CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)
.pdfS-HTTP (Secure HTTP) – security models |
671 |
S
S-HTTP (Secure HTTP), 303, 635
S/MIME (Secure Multipurpose Internet Mail Extensions) protocol, 84, 111, 302, 635
S-RPC (Secure Remote Procedure Call), 63, 84, 635
sabotage, 435
safe computing, 396
safe harbor sites, 525–526 safeguards, 158
calculating, 162–163 defined, 634
in distributed architecture, 343–344 safety
of people, 460, 575
in physical security, 575–580 sags, 576, 634
salami attacks, 384, 634 sampling in auditing, 426, 634 sandbox concept, 184, 229, 634 sanitation of media, 405, 634
SAs (security associations), 370, 635 scalability in symmetric key algorithms, 268 scanning attacks, 240–241, 547, 634 scavenging, 432–433, 634
schemas, database, 187, 634 Schneier, Bruce, 274 screened hosts, 80
screening job candidates, 151–152 script kiddies, 220, 545
scripted access, 634
SDLC (Synchronous Data Link Control) protocol defined, 641
polling in, 71
in WANs, 64, 88, 107 search warrants, 529, 550, 635 second-tier attacks, 117, 635 secondary evidence, 528, 635
secondary memory, 332–333, 635 secondary storage, 192, 334, 635 Secret classification, 139, 635
Secure Electronic Transaction (SET) protocol, 63, 84, 304, 635
secure facility plans, 565
Secure Hash Algorithm (SHA), 293, 635 Secure HTTP (S-HTTP), 303, 635
Secure Multipurpose Internet Mail Extensions (S/MIME) protocol, 84, 111, 302, 635
Secure Remote Procedure Call (S-RPC), 63, 84, 635
Secure Shell (SSH), 305, 635
Secure Sockets Layer (SSL) protocol, 84 defined, 635
in Session layer, 62 for Web, 303 X.509 for, 298
security associations (SAs), 370, 635 security awareness training, 166 security clearances, 152
security control architecture, 206–208 abstraction in, 208
protection rings in, 206–207, 207 security modes in, 208
service level agreements in, 208–209 security control types, 405–406 security domain (B3) systems, 372 security guards, 569–570
security IDs, 570, 636 security kernel, 207
defined, 636
in TCB, 363–364 security labels, 16, 636 security management, 130
accountability in, 135 auditing in, 135 authentication in, 134 authorization in, 134 availability in, 132–133 change control in, 137 confidentiality in, 130–131 data classification in, 138–139 exam essentials for, 141–142 identification in, 133–134 integrity in, 131–132 nonrepudiation in, 135 planning, 167
privacy in, 133
protection mechanisms in, 135–137 review questions, 143–148 summary, 140–141
security models, 344, 362
access control matrices, 349–350 Bell-LaPadula model, 345–346, 345, 365
Biba model, 346–347, 348, 365–366
Brewer and Nash model, 350 certification in, 362–363 Clark-Wilson model, 347–348, 366 classifying and comparing, 350–351 closed and open systems, 367
confidentiality, integrity, and availability in,
367–368 controls in, 368–369 evaluation in, 370
672 security modes – Simple Mail Transfer Protocol (SMTP)
certification and accreditation, 379–380 Common Criteria, 376–379
ITSEC classes, 375
rainbow series, 370, 373–375 TCSEC classes, 371–373
exam essentials for, 386–387 flaws and issues in, 380
covert channels, 380–381 design and coding, 381–384 electromagnetic radiation, 385 incremental attacks, 383–384
input and parameter checking, 382 maintenance hooks and privileged
programs, 383 programming, 384
timing, state changes, and communication disconnects, 384–385
information flow model, 348 IPSec in, 369–370 noninterference model, 348 objects and subjects in, 366–367 review questions, 388–393 state machine model, 344–345 summary, 385–386
Take-Grant model, 349
TCB in, 363–364
tokens, capabilities, and labels in, 364 security modes, 208, 326–327
security perimeter defined, 636 in TCB, 363
security policies, 4, 155, 636 security professional role, 153, 636
* (star) Security Property, 345, 347, 365, 592 security requirements in European Union privacy
