CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)

S

S-HTTP (Secure HTTP), 303, 635

S/MIME (Secure Multipurpose Internet Mail Extensions) protocol, 84, 111, 302, 635

S-RPC (Secure Remote Procedure Call), 63, 84, 635

sabotage, 435

safe computing, 396

safe harbor sites, 525–526 safeguards, 158

calculating, 162–163 defined, 634

in distributed architecture, 343–344 safety

of people, 460, 575

in physical security, 575–580 sags, 576, 634

salami attacks, 384, 634 sampling in auditing, 426, 634 sandbox concept, 184, 229, 634 sanitation of media, 405, 634

SAs (security associations), 370, 635 scalability in symmetric key algorithms, 268 scanning attacks, 240–241, 547, 634 scavenging, 432–433, 634

schemas, database, 187, 634 Schneier, Bruce, 274 screened hosts, 80

screening job candidates, 151–152 script kiddies, 220, 545

scripted access, 634

SDLC (Synchronous Data Link Control) protocol defined, 641

polling in, 71

in WANs, 64, 88, 107 search warrants, 529, 550, 635 second-tier attacks, 117, 635 secondary evidence, 528, 635

secondary memory, 332–333, 635 secondary storage, 192, 334, 635 Secret classification, 139, 635

Secure Electronic Transaction (SET) protocol, 63, 84, 304, 635

secure facility plans, 565

Secure Hash Algorithm (SHA), 293, 635 Secure HTTP (S-HTTP), 303, 635

Secure Multipurpose Internet Mail Extensions (S/MIME) protocol, 84, 111, 302, 635

Secure Remote Procedure Call (S-RPC), 63, 84, 635

Secure Shell (SSH), 305, 635

Secure Sockets Layer (SSL) protocol, 84 defined, 635

in Session layer, 62 for Web, 303 X.509 for, 298

security associations (SAs), 370, 635 security awareness training, 166 security clearances, 152

security control architecture, 206–208 abstraction in, 208

protection rings in, 206–207, 207 security modes in, 208

service level agreements in, 208–209 security control types, 405–406 security domain (B3) systems, 372 security guards, 569–570

security IDs, 570, 636 security kernel, 207

defined, 636

in TCB, 363–364 security labels, 16, 636 security management, 130

accountability in, 135 auditing in, 135 authentication in, 134 authorization in, 134 availability in, 132–133 change control in, 137 confidentiality in, 130–131 data classification in, 138–139 exam essentials for, 141–142 identification in, 133–134 integrity in, 131–132 nonrepudiation in, 135 planning, 167

privacy in, 133

protection mechanisms in, 135–137 review questions, 143–148 summary, 140–141

security models, 344, 362

access control matrices, 349–350 Bell-LaPadula model, 345–346, 345, 365

Biba model, 346–347, 348, 365–366

Brewer and Nash model, 350 certification in, 362–363 Clark-Wilson model, 347–348, 366 classifying and comparing, 350–351 closed and open systems, 367

confidentiality, integrity, and availability in,

367–368 controls in, 368–369 evaluation in, 370

certification and accreditation, 379–380 Common Criteria, 376–379

ITSEC classes, 375

rainbow series, 370, 373–375 TCSEC classes, 371–373

exam essentials for, 386–387 flaws and issues in, 380

covert channels, 380–381 design and coding, 381–384 electromagnetic radiation, 385 incremental attacks, 383–384

input and parameter checking, 382 maintenance hooks and privileged

programs, 383 programming, 384

timing, state changes, and communication disconnects, 384–385

information flow model, 348 IPSec in, 369–370 noninterference model, 348 objects and subjects in, 366–367 review questions, 388–393 state machine model, 344–345 summary, 385–386

Take-Grant model, 349

TCB in, 363–364

tokens, capabilities, and labels in, 364 security modes, 208, 326–327

security perimeter defined, 636 in TCB, 363

security policies, 4, 155, 636 security professional role, 153, 636

* (star) Security Property, 345, 347, 365, 592 security requirements in European Union privacy

law, 525

security roles, 153–154, 636 security through obscurity, 266

segmentation, hardware, 206, 340, 613 sendmail program, 109, 227

senior management, 153

in business continuity planning, 453 defined, 636

Sensitive classification, 139, 636

Sensitive but unclassified classification, 139, 636 sensitive information and media, 403–405 sensitivity adjustments for biometric devices, 10,

