MaaS (Monitoring as a Service), 134
MAC (Mandatory Access Control), 246-248
data labeling, 247
filtering, WAP, 207
lattice-based access control, 247
rule-based access control, 247
MacOS/OS X
OS hardening, starting/stopping services, 64-65
macro viruses, 13
maintenance
computers, 73
hard disks, 73
Internet Explorer Maintenance Security, 89
malicious add-ons, 94
malicious attacks/theft, disaster recovery, 383
malicious insiders, social engineering attacks, 392
malicious insider threats, social engineering attacks, 391, 395
malvertising, 15
malware, 4. See also crimeware
adware, 16
anti-malware
software, 6
updates, 73
APT, 15
badware, 25
delivery systems
active interception, 19
attack vectors, 18
backdoors, 19
bit torrents, 18
botnets, 19
Easter eggs, 20
email, 18
exploit kits, 18
FTP servers, 18
instant messaging, 18
keyloggers, 18
logic bombs, 20
media-based delivery, 18
memory cards, 18
optical discs, 18
P2P networks, 18
privilege escalation, 19
smartphones, 18
software, 18
threat vectors, 18
time bombs, 20
typosquatting, 18
URL hijacking, 18
USB flash drives, 18
user error, 18
websites, 18
zip files, 18
zombies, 19
grayware, 16
malvertising, 15
non-malware, 16
ransomware
definition of, 17
preventing/troubleshooting, 24
rootkits, 16
Alureon rootkits, 16
definition of, 17
detecting, 16
Evil Maid Attack, 17
preventing/troubleshooting, 25, 28
spam, 16
definition of, 17
filters, 26
firewalls, 26
identity theft emails, 17
lottery scam emails, 17
preventing/troubleshooting, 26-28
spim, 17
definition of, 17
Internet Optimizer, 17
preventing/troubleshooting, 24-25, 28
symptoms of, 24
tracking cookies, 93
Trojans, 14
definition of, 17
GinMaster Trojan, 45
PlugX Trojans, 17
preventing/troubleshooting, 23, 28
time bombs, 20
ZeroAccess botnet, 19
unsavable computers, 27
viruses
armored viruses, 14
definition of, 17
encrypted viruses, 14
Love Bug virus, 17
macro viruses, 13
metamorphic viruses, 14
multipartite viruses, 14
polymorphic viruses, 14
preventing/troubleshooting, 20-23, 27
program viruses, 13
stealth viruses, 14
symptoms of, 22
virus hoaxes, 14
worms, 14
definition of, 17
Nimda, 14
Nimda worm, 17
preventing/troubleshooting, 23, 27
man hours/expenses, tracking (incident response procedures), 423
management controls, 275
managing
add-ons, 94
application patches, 97
change management policies, 414-417
configurations, 68
group policies, GPMC, 90
in-band management, 301
incidents, 420
keys (cryptography), 328
out-of-band management, 301
patches, 68
vulnerabilities
general vulnerabilities/basic prevention methods table, 279-280
OVAL, 279
Mandatory Security Policy. See MAC
mantraps
multifactor authentication, 394
physical security, 221
manual auditing, 304
manual monitoring, 295
many-to-one mapping (certificates), 355
mapping
certificates, 355
MBR (Master Boot Records) rootkits, preventing/troubleshooting, 25
MBSA (Microsoft Baseline Security Analyzer), 68
MD5 (Message-Digest algorithm 5), 338
MDF (Main Distribution Frame) rooms, wire closets, 201
MDM (Mobile Device Management), 49
measured boot option, BIOS, 40
media gateways, 132
media-based malware delivery, 18
MEK (Master Encryption Keys), 330
memory
ASLR, 106
CAM tables, MAC flooding, 121
integer overflows, 105
memory leaks, 106
null pointer dereferences, 106
RDBMS, stored procedures, 107-108
memory cards, malware delivery, 18
messaging (instant)
malware delivery, 18
MMS attacks, 48
OS hardening, 59
SMS attacks, 48
spim, 17
metamorphic viruses, 14
MFA (Multifactor Authentication), 223
Microsoft domains, KDC tickets, 227
Microsoft Edge, policy settings, 89
Microsoft Security Bulletins, Kerberos vulnerabilities, 138
minimizing attack surface area, 101
mirroring ports, 300
MITB (Man-in-the-Browser) attacks, 160-161, 165
mitigating risk, 272
MITM (Man-in-the-Middle) attacks, 19, 160, 165
mobile apps, security, 98
access control, 50
application security, 52
application blacklisting, 48
application whitelisting, 48
geotagging, 49
HTTPS connections, 47
key management, 48
MMS attacks, 48
server/network authentication, 48
SMS attacks, 48
transitive trust, 48
bluejacking, 46
bluesnarfing, 46
browser security, 92
carrier unlocking, 45
COPE, 49
crosstalk, 199
CYOD, 49
encryption, 44
full device encryption, 46
lockout programs, 46
MDM, 49
offboarding, 50
onboarding, 50
sanitizing, 47
screen locks, 47
sideloading, 50
social engineering attacks, 45
storage segmentation, 49
modems
war-dialing, 132
monitoring
analytical monitoring tools
Computer Management, 302
keyloggers, 304
net file command, 303
netstat command, 303
openfiles command, 302
static and dynamic analytical tools, 304
anomaly-based monitoring, 295-296
auditing and, 294
automated monitoring, 295
behavior-based monitoring, 296
manual monitoring, 295
performance baselining
alerts, 298
baseline reporting, 297
standard loads, 297
System Monitor, 299
protocol analyzers
broadcast storms, 299
network adapters, 299
packet capturing, 299
TCP/IP handshakes, 299
session monitoring, Computer Management, 302
signature-based monitoring, 295-296
motion detectors, physical security, 220
MoU (Memorandums of Understanding), 418
moving files/folders, 256
MPLS (Multiprotocol Label Switching), 233
MS-CHAP (Microsoft-Challenge Handshake Authentication Protocol), RAS authentication, 230
Ms-sql-s, port associations with, 152
MTBF (Mean Time Between Failures), quantitative risk assessment, 274
MTTF (Mean Time To Failure), quantitative risk assessment, 274
MTTR (Mean Time To Repair), quantitative risk assessment, 274
multicast IPv6 addresses, 125
multidomain certificates, 352
multifactor authentication, 230, 394
multihomed connections, 179
multipartite viruses, 14
multiple user accounts, 253
mutual authentication, 227
NAC (Network Access Control), 128
NAS (Network Attached Storage), 41