law, 525
security roles, 153–154, 636 security through obscurity, 266
segmentation, hardware, 206, 340, 613 sendmail program, 109, 227
senior management, 153
in business continuity planning, 453 defined, 636
Sensitive classification, 139, 636
Sensitive but unclassified classification, 139, 636 sensitive information and media, 403–405 sensitivity adjustments for biometric devices, 10,
636 sensors, 571
separation of duties and responsibilities in access control, 21
defined, 636
in employment practices, 151
separation of privilege, 341, 636 Sequenced Packet Exchange (SPX), 62, 636 sequential storage, 193, 334–335, 637 Serial Line Internet Protocol (SLIP), 60,
85, 637 series layering, 136 server rooms, 567 servers
countermeasures on, 229 redundant, 88–89
Service Level Agreements (SLAs) in contracts, 454
defined, 637
for hardware, 580
issues addressed by, 208–209 service ports, 75
service-specific remote access technique, 86 services, network and protocol, 86–88 SESAME authentication mechanism, 637 session hijacking, 242, 637
Session layer, 62, 637
SET (Secure Electronic Transaction) protocol, 63, 84, 304, 635
setgid utility, 438 setuid utility, 438 sexual harassment, 434
SHA (Secure Hash Algorithm), 293, 635 shadow file, 232
Shamir, Adi, 289
shared secret encryption keys, 268 shielded twisted-pair (STP) wire, 66, 637 shoplifting, 544
shoulder surfing, 10, 566, 637 shrink-wrap license agreements, 519, 637 sign off letters, 165
signature-based filters, 229
signature detection method, 35, 224, 637 signatures, 294–295
in asymmetric key algorithms, 270 in biometric identification, 10, 637 defined, 606
DSS, 296
HMAC, 295–296
in message digests, 292
Simple Integrity Axiom (SI Axiom), 345, 347, 365, 637
Simple Key Management for Internet Protocols (SKIP) tool, 61, 84, 637
Simple Mail Transfer Protocol (SMTP) in Application layer, 63
in Data Link layer, 77 defined, 637
in WANs, 109
Simple Network Management Protocol (SNMP) – static packet-filtering firewalls |
673 |
Simple Network Management Protocol (SNMP) in Application layer, 63
in Data Link layer, 77 for scans, 547
Simple Security Property (SS Property), 345, 365, 637
simplex session mode, 62 simulation tests, 497, 638
single loss expectancy (SLE), 162 defined, 638
in impact assessment, 458 single points of failure, 88–90
Single Sign On (SSO) mechanism, 14, 638 single state processing systems, 322, 638 single-use passwords, 8, 638
sites
alternative, 461, 486–489 selection, 565
SKIP (Simple Key Management for Internet Protocols) tool, 61, 84, 637
Skipjack algorithm, 274, 638 SLAs (Service Level Agreements)
in contracts, 454 defined, 637
for hardware, 580
issues addressed by, 208–209 SLE (single loss expectancy), 162
defined, 638
in impact assessment, 458
SLIP (Serial Line Internet Protocol), 60, 85, 637 smart cards, 572, 638
SMDS (Switched Multimegabit Data Services), 87, 107, 641
smoke actuated systems, 579 smoke damage, 580
SMP (symmetric multiprocessing), 320, 641 SMTP (Simple Mail Transfer Protocol)
in Application layer, 63 in Data Link layer, 77 defined, 637
in WANs, 109
Smurf attacks, 41–42, 42, 234–235, 235, 638 sniffer attacks, 44, 638
sniffing, 431–432, 638
SNMP (Simple Network Management Protocol) in Application layer, 63
in Data Link layer, 77 for scans, 547
snooping attacks, 44
social engineering, 9, 433, 638 defined, 638
in password attacks, 231
through voice communications, 113–114 sockets, 638
software confiscating, 550
copyrights for, 515 developing, 196
object-oriented programming, 197–198 programming languages in, 196–197
escrow arrangements for, 494–495 failures in, 484
software capability maturity model, 203–204 software IP encryption (SWIPE) protocol, 84, 638 SPA Anti-Piracy group, 520
spam, 639
spamming attacks, 44, 111, 639 spikes, 576, 639
spiral model, 203, 203 spoofing
with ARP, 118 defined, 639 in e-mail, 111 IP, 241–242
spoofing attacks, 43, 639 sprinklers, 579
SPX (Sequenced Packet Exchange), 62, 636 SQL (Structured Query Language), 62, 187, 640 SS Property (Simple Security Property), 345,
365, 637
SSH (Secure Shell), 305, 635
SSL (Secure Sockets Layer) protocol, 84 defined, 635
in Session layer, 62 for Web, 303 X.509 for, 298
SSO (Single Sign On) mechanism, 14, 638 standards, 155–156
for computer security, 512 defined, 639
star topology, 73, 73 state changes, 384–385 state laws, 509
state machine model, 344–345, 639 state packet-filtering firewalls, 639 stateful inspection firewalls, 79, 639 stateful NAT, 103–104
statements in business continuity planning of importance, 463
of organizational responsibility, 463–464 of priorities, 463
of urgency and timing, 464 states
defined, 639
process, 324–326, 326 static electricity, 577 static NAT, 76
static packet-filtering firewalls, 79
674 static passwords – TCP wrappers
static passwords, 8, 639 static RAM, 331
static tokens, 13, 639
statistical intrusion detection, 35 statistical sampling in auditing, 426 status accounting, configuration, 206 stealth viruses, 225, 639 steganography, 303–304, 639 stopped state, 325, 640
storage, 192
of backups, 493–494
in disaster recovery planning, 493–494 of media, 404
security for, 335 threats to, 193
types of, 192–193, 334–335 storms, 479–480
STP (shielded twisted-pair) wire, 66, 637 strategic plans, 167, 640
strategy development in business continuity planning, 459–460
stream attacks, 42, 640 stream ciphers, 265, 640 strikes, 484
strong passwords, 9, 640
structured protection (B2) systems, 372 Structured Query Language (SQL), 62, 187, 640 structured walk-through tests, 497, 640 sub-technologies, 69–70
subjects
in access, 2 defined, 640
in secure systems, 366–367 subpoenas, 550, 640
substitution ciphers, 263–264, 640 SUM function, 190
supervisor states, 324, 640
supervisory operating mode, 207, 329, 640 supplies in disaster recovery planning, 495 surge protectors, 576
surges, 576, 640
suspicious activity, 549–550
SVCs (switched virtual circuits), 87, 105, 641 SWIPE (software IP encryption) protocol, 84, 638 Switched Multimegabit Data Services (SMDS), 87,
107, 641
switched virtual circuits (SVCs), 87, 105, 641 switches, 81
in Data Link layer, 61 defined, 640
switching technologies, 104–105 symmetric cryptography, 271
AES, 275 Blowfish, 274
DES, 271–272
IDEA, 273–274
keys in, 267–268, 268, 275–277, 641 Skipjack, 274
Triple DES, 272–273
symmetric multiprocessing (SMP), 320, 641 SYN flood attacks, 41, 232–233, 233, 641 SYN packets, 75
synchronous communications, 69
Synchronous Data Link Control (SDLC) protocol defined, 641
polling in, 71
in WANs, 64, 88, 107
synchronous dynamic password tokens, 13, 641 system calls, 324, 641
system compromises, 547, 601 system development controls, 195
exam essentials for, 210–211
life cycles in. See life cycles in system development
review questions, 212–217
security control architecture, 206–208, 207 software development, 196–198
summary, 209
written lab for, 211, 218
system-high security mode, 208, 327, 641 system operating mode, 329
system test review, 200
T
table-top exercises, 497 tables in databases, 186, 641
TACACS (Terminal Access Controller Access Control System), 18, 86, 642
tactical plans, 167, 641
Tagged Image File Format (TIFF), 63 Take-Grant model, 349, 642
Target of Evaluation (TOE), 375 task-based access control, 642
TCB (trusted computing base), 363–364, 644 TCP (Transmission Control Protocol), 62, 74, 644 TCP/IP protocol, 73–74, 74
Data Link layer, 77 model, 63, 64 Network layer, 75–76 Transport layer, 75
TCP wrappers, 642
TCSEC classes – transport mode in IPSec 675
TCSEC (Trusted Computer System Evaluation Criteria) classes, 156, 371–373, 397
team selection in business continuity planning,
451–452
