Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   
blank
Авторизация

       
blank
Поиск по указателям

blank
blank
blank
Красота
blank
Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure
Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure

Читать книгу
бесплатно

Скачать книгу с нашего сайта нельзя

Обсудите книгу на научном форуме



Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter


Название: Inside Network Security Assessment: Guarding your IT Infrastructure

Авторы: Gregg M., Kim D.

Аннотация:

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessments: A Brick by Brick Approach to Securing a Network Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. The supporting website will also provide you with access to a variety of tools, checklists, and templates to make your job even easier. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.


Язык: en

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2005

Количество страниц: 336

Добавлена в каталог: 20.08.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
blank
Предметный указатель
802.1x authentication      
AAA      [See authentication authorization and
acceptable risk      
acceptable risk, defined      
Acceptable Use Policies      [See AUPs]
accepting risk      
accepting risk, defined      
Access control      [See authorization]
access creep      
access creep, defined      
access options and controls form template      2nd
access stage of attacks      2nd
account lockouts      
account lockouts, defined      
account management      
account management, reviewing documentation      2nd
Accountability      [See also responsibility assignments]
accountability, defined      2nd
accountability, LAN areas      
accountability, LAN-to-WAN areas      
accountability, overview of      2nd
accountability, remote access areas      
accountability, systems/applications areas      
accountability, WAN areas      
accountability, workstation areas      
accounting      
accounting, legal issues      [See Sarbanes-Oxley Act]
Accreditation      
accreditation, defined      
ACK scans      
ACLs (access control lists)      
ACLs (Access Control Lists), defined      
active fingerprinting      
active fingerprinting, defined      
acts of God      
acts of God, defined      
administrative information for scope definition      
Advanced Encryption Standard      [See AES (Advanced Encryption Standard)]
advisory documents      
adware      
adware, defined      
adware, threat from      
AES (Advanced Encryption Standard)      2nd
AFSCM 375-1      
Aircrack      
Aireplay      
Airodump      
ALE (annualized loss expectancy)      
ALE (annualized loss expectancy), calculating      2nd
ALE (Annualized Loss Expectancy), defined      
ALE (Annualized Loss Expectancy), purpose of      
Analysis      
analysis report sections      
analysis sections of final reports      2nd 3rd
analysis, gap analysis      
analysis, preparing for final reports      2nd
Analysts      
analysts, role in assessments      
annualized loss expectancy      [See ALE]
annualized rate of occurrence (ARO)      
annualized rate of occurrence (ARO), calculating      
appendices report sections      
application attacks      
application systems      
application systems, asset nature of      
application-level scanners      
architecture, security      [See IT security architecture and framework]
archived Web content      
archived Web content, information-gathering with      
ARO (annualized rate of occurrence)      
ARO (annualized rate of occurrence), calculating      
ARO (Annualized Rate of Occurrence), defined      
ARO (Annualized Rate of Occurrence), importance of      
assessment process overview      2nd 3rd
assessment teams      
assessment teams, personality types for      
assessment teams, scope definition      2nd 3rd
assessment teams, staffing      2nd 3rd
assessment tools      
assessment tools, automated exploit tools      2nd
assessment tools, brains as      
assessment tools, CANVAS      
assessment tools, categories of      
assessment tools, choosing from      2nd
assessment tools, Core IMPACT      
assessment tools, disruption factor      
assessment tools, enumeration tools      2nd 3rd
assessment tools, information-gathering      [See information-gathering tools]
assessment tools, managing information from      
assessment tools, Metasploit      
assessment tools, password auditing tools      2nd 3rd
assessment tools, platform issues      
assessment tools, scanning tools      2nd 3rd 4th 5th 6th
assessment tools, vulnerability scanning      [See vulnerability scanning tools]
assessment tools, Web site rippers      
assessment tools, wireless tools      2nd 3rd
assessments      [See network vulnerability assessments] [See risk assessments]
assessments, audits compared to      
assessments, defined      
asset valuation approach to assessments      
asset valuation approach to assessments, importance of      2nd
asset valuation approach to assessments, qualitative valuations      
asset valuation approach to assessments, quantitative valuations      
assets      
assets, application systems      
assets, backup systems      
assets, defined      2nd
assets, documentation as      
assets, intellectual property      
assets, inventorying      
assets, network hardware and software      
assets, operating systems      
assets, policy design based on      
assets, security systems      
assets, server systems      
assets, telecommunication systems      
assets, types of      2nd
assets, valuations of      
assets, workstations      
asynchronous password tokens      
attackers      
attackers, black hat hackers      
attackers, commercial marketers as      
attackers, coordinated attacks      2nd 3rd
attackers, crackers      
attackers, cyber-terrorists/criminals      
attackers, data collection stage of attacks      2nd 3rd
attackers, defined      
attackers, direct attacks      2nd 3rd
attackers, disgruntled employees      
attackers, easiness assessment      
attackers, employees as      
attackers, goals of      2nd 3rd
attackers, greatest threats      
