CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)

Spamming Attacks

44

Crackers

45

Access Control Compensations

45

Summary

45

Exam Essentials

46

Review Questions

49

Answers to Review Questions

53

Chapter

3

ISO Model, Network Security, and Protocols

55

OSI Model

56

History of the OSI Model

56

OSI Functionality

57

Encapsulation/Deencapsulation

58

OSI Layers

59

TCP/IP Model

63

Communications and Network Security

64

Network Cabling

65

LAN Technologies

68

Network Topologies

71

TCP/IP Overview

73

Internet/Intranet/Extranet Components

78

Firewalls

78

Other Network Devices

81

Remote Access Security Management

82

Network and Protocol Security Mechanisms

83

VPN Protocols

83

Secure Communications Protocols

84

E-Mail Security Solutions

84

Dial-Up Protocols

85

Authentication Protocols

85

Centralized Remote Authentication Services

85

Network and Protocol Services

86

Frame Relay

87

Other WAN Technologies

87

Avoiding Single Points of Failure

88

Redundant Servers

88

Failover Solutions

89

RAID

89

Summary

91

Exam Essentials

91

Review Questions

93

Answers to Review Questions

97

Chapter

4

Communications Security and Countermeasures

99

Virtual Private Network (VPN)

100

Tunneling

100

How VPNs Work

101

Implementing VPNs

102

Network Address Translation

103

Private IP Addresses

103

Stateful NAT

103

Switching Technologies

104

Circuit Switching

104

Packet Switching

104

Virtual Circuits

105

WAN Technologies

105

WAN Connection Technologies

106

Encapsulation Protocols

108

Miscellaneous Security Control Characteristics

108

Transparency

108

Verifying Integrity

109

Transmission Mechanisms

109

Managing E-Mail Security

109

E-Mail Security Goals

110

Understanding E-Mail Security Issues

111

E-Mail Security Solutions

111

Securing Voice Communications

113

Social Engineering

113

Fraud and Abuse

114

Phreaking

115

Security Boundaries

115

Network Attacks and Countermeasures

116

Eavesdropping

116

Second-Tier Attacks

117

Address Resolution Protocol (ARP)