teardrop attacks, 42, 236, 236–237, 642 technical controls, 4, 565, 572–575, 642 technical protection mechanisms, 338–340 telecommuting, 86
telephone trees, 493 Telnet protocol, 63, 77 temperature, 577
TEMPEST (Transient Electromagnetic Pulse Equipment Shielding Techniques) devices, 318
combating, 574–575 defined, 642
monitors, 335–336, 432 10Base-2 cable, 65–66, 592 10Base-5 cable, 65–66, 592 10Base-T cable, 65–66, 592
Terminal Access Controller Access Control System (TACACS), 18, 86, 642
termination procedure policies, 152–153 termination process, 408
terrorist acts, 481–482 terrorist attacks, 544–545, 642 testimonial evidence, 528, 642 testing
in business continuity planning, 452, 465 in disaster recovery planning, 496–498 penetration. See penetration testing
TFN (Tribal Flood Network) toolkit, 234 TFTP (Trivial File Transfer Protocol), 63, 77 TGS (Ticket Granting Service), 15, 643 theft, 435, 485
thicknet cable, 65 thinnet cable, 65 threads, 321
threat agents, 158, 643 threat events, 158, 643
threats, 157–158, 434–437, 642 3–4–5 rule, 67–68
3DES (Triple DES) standard, 272–273, 644 throughput rate with biometric devices, 11, 643 Ticket Granting Service (TGS), 15, 643
tickets, 14–15, 643 Tier 3 countries, 520 Tier 4 countries, 521
TIFF (Tagged Image File Format), 63 time frames
auditing, 424
record retention, 426 reporting, 425–426
time-of-check (TOC), 384, 643
time-of-check-to-time-of-use (TOCTTOU) attacks, 239, 384, 643
time-of-use (TOU), 384, 643 time slices, 325, 643
timing as security flaw, 384–385
TLS (Transport Layer Security) protocol, 303 TOE (Target of Evaluation), 375
Token Ring, 60, 69, 643 tokens, 5, 13–14
in CSMA/CD, 71 defined, 643
in security models, 364 in Token Ring, 69
Top Secret classification, 138, 643 topologies, 71–73, 72–73, 643 tornadoes, 479
total risk, 166, 643
TOU (time-of-use), 384, 643 Tower of Hanoi strategy, 493–494
TPs (transformation procedures), 366 trade secrets, 518–519, 643 trademarks, 517, 643
traffic analysis, 429, 436, 643 training and education, 166
in business continuity planning, 452, 462 for crises, 486
defined, 608, 643
in disaster recovery planning, 496 on inappropriate activities, 434 for password attacks, 232
on safe computing, 396 on security awareness, 166
transactions, database, 188–189 transferring risk, 165, 643 transformation procedures (TPs), 366
Transient Electromagnetic Pulse Equipment Shielding Techniques (TEMPEST) devices, 318
combating, 574–575 defined, 642
monitors, 335–336, 432 transients, 576, 644
Transmission Control Protocol (TCP), 62, 74, 644 transmission error correction, 109, 644 transmission logging, 109, 644
transmission protection, 82
transparency in communications, 108, 644 transponder proximity readers, 572 Transport layer
defined, 644
in OSI model, 61–62 in TCP/IP, 75
Transport Layer Security (TLS) protocol, 303 transport mode in IPSec, 306, 644
676 transposition ciphers – virtual storage
transposition ciphers, 263, 644 trap doors, 239, 644
traverse mode noise, 576, 644 tree topology, 72, 72
trend analysis, 429, 436
Tribal Flood Network (TFN) toolkit, 234 triggers
in auditing, 422
in fire detection systems, 579
in motion detectors, 571–572, 594 Trinoo toolkit, 234
Triple DES (3DES) standard, 272–273, 644 Tripwire package, 224
Trivial File Transfer Protocol (TFTP), 63, 77 Trojan horses, 181, 226, 644
Tropical Prediction Center, 480 trust relationships, 227
Trusted Computer System Evaluation Criteria (TCSEC) classes, 156, 371–373, 397
trusted computing base (TCB), 363–364, 644 trusted paths, 363, 644
trusted recovery process, 381, 400, 644 trusts, 18, 644
tunnel mode, 306, 644 tunneling, 100–101, 645 turnstiles, 568, 569, 645 twisted-pair cabling, 66–67
two-factor authentication, 6, 39, 645 2DES (Double DES), 307
Type 1 authentication factor, 645 Type 1 errors, 10
Type 2 authentication factor, 645 Type 2 errors, 10
Type 3 authentication factor, 645