attackers, hackers      [See hackers]
attackers, importance of understanding      
attackers, indirect attacks      2nd
attackers, internal v. external      
attackers, motivations of      2nd 3rd
attackers, payoff assessment      
attackers, phreakers      
attackers, privilege escalation by      2nd 3rd 4th
attackers, program crackers      
attackers, reconnaissance by      2nd 3rd 4th 5th 6th
attackers, risk analysis by      2nd
attackers, Sasser worm, motivation for      2nd
attackers, script kiddies      
attackers, security bulletins, monitoring of      
attackers, security defects      
attackers, security limits      
attackers, software vulnerabilities      
attackers, structuring of attacks      2nd
attackers, summary      2nd
attackers, system crackers      
attackers, target selection      2nd 3rd 4th 5th
attackers, tools used by      [See hacking tools]
attackers, types of      2nd 3rd
attackers, types of attacks      2nd
attackers, unstructured attacks      2nd
attackers, visibility assessment      
attackers, vulnerabity identification by      2nd 3rd
attackers, whackers      
attackers, white hat hackers      
Attacks      
attacks, access stage      2nd
attacks, application      
attacks, authentication      
attacks, botnets      
attacks, coordinated attacks      2nd 3rd
attacks, countering      [See countermeasures]
attacks, critical security breach examples      
attacks, data collection stage      2nd 3rd
attacks, data modification by      
attacks, database      
attacks, DDoS      
attacks, direct attacks      2nd 3rd
attacks, escalation stage      2nd 3rd 4th
attacks, indirect attacks      2nd
attacks, malformed data attacks      2nd
attacks, malware      
attacks, passwords, methods for obtaining      
attacks, phishing      
attacks, Ping of Death      2nd
attacks, reconnaissance stage      2nd 3rd 4th 5th 6th
attacks, responding to      2nd
attacks, results of      2nd
attacks, risk reduction techniques      
attacks, Sasser worm      
attacks, Smurf attacks      2nd
attacks, stages of      2nd
attacks, summary      2nd
attacks, SYN flood attacks      2nd
attacks, unstructured attacks      2nd
audit controls form template      
auditors, security      
auditors, security, security auditors      
audits      
audits, assessments compared to      
audits, defined      2nd
AUPs (Acceptable Use Policies)      
AUPs (Acceptable Use Policies), defined      
AUPs (Acceptable Use Policies), internal attackers, thwarting with      
AUPs (Acceptable Use Policies), purpose of      
Authentication      
authentication attacks      
authentication, 802.1x      
authentication, biometrics for      2nd
authentication, defined      2nd
authentication, devices for      
authentication, EAP      
authentication, encryption for      
authentication, one-time passwords      
authentication, passwords for      2nd
authentication, servers, synchronization to      
authentication, technical controls documentation      2nd
authentication, tokens      2nd
authentication, two-factor authentication      
authentication, types of objects for      
authority-based social engineering      
Authorization      
authorization, DAC      2nd
authorization, defined      
authorization, MAC      2nd
authorization, overview of      2nd
authorization, RBAC      2nd
automated exploit tools      2nd
Availability      
availability, defined      
availability, disaster recovery as      
availability, DoS attacks on      2nd
availability, examples of      
availability, importance of      
avoiding risk      
avoiding risk, defined      
AVs (Asset Values)      
AVs (Asset Values), defined      
awareness      
awareness, defined      
backup systems      
backup systems, asset nature of      
Backups      
backups, availability issues      
backups, confidentiality of      
banking      
banking security law      [See GLBA]
banking, GLBA requirements      2nd
banners      
banners, minimalization as countermeasure      
banners, use by attackers      
banners, Web site      
banners, Web site, information-gathering with      2nd
base64      
base64, defined      
Basic Elements of the Risk Assessment Process GAO 00-33      
Basic Elements of the Risk Assessment Process GAO 00-33, urls for      
BCP (business continuity planning)      
BCP (business continuity planning), purpose of      
BCPs      [See Business Continuity Plans]
Bell-LaPadula model      
Bell-LaPadula model, defined      2nd
beta testing      
beta testing, purpose of      
BIA (business impact analysis)      
BIA (business impact analysis), criticality compared to      
BIA (business impact analysis), defined      
Biba model      
Biba model, defined      
biometric authentication      2nd
black hat hackers      
black hat hackers, defined      
Blackwidow Pro      
botnets      
botnets, defined      
bottom-up approach to risk assessment      2nd
brute force password attacks      
buffer overflows      
buffer overflows, defined      
business continuity planning      
business continuity planning, defined      
Business Continuity Plans (BCPs)      
Business Continuity Plans (BCPs), purpose of      
business impact analysis      [See BIA (business impact analysis)]
Cain      
Cain and Abe      
Canadian government agency security law      [See MITS]
Canadian Management of Information Security Standard      [See MITS]
Canvas      
CardSystems Solutions credit card theft case      
Carnegie Mellon CERT      
Carnegie Mellon CERT, url for      
catastrophic damage      
catastrophic damage, defined      
catastrophic damage, DRPs for      [See Disaster Recovery Plans]
categories of policy control, table of      
CC (Common Criteria)      
CC (Common Criteria), urls for      
CER (crossover error rate)      2nd
CERT (Computer Emergency Response Team)      
CERT (Computer Emergency Response Team), statistics compiled by      2nd
CERT (Computer Emergency Response Team), vulnerability documentation list      
1 2 3 4 5 6 7
blank
Реклама
blank
blank
HR
@Mail.ru
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2017
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте