|
|
 |
| Авторизация |
|
|
|
| Поиск по указателям |
|
|
|
|
|
|
|
 |
|
|
|
| Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure |
|
|
|
| Предметный указатель |
legal information for scope definition
Legal issues
legal issues, criminal breach guidelines for data collection
legal issues, current risk assessment laws, list of
legal issues, financial record confidentiality
legal issues, mandates
legal issues, medical data [See HIPPA]
legal issues, privacy laws
legal issues, regulatory documents
legal issues, U.S. Code 1029
letters of understanding (LOUs)
level I assessments
level I assessments, account management 2nd
level I assessments, categories of policy control, table of
level I assessments, COBIT
level I assessments, common policy problems 2nd 3rd
level I assessments, communication security
level I assessments, defined 2nd
level I assessments, document review process [See reviewing documentation]
level I assessments, education training and awareness 2nd
level I assessments, guidelines for 2nd
level I assessments, identification and authentication 2nd
level I assessments, interviewing process 2nd 3rd 4th
level I assessments, ISO 17799 2nd
level I assessments, labeling systems
level I assessments, maintenance documentation
level I assessments, malicious code protection category
level I assessments, management controls 2nd 3rd 4th 5th
level I assessments, media controls 2nd
level I assessments, networking connectivity
level I assessments, operational controls 2nd 3rd 4th
level I assessments, personal security
level I assessments, physical security
level I assessments, RFC 2196
level I assessments, scoping phase policy review
level I assessments, security auditing
level I assessments, session controls 2nd
level I assessments, system assurance 2nd
level I assessments, system demonstrations 2nd 3rd
level I assessments, technical controls 2nd 3rd 4th 5th 6th
level II assessments
level II assessments, access options and controls form template 2nd
level II assessments, audit controls form template
level II assessments, caveats
level II assessments, defined 2nd
level II assessments, form templates for
level II assessments, importance of
level II assessments, OSSTMM for
level II assessments, password controls form template
level II assessments, vulnerability scans for 2nd
level III assessments
level III assessments, defined 2nd
level III assessments, disadvantages of
level III assessments, management, communicating with
level III assessments, NIST 800-42
level III assessments, scheduling
level III assessments, tools required for
level III assessments, vulnerability exploitation 2nd
level of control, determining 2nd 3rd
liking-based social engineering
limitation of liability
limited warranty
LinkFerret
log review policy
logical diagrams
LOphtCrack
LOUs (letters of understanding)
MAC (mandatory access control) 2nd
maintaining policies
Maintenance
maintenance, documentation review for
malformed data attacks 2nd
malicious code protection
malicious code protection, documentation review for
malware
malware attacks
malware, defined
Management
management controls
management controls, configuration management 2nd
management controls, contingency planning 2nd
management controls, defined
management controls, INFOSEC documentation 2nd
management controls, INFOSEC roles and responsibilities 2nd
management controls, table of
management documentation categories
Management of Information Security Standard [See MITS]
management policies
management policies, defined
management, scope definition meetings 2nd 3rd 4th
mandate
mandate, defined
Mandatory access control (MAC) 2nd
Matrix, the
media controls
media controls, documentation review 2nd
medical privacy [See HIPPA]
mergers
mergers, due diligence for
META Security Group
META Security Group, architecture elements
Metasploit 2nd
Methodology
methodology, defined
MingSweeper
minimum acceptable level of risk
minimum acceptable level of risk, defined
minimum acceptable level of risk, importance of setting
mission statements
mission statements, purpose of
mitigating risk
mitigating risk, defined
MITS (Canadian Management of Information Security Standard)
MITS (Canadian Management of Information Security Standard), defined
multidisciplinary security
multidisciplinary security, defined
N-Stealth
National Infrastructure Protection Center
National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST), urls for 2nd 3rd
Nessus 2nd 3rd
NETBIOS names
NETBIOS names, enumerating
NetRecon
NetStumbler 2nd
network discovery
network discovery, defined
network evaluations [See network vulnerability assessments] [See level II assessments]
network ingress filtering
network systems
network systems, asset nature of
network vulnerability assessments
network vulnerability assessments, compliance with law
network vulnerability assessments, conceptual hierarchy, GASSP
network vulnerability assessments, defined
network vulnerability assessments, driving causes of 2nd 3rd
network vulnerability assessments, due diligence reason for
network vulnerability assessments, goals of 2nd
network vulnerability assessments, inter-departmental cooperation
network vulnerability assessments, ISO 17799 2nd
network vulnerability assessments, management of