U
UCITA (Uniform Computer Information
Transactions Act), 520, 645 UDIs (unconstrained data items), 366
UDP (User Datagram Protocol), 62, 75, 646 Ultra effort, 255–256
Unclassified classification, 139, 645 unconstrained data items (UDIs), 366 unicast communications, 70, 645
Uniform Computer Information Transactions Act (UCITA), 520, 645
Unix operating system basics, 437–438 viruses in, 223
unshielded twisted-pair (UTP) wire, 66–67, 645 upper management, 154
UPSs (uninterruptible power supplies), 482,
575–576, 645
USA Patriot Act of 2001, 523, 645 user awareness training, 396
User Datagram Protocol (UDP), 62, 75, 646 user (end user) role, 154
user operating mode, 207, 328, 646 users
in access control, 21 defined, 646 enrollment of, 8, 19–20
remote user assistance for, 83 utilities
in disaster recovery planning, 495 failures in, 482–483
UTP (unshielded twisted-pair) wire, 66–67, 645
V
vacations, mandatory, 152, 620 validation phase in certification and
accreditation, 201 value of assets, 160–161, 456 Van Eck radiation, 336 vandalism, 485
VENONA project, 265 verification for certificates, 299
verification phase in certification and accreditation, 201
verified protection (A1) systems, 373 Vernam cipher, 646
views
for databases, 189 defined, 646
virtual circuits, 87, 105 virtual machines, 340, 646 virtual memory, 192, 333, 646
virtual private networks (VPNs), 100 defined, 646
implementing, 102 IPSec in, 369 operation of, 101–102 protocols for, 83–84 for TCP/IP, 74 tunneling in, 100–101
for wireless connectivity, 68 virtual storage, 192
virus decryption routines – Zimmerman, Phil |
677 |
virus decryption routines, 225 viruses, 181, 221
antivirus management, 396–397 antivirus mechanisms, 224 defined, 646
definition files for, 224, 397 e-mail, 111
hoaxes, 225–226 platforms for, 223
propagation techniques, 221–223 technologies for, 224–226
visibility for physical security, 565–566 visitors, 567
vital records program, 464 voice communications, 113–115 Voice over IP (VoIP), 113, 646 voice patterns, 10, 646
volatile storage, 193, 334, 646 voluntary surrender, 647
VPNs. See virtual private networks (VPNs) vulnerabilities, 158
defined, 647
in distributed architecture, 342 vulnerability scanners, 36, 647 vulnerability scans, 240–241, 647
W
waiting state, 325, 647 walls, 567
WANs (wide area networks) defined, 647
vs. LANs, 64 technologies for, 105–108
war dialing, 431, 647 warm sites, 488, 647 warm-swappable RAID, 90 warning banners, 428, 647 waste of resources, 434 water leakage, 577–578
water suppression systems, 579 waterfall model, 202–203, 202 wave pattern motion detectors, 571 weather forecasts, 480
Web, cryptography for, 303–304 web of trust concept, 301 well-known ports, 75, 647
WEP (Wired Equivalency Protocol), 307, 647 wet pipe systems, 579, 647
white boxes, 115
white noise for TEMPEST, 574–575
wide area networks (WANs) defined, 647
vs. LANs, 64 technologies for, 105–108
wildfires, 480
WinNuke attacks, 42, 647
WIPO (World Intellectual Property Organization) treaties, 516
Wired Equivalency Protocol (WEP), 307, 647 wireless networking, 68, 306–307
work areas, 566–567 workgroup recovery, 486 workplace privacy, 524 works for hire, 515
workstation and location changes, 398
World Intellectual Property Organization (WIPO) treaties, 516
worms, 182, 227–228 defined, 647
in e-mail, 111 wrappers
in TCP, 74
in tunneling, 101 written labs
attacks, 245, 252 cryptography, 279, 286
Disaster Recovery Planning, 499, 506 laws, 532, 539
system development controls, 211, 218
X
X.25 protocol, 87 defined, 647
packet switching in, 64 WAN connections, 107 X.509 standards, 297–298
X Window API, 77 Xbox Trojan horses, 226
XOR operations, 260–261, 647
XTACACS (Extended Terminal Access Controller Access Control System), 86
Z
Zephyr charts, 11–13, 12 zero knowledge teams, 430 Zimmerman, Phil, 274, 301