NAT (Network Address Translation)
filtering, 177
firewall effect, 123
static NAT, 123
native hypervisors, 75
NCAS (National Cyber Awareness System), mobile device security, 44
Ncat, 283
need-to-know (incident response procedures), 424
Nessus, 283
net file command, analytical monitoring, 303
NetBIOS, port associations with, 151
NetBus, 15
Netcat, 283
netstat command, analytical monitoring, 303
network controllers, security, 137
Network layer (OSI model), 119
networks
attacks
blackhole lists, 158
blackholes, 158
client-side attacks, 162
command-line scripting and, 162
phishing attacks, 159
session hijacking, 159-161, 165
sinkholes, 158
wired network/device security, 197
authentication, 48
back-to-back perimeter networks, 127
bridges, 122
cellular networks, 210
cloud computing
community clouds, 135
CSP, 134
definition, 133
hybrid clouds, 134
IaaS, 134
MaaS, 134
P2P networks and, 137
PaaS, 134
private clouds, 134
public clouds, 134
SaaS, 133
SECaaS, 134
services, 136
social media and, 136
XaaS, 134
connections, redundancy planning, 376
CSU, 123
DLP systems, 39
DMZ
3-leg perimeter DMZ, 126
back-to-back perimeter networks, 127
documenting network design, 211
DSU, 123
enumerators, 283
extranets, 127
firewalls, back-to-back perimeter networks, 127
Internet, 126
intranets, 127
IP addresses and ports, 153
LAN
routers, 122
WAN versus, 125
NAC, 128
NAS, 41
NAT
firewall effect, 123
private IPv4 addresses, 124
private IPv6 addresses, 124-125
public IPv4 addresses, 124
static NAT, 123
OSI model
TCP/IP model versus, 120
PAT, IPv4 addresses, 123
PBX equipment, 132
perimeter security, 174
HIPS, 184
honeynets, 182
honeypots, 182
SSID broadcasting, disabling, 179
UTM, 186
web security gateways, 181
WIDS, 186
WIPS, 186
ports
application service ports, 150
associated protocols table, 150-152
closing open ports, 154
dynamic ports, 149
FTP servers, 153
inbound ports, 150
IP addresses and, 153
outbound ports, 150
port zero security, 154
private ports, 149
protocol associations, 150-152
ranges, 149
registered ports, 149
scanning for open ports, 154
unnecessary ports, 154
well-known ports, 149
protocols and port associations
associated protocols table, 150-152
Diameter, 152
DNS, 151
FCIP, 152
HTTP, 151
IMAP, 151
iSCSI, 152
Kerberos, 151
L2TP, 152
LDAP, 151
MS-sql-s, 152
NetBIOS, 151
NNTP, 151
POP3, 151
PPTP, 152
RADIUS, 152
RDP, 152
RPC, 151
SMB, 152
SMTP, 151
SNMP, 151
SNMPTRAP, 151
SSH, 151
Syslog, 152
TACACS+, 151
Telnet, 151
TFTP, 151
redundancy planning
ISP, 377
network adapters, 376
network connections, 376
switches, 377
routers
ACL, 123
Cisco routers, 122
content filtering, 123
firewalls, 123
IPS, 123
secure configurations, 122
secure VPN connectivity, 123
SAN, NAS, 42
SATCOM, 211
security, 174
HIPS, 184
honeynets, 182
honeypots, 182
SSID broadcasting, disabling, 179
UTM, 186
web security gateways, 181
WIDS, 186
WIPS, 186
switches, 120
aggregation switches, 122
ARP spoofing, 121
DHCP starvation attacks, 121
fail-open mode, 121
looping, 122
MAC spoofing, 121
physical tampering, 121
STP, 122
TCP/IP model versus OSI model, 120
telephony
PBX equipment, 132
VoIP, 132
traffic, incident response procedures, 423
transitive trust, 48
VoIP, 132
VPN, WAP, 205
WAN
LAN versus, 126
routers, 122
wired network/device security
backdoors, 197
default accounts, 195
network attacks, 197
remote ports, 197
Telnet, 198
wireless network security
cellular networks, 210
documenting network design, 211
geofences, 211
GPS, 211
RFID, 210
SATCOM, 211
third-party wireless adapter connections, 202
VPN, 205
wireless transmission vulnerabilities, 208-209
NEXT (Near End Crosstalk), 199
NFC (Near Field Communication), 209-210
NGFW (Next Generation Firewalls), 359
NIDS (Network Intrusion Detection Systems), 36
placement within networks, 184
promiscuous mode, 183
protocol analyzers, 185
NIPS (Network Intrusion Prevention Systems), 183
false positives, 184
protocol analyzers, 185
NIST penetration testing, 278
Nmap, 282
NMS (Network Management System), SNMP, 301
NNTP (File Transfer Protocol), port associations with, 151
non-promiscuous mode, network adapters, 299
normalization, relational databases, 108
NoSQL injections, 108
NTFS (NT File System) permissions, 253, 256
NTLM hashing, 340
NTLMv2 hashing, 340
null pointer dereferences, 106
obfuscation, programming security, 101
OCSP (Online Certificate Status Protocol), 355
on-demand VPN (Virtual Private Networks), 360
one-way functions, hashes as, 337
OOV (Order of Volatility)
incident response procedures, 422-423
open mail relays, preventing/troubleshooting spam, 27
open ports
closing, 154
scanning for, 154
openfiles command, analytical monitoring, 302
operational controls, 276
optical discs, malware delivery, 18
organizational policies
data sensitivity
DHE, 412
example of, 411
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
equipment recycling/donation policies, 419
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
organized crime, 8
organizing CA horizontally, 356
OS
fingerprinting, 275
hardening
backward compatibility of applications, 60
blacklisting applications, 61
centrally administered management systems, 61
configuration management, 68
file systems, 71
Group Policies, 69
hard disk space, conserving, 60
Linux, starting/stopping services, 64-65
MacOS/OS X, starting/stopping services, 64-65
messaging, 59
reducing attack surface, 62
remote control programs, 60
Remote Desktop Connection, 60
Remote Desktop Services, 62
TOS, 65
whitelisting applications, 61
Windows, starting/stopping services, 63-65
Windows Programs and Features window, 60
Windows XP, 62
updates, 73
OS GUI, closing open ports, 154
OS X
OS hardening, starting/stopping services, 64-65
patch management, 68
OSI (Open Systems Interconnection) model, network design
TCP/IP model versus, 120
OSINT (Open Source Intelligence), social engineering, 391
OSSEC, 37
OSSTMM (Open Source Security Testing Methodology Manual), penetration testing, 278
out-of-band management, 301
outbound ports, 150
Outlook (MS), securing, 98
OV (Organizational Validation) certificates, 352
OVAL (Open Vulnerability and Assessment Language), 279
P2P networks
cloud computing and, 137
malware delivery, 18
P12/PFX (P12 Personal Information Exchange) format, certificates, 353
PaaS (Platform as a Service), 134
PAC (Proxy Auto-Configuration) files, 180
filtering, 176
headers
manipulating, 299
session theft, 159
HTTP response packets, header manipulation, 299
SPI, 176
PAM (Pluggable Authentication Modules), Kerberos, 229
pass the hash attacks, 341
passive optical splitters, fiber-optic cabling, 201
passive reconnaissance (security analysis), 275
passwords, 256
Administrator accounts, 257-258
BIOS, 39
browser security, 95
clear-text passwords, 301
cloud security, 135
complexity of, 260
data exfiltration, 257
default accounts, 195
drive lock passwords, 40
guest accounts, 258
hashing
birthday attacks, 341
key stretching, 342
NTLM hashing, 340
NTLMv2 hashing, 340
pass the hash attacks, 341
length of, 260
nonce, 342
programming security, 101
wired network/device security, 195-196
PAT (Port Address Translation), IPv4 addresses, 123
patches
application patch management, 97
managing, 68
programming security, 101
PayPal, VeriSign certificates, 353-354
PBX (Private Branch Exchange) equipment, network design, 132
Pcap. See packets, capturing, 299
PDS (Protected Distribution Systems), cabling, 201
PEAP (Protected Extensible Authentication Protocol), 225-226
PEM (Privacy-enhanced Electronic Mail) format, certificates, 353
penetration tests, 102, 277-278
people, succession planning, 379
performance baselining, 297
alerts, 298
baseline reporting, 297
standard loads, 297
System Monitor, 299
Performance Monitor, 297-298, 302
peripherals (wireless), 43
permanent DoS attacks, 157
permanently installed generators, 373
permissions
ACL, 253
DACL, 253
inheritance, 255
IT folder, 313
Linux file permissions, 254
privilege creep, 254
programming security, 101
propagating, 255
SACL, 253
user access recertification, 255
persistence (penetration testing), 278
persistent cookies, 92
personal firewalls
IPFW, 35
iptables, 35
PF, 35
SOHO router/firewall configuration, 36
Windows Firewall, 35
ZoneAlarm, 35
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
PF (Packet Filters), 35
PFS (Perfect Forward Secrecy), 333
PGP (Pretty Good Privacy), 335
pharming, 163
PHI (Protected Health Information), 412-413
phishing attacks, 159, 392-395
phone number encryption, 323-324
phone phishing. See vishing
photo ID, 220
PHP scripts, exploit kits, 18
Physical layer (OSI model), 119
physical security, 5
authentication, 218
biometric readers, 221-222, 236
CCTV, 219
door access
cardkey systems, 220
cipher locks, 220
mantraps, 221
proximity sensors, 221
security tokens, 221
smart cards, 221
fingerprint readers/scanners, 222
mantraps, 394
motion detectors, 220
server rooms, 220
user safety, 220
video surveillance, 219
piggybacking, social engineering attacks, 394-396
PII (Personally Identifiable Information), 412-416
pinning certificates, 354
PIV (Personal Identity Verification) cards. See smart cards
pivots (penetration testing), 278
PKI (Public Key Infrastructure)
CA
certificate mapping, 355
certificate pinning, 354
certificate validation, 353
certificate verification with RA, 355
chain of trust, 356
CRL, 355
CSR, 353
horizontal organization, 356
key escrow, 355
key recovery agents, 355
revoking certificates, 355
VeriSign certificates, 353-354
web of trust, 356
certificates
BER format, 353
CA, 353
CER format, 353
DER format, 353
dual-sided certificates, 352
DV certificates, 352
EV certificates, 352
multidomain certificates, 352
OV certificates, 352
P12/PFX format, 353
PEM format, 353
SAN field, 352
single-sided certificates, 352
validation, 353
web of trust, 356
wildcard certificates, 352
X.509 standard, 351
defining, 351
IPsec, 360
PPTP, 359
S/MIME, 357
SSH, 359
PlugX RAT, 15
PlugX Trojans, 17
PNAC (Port-based Network Access Control), 802.1X, 224
Poirot, Hercule, 295
policies
access control
Account Lockout Threshold Policy, 260
Default Domain Policy, 258
Account Lockout Threshold Policy, 260
Default Domain Policy, 258
equipment recycling/donation policies, 419
organizational policies
equipment recycling/donation policies, 419
example of, 411
personal security policies, 413-417
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
privacy policies, 414
procedures versus, 410
vendor policies
BPA, 418
ISA, 418
MoU, 418
policy implementation, applications, 96
polymorphic viruses, 14
POP3, port associations with, 151
pop-under ads, 38
portable generators, 373
application service ports, 150
associated protocols table, 150-152
dynamic ports, 149
external ports, disabling, 40
FTP servers, 153
inbound ports, 150
IP addresses and, 153
mirroring, 300
NAC, 128
open ports, 154
outbound ports, 150
PAT, IPv4 addresses, 123
PNAC, 802.1X, 224
port zero security, 154
private ports, 149
registered ports, 149
remote ports, wired network/device security, 197
RTP and port associations, 152-153
scanning, 282
SNMP, 301
twisted-pair networks, wiretapping, 200
well-known ports, 149
WinDump, 301
possession factors (authentication), 219
post-certification process, 438
power supplies
battery backups, 372
blackouts, 371
brownouts, 371
disaster recovery, 383
failures, 371
redundancy planning, 370
battery backups, 372
standby generators, 373
sags, 371
spikes, 371
standby generators, 373
surges, 371
PPTP (Point-to-Point Tunneling Protocol), 359
port associations with, 152
practice exams, 433
