282 Managing Network Vulnerability Assessment
C
Cabling security, 53
Capacity planning, 56
Career-limiting move, 92
CBK, see Common Body of Knowledge
Cerberus Internet Scanner (CIS), 143,
144
CERT Coordination Center, 33, 40
Certified Information Systems Security
Professional (CISSP), 51
CheckPoint’s Firewall-1 product, 180
Cheops, 132
Chinese wall, 89, 108
CIAC, see Computer Incident Advisory
Capability
CIS, see Cerberus Internet Scanner
Cisco
devices, 155
management tools, 125
Secure Scanner, 137
CISSP, see Certified Information Systems
Security Professional
Cleartext, passwords in, 176
Client liaison, 59
Clock synchronization, 56
Code Red, 7, 37, 93
Cold Fusion, 246
Common Body of Knowledge (CBK), 106
Common Criteria standards, 106
Communication control, 44
Company documents, 160
Compliance, 83
Computer
breaches, financial losses due to, 36
Incident Advisory Capability (CIAC), 33,
40
incident response team, 181
systems, threats to, 35
Computer Security Institute (CSI), 35, 46
Confidentiality, ISO 17799 definition of,
49
Configuration audit, 25, 26
Connection time, limitation of, 57
Consulting companies, abused offerings from,
11
Cookies, 105, 146
Copernic Basic, 112
Coroner’s Toolkit, 150
Countermeasure, definition of, 184
Crackers, 38
Critical data, definition of, 184
Cryptography, 25, 27, 255
CSI, see Computer Security Institute
CyberCop, 135
D
Data
classification, definition of, 184
collection, 59, 165
confidentiality, 178
critical, definition of, 184
management, 71
protection, 257
sensitive, definition of, 184
storage
assessment of, 182
secure, 70
Decision-making process, due diligence
performed during, 1
Decoy scanning, 127
Denial-of-service (DoS)
attack, 36, 38, 39, 245, 253
testing, 155
Desktop deployment, 35
Development Web server, 247
Dial-in customers, 172
Dial-in process, securing of, 177
Dig commands, 118
Directory service map, 169
Disaster
network recovery from, 163
recovery, 181, 252, 255
recovery planning (DRP), 84, 184
DMZ, definition of, 243
DNS server
dig command on, 118
record, single point of failure in, 110
Document
collation, 77
handling process, security issues involving,
65
DoS, see Denial-of-service
Draft Report, 74, 164, 165
generation of, 61
Sponsor Review of, 77
DRP, see Disaster recovery planning
E
Eavesdropping, remote, 1
Electronic commerce, 36
E-mail
HTML version of, 113
mistakes, 39
security, 54, 85
systems, inappropriate use of, 36
Employee(s)
directory, 166
frustrated, 110