117

Summary

118

Exam Essentials

120

Review Questions

122

Answers to Review Questions

126

Chapter 5

Security Management Concepts and Principles

129

Security Management Concepts and Principles

130

Confidentiality

130

Integrity

131

Availability

132

Other Security Concepts

133

Protection Mechanisms

135

Layering

136

Abstraction

136

Data Hiding

136

Encryption

137

Change Control/Management

137

Data Classification

138

Summary

140

Exam Essentials

141

Review Questions

143

Answers to Review Questions

147

Chapter

6

Asset Value, Policies, and Roles

149

Employment Policies and Practices

150

Security Management for Employees

150

Security Roles

153

Policies, Standards, Baselines, Guidelines, and Procedures

154

Security Policies

155

Security Standards, Baselines, and Guidelines

155

Security Procedures

156

Risk Management

157

Risk Terminology

157

Risk Assessment Methodologies

159

Quantitative Risk Analysis

161

Qualitative Risk Analysis

163

Handling Risk

165

Security Awareness Training

166

Security Management Planning

167

Summary

167

Exam Essentials

169

Review Questions

172

Answers to Review Questions

176

Chapter

7

Data and Application Security Issues

179

Application Issues

180

Local/Nondistributed Environment

180

Distributed Environment

182

Databases and Data Warehousing

186

Database Management System (DBMS) Architecture

186

Database Transactions

188

Multilevel Security

189

Aggregation

190

Inference

190

Polyinstantiation

191

Data Mining

191

Data/Information Storage

192

Types of Storage

192

Storage Threats

193

Knowledge-Based Systems

193

Expert Systems

194

Neural Networks

195

Security Applications

195

Systems Development Controls

195

Software Development

196

Systems Development Life Cycle

198

Life Cycle Models

201

Change Control and Configuration Management

205

Security Control Architecture

206

Service Level Agreements

208

Summary

209

Exam Essentials

210

Written Lab

211

Review Questions

212

Answers to Review Questions

216

Answers to Written Lab

218

Chapter

8

Malicious Code and Application Attacks

219

Malicious Code

220

Sources

220

Viruses

221

Logic Bombs

226

Trojan Horses

226

Worms

227

Active Content

228

Countermeasures

229

Password Attacks

230

Password Guessing

230

Dictionary Attacks

231

Social Engineering

231

Countermeasures

232

Denial of Service Attacks

232

SYN Flood

232

Distributed DoS Toolkits

234

Smurf

234

Teardrop

236

Land

237

DNS Poisoning

237

Ping of Death

238

Application Attacks

238

Buffer Overflows

238

Time-of-Check-to-Time-of-Use

239

Trap Doors

239

Rootkits

239

Reconnaissance Attacks

240

IP Probes

240

Port Scans

240

Vulnerability Scans

240

Dumpster Diving

241

Masquerading Attacks

241

IP Spoofing

241

Session Hijacking

242

Decoy Techniques

242

Honey Pots

242

Pseudo-Flaws

243

Summary

243

Exam Essentials

244

Written Lab

245

Review Questions

246

Answers to Review Questions

250

Answers to Written Lab

252

Chapter

9

Cryptography and Private Key Algorithms

253

History

254

Caesar Cipher

254

American Civil War

255

Ultra vs. Enigma

255

Cryptographic Basics

256

Goals of Cryptography

256

Concepts

257

Cryptographic Mathematics

258

Ciphers

262

Modern Cryptography

266

Cryptographic Keys

266

Symmetric Key Algorithms

267

Asymmetric Key Algorithms

268

Hashing Algorithms

270

Symmetric Cryptography

271

Data Encryption Standard (DES)

271

Triple DES (3DES)

272

International Data Encryption Algorithm (IDEA)

273

Blowfish

274

Skipjack

274

Advanced Encryption Standard (AES)

275

Key Distribution

275

Key Escrow

277

Summary

277

Exam Essentials

278

Written Lab

279

Review Questions

280

Answers to Review Questions

284

Answers to Written Lab

286

Chapter

10

PKI and Cryptographic Applications

287

Asymmetric Cryptography

288

Public and Private Keys

288

RSA

289

El Gamal

291

Elliptic Curve

291

Hash Functions

292

SHA

293

MD2

293

MD4

294

MD5

294

Digital Signatures

294

HMAC

295

Digital Signature Standard

296

Public Key Infrastructure

297

Certificates

297

Certificate Authorities

298

Certificate Generation and Destruction

298

Key Management

300

Applied Cryptography

300

Electronic Mail

301

Web

303

E-Commerce

304

Networking

305

Cryptographic Attacks

307

Summary

308

Exam Essentials

309

Review Questions

311

Answers to Review Questions

315

Chapter

11

Principles of Computer Design

317

Computer Architecture

319

Hardware

319

Input/Output Structures

337

Firmware

338

Security Protection Mechanisms

338

Technical Mechanisms

338

Security Policy and Computer Architecture

340

Policy Mechanisms

341

Distributed Architecture

342

Security Models

344

State Machine Model

344

Bell-LaPadula Model

345

Biba

346

Clark-Wilson

347

Information Flow Model

348

Noninterference Model

348

Take-Grant Model

349

Access Control Matrix

349

Brewer and Nash Model (a.k.a. Chinese Wall)

350

Classifying and Comparing Models

350

Summary

351

Exam Essentials

352

Review Questions

355

Answers to Review Questions

359

Chapter 12

Principles of Security Models

361

Common Security Models, Architectures, and

Evaluation Criteria

362

Trusted Computing Base (TCB)

363

Security Models

364

Objects and Subjects

366

Closed and Open Systems

367

Techniques for Ensuring Confidentiality,

Integrity, and Availability

367

Controls

368

IP Security (IPSec)

