Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   
blank
Авторизация

       
blank
Поиск по указателям

blank
blank
blank
Красота
blank
Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure
Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure

Читать книгу
бесплатно

Скачать книгу с нашего сайта нельзя

Обсудите книгу на научном форуме



Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter


Название: Inside Network Security Assessment: Guarding your IT Infrastructure

Авторы: Gregg M., Kim D.

Аннотация:

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessments: A Brick by Brick Approach to Securing a Network Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. The supporting website will also provide you with access to a variety of tools, checklists, and templates to make your job even easier. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.


Язык: en

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2005

Количество страниц: 336

Добавлена в каталог: 20.08.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
blank
Предметный указатель
Certification      
certification, defined      
CERTs      
CERTs (Computer Emergency Response Teams)      
CERTs (Computer Emergency Response Teams), defined      
CERTs, Carnagie Mellon, url for      
change control boards      
change control boards, defined      
change management policies      
change management policies, defined      
CIA (confidentiality, integrity, and availability)      
CIA (confidentiality, integrity, and availability), defined      
Clark-Wilson model      
classes of policy control, table of      
classification systems      
classification systems, Bell-LaPadula model      
classification systems, commercial      
classification systems, confidential information      2nd
classification systems, criteria for      2nd
classification systems, declassification criteria      
classification systems, government system for      
classification systems, private information      
classification systems, public information      
classification systems, purpose of      
classification systems, secret information      
classification systems, sensitive information      
classification systems, steps for creating infrastructure for      
classification systems, top secret information      
classification systems, unclassified information      
click kiddies      
clipping levels      
COBIT      
COBIT (control objectives for information technology)      
COBIT, level I assessment documentation review      
COBIT, purpose of      
COBIT, reviewing documentation      
commercial classification systems      
commercial classification systems, overview of      
Common Criteria      
Common Criteria (CC)      
Common Criteria (CC), urls for      
Common Criteria, system assurance aspect of      
Common Vulnerabilities and Exposures list      [See CVE list]
communication security      
communication security, documentation review for      
Compliance      
compliance with laws as cause of vulnerability assessments      
compliance, scope, as driver for      
Computer Emergency Response Teams (CERTs)      
Computer Emergency Response Teams (CERTs), defined      
conclusions report sections      
conclusionss sections of final reports      
confidential information      
confidential information, defined      2nd
confidential information, disclosure threat      
confidential information, employee carelessness as threat      
Confidentiality      
confidentiality, cryptography for      
confidentiality, defined      
confidentiality, GLBA requirements      
confidentiality, HIPPA rules for      2nd
confidentiality, importance of      
confidentiality, individual finance records, of      
confidentiality, medical record rules      2nd
Configuration Management      
configuration management, AFSCM 375-1      
configuration management, beta development      
configuration management, defined      
configuration management, NIST 800-14      
configuration management, steps in process      2nd
consistency-based social engineering      
consultants, procuring      [See procurement]
contingency planning      
contingency planning, defined      
contingency planning, documentation contents      
contingency planning, maximum tolerable downtimes      
contingency planning, types of      
control level, determining      2nd 3rd
Cookies      
cookies, defined      
cookies, threat from      
coordinated attacks      2nd 3rd
Core IMPACT      
corporate security law      [See Sarbanes-Oxley Act]
correctness of information      [See integrity]
countermeasures      
countermeasures, banner minimalization      
countermeasures, coordinated attacks, for      2nd
countermeasures, defined      2nd
countermeasures, ICMP echos      
countermeasures, IDS      
countermeasures, ingress filtering      
countermeasures, malformed data attacks      
countermeasures, OS fingerprinting      
countermeasures, password protection      2nd
countermeasures, PING sweeps      
countermeasures, port scanning      
countermeasures, rate limiting      
crackers      
crackers, defined      
criminal breaches      
criticality      
criticality matrices      
criticality matrices, blank matrix for      
criticality matrices, defining impact levels      2nd
criticality matrices, final assembly of      2nd 3rd
criticality matrices, information type identification      2nd
criticality matrices, listing impact attributes      
criticality matrices, OICM      2nd 3rd 4th 5th
criticality matrices, resistance of owners      
criticality matrices, steps for creating      
criticality matrices, systems criticality matrices      2nd
criticality, defined      2nd
critics      
crossover error rate (CER)      2nd
Cryptography      [See encryption]
CVE (Common Vulnerabilities and Exposures) list      
CVE (Common Vulnerabilities and Exposures) list, defined      
CVE (Common Vulnerabilities and Exposures) list, risk assessment with      
cyber crime      
cyber crime, U.S. Code 1029      
cyber terrorism      
cyber terrorism, defined      
cyber-terrorists/criminals      
cyber-terrorists/criminals, defined      
DAC (discretionary access control)      2nd
data classification standards      
data classification standards, defined      2nd
data collection stage of attacks      2nd
data custodians      
data custodians, defined      2nd