636 sensors, 571

separation of duties and responsibilities in access control, 21

defined, 636

in employment practices, 151

separation of privilege, 341, 636 Sequenced Packet Exchange (SPX), 62, 636 sequential storage, 193, 334–335, 637 Serial Line Internet Protocol (SLIP), 60,

85, 637 series layering, 136 server rooms, 567 servers

countermeasures on, 229 redundant, 88–89

Service Level Agreements (SLAs) in contracts, 454

defined, 637

for hardware, 580

issues addressed by, 208–209 service ports, 75

service-specific remote access technique, 86 services, network and protocol, 86–88 SESAME authentication mechanism, 637 session hijacking, 242, 637

Session layer, 62, 637

SET (Secure Electronic Transaction) protocol, 63, 84, 304, 635

setgid utility, 438 setuid utility, 438 sexual harassment, 434

SHA (Secure Hash Algorithm), 293, 635 shadow file, 232

Shamir, Adi, 289

shared secret encryption keys, 268 shielded twisted-pair (STP) wire, 66, 637 shoplifting, 544

shoulder surfing, 10, 566, 637 shrink-wrap license agreements, 519, 637 sign off letters, 165

signature-based filters, 229

signature detection method, 35, 224, 637 signatures, 294–295

in asymmetric key algorithms, 270 in biometric identification, 10, 637 defined, 606

DSS, 296

HMAC, 295–296

in message digests, 292

Simple Integrity Axiom (SI Axiom), 345, 347, 365, 637

Simple Key Management for Internet Protocols (SKIP) tool, 61, 84, 637

Simple Mail Transfer Protocol (SMTP) in Application layer, 63

in Data Link layer, 77 defined, 637

in WANs, 109

Simple Network Management Protocol (SNMP) in Application layer, 63

in Data Link layer, 77 for scans, 547

Simple Security Property (SS Property), 345, 365, 637

simplex session mode, 62 simulation tests, 497, 638

single loss expectancy (SLE), 162 defined, 638

in impact assessment, 458 single points of failure, 88–90

Single Sign On (SSO) mechanism, 14, 638 single state processing systems, 322, 638 single-use passwords, 8, 638

sites

alternative, 461, 486–489 selection, 565

SKIP (Simple Key Management for Internet Protocols) tool, 61, 84, 637

Skipjack algorithm, 274, 638 SLAs (Service Level Agreements)

in contracts, 454 defined, 637

for hardware, 580

issues addressed by, 208–209 SLE (single loss expectancy), 162

defined, 638

in impact assessment, 458

SLIP (Serial Line Internet Protocol), 60, 85, 637 smart cards, 572, 638

SMDS (Switched Multimegabit Data Services), 87, 107, 641

smoke actuated systems, 579 smoke damage, 580

SMP (symmetric multiprocessing), 320, 641 SMTP (Simple Mail Transfer Protocol)

in Application layer, 63 in Data Link layer, 77 defined, 637

in WANs, 109

Smurf attacks, 41–42, 42, 234–235, 235, 638 sniffer attacks, 44, 638

sniffing, 431–432, 638

SNMP (Simple Network Management Protocol) in Application layer, 63

in Data Link layer, 77 for scans, 547

snooping attacks, 44

social engineering, 9, 433, 638 defined, 638

in password attacks, 231

through voice communications, 113–114 sockets, 638

software confiscating, 550

copyrights for, 515 developing, 196

object-oriented programming, 197–198 programming languages in, 196–197

escrow arrangements for, 494–495 failures in, 484

software capability maturity model, 203–204 software IP encryption (SWIPE) protocol, 84, 638 SPA Anti-Piracy group, 520

spam, 639

spamming attacks, 44, 111, 639 spikes, 576, 639

spiral model, 203, 203 spoofing

with ARP, 118 defined, 639 in e-mail, 111 IP, 241–242

spoofing attacks, 43, 639 sprinklers, 579

SPX (Sequenced Packet Exchange), 62, 636 SQL (Structured Query Language), 62, 187, 640 SS Property (Simple Security Property), 345,

365, 637

SSH (Secure Shell), 305, 635

SSL (Secure Sockets Layer) protocol, 84 defined, 635

in Session layer, 62 for Web, 303 X.509 for, 298

SSO (Single Sign On) mechanism, 14, 638 standards, 155–156

for computer security, 512 defined, 639

star topology, 73, 73 state changes, 384–385 state laws, 509

state machine model, 344–345, 639 state packet-filtering firewalls, 639 stateful inspection firewalls, 79, 639 stateful NAT, 103–104

statements in business continuity planning of importance, 463

of organizational responsibility, 463–464 of priorities, 463

of urgency and timing, 464 states

defined, 639

process, 324–326, 326 static electricity, 577 static NAT, 76

static packet-filtering firewalls, 79

674 static passwords – TCP wrappers

static passwords, 8, 639 static RAM, 331

static tokens, 13, 639

statistical intrusion detection, 35 statistical sampling in auditing, 426 status accounting, configuration, 206 stealth viruses, 225, 639 steganography, 303–304, 639 stopped state, 325, 640

storage, 192

of backups, 493–494

in disaster recovery planning, 493–494 of media, 404

security for, 335 threats to, 193

types of, 192–193, 334–335 storms, 479–480

STP (shielded twisted-pair) wire, 66, 637 strategic plans, 167, 640

strategy development in business continuity planning, 459–460

stream attacks, 42, 640 stream ciphers, 265, 640 strikes, 484

strong passwords, 9, 640

structured protection (B2) systems, 372 Structured Query Language (SQL), 62, 187, 640 structured walk-through tests, 497, 640 sub-technologies, 69–70

subjects

in access, 2 defined, 640

in secure systems, 366–367 subpoenas, 550, 640

substitution ciphers, 263–264, 640 SUM function, 190

supervisor states, 324, 640

supervisory operating mode, 207, 329, 640 supplies in disaster recovery planning, 495 surge protectors, 576

surges, 576, 640

suspicious activity, 549–550

SVCs (switched virtual circuits), 87, 105, 641 SWIPE (software IP encryption) protocol, 84, 638 Switched Multimegabit Data Services (SMDS), 87,

107, 641

switched virtual circuits (SVCs), 87, 105, 641 switches, 81

in Data Link layer, 61 defined, 640

switching technologies, 104–105 symmetric cryptography, 271

AES, 275 Blowfish, 274

DES, 271–272

IDEA, 273–274

keys in, 267–268, 268, 275–277, 641 Skipjack, 274

Triple DES, 272–273

symmetric multiprocessing (SMP), 320, 641 SYN flood attacks, 41, 232–233, 233, 641 SYN packets, 75

synchronous communications, 69

Synchronous Data Link Control (SDLC) protocol defined, 641

polling in, 71

in WANs, 64, 88, 107

synchronous dynamic password tokens, 13, 641 system calls, 324, 641

system compromises, 547, 601 system development controls, 195

exam essentials for, 210–211

life cycles in. See life cycles in system development

review questions, 212–217

security control architecture, 206–208, 207 software development, 196–198

summary, 209

written lab for, 211, 218

system-high security mode, 208, 327, 641 system operating mode, 329

system test review, 200

T

table-top exercises, 497 tables in databases, 186, 641

TACACS (Terminal Access Controller Access Control System), 18, 86, 642

tactical plans, 167, 641

Tagged Image File Format (TIFF), 63 Take-Grant model, 349, 642

Target of Evaluation (TOE), 375 task-based access control, 642

TCB (trusted computing base), 363–364, 644 TCP (Transmission Control Protocol), 62, 74, 644 TCP/IP protocol, 73–74, 74

Data Link layer, 77 model, 63, 64 Network layer, 75–76 Transport layer, 75

TCP wrappers, 642

TCSEC (Trusted Computer System Evaluation Criteria) classes, 156, 371–373, 397

team selection in business continuity planning,

451–452

teardrop attacks, 42, 236, 236–237, 642 technical controls, 4, 565, 572–575, 642 technical protection mechanisms, 338–340 telecommuting, 86

telephone trees, 493 Telnet protocol, 63, 77 temperature, 577

TEMPEST (Transient Electromagnetic Pulse Equipment Shielding Techniques) devices, 318

combating, 574–575 defined, 642

monitors, 335–336, 432 10Base-2 cable, 65–66, 592 10Base-5 cable, 65–66, 592 10Base-T cable, 65–66, 592