pre-action sprinkler systems, 399
Premiere Pro, 60
preparation phase (incident response procedures), 421
preparing for exams
exam preparation checklist, 433-435
grading scale, 432
post-certification process, 438
Presentation layer (OSI model), 120
preserving evidence (incident response procedures), 422-424
pretexting, social engineering attacks, 391, 395
preventing/troubleshooting
ransomware, 24
viruses, 27
encryption, 22
Linux-based tools, 23
Windows Firewall, 21
Windows Update, 21
preventive controls, 276
principle of defense in depth, 101
principle of least privilege, 101
privacy policies, 414
private clouds, 134
private information, classifying (data sensitivity), 412
private IPv4 addresses, 124
private key cryptography, 325, 332
private ports, 149
privilege
creep, 254
de-escalation, 197
escalation. See also jailbreaking
horizontal privilege escalation, 197
malware delivery, 19
SOHO routers, 197
vertical privilege escalation, 197
wired network/device security, 196-197
principle of least privilege, 101
PRNG (Pseudorandom Number Generator), 336
Pro Tools, 60
procedures
incident response procedures
chain of custody (evidence collection), 422
collecting/preserving evidence, 422-424
containment phase, 421
damage/loss control, 422
emergency response detail, 422
eradication phase, 421
events versus incidents, 420
identification phase, 421
initial incident management process, 422
lessons learned phase, 421
need-to-know, 424
preparation phase, 421
recovery phase, 421
witness statements, 423
policies versus, 410
process VM (Virtual Machines), 74
program viruses, 13
programming
ASLR, 106
authenticity, 101
CIA triad, 100
cloud security, 136
code checking, 101
code signing, 101
error-handling, 101
integrity, 101
minimizing attack surface area, 101
obfuscation, 101
passwords, 101
patches, 101
permissions, 101
principle of least privilege, 101
quality assurance policies, 100
SDLC
agile model, 100
V-shaped model, 100
secure code review, 100
secure coding concepts, definition of, 99
testing methods
black-box testing, 102
compile-time errors, 102
dynamic code analysis, 104
fuzz testing, 104
gray-box testing, 102
input validation, 103
penetration tests, 102
runtime errors, 103
sandboxes, 102
SEH, 103
static code analysis, 104
stress testing, 102
white-box testing, 102
threat modeling, 101
trusting user input, 101
vulnerabilities/attacks
arbitrary code execution, 106
directory traversals, 109
DLL injections, 108
integer overflows, 105
LDAP injections, 108
memory leaks, 106
NoSQL injections, 108
null pointer dereferences, 106
SQL injections, 107
XML injections, 108
zero day attacks, 109
Programs and Features window (Windows), OS hardening, 60
promiscuous mode
network adapters, 299
NIDS, 183
propagating permissions, 255
proprietary information, classifying (data sensitivity), 412
protocol analyzers, 283
broadcast storms, 299
network adapters, 299
NIDS, 185
packet capturing, 299
TCP/IP handshakes, 299
protocols, port associations with
associated protocols table, 150-152
Diameter, 152
DNS, 151
FCIP, 152
HTTP, 151
IMAP, 151
iSCSI, 152
Kerberos, 151
L2TP, 152
LDAP, 151
MS-sql-s, 152
NetBIOS, 151
NNTP, 151
POP3, 151
PPTP, 152
RADIUS, 152
RDP, 152
RPC, 151
SMB, 152
SMTP, 151
SNMP, 151
SNMPTRAP, 151
SSH, 151
Syslog, 152
TACACS+, 151
Telnet, 151
TFTP, 151
proximity sensors, physical security, 221
application proxies, 180
forward proxies, 180
Internet content filtering, 181
IP proxies, 179
PAC files, 180
reverse proxies, 180
transparent proxies, 181
pseudocodes. See error-handling
PSK (Pre-Shared Keys), WAP, 204
public clouds, 134
public information, classifying (data sensitivity), 412
public IPv4 addresses, 124
public key cryptography, 325
certificates, 328
digital signatures, 327
ECDHE, 333
public networks, split tunneling, 233
punch blocks, wiretapping, 200
purging (data removal), 420
QKD (Quantum Key Distribution), 334
qualitative risk assessment, 272-274
quality assurance policies, 100
quantitative risk assessment, 273-274
quantum cryptography, 334
questions (end-of-chapter), exam preparation, 433
RA (Registration Authority), certificate verification, 355
race condition exploits, 278
RADIUS (Remote Authentication Dial-In User Service)
port associations with, 152
RAID (Redundant Array of Independent Disks)
high availability, 42
RAID 0, 374
RAID 0+1, 375
RAID 10, 375
ransomware
definition of, 17
preventing/troubleshooting, 24
RAS (Remote Access Service), 235
MS-CHAP, 230
RAT (Remote Access Trojans), 15, 19, 140
RBAC (Role-Based Access Control), 247-248
RC5, 331
RC6, 331
RCE (Remote Code Execution), 106-109
RDBMS (Relatable Database Management System, 107-108
RDP (Remote Desktop Protocol), port associations with, 152
record time offset, 423
recovering certificate keys, 355
recovery phase (incident response procedures), 421
recycling/donating equipment policies, 419
Red Book, 245
Red Hat Enterprise, Kerberos and PAM, 229
Red October, 16
reduced sign-ons, 223
reducing risk, 271
redundancy planning
employees, 379
fail-closed, 370
fail-open, 370
failover redundancy, 369
networks
ISP, 377
network adapters, 376
network connections, 376
switches, 377
power supplies, 370
battery backups, 372
standby generators, 373
single points of failure, 369
succession planning, 379
websites, 378
reference frameworks (IT security), 425
registered ports, 149
registering for exams, 434
relational databases
normalization, 108
remanence (data), 6
remote authentication
RAS, 235
MS-CHAP, 230
VPN, 231
always-on VPN, 233
GRE, 233
illustration of, 232
RRAS, 232
split tunneling, 233
VPN concentrators, 233
remote control programs, OS hardening, 60
Remote Desktop Connection, OS hardening, 60
Remote Desktop Services, 62, 229
remote ports, wired network/device security, 197
removable media controls, 41