Data Encryption Standard (DES)      
Data integrity      
data integrity, threats to      
data owners      
data owners, defined      2nd
database attacks      
DDoS (Distributed Denial of Service)      
Defense in depth      
defense in depth, defined      2nd
defense-in-depth approach      
defense-in-depth approach, advantages of      
defense-in-depth approach, application defenses      
defense-in-depth approach, data defenses      
defense-in-depth approach, defined      
defense-in-depth approach, layers, list of      
defense-in-depth approach, network defenses      
defense-in-depth approach, operating system defenses      
defense-in-depth approach, risk assessment using      2nd 3rd
defining impact levels      2nd
definition of security      2nd
denial-of-service attacks      [See DoS (denial-of-service) attacks]
deploying policies      
deploying policies, overview      2nd
DES (Data Encryption Standard)      
detection element of security as a process      
dictionary attacks      
direct attacks      2nd 3rd
Disaster recovery      
Disaster Recovery Plans (DRPs)      
Disaster Recovery Plans (DRPs), purpose of      
disaster recovery, availability as      
disclaimers of warranties      
disclaimers of warranties, defined      
disclosure threat      
disclosure threat, disgruntled employees source of      
Discretionary access control (DAC)      2nd
disgruntled employees      
disgruntled employees, defined      
disgruntled employees, destruction of data      
disgruntled employees, disclosure threat      
disgruntled employees, greatest threats      
disgruntled employees, internal attackers as      
disgruntled employees, malicious code release      
disgruntled employees, privilege escalation      
disgruntled employees, termination      2nd 3rd
disgruntled employees, unauthorized access      
DMZs (demilitarized zones)      
DMZs (demilitarized zones), defined      
DNS (Domain Name System)      
DNS (Domain Name System), defined      
DNS (Domain Name System), DNS lookup      
document tracking form template      2nd
Documentation      
documentation systems      
documentation systems, asset nature of      
documentation, level I document review process      [See reviewing documentation]
documentation, systemic      [See IT security architecture and framework]
Documents      
documents, advisory category      2nd
documents, compiling for assessment planning      2nd 3rd
documents, control forms for      
documents, informative category      
documents, infrastructure      
documents, logical diagrams      
documents, physical diagrams      
documents, policy categories      2nd
documents, protocols for assessments      
documents, regulatory category      
documents, tracking system for      
DoS (Denial of Service)      
DoS (Denial of Service), DDoS      
DoS (denial-of-service) attacks      
DoS (denial-of-service) attacks, defined      
DoS (denial-of-service) attacks, extortion with      
DoS attacks      
DoS attacks, defined      
downloading files, threat from      
driving events for defining scope      2nd 3rd
DRM      
DRM, disaster recovery management      
DRM, disaster recovery management, purpose of      
DRPs      [See Disaster Recovery Plans]
due care      
due care, defined      2nd
Due diligence      
due diligence, defined      2nd
due diligence, driver for defining scope      
due diligence, mergers, for      
DumpSec      2nd
EAP (Extensible Authentication Protocol)      
eavesdropping      [See data collection stage of attacks]
education training and awareness      
education training and awareness, documentation review      2nd
EFs (Exposure Factors)      
EFs (Exposure Factors), defined      
EFs (Exposure Factors), scaling      
Eligible Receiver      
Email      
email, threat from      
employee awareness of policies      2nd
employee buy-in for policies      2nd 3rd 4th
employees      
employees as threats      
employees as threats, confidential information      
employees as threats, emails      
employees as threats, file downloads      
employees as threats, importance of      
employees as threats, insecure computing habits      2nd
employees as threats, sharing media      
employees as threats, terminated employees      2nd 3rd
employees as threats, unauthorized software use      
employees, Web leaks created by      
Encryption      
encryption, AES standard      2nd
encryption, authentication with      
encryption, confidentiality role of      
encryption, data encryption defined      
encryption, defined      2nd
encryption, IPSec      
encryption, Pretty Good Privacy      
Encryption, public key      
encryption, Rijndael      2nd
encryption, SSH      
encryption, SSL      
encryption, TLS      
enterprise vulnerability managment      
enterprise vulnerability managment, defined      
enumeration tools      
enumeration tools, defined      
enumeration tools, DumpSec      
enumeration tools, information obtained by      
enumeration tools, NETBIOS names      
enumeration tools, null sessions      
enumeration tools, SolarWinds IP Network Browser      
enumeration tools, urls for      
enumeration tools, USE42      
enumeration tools, Windows systems      
equity      
equity, defined      
escalation stage of attacks      2nd 3rd
Ethereal      
ethical hackers      
ethical hackers, defined      
ethical hacks      
ethical hacks, defined      
Ethics      
ethics, defined      
EULAs (End User License Agreements)      
EULAs (End User License Agreements), defined      
exclusion of damages      
Executive Summary report sections      2nd
executive summary sections of final reports      
Exposure      
exposure factors      
exposure factors, defined      2nd
exposure, defined      
Extensible Authentication Protocol (EAP)      
external attackers      
external attackers, defined      
false acceptance rate (FAR)      2nd
false rejection rate (FRR)      2nd
FAR (false acceptance rate)      2nd
Federal Information Security Management Act      [See FISMA]
FIN scans      
final reports      
final reports, analysis sections      2nd 3rd 4th
final reports, analysis, preparing for      2nd
final reports, conclusions sections      2nd
final reports, contents, recommended      
1 2 3 4 5 6 7
blank
Реклама
blank
blank
HR
@Mail.ru
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2019
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте