CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)

652 badges – capability lists

badges, 570, 596

Base+Offset addressing, 332, 596 baseband cable, 65, 596 baseband communications, 70 baseline security, 155–156, 596

Basic Input/Output System (BIOS), 338, 596 Basic Rate Interface (BRI) ISDN, 88, 106, 596 bastion hosts, 80

.BAT files, 222

BCP. See Business Continuity Planning (BCP) behavior-based intrusion detection, 35, 596 Bell-LaPadula model, 345–346, 345, 365, 372, 596 best evidence rule, 528, 596

BGP (Border Gateway Protocol), 61

BIA (business impact assessment), 455–456, 598 impact assessment in, 457–458

likelihood assessment, 457 priority identification, 456 resource prioritization, 458–459 risk identification, 456–457

Biba model, 346–347, 348, 365–366, 597 binary mathematics in cryptography, 258 biometrics, 4, 10–13, 11–12, 597

BIOS (Basic Input/Output System), 338, 596 birthday attacks, 308, 597

black box doctrine, 339 black boxes, 115 blackouts, 483, 576, 597

block ciphers, 266, 274, 597 Blowfish cipher, 274, 597 blue boxes, 115

Boehm, Barry, 203 bombings, 481

boot sectors, 221–222, 597 Bootstrap protocol, 77

Border Gateway Protocol (BGP), 61 bots, 183, 597

boundaries, 115–116 bounds, 368, 597 breaches, 158, 597

Brewer and Nash model, 350

BRI (Basic Rate Interface) ISDN, 88, 106, 596 bridges, 61, 81

broadband cable, 65 broadband communications, 70 broadcast addresses

defined, 597

in Smurf attacks, 234 broadcast communications, 70 broadcast domains, 68 broadcast transmissions, 597 brownouts, 576, 597

brute force attacks, 9

on cryptography, 307 defined, 597

DoS, 232

on passwords, 38–39

BSA (Business Software Alliance), 520 buffer overflows

in application attacks, 238–239 checking for, 382–383 defined, 597

for worms, 227 buildings

in business continuity planning, 460–461 in physical security, 564–567

Bureau of Industry and Security, 521 burglary, 544

bus topology, 72, 72

business attacks, 543–544, 597

Business Continuity Planning (BCP), 450 continuity strategy in, 459–462 defined, 598

documentation in, 462–465 exam essentials for, 466–467 impact assessment in, 455–456

impact assessment phase, 457–458 likelihood assessment, 457 priority identification, 456 resource prioritization, 458–459 risk identification, 456–457

legal and regulatory requirements in, 453–455 organization analysis in, 451

resource requirements in, 452–453 review questions, 468–473 summary, 465–466

team selection in, 451–452 Business Software Alliance (BSA), 520

business unit priorities in recovery strategy, 485

C

C1 (discretionary security protection) systems, 372

C2 (controlled access protection) systems, 372 cabling, network

baseband and broadband, 65 coaxial, 65

conductors, 67 twisted-pair, 66–67 wireless, 68

cache RAM, 331, 598 Caesar cipher, 254–255, 263 call-back authorization, 113 cameras, 571–572

campus area networks (CANs), 598 candidate keys, 187

capabilities lists, 364, 598 capability lists, 349, 598

Capability Maturity Model, 202–203 capacitance motion detectors, 571 cardinality of databases, 186

Carrier Sense Multiple Access (CSMA) technologies, 70–71

cascading composition theory, 349

CASE (computer aided software engineering), 198 categories, UTP, 67

CBC (Cipher Block Chaining), 272, 599 CBK (Common Body of Knowledge), 600

CCTV (closed-circuit television), 567–568, 571–572 CD legal issues, 516

CDDI (Copper Distributed Data Interface) in Data Link Layer, 60

defined, 602

CDIs (constrained data items), 366 central processing units (CPUs), 319 centralized access control, 17–18, 598 centralized alarm systems, 571, 573, 598 CER (Crossover Error Rate), 10, 11, 603 certificate authorities, 298–299, 598

certificate revocation lists (CRLs), 299–300, 598 certificates, 297–298

defined, 598

generation and destruction of, 298–300 certification

defined, 598

in system development, 200–201 in system evaluation, 362–363, 380

CFAA (Computer Fraud and Abuse Act) of 1984,

511–512, 601

CFB (Cipher Feedback) mode, 272, 599 CFR (Code of Federal Regulations), 510 chain of evidence, 527, 598