removable storage/media, 41
removing
data, 6
destroying storage media (physical data removal), 420
purging, 420
unnecessary applications/services, 59-60
residual risk, 271
restore points, hard disks, 72
reverse proxies, 180
revoking certificates
CRL, 355
OCSP, 355
RFI (Radio Frequency Interference), cabling, 199
RFID (Radio-Frequency Identification), 210
RIPEMD (RACE Integrity Primitives Evaluation Message Digest), 338
analysis, IT security frameworks, 425
assessment
impact assessment, 272
qualitative risk assessment, 272, 274
qualitative risk mitigation, 272
quantitative risk assessment, 273-274
residual risk, 271
risk acceptance, 271
risk avoidance, 271
risk reduction, 271
risk registers, 272
risk transference, 271
vulnerability assessment, 270, 277, 280-286
vulnerability management, 276-280
GRC, 413
MD5, 338
RJ11 jacks, wiretapping, 200
RJ45 jacks, wiretapping, 200
RJ45 wall plates, wiretapping, 200
rogue AP (Access Points), 202
Ron’s Code. See RC
room security. See physical security
root of trust, 40
rootkits
definition of, 17
detecting, 16
Evil Maid Attack, 17
preventing/troubleshooting, 25, 28
routers
ACL, 123
Cisco routers, 122
content filtering, 123
firewalls, 123
IPS, 123
secure configurations, 122
secure VPN connectivity, 123
SOHO firewall configuration, 36
SOHO routers, 122
configuring, 36
default accounts, 195
privilege escalation, 197
secure VPN connectivity, 123
WIC, 123
RPC (Remote Procedure Calls), port associations with, 151
RPO (Recovery Point Objective), BCP, 384
RRAS (Routing and Remote Access Service), VPN connections, 232
RSA (Rivest, Shamir, and Adleman), 331-332
RSA tokens. See security, tokens
RTBH (Remotely Triggered Blackholes), 158
RTO (Recovery Time Objective), BCP, 384
RTP (Real-time Transport Protocol), ports and, 152-153
runtime errors, 103
S/MIME (Secure/Multipurpose Internet Mail Extensions), 357
SA (Secure Associations), IPsec, 360
SaaS (Software as a Service), 133
SACL (System Access Control Lists), 253
Safe Mode
antivirus software, 23
spyware, preventing/troubleshooting, 25
sags (power supplies), 371
salting, cryptanalysis attacks, 286
SAN (Storage Area Networks), NAS, 42
SAN (Subject Alternative Name) field, certificates, 352
sandboxes, definition of, 102
sanitizing mobile devices (data removal), 47, 420
SATCOM (Satellite Communications), wireless network security, 211
SB 1386, 413
SCADA (Supervisory Control and Data Acquisition), HVAC (facilities security), 401-403
scanning
ports, 282
SCCM (System Center Configuration Manager), 68
scheduling, incremental data backups, 380
Schneier, Bruce, 331
SCP (Secure Copy), 155
screen locks, mobile devices, 47
screenshots, incident response procedures, 423
script kiddies, 8
SCRM (Supply Chain Risk Management), 272
SDLC (Software Development Life Cycle)
agile model, 100
V-shaped model, 100
SECaaS (Security as a Service), 134
secret information, classifying (data sensitivity), 412
secure boot option, BIOS, 40
secure code review, 100
secure coding concepts, definition of, 99
secure VPN connectivity, routers, 123
analysis, 274
active reconnaissance, 275
passive reconnaissance, 275
controls
compensating controls, 276
corrective controls, 276
detective controls, 276
management controls, 275
operational controls, 276
preventive controls, 276
technical controls, 276
events
audit trails, 307
failure to see events in security logs, 306
SIEM, 314
logs
application logs, 307
audit trails, 307
DFS Replication logs, 307
DNS Server logs, 307
file maintenance/security, 310-311
firewall logs, 309
non-repudiation, 306
security events, failure to see events, 306
system logs, 307
plans, 5
postures, baseline reporting, 297
protocols, 356
IPsec, 360
PPTP, 359
S/MIME, 357
SSH, 359
templates, OS hardening, 69-70
tokens, 221
updates, 66
security zones, browsers, 92
SED (Self-Encrypting Drives), 42
segregation of duties, 276
SEH (Structured Exception Handling), 103
SELinux, 37
sensitive data
data handling (DHE), 412
exposure of, 104
separation of duties
access control, 250
job rotation policies, 415-417
server clusters
failover clusters, 377
load-balancing clusters, 378
server rooms
mantraps, 394
physical security, 220
servers
Apache servers
CVE listings, 139
Darkleech, 139
back office applications, securing, 98
banner grabbing, 283
DNS servers
pharming, 163
unauthorized zone transfers, 163, 166
email servers, security, 138
file servers, security, 137
FTP servers
ports and, 153
protocol analysis, 300
security, 140
key management, 48
network controllers, security, 137
proxy servers
application proxies, 180
forward proxies, 180
Internet content filtering, 181
IP proxies, 179
PAC files, 180
reverse proxies, 180
transparent proxies, 181
redundancy planning, clusters, 377-378
security
email servers, 138
file servers, 137
FTP servers, 140
network controllers, 137
standard loads, 297
web servers, security, 139-140
Windows Server, network shares, 312
service packs, updates, 66
services
backward compatibility, 60
cloud computing, 136
consolidating, 99
Remote Desktop Services, 62
Session layer (OSI model), 119
sessions
hijacking
blind hijacking, 160
clickjacking, 160
watering hole attacks, 161, 165
XSS, 93
monitoring, Computer Management, 302
theft of, 19
SFTP (Secure FTP), 155
SHA (Secure Hash Algorithm), 338-339
sharing risk, 271
shielding, facilities security
Faraday cages, 401
HVAC shielding, 401
STP cabling, 401
shoulder surfing, social engineering attacks, 394-395
SHTTP (Secure Hypertext Transfer Protocol Secure), 358
sideloading mobile devices, 50
SIEM (Security Information and Event Management), 314
signal emanation. See data emanation
signal jammers (wireless), 207
signatures
IDS signature-based detection, 36
public key cryptography, 327
signature-based monitoring, 295-296
simulations/videos, exam preparation, 433
single points of failure, redundancy planning, 369
single-sided certificates, 352
sinkholes, 158
SLA (Service-Level Agreements), 417-418
SLE (Single Loss Expectancy), quantitative risk assessment, 273
smart cards, physical security, 221
smartphones
access control, 50
application security, 52
application blacklisting, 48
application whitelisting, 48
geotagging, 49
HTTPS connections, 47
key management, 48
MMS attacks, 48
server/network authentication, 48
SMS attacks, 48
transitive trust, 48
bluejacking, 46
bluesnarfing, 46
browser security, 92
carrier unlocking, 45
COPE, 49
CYOD, 49
encryption, 44
full device encryption, 46
lockout programs, 46
MDM, 49
offboarding, 50
onboarding, 50
sanitizing, 47
screen locks, 47
sideloading, 50
social engineering attacks, 45
storage segmentation, 49
wireless attacks, 46
SMB (Server Message Blocks), port associations with, 152
SMS attacks, 48
SMTP (Simple Mail Transfer Protocol)
port associations with, 151
preventing/troubleshooting spam
open relays, 27
servers, 27
snapshots
backups, 382
VM disk files, 77
SNMP (Simple Network Management Protocol), 151, 301-302
SNMPTRAP, port associations with, 151
social engineering attacks, 5
CA and, 355
confidence tricks (cons), 393
defining, 391
malicious insiders, 391-392, 395
mobile devices, 45
OSINT, 391
techniques/principles, 391
war-dialing, 393
watering hole attacks, 395-396
social media, cloud computing and, 136
software
anti-malware software, 6
antivirus software
Safe Mode, 23
Trojan prevention/troubleshooting, 23
virus prevention/troubleshooting, 20-23
worm prevention/troubleshooting, 23
badware, 25
crimeware, 18
firewalls
IPFW, 35
iptables, 35
PF, 35
SOHO router/firewall configuration, 36
Windows Firewall, 35
ZoneAlarm, 35
adware, 16
APT, 15
attack vectors, 18
badware, 25
exploit kits, 18
grayware, 16
keyloggers, 18
malvertising, 15
non-malware, 16
spim, 17
threat vectors, 18
unsavable computers, 27
URL hijacking, 18
websites, 18
ransomware, worms, 17
SLDC
agile model, 100
V-shaped model, 100
spyware, worms, 17
use case analysis, 425
SOHO (Small Office/Home Office) routers, 122
configuring, 36
default accounts, 195
privilege escalation, 197
secure VPN connectivity, 123
Solitaire, Easter Eggs, 20
SOX (Sarbanes-Oxley) act, 413
SPA (Security Posture Assessments), baseline reporting, 297
spam, 16
definition of, 17
filters, 26
firewalls, 26
honeypots, 182
identity theft emails, 17
lottery scam emails, 17
preventing/troubleshooting, 26-28
special hazard protection systems, 400
spectral analyzers, data emanations, 201
SPI (Stateful Packet Inspection), 176
spikes (power supplies), 371, 402
spim, 17
split tunneling, 233
ARP spoofing, 121
IP spoofing attacks, 123
MAC spoofing, 121
spoofed MAC addresses, 208
stateless packet filters, 176
switch spoofing, 131
sprinkler systems, 399
definition of, 17
Internet Optimizer, 17
preventing/troubleshooting, 24-25, 28
symptoms of, 24
tracking cookies, 93
SQL injections, 107
SSID (Service Set Identifiers)
broadcasting, disabling, 179
WAP, 202
SSL pinning. See digital certificates, pinning
SSL/TLS (Secure Sockets Layer/Transport Layer Security), 357-358
standard loads, servers, 297
standby generators, 373
statements (witness), incident response procedures, 423
static and dynamic analytical monitoring tools, 304
static code analysis, 104
static NAT (Network Address Translation), 123
statistical anomaly detection (IDS), 36
stealth viruses, 14
steganography, defining, 328
storage
destroying storage media (data removal), 420
DLP systems, 39
flash drives, 41
HSM, 43
mobile devices, storage segmentation, 49
removable storage/media, 41
USB devices, 41
stored procedures, 108
STP (Shielded Twisted-Pair) cabling, 199, 401
STP (Spanning Tree Protocol) switches, 122
stream ciphers, 326
stress testing, 102
stylometry and genetic algorithms, 336
SubSeven, 15
succession planning, 379
supplicants (802.1X), 225
surge protectors, 73
surges (power supplies), 371
surveys
interference, 207
jamming, 207
wireless site surveys, 207
switches, 120
aggregation switches, 122
ARP spoofing, 121
DHCP starvation attacks, 121
fail-open mode, 121
looping, 122
MAC spoofing, 121
physical tampering, 121
redundancy planning, 377
STP, 122
switch spoofing, 131
3DES, 329
block ciphers, 326
Blowfish, 331
DEA, 329
IDEA, 329
stream ciphers, 326
Threefish, 331
Twofish, 331
SYN packets, TCP/IP hijacking, 160
system failure, 5
system files, OS hardening, 72
system logs, 307
System Monitor, 299
system security, auditing, 311-314
system VM (Virtual Machines), 74
tables (rainbow), 338
tablets
access control, 50
application security, 52
application blacklisting, 48
application whitelisting, 48
geotagging, 49
HTTPS connections, 47
key management, 48
MMS attacks, 48
server/network authentication, 48
SMS attacks, 48
transitive trust, 48
bluejacking, 46
bluesnarfing, 46
browser security, 92
COPE, 49
CYOD, 49
encryption, 44
full device encryption, 46
lockout programs, 46
MDM, 49
offboarding, 50
onboarding, 50
sanitizing, 47
screen locks, 47
sideloading, 50
social engineering attacks, 45
storage segmentation, 49
wireless attacks, 46
TACACS+ (Terminal Access Controller Access-Control System Plus), 151, 234-235
tailgating, social engineering attacks, 394-396
TCP (Transmission Control Protocol)
reset attacks, 155
TCP/IP (Transmission Control Protocol/Internet Protocol)
fingerprinting, 275
handshakes, 299
network design, OSI model versus TCP/IP model, 120
tcpdump packet analyzer, 301
TCSEC (Trusted Computer System Evaluation Criteria), 245
technical controls, 276
technical security plans, 5
telephony
VoIP, 132
Telnet, 283
port associations with, 151
remote network access, 198
TEMPEST (Transient ElectroMagnetic Pulse Emanations Standard), 200, 402-403