Terminal Access Controller Access Control System (TACACS), 18, 86, 642

termination procedure policies, 152–153 termination process, 408

terrorist acts, 481–482 terrorist attacks, 544–545, 642 testimonial evidence, 528, 642 testing

in business continuity planning, 452, 465 in disaster recovery planning, 496–498 penetration. See penetration testing

TFN (Tribal Flood Network) toolkit, 234 TFTP (Trivial File Transfer Protocol), 63, 77 TGS (Ticket Granting Service), 15, 643 theft, 435, 485

thicknet cable, 65 thinnet cable, 65 threads, 321

threat agents, 158, 643 threat events, 158, 643

threats, 157–158, 434–437, 642 3–4–5 rule, 67–68

3DES (Triple DES) standard, 272–273, 644 throughput rate with biometric devices, 11, 643 Ticket Granting Service (TGS), 15, 643

tickets, 14–15, 643 Tier 3 countries, 520 Tier 4 countries, 521

TIFF (Tagged Image File Format), 63 time frames

auditing, 424

record retention, 426 reporting, 425–426

time-of-check (TOC), 384, 643

time-of-check-to-time-of-use (TOCTTOU) attacks, 239, 384, 643

time-of-use (TOU), 384, 643 time slices, 325, 643

timing as security flaw, 384–385

TLS (Transport Layer Security) protocol, 303 TOE (Target of Evaluation), 375

Token Ring, 60, 69, 643 tokens, 5, 13–14

in CSMA/CD, 71 defined, 643

in security models, 364 in Token Ring, 69

Top Secret classification, 138, 643 topologies, 71–73, 72–73, 643 tornadoes, 479

total risk, 166, 643

TOU (time-of-use), 384, 643 Tower of Hanoi strategy, 493–494

TPs (transformation procedures), 366 trade secrets, 518–519, 643 trademarks, 517, 643

traffic analysis, 429, 436, 643 training and education, 166

in business continuity planning, 452, 462 for crises, 486

defined, 608, 643

in disaster recovery planning, 496 on inappropriate activities, 434 for password attacks, 232

on safe computing, 396 on security awareness, 166

transactions, database, 188–189 transferring risk, 165, 643 transformation procedures (TPs), 366

Transient Electromagnetic Pulse Equipment Shielding Techniques (TEMPEST) devices, 318

combating, 574–575 defined, 642

monitors, 335–336, 432 transients, 576, 644

Transmission Control Protocol (TCP), 62, 74, 644 transmission error correction, 109, 644 transmission logging, 109, 644

transmission protection, 82

transparency in communications, 108, 644 transponder proximity readers, 572 Transport layer

defined, 644

in OSI model, 61–62 in TCP/IP, 75

Transport Layer Security (TLS) protocol, 303 transport mode in IPSec, 306, 644

transposition ciphers, 263, 644 trap doors, 239, 644

traverse mode noise, 576, 644 tree topology, 72, 72

trend analysis, 429, 436

Tribal Flood Network (TFN) toolkit, 234 triggers

in auditing, 422

in fire detection systems, 579

in motion detectors, 571–572, 594 Trinoo toolkit, 234

Triple DES (3DES) standard, 272–273, 644 Tripwire package, 224

Trivial File Transfer Protocol (TFTP), 63, 77 Trojan horses, 181, 226, 644

Tropical Prediction Center, 480 trust relationships, 227

Trusted Computer System Evaluation Criteria (TCSEC) classes, 156, 371–373, 397

trusted computing base (TCB), 363–364, 644 trusted paths, 363, 644

trusted recovery process, 381, 400, 644 trusts, 18, 644

tunnel mode, 306, 644 tunneling, 100–101, 645 turnstiles, 568, 569, 645 twisted-pair cabling, 66–67

two-factor authentication, 6, 39, 645 2DES (Double DES), 307

Type 1 authentication factor, 645 Type 1 errors, 10

Type 2 authentication factor, 645 Type 2 errors, 10

Type 3 authentication factor, 645

U

UCITA (Uniform Computer Information

Transactions Act), 520, 645 UDIs (unconstrained data items), 366

UDP (User Datagram Protocol), 62, 75, 646 Ultra effort, 255–256

Unclassified classification, 139, 645 unconstrained data items (UDIs), 366 unicast communications, 70, 645

Uniform Computer Information Transactions Act (UCITA), 520, 645

Unix operating system basics, 437–438 viruses in, 223

unshielded twisted-pair (UTP) wire, 66–67, 645 upper management, 154

UPSs (uninterruptible power supplies), 482,

575–576, 645

USA Patriot Act of 2001, 523, 645 user awareness training, 396

User Datagram Protocol (UDP), 62, 75, 646 user (end user) role, 154

user operating mode, 207, 328, 646 users

in access control, 21 defined, 646 enrollment of, 8, 19–20

remote user assistance for, 83 utilities

in disaster recovery planning, 495 failures in, 482–483

UTP (unshielded twisted-pair) wire, 66–67, 645

V

vacations, mandatory, 152, 620 validation phase in certification and

accreditation, 201 value of assets, 160–161, 456 Van Eck radiation, 336 vandalism, 485

VENONA project, 265 verification for certificates, 299

verification phase in certification and accreditation, 201

verified protection (A1) systems, 373 Vernam cipher, 646

views

for databases, 189 defined, 646

virtual circuits, 87, 105 virtual machines, 340, 646 virtual memory, 192, 333, 646

virtual private networks (VPNs), 100 defined, 646

implementing, 102 IPSec in, 369 operation of, 101–102 protocols for, 83–84 for TCP/IP, 74 tunneling in, 100–101

for wireless connectivity, 68 virtual storage, 192

virus decryption routines, 225 viruses, 181, 221

antivirus management, 396–397 antivirus mechanisms, 224 defined, 646

definition files for, 224, 397 e-mail, 111

hoaxes, 225–226 platforms for, 223

propagation techniques, 221–223 technologies for, 224–226

visibility for physical security, 565–566 visitors, 567

vital records program, 464 voice communications, 113–115 Voice over IP (VoIP), 113, 646 voice patterns, 10, 646

volatile storage, 193, 334, 646 voluntary surrender, 647

VPNs. See virtual private networks (VPNs) vulnerabilities, 158

defined, 647

in distributed architecture, 342 vulnerability scanners, 36, 647 vulnerability scans, 240–241, 647

W

waiting state, 325, 647 walls, 567

WANs (wide area networks) defined, 647

vs. LANs, 64 technologies for, 105–108

war dialing, 431, 647 warm sites, 488, 647 warm-swappable RAID, 90 warning banners, 428, 647 waste of resources, 434 water leakage, 577–578

water suppression systems, 579 waterfall model, 202–203, 202 wave pattern motion detectors, 571 weather forecasts, 480

Web, cryptography for, 303–304 web of trust concept, 301 well-known ports, 75, 647

WEP (Wired Equivalency Protocol), 307, 647 wet pipe systems, 579, 647

white boxes, 115

white noise for TEMPEST, 574–575

wide area networks (WANs) defined, 647

vs. LANs, 64 technologies for, 105–108

wildfires, 480

WinNuke attacks, 42, 647

WIPO (World Intellectual Property Organization) treaties, 516

Wired Equivalency Protocol (WEP), 307, 647 wireless networking, 68, 306–307

work areas, 566–567 workgroup recovery, 486 workplace privacy, 524 works for hire, 515

workstation and location changes, 398

World Intellectual Property Organization (WIPO) treaties, 516

worms, 182, 227–228 defined, 647

in e-mail, 111 wrappers

in TCP, 74

in tunneling, 101 written labs

attacks, 245, 252 cryptography, 279, 286

Disaster Recovery Planning, 499, 506 laws, 532, 539

system development controls, 211, 218

X

X.25 protocol, 87 defined, 647

packet switching in, 64 WAN connections, 107 X.509 standards, 297–298

X Window API, 77 Xbox Trojan horses, 226

XOR operations, 260–261, 647

XTACACS (Extended Terminal Access Controller Access Control System), 86

Z

Zephyr charts, 11–13, 12 zero knowledge teams, 430 Zimmerman, Phil, 274, 301