Transport protocol

Uses UDP, which may result in faster response

Uses TCP, which offers more information for troubleshooting

Confidentiality

Encrypts only the password in the access-request packet

Encrypts the entire body of the packet but leaves a standard TACACS+ header for troubleshooting

Authentication and authorization

Combines authentication and authorization

Separates authentication, authorization, and accounting processes

Supported layer 3 protocols

Does not support any of the following:

• AppleTalk Remote Access (ARA) protocol

• NetBIOS Frame Protocol Control protocol

• X.25 PAD connections

Supports all protocols

Devices

Does not support securing the available commands on routers and switches

Supports securing the available commands on routers and switches

Traffic

Creates less traffic

Creates more traffic

Circuit-level proxy

At the network edge

Application-level proxy

Close to the application server it is protecting

Kernel proxy firewall

Close to the systems it is protecting

Packet-filtering firewall

Located between subnets, which must be secured

Circuit-level proxy

At the network edge

Application-level proxy

Close to the application server it is protecting

Kernel proxy firewall

Close to the systems it is protecting

RAID 0

2

Data striping without redundancy

Highest performance

No data protection; if one drive fails, all data is lost

RAID 1

2

Disk mirroring

Very high performance; very high data protection; very minimal penalty on write performance

High redundancy cost overhead; because all data is duplicated, twice the storage capacity is required

RAID 3

3

Byte-level data striping with a dedicated parity drive

Excellent performance for large, sequential data requests

Not well suited for transaction-oriented network applications; the single parity drive does not support multiple, simultaneous read and write requests

RAID 5

3

Block-level data striping with distributed parity

Best cost/performance for transaction-oriented networks; very high performance and very high data protection; supports multiple simultaneous reads and writes; can also be optimized for large, sequential requests

Write performance is slower than with RAID 0 or RAID 1

RAID 10

4

Disk striping with mirroring

High data protection, which increases each time you add a new striped/mirror set

High redundancy cost overhead; because all data is duplicated, twice the storage capacity is required

Authentication attacks

Multiple unsuccessful logon attempts

Alert sent and/or disabling after 3 failed attempts

Active Directory

Syslog

RADIUS

TACACS+

Firewall attacks

Multiple drop/reject/deny events from the same IP address

Alert sent on 15 or more of these events from a single IP address in a minute

Firewall

Routers

Switches

IPS/IDS attacks

Multiple drop/reject/deny events from the same IP address

Alert sent on 7 or more of these events from a single IP address in a minute

IPS

IDS

Telnet

TCP

23

SMTP

UDP

25

HTTP

TCP

80

SNMP

TCP and UDP

161 and 162

FTP

TCP and UDP

20 and 21

FTPS

TCP

989 and 990

SFTP

TCP

22

TFTP

UDP

69

POP3

TCP and UDP

110

DNS

TCP and UDP

53

DHCP

UDP

67 and 68

SSH

TCP

22

LDAP

TCP and UDP

389

NetBIOS

TCP and UDP

137, 138, and 139

CIFS/SMB

TCP

445

NFSv4

TCP

2049

SIP

TCP and UDP

5060

XMPP

TCP

5222

IRC

TCP and UDP

194

RADIUS

TCP and UDP

1812 and 1813

rlogin

TCP

513

rsh and RCP

TCP

514

IMAP

TCP

143

HTTPS

TCP and UDP

443

RDP

TCP and UDP

3389

AFP over TCP

TCP

548

Success and failure audit for file-access printers and object-access events or print management success and failure audit of print access by suspect users or groups for the printers

Improper access to printers

Failure audit for logon/logoff

Random password hack

Success audit for user rights, user and group management, security change policies, restart, shutdown, and system events

Misuse of privileges

Success audit for logon/logoff

Stolen password break-in

Success and failure write access auditing for program files (.EXE and .DLL extensions) or success and failure auditing for process tracking

Virus outbreak

Success and failure audit for file-access and object-access events or File Explorer success and failure audit of read/write access by suspect users or groups for the sensitive files

Improper access to sensitive files

tcsh

Similar to the C shell

Bourne shell

The most basic shell available on all UNIX systems

C shell

Similar to the C programming language in syntax

Korn shell

Based on the Bourne shell, with enhancements

Bash shell

Combines the advantages of the Korn shell and the C shell; the default on most Linux distributions

WPA Personal

Preshared key

TKIP

Michael

WPA Enterprise

802.1X (RADIUS)

TKIP

Michael

WPA2 Personal

Preshared key

CCMP, AES

CCMP

WPA2 Enterprise

802.1X (RADIUS)

CCMP, AES

CCMP

A

A host record that represents the mapping of a single device to an IPv4 address

AAAA

A host record that represents the mapping of a single device to an IPv6 address

CNAME

An alias record that represents an additional hostname mapped to an IPv4 address that already has an A record mapped

NS

A name server record that represents a DNS server mapped to an IPv4 address

MX

A mail exchanger record that represents an email server mapped to an IPv4 address

SOA

A Start of Authority record that represents a DNS server that is authoritative for a DNS namespace

Internal workings of the application are not known.

Internal workings of the application are somewhat known.

Internal workings of the application are fully known.

Also called closed-box, data-driven, and functional testing.

Also called translucent testing, as the tester has partial knowledge.

Also known as clear-box, structural, or code-based testing.

Performed by end users, testers, and developers.

Performed by end users, testers, and developers.

Performed by testers and developers.

Least time-consuming.

More time-consuming than black-box testing but less so than white-box testing.

Most exhaustive and time-consuming.

SOC 1

Internal controls over financial reporting

User auditors and users’ controller office

SOC 2

Security, availability, processing integrity, confidentiality, or privacy controls

Management, regulators, and others; shared under non-disclosure agreement (NDA)

SOC 3

Security, availability, processing integrity, confidentiality, or privacy controls

Publicly available to anyone

AccessChk

Displays the access the user or group you specify has to files, Registry keys, or Windows services.

AccessEnum

Displays who has what access to directories, files, and Registry keys on your systems.

Autoruns

Displays programs that start up automatically when your system boots and you log in.

LogonSessions

Lists active logon sessions.

PsLoggedOn

Shows users logged on to a system.

SDelete

Overwrites sensitive files and cleanses free space of previously deleted files using this DoD-compliant secure delete program.

ShareEnum

Scans file shares on your network so you can view their security settings and close security holes.

Disk

Encrypts an entire volume or an entire disk

Single key per drive

Slows the boot and logon process

No encryption while data is in transit

File and record

Encrypts a single file

Single key per file

Slows opening of a file

No encryption while data is in transit

Port

Encrypts data in transit

Single key per packet

Slows network performance

No encryption while data is at rest