templates (security), OS hardening, 69-70
temporary files
OS hardening, 72
securing, 94
programs
black-box testing, 102
compile-time errors, 102
dynamic code analysis, 104
fuzz testing, 104
gray-box testing, 102
input validation, 103
penetration tests, 102
runtime errors, 103
sandboxes, 102
SEH, 103
static code analysis, 104
stress testing, 102
white-box testing, 102
TFTP (Trivial File Transfer Protocol), port associations with, 151
theft
disaster recovery, 383
diversion theft, social engineering attacks, 392, 395
threat actors, 8. See also hackers
threat modeling, 101
threat vectors, malware delivery, 18
Threefish, 331
tickets (KDC), 227
time bombs, malware delivery, 20
time-of-day restrictions, user accounts, 252
TKIP (Temporal Key Integrity Protocol), 203
TOC (Time-of-Check) attacks, 278
top secret information, classifying (data sensitivity), 412
torrents (bit), malware delivery, 18
TOS (Trusted Operating Systems), 65
TOU (Time-of-Use) attacks, 278
Towers of Hanoi backup scheme, 381
tracking cookies, 93
training
transferring risk, 271
transitive trust, 48
transmitting malware
active interception, 19
attack vectors, 18
backdoors, 19
bit torrents, 18
botnets, 19
Easter eggs, 20
email, 18
exploit kits, 18
FTP servers, 18
instant messaging, 18
keyloggers, 18
logic bombs, 20
media-based delivery, 18
memory cards, 18
optical disks, 18
P2P networks, 18
privilege escalation, 19
smartphones, 18
software, 18
threat vectors, 18
time bombs, 20
typosquatting, 18
URL hijacking, 18
USB flash drives, 18
user error, 18
websites, 18
zip files, 18
zombies, 19
transparent proxies, 181
transparent testing. See white-box testing
Transport layer (OSI model), 119
transport mode, IPsec, 360
Trend Micro OSSEC, 37
Triple DES (Data Encryption Standard). See 3DES
Tripwire, 37
Trojans, 14
definition of, 17
GinMaster Trojan, 45
PlugX Trojans, 17
preventing/troubleshooting, 23, 28
time bombs, 20
ZeroAccess botnet, 19
troubleshooting
ransomware, 24
viruses, 27
encryption, 22
Linux-based tools, 23
Windows Firewall, 21
Windows Update, 21
trust
chain of (certificates), 352, 356
web of, 356
Trusted Network Interpretation standard, 245
trusting user input, 101
Trustworthy Computing principle, 20
tunneling mode, IPsec, 360
tunneling protocols
PPTP, 359
twisted-pair cabling, 198
crosstalk, 199
wiretapping, 200
Twofish, 331
typosquatting, 18
Tzu, Sun, 2
UAC (User Account Control), 95, 261
UAV (Unmanned Aerial Vehicles), facilities security, 403
UDP (User Datagram Protocol)
flood attacks, 156
UEFI (Unified Extensible Firmware Interface), updates, 73
UEFI/BIOS, malware and unsavable computers, 27
unauthorized access, 4
unauthorized zone transfers, DNS servers, 163, 166
unicast IPv6 addresses, 125
uninstalling. See also installing
preventing/troubleshooting spyware, 24
Unix
tcpdump packet analyzer, 301
vulnerability scanning, 283
unnecessary applications/services, removing, 59-60
unsavable computers, malware, 27
updates
anti-malware, 73
BIOS, 73
critical updates, 66
driver updates, 66
firewalls, 73
security updates, 66
service packs, 66
UEFI, 73
virtualization, 77
Windows Update
preventing/troubleshooting viruses, 21
UPS (Uninterruptible Power Supplies), 73, 371-372
uptime (generators), 373
URI (Uniform Resource Identifiers), spoofing attacks, 159
URL (Uniform Resource Locators)
hijacking, 18
spoofing attacks, 159
US-CERT (U.S. Computer Emergency Readiness Team), mobile device security, 44
USB devices
encryption, 41
flash drives, malware delivery, 18
use case analysis, 425
users
access control
Account Expiration dates, 252
ADUC, 251
group access control, 253
multiple user accounts, 253
time-of-day restrictions, 252
access recertification, 255
Account Expiration dates, 252
ADUC, 251
applications, trusting user input, 101
authentication, 5
awareness training, 5, 416-417
clean desk policy, 397
first responders (incident response procedures), 422
groups, access control, 253
malware delivery, 18
multiple user accounts, 253
offboarding, 415
personal security policies, 413
change management policies, 414-417
due diligence, infrastructure security, 416-417
offboarding, 415
privacy policies, 414
separation of duties/job rotation policies, 415-417
privilege creep, 254
safety, 220
time-of-day restrictions, 252
verifying identification. See authentication
vetting, 397
UTM (Unified Threat Management), 186
UTP (Unshielded Twisted-Pair) cabling, 199
V-shaped model (SDLC), 100
V2 cards, SIM cloning, 45
vacations (mandatory), 415-417
validating
validation
CA, 353
certificates, 353
DV certificates, 352
EV certificates, 352
identity validation, 219
input validation, 103
OV certificates, 352
vehicles, facilities security, 402
CAN, 402
drones, 403
locking systems, 403
UAV, 403
Wi-Fi, 403
vendor policies
BPA, 418
ISA, 418
MoU, 418
verifying
attestation, BIOS, 41
certificates with RA, 355
user identity. See authentication
VeriSign certificates, 48, 353-354
Verisys, 37
Vernam ciphers. See one-time pads
vertical privilege escalation, 197
vetting employees, 397
video
exam preparation, 433
incident response procedures, 423
record time offset, 423
surveillance, physical security, 219
virtualization. See also VM (Virtual Machines)
application containerization, 76
definition of, 74
emulators, 75
hardware, disabling, 77
Hyper-V, 77
hypervisors, 75
network security, 77
updates, 77
virtual appliances, 75
virtual escape protection, 77
virtualization sprawl, 77
viruses
armored viruses, 14
definition of, 17
encrypted viruses, 14
Love Bug virus, 17
macro viruses, 13
metamorphic viruses, 14
multipartite viruses, 14
polymorphic viruses, 14
preventing/troubleshooting, 27
encryption, 22
Linux-based tools, 23
Windows Firewall, 21
Windows Update, 21
program viruses, 13
stealth viruses, 14
symptoms of, 22
virus hoaxes, 14