network vulnerability assessments, network evaluations [See level II assessments]
network vulnerability assessments, NIST 800-26 2nd
network vulnerability assessments, penetration tests [See level III assessments]
network vulnerability assessments, policies, role of 2nd 3rd
network vulnerability assessments, policy assessments [See level I assessments]
network vulnerability assessments, procedures governing 2nd
network vulnerability assessments, purpose of
network vulnerability assessments, scheduling issues 2nd
network vulnerability assessments, scope of [See scope]
| network vulnerability assessments, security breaches causing
network vulnerability assessments, summary 2nd
network vulnerability assessments, types of 2nd 3rd
networking connectivity
networking connectivity, documentation review for
NIPC (National Infrastructure Protection Center)
NIST
NIST (National Institute of Standards and Technology)
NIST 800-14
NIST 800-14, configuration management
NIST 800-26
NIST 800-26, operational control definitio
NIST 800-26, policy categories 2nd
NIST 800-26, risk assessment methology 2nd
NIST 800-26, technical controls
NIST 800-42
NIST 800-42, defined
NIST 800-42, level III assessment guidance
NIST, documentation categories
NIST, urls for 2nd 3rd
nmap
NOCs (network operations centers)
NOCs (network operations centers), defined
NOCs (network operations centers), incident classification 2nd
NOCs (network operations centers), security workflow definitions 2nd 3rd 4th
NOCs (network operations centers), security workflow procedures 2nd 3rd 4th
nonattribution
nonattribution, defined
notice sections of final reports
NSA IAM
NSA IAM, defined
NSA IAM, documentation categories
NULL scans
null sessions
null sessions, causes of
null sessions, defined
OICM (organization information criticality matrix)
OICMs
OICMs (Organizational Information Criticality Matrices)
OICMs (Organizational Information Criticality Matrices), building 2nd 3rd 4th 5th
OICMs (Organizational Information Criticality Matrices), defined
OICMs, final reports, including in 2nd
one-time passwords
Open Source Security Testing Methodology Manual
Open Source Security Testing Methodology Manual, urls for
Operating systems
operating systems, asset nature of
operational controls
operational controls, defined
operational controls, education training and awareness 2nd
operational controls, labeling systems
operational controls, media controls 2nd
operational controls, personal security
operational controls, physical security
operational controls, table of
operational documentation categories
operational policies
operational policies, defined
Ophcrack 2nd
Organization Information Criticality Matrices [See OICMs]
organization information criticality matrix (OICM)
OS fingerprinting
OS fingerprinting, countermeasures for
OS fingerprinting, tools for
OS identification
OS identification, defined 2nd
OS identification, Xprove 2
OSSTMM
OSSTMM risk assessment methology 2nd 3rd
OSSTMM, tests and questions provided
OTPs [See one-time passwords]
Packetyzer
passive fingerprinting
passive fingerprinting, defined
password auditing tools
password auditing tools, brute force attacks
password auditing tools, Cain
password auditing tools, dictionary attacks
password auditing tools, hybrid attacks
password auditing tools, John the Ripper
password auditing tools, LOphtCrack
password auditing tools, Ophcrack
password auditing tools, RainbowCrack technique
password auditing tools, urls for
password controls form template
Passwords
passwords, countermeasures for 2nd
passwords, cracking
passwords, dictionary attacks
passwords, guessing
passwords, one-time passwords
passwords, overview of 2nd
passwords, sniffing
passwords, tokens 2nd
patch management
patch management, automating
patch management, steps for 2nd
patches [See software patches]
PCAOB (Public Company Accounting Oversight Board)
PDD 63
penetration testing [See network vulnerability assessments]
penetration tests [See level III assessments]
penetration tests, defined
personal security
personal security, documentation review
personal security, nondisclosure agreements
personal security, practices, types of
PGP (Pretty Good Privacy)
phishing
phishing, attacks using
phishing, defined
phreakers
phreakers, defined
physical diagrams
Physical security
physical security, documentation review
Ping
Ping of Death 2nd
PING, countermeasures for
PING, reconnaissance for attacks with 2nd
Pivoting
pivoting, defined
PKI (Public Key Infrastructure)
policies
policies, advisory documents
policies, defining objectives of 2nd
policies, deployment overview 2nd
policies, employee awareness development
policies, employee buy-in
policies, evaluation of
policies, goals for
policies, hierarchical structure for
policies, implementation overview
policies, importance of
policies, informative documents
policies, INFOSEC documentation
policies, ISO 17799
policies, life cycle issues
policies, maintenance issues
policies, management category
policies, network vulnerability assessment role of 2nd 3rd
policies, NIST 800-26 2nd
policies, operational category
policies, overview of 2nd
policies, regulatory
policies, responsibility, defining
policies, scope of, defining
policies, technical category
policies, template for, SANS
policies, types of 2nd
|
|
|
| Реклама |
|
|
|
|
|
О проекте