|
|
 |
| Авторизация |
|
|
|
| Поиск по указателям |
|
|
|
|
|
|
|
 |
|
|
|
| Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure |
|
|
|
| Предметный указатель |
802.1x authentication
AAA [See authentication authorization and
acceptable risk
acceptable risk, defined
Acceptable Use Policies [See AUPs]
accepting risk
accepting risk, defined
Access control [See authorization]
access creep
access creep, defined
access options and controls form template 2nd
access stage of attacks 2nd
account lockouts
account lockouts, defined
account management
account management, reviewing documentation 2nd
Accountability [See also responsibility assignments]
accountability, defined 2nd
accountability, LAN areas
accountability, LAN-to-WAN areas
accountability, overview of 2nd
accountability, remote access areas
accountability, systems/applications areas
accountability, WAN areas
accountability, workstation areas
accounting
accounting, legal issues [See Sarbanes-Oxley Act]
Accreditation
accreditation, defined
ACK scans
ACLs (access control lists)
ACLs (Access Control Lists), defined
active fingerprinting
active fingerprinting, defined
acts of God
acts of God, defined
administrative information for scope definition
Advanced Encryption Standard [See AES (Advanced Encryption Standard)]
advisory documents
adware
adware, defined
adware, threat from
AES (Advanced Encryption Standard) 2nd
AFSCM 375-1
Aircrack
Aireplay
Airodump
ALE (annualized loss expectancy)
ALE (annualized loss expectancy), calculating 2nd
ALE (Annualized Loss Expectancy), defined
ALE (Annualized Loss Expectancy), purpose of
Analysis
analysis report sections
analysis sections of final reports 2nd 3rd
analysis, gap analysis
analysis, preparing for final reports 2nd
Analysts
analysts, role in assessments
annualized loss expectancy [See ALE]
annualized rate of occurrence (ARO)
annualized rate of occurrence (ARO), calculating
appendices report sections
application attacks
application systems
application systems, asset nature of
application-level scanners
architecture, security [See IT security architecture and framework]
archived Web content
archived Web content, information-gathering with
ARO (annualized rate of occurrence)
ARO (annualized rate of occurrence), calculating
ARO (Annualized Rate of Occurrence), defined
ARO (Annualized Rate of Occurrence), importance of
assessment process overview 2nd 3rd
assessment teams
assessment teams, personality types for
assessment teams, scope definition 2nd 3rd
assessment teams, staffing 2nd 3rd
assessment tools
assessment tools, automated exploit tools 2nd
assessment tools, brains as
assessment tools, CANVAS
assessment tools, categories of
assessment tools, choosing from 2nd
assessment tools, Core IMPACT
assessment tools, disruption factor
assessment tools, enumeration tools 2nd 3rd
assessment tools, information-gathering [See information-gathering tools]
assessment tools, managing information from
assessment tools, Metasploit
assessment tools, password auditing tools 2nd 3rd
assessment tools, platform issues
assessment tools, scanning tools 2nd 3rd 4th 5th 6th
assessment tools, vulnerability scanning [See vulnerability scanning tools]
assessment tools, Web site rippers
assessment tools, wireless tools 2nd 3rd
assessments [See network vulnerability assessments] [See risk assessments]
assessments, audits compared to
assessments, defined
asset valuation approach to assessments
asset valuation approach to assessments, importance of 2nd
asset valuation approach to assessments, qualitative valuations
asset valuation approach to assessments, quantitative valuations
assets
assets, application systems
assets, backup systems
assets, defined 2nd
assets, documentation as
assets, intellectual property
assets, inventorying
assets, network hardware and software
assets, operating systems
assets, policy design based on
assets, security systems
assets, server systems
assets, telecommunication systems
assets, types of 2nd
assets, valuations of
assets, workstations
asynchronous password tokens
attackers
attackers, black hat hackers
attackers, commercial marketers as
attackers, coordinated attacks 2nd 3rd
attackers, crackers
attackers, cyber-terrorists/criminals
attackers, data collection stage of attacks 2nd 3rd
attackers, defined
attackers, direct attacks 2nd 3rd
attackers, disgruntled employees
attackers, easiness assessment
attackers, employees as
attackers, goals of 2nd 3rd
attackers, greatest threats
attackers, hackers [See hackers]
attackers, importance of understanding
attackers, indirect attacks 2nd
attackers, internal v. external
attackers, motivations of 2nd 3rd
attackers, payoff assessment
attackers, phreakers
attackers, privilege escalation by 2nd 3rd 4th
attackers, program crackers
