

port associations with, 151

sinkholes, 158

unauthorized zone transfers, 163, 166

zone transfers, 176

DNSBL (DNS Blackhole Lists), 158

domain controllers

IE domain controller-managed policies, 89-90

KDC, tickets, 227

domains

Default Domain Policy, 258

name kiting, 163, 166

donating/recycling equipment policies, 419

door access, physical security

cardkey systems, 220

cipher locks, 220

mantraps, 221

proximity sensors, 221

security tokens, 221

smart cards, 221

DoS (Denial-of-Service) attacks, 155

flood attacks

Fraggle, 156, 164

ping floods, 156, 164

Smurf attacks, 156, 164

SYN floods, 156, 164

UDP flood attacks, 156

Xmas attacks, 157

fork bombs, 157

permanent DoS attacks, 157

POD, 157, 165

spoofed MAC addresses, 208

teardrop attacks, 157, 165

dot dot slash attacks. See directory traversals

double-tagging attacks, 131

downgrade attacks, 358

drive lock passwords, 40

driver updates, 66

DRM (Digital Rights Management), jailbreaking, 196

drones, facilities security, 403

DRP (Disaster Recovery Plans)

agreements, copies of, 384

BCP, 383

contacts, 383

critical systems/data, hierarchical lists of, 384

drills/exercises, 384

impact determination, 383

DSU (Data Service Units), 123

dual-sided certificates, 352

due care policies, 416-417

due diligence, infrastructure security, 416-417

due process policies, 416-417

dumpster diving, social engineering attacks, 394-396

duties

segregation of, 276

separation of, 415-417

DV (Domain Validation) certificates, 352

DyFuCA (Internet Optimizer), 17

dynamic and static analytical monitoring tools, 304

dynamic code analysis, 104

dynamic ports, 149

E

EAP (Extensible Authentication Protocol), 224-226

Easter eggs, malware delivery, 20

eavesdropping, social engineering attacks, 394-395

ECB (Electronic Codebook), block ciphers, 326

ECC (Elliptic Curve Cryptography), 333-334

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral), 333

educating users, 396-397, 416-417

elite hackers, 7

email

address links, preventing/troubleshooting spam, 27

BCC, preventing/troubleshooting spam, 27

blacklists, preventing/troubleshooting spam, 27

identity theft emails, 17

lottery scam emails, 17

malware delivery, 18

open mail relays, preventing/troubleshooting spam, 27

S/MIME, 357

spam

definition of, 17

honeypots, 182

preventing/troubleshooting, 28

SSL/TLS, 357-358

whitelists, preventing/troubleshooting spam, 27

email servers, security, 138

emergency response detail (incident response procedures), 422

EMI (Electromagnetic Interference), cabling, 198

EMP (Electromagnetic Pulses), 402

employees

awareness training, 416-417

clean desk policy, 397

educating, 396-397, 416-417

first responders (incident response procedures), 422

offboarding, 415

onboarding, 415-417

personal security policies, 413

AUP, 414, 417

awareness training, 416-417

change management policies, 414-417

due care policies, 416-417

due diligence, infrastructure security, 416-417

due process policies, 416-417

mandatory vacations, 415-417

offboarding, 415

onboarding, 415-417

privacy policies, 414

separation of duties/job rotation policies, 415-417

succession planning, 379

user education, 416-417

PII, 412-413, 416

vacations, 415-417

vetting, 397

emulators, 75

encryption, 6, 322

3DES, 329-331

AES, 42, 326, 329-331

applications (apps), 47, 52

asymmetric key algorithms, 327

Blowfish, 331

CBC, 326

ciphers

algorithms as, 325

block ciphers, 326

defining, 325

stream ciphers, 326

cloud security, 136

cryptography

black book phone number encryption, 323-324

Caesar Cipher, 323

defining, 323-325

hash functions, 337-339

quantum cryptography, 334

data at rest, defining, 322

data in transit, defining, 322

data in use, defining, 322

DEA, 329

defining, 325

DES, 329-331

Diffie-Hellman key exchange, 327, 333

ECB, block ciphers, 326

ECC, 333-334

ECDHE, 333

encrypted viruses, 14

FTP servers, 140

full device encryption, mobile devices, 46

hard drives

BitLocker, 42-43

FDE, 42

SED, 42

IDEA, 329

keys

defining, 325

DEK, 330

Diffie-Hellman key exchange, 327, 333

KEK, 330

key stretching, 342

managing, 328

MEK, 330

PKI, 351-356

private key cryptography, 325

public key cryptography, 325-328

mobile devices, 44

one-time pads, 334-335

password hashing, 342

birthday attacks, 341

key stretching, 342

LANMAN hashing, 339-340

NTLM hashing, 340

NTLMv2 hashing, 340

pass the hash attacks, 341

PGP, 335

PKI

CA, 353-356

certificates, 351-353, 356-357

defining, 351

IPsec, 360

L2TP, 359-360

PPTP, 359

S/MIME, 357

SSH, 359

SSL/TLS, 357-358

PRNG, 336

RC

RC4, 330-331

RC5, 331

RC6, 331

RSA, 331-332

steganography, defining, 328

symmetric key algorithms, 326

Threefish, 331

Twofish, 331

USB devices, 41

viruses, preventing/troubleshooting, 22

WAP, 203-204, 207

web of trust, 356

whole disk encryption, 72

end-of-chapter questions, exam preparation, 433

endpoint DLP systems, 39

enumeration, 283

ephemeral mode

Diffie-Hellman key exchange, 333

ECDHE, 333

equipment recycling/donation policies, 419

eradication phase (incident response procedures), 421

ERP (Enterprise Resource Planning), IT security frameworks, 425

error-handling

compile-time errors, 102

programming security, 101

runtime errors, 103

SEH, 103

escrow, certificate keys, 355

ESP (Encapsulating Security Payloads), IPsec, 360

Ethernet

ARP poisoning, 164-166

FCoE, 152

NAS, 41-42

Ethernet switching. See switches

ethical hackers, 7

EV (Extended Validation) certificates, 352

events (security)

audit trails, 307

failure to see events in security logs, 306

incidents versus, 420

SIEM, 314

evidence, collecting/preserving (incident response procedures), 422-424

Evil Maid Attack, 17

evil twins, WAP, 203

exams

preparing for

exam preparation checklist, 433-435

grading scale, 432

post-certification process, 438

taking exams, 435-437

registering for, 434

Excel (MS), securing, 98

exception-handling, SEH, 103

expenses/man hours, tracking (incident response procedures), 423

explicit allow firewall rule (ACL), 176

explicit deny firewall rule (ACL), 176

exploit kits, malware delivery, 18

exposing sensitive data, 104

external ports, disabling, 40

extranets, 127

F

F2F (Friend-to-Friend) networks, 137

facilities

loss of (disaster recovery), 383

security

fire suppression, 398-400

HVAC, 400-403

shielding, 401-403

vehicles, 402-403

fail-closed, redundancy planning, 370

fail-open, redundancy planning, 370

fail-open mode, switches, 121

failover clusters, 377

failover redundancy, 369

failure-resistant disk systems, RAID, 376

failure-tolerant disk systems, RAID, 376

failures

single points of (redundancy planning), 369

system failure, 5

false acceptances, biometric readers, 222, 236

false negatives

IDS, 37

IPS, 184

false positives

IDS, 37

NIPS, 184

false rejection, biometric readers, 222, 236

Faraday cages, 200, 207, 401

fault tolerance, 375

FCIP (Fiber Channel over IP), port associations with, 152

FCoE (Fibre Channel over Ethernet), 152

FDE (Full Disk Encryption), 42

FEXT (Far End Crosstalk), 199

fiber-optic cabling, 198, 201

file servers, security, 137

file systems, OS hardening, 71

fileless malware. See non-malware, 16

files/folders

auditing, 305-306

copying, 256

IT folder

advanced security settings, 313-314

permissions, 313

log file maintenance/security, 310-311

moving, 256

net file command, analytical monitoring, 303

openfiles command, analytical monitoring, 302

filters

ad filtering, 38

content filters, 38, 123

Internet content filtering, 181

NAT filtering, 177

packet filtering, 176

Spam filters, 26

stateless packet filters, spoofing attacks, 176

web security gateways, 181

FIM (Federated Identity Management), 223

final network documentation, 211

fingerprint readers/scanners, physical security, 222

fingerprinting, 275

fire

disaster recovery, 382

suppression

fire extinguishers, 398-399

special hazard protection systems, 400

sprinkler systems, 399

FireFox, secure connections, 354

firewalls

back-to-back perimeter networks, 127

closing open ports, 154

firewall effect, NAT, 123

flood guards, 156

IPFW, 35

iptables, 35

logs, 309

network perimeter security

ACL firewall rules, 176

ALG, 177

application firewalls, 178

back-to-back firewall/DMZ configurations, 177

basic implementation diagram, 175

circuit-level gateways, 177

firewall logs, 177

multihomed connections, 179

NAT filtering, 177

packet filtering, 176

SOHO router/firewall Internet sessions, 178

SPI, 176

web application firewalls, 179

NGFW, 359

personal firewalls, 35

IPFW, 35

iptables, 35

PF, 35

SOHO router/firewall configuration, 36

Windows Firewall, 35

ZoneAlarm, 35

PF, 35

routers, 123

SOHO routers, 123

spam firewalls, 26

updates, 73

WAP, 207

Windows Firewall, 21, 35

ZoneAlarm, 35

first responders (incident response procedures), 422

FIT (Failure In Time), quantitative risk assessment, 274

Flash

cookies. See LSO

malicious add-ons, 94

pop-up ads, 38

flash drives, encryption, 41

Flash Player Settings Manager, disabling LSO, 93

flashing, BIOS, 39

flood attacks

Fraggle, 156, 164

MAC flooding, 121, 131

ping floods, 156, 164

Smurf attacks, 156, 164

SYN floods, 156, 164

UDP flood attacks, 156

Xmas attacks, 157

flood guards, 156

flood, disaster recovery, 383

Fluke, 284

folders/files

auditing, 305-306

copying, 256

IT folder

advanced security settings, 313-314

permissions, 313

log file maintenance/security, 310-311

moving, 256

net file command, analytical monitoring, 303

openfiles command, analytical monitoring, 302

forensics, incident response procedures

data analysis, 423

licensing reviews, 423

network traffic, 423

OOV, 422-423

screenshots, 423

system images, 422

tracking man hours/expenses, 423

video, 423

witness statements, 423

fork bombs, 157

forward proxies, 180

Fraggle, 156, 164

frequency hopping, 209

FTP (File Transfer Protocol), 155

port associations with, 151

servers

malware delivery, 18

ports and, 153

protocol analysis, 300

security, 140

FTPS (FTP Secure), 155

full data backups, 379

full device encryption, mobile devices, 46

fuzz testing, 104

G

gas-engine generators, 373

Gates, Bill, 393

gateways

ALG, 177

circuit-level gateways, 177

web security gateways, 181

generators

backup generators, 372-373

battery-inverter generators, 373

fuel sources, 373

gas-powered generators, 373

permanently installed generators, 373

portable generators, 373

power output, 373

standby generators, 373

starting, 373

uptime, 373

genetic algorithms, 336

geofences, 211

geotagging, 49, 211

GinMaster Trojan, 45

glass-box testing. See white-box testing

GLB (Gramm-Leach-Bliley) act, 413

Gnutella, firewall logs, 178

Google, name change hoax, 393

GPG (GNU Privacy Guard) and PGP, 335

GPMC (Group Policy Management Console), 90

GPS (Global Positioning Systems)

geofences, 211

geotagging, 49, 211

mobile devices, 46

wireless network security, 211

GPT rootkits, preventing/troubleshooting, 25

grading scale, CompTIA exams, 432

grandfather-father-son backup scheme, 381

gray-box testing, 102

gray hats, 7

grayware, 16

GRC (Governance, Risk and Compliance), 413

GRE (Generic Routing Encapsulation), 233

Group Policies

GPMC, 90

Import Policy From window (Windows Server), 69

Local Group Policy Editor, 69

OS hardening, 69

groups, access control, 253

guessing (password cracking method), 285

guest accounts, disabling, 195

H

hackers. See also threat actors

black hats, 7

blue hats, 7

elite hackers, 7

ethical hackers, 7

gray hats, 7

thinking like a hacker, 6

white hats, 7

Hackers, 245

hacktivists, 8

Hanoi backup scheme, Towers of, 381

happy birthday attacks, 341

hard disks

backups, 72

conserving disk space, 60

data removal

clearing, 419-420

destroying storage media (physical data removal), 420

purging, 420

defragmenting, 72

drive lock passwords, 40

encryption

BitLocker, 42-43

FDE, 42

SED, 42

whole disk encryption, 72

fault tolerance, 375

maintaining, 73

OS hardening, 71-72

restore points, 72

hardening OS, 59

applications

backward compatibility, 60

blacklisting, 61

removing, 59-60

whitelisting, 61

attack surface, reducing, 62

baselining, 70-71

centrally administered management systems, 61

configuration management, 68

file systems, 71

Group Policies, 69

hard disks, 60, 71-72

hotfixes, 66-67

least functionality, 59

Linux, starting/stopping services, 64-65

MacOS/OS X, starting/stopping services, 64-65

messaging, 59

patches, 66-68

remote control programs, 60

Remote Desktop Connection, 60

Remote Desktop Services, 62

security templates, 69-70

services

disabling, 63-65

Remote Desktop Services, 62

removing, 59-60

TOS, 65

updates, 65-66

whitelisting applications, 61

Windows

Programs and Features window, 60

starting/stopping services, 63-65

Windows Update, 65-66

Windows XP, 62

hashing

defining, 336

hash functions

cryptographic hash functions, 337-339

defining, 336

HMAC, 339

MD5, 338

one-way function, 337

password hashing

birthday attacks, 341

key stretching, 342

LANMAN hashing, 339-340

NTLM hashing, 340

NTLMv2 hashing, 340

pass the hash attacks, 341

process of, 336

RIPEMD, 338

SHA, 338, 339

system images, incident response procedures, 422

HAVA (Help America Vote Act of 2002), 413

hazard protection systems, 400

headers

AH, IPsec, 360

manipulation, 299

heuristic analysis, 296

HIDS (Host-based Intrusion Detection Systems), 35-37

hierarchical CA organization, 356

hierarchical lists of critical systems/data, DRP, 384

high availability, RAID arrays, 42

high-energy EMP (Electromagnetic Pulses), 402

hijacking sessions, XSS, 93

HIPAA (Health Insurance Portability and Accountability Act), 413

HIPS (Host Intrusion Prevention Systems), 184

HMAC (Hash-based Message Authentication Code), 339

hoaxes, social engineering attacks, 393-395

honeynets, 182

honeypots, 182

horizontal privilege escalation, 197

host files, DNS servers, 163, 166

hosted hypervisors, 75

HOSTS files, preventing/troubleshooting spyware, 25

hot and cold aisles (HVAC), facilities security, 400

hot sites, 378

hotfixes, OS hardening, 66-67

hover ads (DHTML), 38

HSM (Hardware Security Modules), 43

HTTP (Hypertext Transfer Protocol), 91

connections, 47

port associations with, 151

proxies. See proxy servers

response packets, header manipulation, 299

HTTPS (Hypertext Transfer Protocol Secure), 47, 358

HVAC (Heating, Ventilation, Air Conditioning), facilities security, 400

ANT sensors, 401

SCADA, 401-403

shielding, 401

hybrid clouds, 134

Hyper-V, 77

hypervisors, 75

I

IA (Information Assurance). See risk, assessment; risk, management, 271

IaaS (Infrastructure as a Service), 134

ICMP flood attacks. See ping floods

IDEA (International Data Encryption Algorithm), 329

identification

authentication schemes, 218

biometric readers, 221-222, 236

cardkey systems, 220

definition, 218

FIM, 223

fingerprint readers/scanners, 222

identity proofing, 219

identity theft emails, 17

photo ID, 220

security tokens, 221

smart cards, 221

verifying. See authentication

identification phase (incident response procedures), 421

IDF (Intermediate Distribution Frame) rooms, wire closets, 201

IDPS (Intrusion Detection and Prevention Systems), 37

IDS (Intrusion Detection Systems)

false negatives, 37

false positives, 37

HIDS, 35-37

NIDS, 36

placement within networks, 184

promiscuous mode, 183

protocol analyzers, 185

signature-based detection, 36

statistical anomaly detection, 36

WIDS, 186

IE (Internet Explorer)

domain controller-managed policies, 89-90

Internet Explorer Maintenance Security, 89

security settings, 89

IF-THEN statements, genetic algorithms, 336

imaging

OOV, 422-423

systems, 73, 422

IMAP (Internet Message Access Protocol), port associations with, 151

immutable systems, 100

impact analysis (business), BCP, 384

impact assessment, 272

impact determination, DRP, 383

implicit deny (access control), 249

implicit deny firewall rule (ACL), 176

Import Policy From window (Windows Server), 69

in-band management, 301

inbound ports, 150

incident management, 420

incident response procedures

chain of custody (evidence collection), 422

collecting/preserving evidence, 422-424

containment phase, 421

damage/loss control, 422

emergency response detail, 422

eradication phase, 421

events versus incidents, 420

forensics

data analysis, 423

licensing reviews, 423

network traffic, 423

OOV, 422-423

screenshots, 423

system images, 422

tracking man hours/expenses, 423

video, 423

witness statements, 423

identification phase, 421

initial incident management process, 422

lessons learned phase, 421

need-to-know, 424

preparation phase, 421

recovery phase, 421

incremental data backups, 379-380

information security

anti-malware software, 6

authentication, 5

backups, 6

data removal, 6

defense in depth, 6

encryption, 6

malware, 4

security plans, 5

social engineering, 5

system failure, 5

unauthorized access, 4

user awareness, 5

infrastructure security, due diligence, 416-417

inherence factors (authentication), 219

inheritance (permissions), 255

initial incident management process (incident response procedures), 422

input validation, 103-104

instant messaging

malware delivery, 18

OS hardening, 59

spim, 17

integer overflows, 105

integrity (CIA triad), 4, 100-101

interference

cabling

crosstalk, 199

EMI, 198

RFI, 199

surveys, 207

internal information, classifying (data sensitivity), 412

Internet

content filtering, 181

messaging, 48

network design, 126

Internet Explorer

Internet Optimizer, 16-17

Maintenance Security, 89

Internet protocol suite. See TCP/IP

intranets, 127

IP addresses

ports and, 153

spoofing attacks, 159

IP proxies, 179

IP spoofing attacks, 123

IPFW (IP Firewall), 35

IPS (Intrusion Prevention Systems), 37

false negatives, 184

HIPS, 184

NIPS, 183

false positives, 184

protocol analyzers, 185

routers, 123

WIPS, 186

IPsec (Internet Protocol Security)

AH, 360

ESP, 360

SA, 360

transport mode, 360

tunneling mode, 360

iptables, 35

IPv4

addresses, 123-125

firewall effect, 123

IPv6 addresses, 124-125

IronKey, 41

ISA (Interconnection Security Agreements), 418

iSCSI (Internet Small Computer Systems Interface), port associations with, 152

ISP (Internet Service Providers), redundancy planning, 377

ISSO (Information Systems Security Officers), disaster recovery planning, 384

IT folder

advanced security settings, 313-314

permissions, 313

IT security frameworks, 425

ITCP (IT Contingency Planning), 384

IV attacks, 208

J – K

jailbreaking, 92, 196. See also privilege escalation

DRM, 196

mobile devices, 50

jamming surveys, 207

job rotation

access control, 250

separation of duties policies, 415-417

KDC (Key Distribution Center), tickets, 227

KEK (Key Encryption Keys), 330

Kerberos, 227-229, 235, 326, 341

LDAP injections, 138

Microsoft Security Bulletins, 138

port associations with, 151

vulnerabilities, 138

keyloggers, 18, 304

keys

certificate keys, 355

cryptography

asymmetric key algorithms, 327

defining, 325

DEK, 330

Diffie-Hellman key exchange, 327, 333

KEK, 330

key stretching, 342

managing, 328

MEK, 330

PKI, 351-360

private key cryptography, 325, 332

public key cryptography, 325-328, 331-334

QKD, 334

symmetric key algorithms, 326

web of trust, 356

management, 48

Knoppix, 23-25

knowledge factors (authentication), 219

L

L2TP (Layer 2 Tunneling Protocol), 359-360

port associations with, 152

VPN connections, 232-233

LAN (Local Area Networks)

bridges, 122

broadcast storms, 299

routers, 122

split tunneling, 233

VLAN

MAC flooding, 131

VLAN hopping, 130

WAN versus, 125

LANMAN hashing, 339-340

LDAP (Lightweight Directory Access Protocol), 226, 235

injections, 108, 138

port associations with, 151

LEAP (Lightweight Extensible Authentication Protocol), 226

least functionality, 59

least privilege

access control, 249

principle of, 101

legislative policies, 412-413

lessons learned phase (incident response procedures), 421

licensing

compliance violations, 423

reviewing, incident response procedures, 423

linemanls handsets. See butt sets

links (email), preventing/troubleshooting spam, 27

Linux

file permissions, 254

netstat command, analytical monitoring, 303

OS hardening, starting/stopping services, 64-65

patch management, 68

SELinux, 37

System Monitor, 299

tcpdump packet analyzer, 301

virus prevention/troubleshooting tools, 23

vulnerability scanning, 283

LM hashes. See LANMAN hashing

load-balancing clusters, 378

Local Group Policy

browser security, 88

LANMAN hashing, 340

Local Group Policy Editor, 69

localized authentication

802.1X, 235

authentication procedure, 225-226

connection components, 225

EAP, 224-226

Kerberos, 227-229, 235

LDAP, 226, 235

mutual authentication, 227

Remote Desktop Services, 229

locking systems, vehicles and facilities security, 403

lockout programs, mobile devices, 46

logic bombs, malware delivery, 20

logins

Ctrl+Alt+Del at logon, 258

SSO, 223-224

logs

application logs, 307

audit trails, 307

DFS Replication logs, 307

DNS Server logs, 307

file maintenance/security, 310-311

firewall logs, 177, 309

network traffic logs, incident response procedures, 423

non-repudiation, 306

security events, failure to see events, 306

Syslog, 309, 310

system logs, 307

long-term power loss, disaster recovery, 383

looping switches, 122

loss/damage control (incident response procedures), 422

loss of building, disaster recovery, 383

lottery scam emails, 17

Love Bug viruses, 17

LSO (Locally Shared Objects), 93

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.239.11.178