Signature detection method, 35, 224, 637 signatures, 294–295
CISSP FOR DUMMIES PDF LICENSE
Shoulder surfing, 10, 566, 637 shrink-wrap license agreements, 519, 637 sign off letters, 165 Shared secret encryption keys, 268 shielded twisted-pair (STP) wire, 66, 637 shoplifting, 544 SHA (Secure Hash Algorithm), 293, 635 shadow file, 232 Setgid utility, 438 setuid utility, 438 sexual harassment, 434 SET (Secure Electronic Transaction) protocol, 63, 84, 304, 635 Service-specific remote access technique, 86 services, network and protocol, 86–88 SESAME authentication mechanism, 637 session hijacking, 242, 637 Issues addressed by, 208–209 service ports, 75 Service Level Agreements (SLAs) in contracts, 454
CISSP FOR DUMMIES PDF SERIAL
Separation of privilege, 341, 636 Sequenced Packet Exchange (SPX), 62, 636 sequential storage, 193, 334–335, 637 Serial Line Internet Protocol (SLIP), 60,Ĩ5, 637 series layering, 136 server rooms, 567 servers Separation of duties and responsibilities in access control, 21 Sensitive but unclassified classification, 139, 636 sensitive information and media, 403–405 sensitivity adjustments for biometric devices, 10, In business continuity planning, 453 defined, 636 Security roles, 153–154, 636 security through obscurity, 266 * (star) Security Property, 345, 347, 365, 592 security requirements in European Union privacy
CISSP FOR DUMMIES PDF PROFESSIONAL
Security policies, 4, 155, 636 security professional role, 153, 636 Security perimeter defined, 636 in TCB, 363 Tokens, capabilities, and labels in, 364 security modes, 208, 326–327 Information flow model, 348 IPSec in, 369–370 noninterference model, 348 objects and subjects in, 366–367 review questions, 388–393 state machine model, 344–345 summary, 385–386 Timing, state changes, and communication disconnects, 384–385 Input and parameter checking, 382 maintenance hooks and privileged Rainbow series, 370, 373–375 TCSEC classes, 371–373Įxam essentials for, 386–387 flaws and issues in, 380Ĭovert channels, 380–381 design and coding, 381–384 electromagnetic radiation, 385 incremental attacks, 383–384 Protection mechanisms in, 135–137 review questions, 143–148 summary, 140–141Īccess control matrices, 349–350 Bell-LaPadula model, 345–346, 345, 365īrewer and Nash model, 350 certification in, 362–363 Clark-Wilson model, 347–348, 366 classifying and comparing, 350–351 closed and open systems, 367Ĭonfidentiality, integrity, and availability in,ģ67–368 controls in, 368–369 evaluation in, 370Ĭertification and accreditation, 379–380 Common Criteria, 376–379 In TCB, 363–364 security labels, 16, 636 security management, 130Īccountability in, 135 auditing in, 135 authentication in, 134 authorization in, 134 availability in, 132–133 change control in, 137 confidentiality in, 130–131 data classification in, 138–139 exam essentials for, 141–142 identification in, 133–134 integrity in, 131–132 nonrepudiation in, 135 planning, 167 Security IDs, 570, 636 security kernel, 207 Service level agreements in, 208–209 security control types, 405–406 security domain (B3) systems, 372 security guards, 569–570 Protection rings in, 206–207, 207 security modes in, 208 Security control architecture, 206–208 abstraction in, 208 Security associations (SAs), 370, 635 security awareness training, 166 security clearances, 152 In Session layer, 62 for Web, 303 X.509 for, 298 Secure Sockets Layer (SSL) protocol, 84 defined, 635 Secure Remote Procedure Call (S-RPC), 63, 84, 635 Secure Multipurpose Internet Mail Extensions (S/MIME) protocol, 84, 111, 302, 635 Secure Hash Algorithm (SHA), 293, 635 Secure HTTP (S-HTTP), 303, 635 Secure Electronic Transaction (SET) protocol, 63, 84, 304, 635 SDLC (Synchronous Data Link Control) protocol defined, 641
Screening job candidates, 151–152 script kiddies, 220, 545
Schemas, database, 187, 634 Schneier, Bruce, 274 screened hosts, 80 SAs (security associations), 370, 635 scalability in symmetric key algorithms, 268 scanning attacks, 240–241, 547, 634 scavenging, 432–433, 634 In distributed architecture, 343–344 safety Safe harbor sites, 525–526 safeguards, 158
S-RPC (Secure Remote Procedure Call), 63, 84, 635 S/MIME (Secure Multipurpose Internet Mail Extensions) protocol, 84, 111, 302, 635
0 kommentar(er)