VLAN (Virtual Local Area Networks)
MAC flooding, 131
VLAN hopping, 130
VM (Virtual Machines), 384
disk files, 77
escape, 76
monitoring, 78
preventing/troubleshooting spyware, 24
process VM, 74
security, 78
system VM, 74
virtualization sprawl, 77
virtual machine escape, 76
VMM (Virtual Machine Manager). See hypervisors, 75
voice recognition software, 222
VoIP (Voice over Internet Protocol), 132
VPN (Virtual Private Networks), 231
always-on VPN, 233
GRE, 233
illustration of, 232
on-demand VPN, 360
RRAS, 232
secure VPN connectivity, routers, 123
split tunneling, 233
VPN concentrators, 233
WAP, 205
vulnerabilities
assessing, 277
definition of vulnerabilities, 270
IT security frameworks, 425
vulnerability scanning, 282-283
browsers, 87
CVE, 139
definition, 270
managing
general vulnerabilities/basic prevention methods table, 279-280
OVAL, 279
programming vulnerabilities/attacks
arbitrary code execution, 106
directory traversals, 109
DLL injections, 108
integer overflows, 105
LDAP injections, 108
memory leaks, 106
NoSQL injections, 108
null pointer dereferences, 106
SQL injections, 107
XML injections, 108
zero day attacks, 109
WAN (Wide Area Networks)
LAN versus, 126
routers, 122
WAP (Wireless Access Points)
ad hoc networks, 205
administration interface, 202
AP isolation, 207
evil twins, 203
firewalls, 207
MAC filtering, 207
placement of, 205
PSK, 204
rogue AP, 202
SSID, 202
VPN, 205
wireless network security, 202-209
wireless point-to-multipoint layouts, 206
WLAN controllers, 207
WPS, 205
war-chalking, 208
war-driving, 208
warm sites, 378
waterfall model (SDLC), 99-100
watering hole attacks, 161, 165, 395-396
web application firewalls, 179
web-based SSO (Single Sign-On), 224
web browsers
automatically updating, 87
choosing, 87
company requirements, 87
functionality, 87
HTTP connections, 47
HTTPS connections, 47
OS, determining, 87
PAC files, 180
preventing/troubleshooting spyware, 24
recommendations, 87
security
ad-blocking, 92
add-ons, 94
advanced security settings, 94-95
LSO, 93
mobile devices, 92
passwords, 95
pop-up blocking, 92
security zones, 92
temporary files, 94
updates, 92
vulnerabilities/fixes, 87
web of trust, defining, 356
web proxies. See proxy servers
web resources, exam preparation, 434
web security gateways, 181
web servers
exploit kits, 18
web shells, FTP servers, 140
websites
cold sites, 378
exam preparation, 434
hot sites, 378
HTTP connections, 47
HTTPS connections, 47
input validation, 103
malware delivery, 18
redundancy planning, 378
typosquatting, 18
URL hijacking, 18
warm sites, 378
WEP (Wired Equivalent Privacy) protocol, 203-204
wet pipe sprinkler systems, 399
white-box testing, 102
white hats, 7
whitelists
OS hardening, 61
preventing/troubleshooting spam, 27
services, 61
whole disk encryption, 72
WIC (WAN Interface Cards), 123
WiDi (Wi-Fi Direct), 44
WIDS (Wireless Intrusion Detection Systems), 186
Wi-Fi, 51
bluejacking, 46
bluesnarfing, 46
disassociation attacks, 209
facilities security, 403
vehicle security, 403
vulnerabilities, 46
wildcard certificates, 352
Windows
analytical monitoring
net file command, 303
netstat command, 303
openfiles command, 302
Computer Management, 302
Group Policies, accessing, 69
hotfixes, 67
OS hardening, starting/stopping services, 63-65
patch management, 68
Performance Monitor, 302
Windows 7, Internet Explorer Maintenance Security, 89
Windows 10
Internet Explorer Maintenance Security, 89
Local Group Policy, browser security, 88
Windows BitLocker, 41
Windows Defender, preventing/troubleshooting spyware, 24
Windows Programs and Features window, OS hardening, 60
Windows Server
domain controller-managed IE policies, 89-90
Import Policy From window, 69
network shares, 312
security templates, 70
Windows XP
OS hardening, 62
Solitaire, Easter eggs, 20
WinDump, 301
WinPcap
WinDump, 301
Wireshark installation, 299
WIPS (Wireless Intrusion Prevention Systems), 186
wired network/device security, 195
backdoors, 197
cabling
crosstalk, 199
PDS, 201
wire closets, 201
default accounts, 195
network attacks, 197
remote ports, 197
Telnet, 198
wireless networks, 51
Bluetooth
AP, 209
frequency hopping, 209
cellular networks, 210
documenting network design, 211
facilities security, 403
geofences, 211
GPS, 211
RFID, 210
SATCOM, 211
third-party wireless adapter connections, 202
vehicle security, 403
vulnerabilities, 46
WAP
ad hoc networks, 205
administration interface, 202
AP isolation, 207
evil twins, 203
firewalls, 207
MAC filtering, 207
placement of, 205
PSK, 204
rogue AP, 202
SSID, 202
VPN, 205
wireless point-to-multipoint layouts, 206
wireless site surveys, 207
WLAN controllers, 207
WPS, 205
wireless transmission vulnerabilities
brute-force attacks, 209
IV attacks, 208
spoofed MAC addresses, 208
war-chalking, 208
war-driving, 208
Wi-Fi disassociation attacks, 209
wireless peripherals, 43
wireless signal jammers, 207
wireless site surveys, 207
wiring closets, 201
witness statements, incident response procedures, 423
WLAN (Wireless Local Area Networks)
AP, 209
bridges, 122
controllers, WAP, 207
Word (MS), securing, 98
worms
definition of, 17
Nimda, 14
Nimda worm, 17
preventing/troubleshooting, 23, 27
WPA (Wi-Fi Protected Access) protocol, 203-204
WPA2 (Wi-Fi Protected Access version 2) protocol, 203-204
WPS (Wi-Fi Protected Setup), WAP, 205
wraps, integer overflows, 105
WTLS (Wireless Transport Layer Security) protocol, 204
WWN (World Wide Names), spoofing attacks, 159
X.509 standard, certificates and, 351
XaaS (Anything as a Service), 134
Xmas attacks, 157
XML injections, 108
XSRF (Cross-Site Request Forgery), 107-109
XSS (Cross-Site Scripting), 93, 107-109, 161
zero day attacks, 109
ZeroAccess botnet, 19
Zimmerman, Philip, 335
zip files, malware delivery, 18
zombies, malware delivery, 19
ZoneAlarm, 35
3.133.156.156