attackers, reconnaissance by 2nd 3rd 4th 5th 6th
attackers, risk analysis by 2nd
attackers, Sasser worm, motivation for 2nd
attackers, script kiddies
attackers, security bulletins, monitoring of
attackers, security defects
attackers, security limits
| attackers, software vulnerabilities
attackers, structuring of attacks 2nd
attackers, summary 2nd
attackers, system crackers
attackers, target selection 2nd 3rd 4th 5th
attackers, tools used by [See hacking tools]
attackers, types of 2nd 3rd
attackers, types of attacks 2nd
attackers, unstructured attacks 2nd
attackers, visibility assessment
attackers, vulnerabity identification by 2nd 3rd
attackers, whackers
attackers, white hat hackers
Attacks
attacks, access stage 2nd
attacks, application
attacks, authentication
attacks, botnets
attacks, coordinated attacks 2nd 3rd
attacks, countering [See countermeasures]
attacks, critical security breach examples
attacks, data collection stage 2nd 3rd
attacks, data modification by
attacks, database
attacks, DDoS
attacks, direct attacks 2nd 3rd
attacks, escalation stage 2nd 3rd 4th
attacks, indirect attacks 2nd
attacks, malformed data attacks 2nd
attacks, malware
attacks, passwords, methods for obtaining
attacks, phishing
attacks, Ping of Death 2nd
attacks, reconnaissance stage 2nd 3rd 4th 5th 6th
attacks, responding to 2nd
attacks, results of 2nd
attacks, risk reduction techniques
attacks, Sasser worm
attacks, Smurf attacks 2nd
attacks, stages of 2nd
attacks, summary 2nd
attacks, SYN flood attacks 2nd
attacks, unstructured attacks 2nd
audit controls form template
auditors, security
auditors, security, security auditors
audits
audits, assessments compared to
audits, defined 2nd
AUPs (Acceptable Use Policies)
AUPs (Acceptable Use Policies), defined
AUPs (Acceptable Use Policies), internal attackers, thwarting with
AUPs (Acceptable Use Policies), purpose of
Authentication
authentication attacks
authentication, 802.1x
authentication, biometrics for 2nd
authentication, defined 2nd
authentication, devices for
authentication, EAP
authentication, encryption for
authentication, one-time passwords
authentication, passwords for 2nd
authentication, servers, synchronization to
authentication, technical controls documentation 2nd
authentication, tokens 2nd
authentication, two-factor authentication
authentication, types of objects for
authority-based social engineering
Authorization
authorization, DAC 2nd
authorization, defined
authorization, MAC 2nd
authorization, overview of 2nd
authorization, RBAC 2nd
automated exploit tools 2nd
Availability
availability, defined
availability, disaster recovery as
availability, DoS attacks on 2nd
availability, examples of
availability, importance of
avoiding risk
avoiding risk, defined
AVs (Asset Values)
AVs (Asset Values), defined
awareness
awareness, defined
backup systems
backup systems, asset nature of
Backups
backups, availability issues
backups, confidentiality of
banking
banking security law [See GLBA]
banking, GLBA requirements 2nd
banners
banners, minimalization as countermeasure
banners, use by attackers
banners, Web site
banners, Web site, information-gathering with 2nd
base64
base64, defined
Basic Elements of the Risk Assessment Process GAO 00-33
Basic Elements of the Risk Assessment Process GAO 00-33, urls for
BCP (business continuity planning)
BCP (business continuity planning), purpose of
BCPs [See Business Continuity Plans]
Bell-LaPadula model
Bell-LaPadula model, defined 2nd
beta testing
beta testing, purpose of
BIA (business impact analysis)
BIA (business impact analysis), criticality compared to
BIA (business impact analysis), defined
Biba model
Biba model, defined
biometric authentication 2nd
black hat hackers
black hat hackers, defined
Blackwidow Pro
botnets
botnets, defined
bottom-up approach to risk assessment 2nd
brute force password attacks
buffer overflows
buffer overflows, defined
business continuity planning
business continuity planning, defined
Business Continuity Plans (BCPs)
Business Continuity Plans (BCPs), purpose of
business impact analysis [See BIA (business impact analysis)]
Cain
Cain and Abe
Canadian government agency security law [See MITS]
Canadian Management of Information Security Standard [See MITS]
Canvas
CardSystems Solutions credit card theft case
Carnegie Mellon CERT
Carnegie Mellon CERT, url for
catastrophic damage
catastrophic damage, defined
catastrophic damage, DRPs for [See Disaster Recovery Plans]
categories of policy control, table of
CC (Common Criteria)
CC (Common Criteria), urls for
CER (crossover error rate) 2nd
CERT (Computer Emergency Response Team)
CERT (Computer Emergency Response Team), statistics compiled by 2nd
CERT (Computer Emergency Response Team), vulnerability documentation list
|
|
|
| Реклама |
|
|
|
|
|
О проекте