369

Understanding System Security Evaluation

370

Rainbow Series

371

ITSEC Classes and Required Assurance and Functionality

375

Common Criteria

376

Certification and Accreditation

379

Common Flaws and Security Issues

380

Covert Channels

380

Attacks Based on Design or Coding Flaws and

Security Issues

381

Programming

384

Timing, State Changes, and Communication Disconnects

384

Electromagnetic Radiation

385

Summary

385

Exam Essentials

386

Review Questions

388

Answers to Review Questions

392

Chapter

13

Administrative Management

395

Antivirus Management

396

Operations Security Concepts

397

Operational Assurance and Life Cycle Assurance

397

Backup Maintenance

398

Changes in Workstation/Location

398

Need-to-Know and the Principle of Least Privilege

399

Privileged Operations Functions

399

Trusted Recovery

400

Configuration and Change Management Control

400

Standards of Due Care and Due Diligence

401

Privacy and Protection

402

Legal Requirements

402

Illegal Activities

402

Record Retention

403

Sensitive Information and Media

403

Security Control Types

405

Operations Controls

406

Personnel Controls

408

Summary

409

Exam Essentials

411

Review Questions

414

Answers to Review Questions

418

Chapter

14

Auditing and Monitoring

421

Auditing

422

Auditing Basics

422

Audit Trails

424

Reporting Concepts

425

Sampling

426

Record Retention

426

External Auditors

427

Monitoring

428

Monitoring Tools and Techniques

428

Penetration Testing Techniques

430

War Dialing

431

Sniffing and Eavesdropping

431

Radiation Monitoring

432

Dumpster Diving

432

Social Engineering

433

Problem Management

433

Inappropriate Activities

434

Indistinct Threats and Countermeasures

434

Errors and Omissions

435

Fraud and Theft

435

Collusion

435

Sabotage

435

Loss of Physical and Infrastructure Support

435

Malicious Hackers or Crackers

436

Espionage

436

Malicious Code

436

Traffic and Trend Analysis

436

Initial Program Load Vulnerabilities

437

Summary

438

Exam Essentials

439

Review Questions

443

Answers to Review Questions

447

Chapter 15

Business Continuity Planning

449

Business Continuity Planning

450

Project Scope and Planning

450

Business Organization Analysis

451

BCP Team Selection

451

Resource Requirements

452

Legal and Regulatory Requirements

453

Business Impact Assessment

455

Identify Priorities

456

Risk Identification

456

Likelihood Assessment

457

Impact Assessment

457

Resource Prioritization

458

Continuity Strategy

459

Strategy Development

459

Provisions and Processes

460

Plan Approval

461

Plan Implementation

462

Training and Education

462

BCP Documentation

462

Continuity Planning Goals

463

Statement of Importance

463

Statement of Priorities

463

Statement of Organizational Responsibility

463

Statement of Urgency and Timing

464

Risk Assessment

464

Risk Acceptance/Mitigation

464

Vital Records Program

464

Emergency Response Guidelines

465

Maintenance

465

Testing

465

Summary

465

Exam Essentials

466

Review Questions

468

Answers to Review Questions

472

Chapter 16

Disaster Recovery Planning

475

Disaster Recovery Planning

476

Natural Disasters

477

Man-Made Disasters

481

Recovery Strategy

485

Business Unit Priorities

485

Crisis Management

485

Emergency Communications

486

Work Group Recovery

486

Alternate Processing Sites

486

Mutual Assistance Agreements

489

Database Recovery

489

Recovery Plan Development

491

Emergency Response

491

Personnel Notification

492

Backups and Offsite Storage

493

Software Escrow Arrangements

494

External Communications

495

Utilities

495

Logistics and Supplies

495

Recovery vs. Restoration

495

Training and Documentation

496

Testing and Maintenance

496

Checklist Test

497

Structured Walk-Through

497

Simulation Test

497

Parallel Test

497

Full-Interruption Test

498

Maintenance

498

Summary

498

Exam Essentials

498

Written Lab

499

Review Questions

500

Answers to Review Questions

504

Answers to Written Lab

506