Challenge Handshake Authentication Protocol (CHAP), 85, 102, 598

challenge-response tokens, 14, 599 change control, 137

components of, 205–206 defined, 599

steps in, 400–401

changes, workstation and location, 398 Chauvaud, Pascal, 294

checklists, 492, 497, 599

Children's Online Privacy Protection Act (COPPA) of 1998, 522–523, 599

Chinese Wall model, 350

choice requirements in European Union privacy law, 525

chosen ciphertext attacks, 307, 599 chosen plaintext attacks, 307, 599 CIA Triad, 3, 130

availability in, 132–133 confidentiality in, 130–131

defined, 599 integrity in, 131–132

Cipher Block Chaining (CBC), 272, 599 Cipher Feedback (CFB) mode, 272, 599 ciphers

vs. codes, 262

in cryptography, 262–266 defined, 599 substitution, 263–264 transposition, 263

ciphertext messages, 257, 599

CIR (Committed Information Rate) contracts, 87, 600 circuit encryption, 305

circuit-level gateway firewalls, 79 circuit switching, 104

CIRTs (Computer Incident Response Teams), 549 civil law, 509–510, 599

Civil War, cryptography in, 255 Clark-Wilson model, 347–348, 366, 599 classification

for confidentiality, 131 defined, 599, 604

in physical security, 567

in security management, 138–139 classification levels, 600

classified data, 139 clean power, 576, 600 cleaning, 600 clearances, security, 152

clearing media, 404–405, 600 click-wrap licenses, 519, 600

client systems, countermeasures on, 229 clipping levels in auditing, 426

closed-circuit television (CCTV), 567–568, 571–572 closed systems, 367, 579

coaxial cabling, 65, 600 Code of Ethics, 552–553

Code of Federal Regulations (CFR), 510 Code Red worm, 228

code review walk-throughs, 200 codes vs. ciphers, 262

coding flaws, 381–384 cognitive passwords, 8, 600 cold sites, 487, 600 cold-swappable RAID, 90 collision attacks, 308 collision domains, 68 collusion, 151, 435, 600 columns in databases, 186

COM (Component Object Model), 185, 601

.COM files, 222 combination locks, 570

commercial business/private sector classification, 138–139, 600

654 COMMIT command – continuity

COMMIT command, 188

Committed Information Rate (CIR) contracts, 87, 600

Common Body of Knowledge (CBK), 600 Common Criteria, 376

common mode noise, 576, 600

Common Object Broker Architecture (CORBA), 184–185, 185, 600

communication disconnects, 384–385 communications, 64

cabling in

baseband and broadband, 65 coaxial, 65

conductors, 67 twisted-pair, 66–67 wireless, 68

in disaster recovery planning, 495 LAN technologies, 68–71

in recovery strategy, 486 security in, 100

boundaries, 115–116 e-mail, 109–112

exam essentials for, 120–121 facsimiles, 112 miscellaneous, 108–109 NAT for, 103–104

network attacks and countermeasures,

116–118

review questions, 122–127 summary, 118–119

switching technologies, 104–105 voice, 113–115

VPNs for, 100–102 TCP/IP, 73–77, 74 topologies, 71–73, 72–73

CompactFlash cards, 330 companion viruses, 222, 601

compartmented mode systems, 208, 327, 601 compensation access control, 4, 601 competent evidence, 526, 601

compiled languages, 197, 601 complex gateway firewalls, 79 compliance checking, 601 compliance testing, 423, 601

Component Object Model (COM), 185, 601 composition theories, 349

compromises, system, 547, 601

computer aided software engineering (CASE), 198 computer crime, 542–543

business attacks, 543–544 defined, 601

evidence of, 546

exam essentials for, 555–556 financial attacks, 544

fun attacks, 545 grudge attacks, 545

incident handling. See incidents laws for, 511–514

military and intelligence attacks, 543 review questions, 557–562 summary, 554–555

terrorist attacks, 544–545 computer design, 318

distributed architecture, 342–344 exam essentials for, 352–354 firmware, 338

hardware, 319

input and output devices, 335–336 memory, 329–334

processors, 319–329 storage, 334–335

input/output structures, 337–338 protection mechanisms, 338–341 review questions, 355–360 security models, 344–351 summary, 351–352

computer export controls, 520–521

Computer Fraud and Abuse Act (CFAA) of 1984,

511–512, 601

Computer Incident Response Teams (CIRTs), 549 Computer Security Act (CSA) of 1987, 512, 601 Computer Security Incident Response Teams

(CSIRTs), 549 concentrators, 68 conclusive evidence, 527 conductors, 67

Confidential classification, 139, 601–602 confidentiality, 130–131

in access control, 2–3 cryptography for, 256 defined, 602

in MAAs, 489

in security models, 367–368 configuration management

components of, 205–206 defined, 602

steps in, 400–401 confinement, 368, 602 confiscation, 550 confusion, 262, 602 connectivity issues, 82

consistency in ACID model, 188, 602 constrained data items (CDIs), 366 contamination, 189, 602

content filters, 229 continuity

in business continuity planning, 459–462 defined, 602

contractual license agreements, 519, 602 control zones for TEMPEST, 574–575 controlled access protection (C2) systems, 372 controls gap, 166, 602

controls in secure systems, 368–369, 602 COPPA (Children's Online Privacy Protection Act)

of 1998, 522–523, 599

Copper Distributed Data Interface (CDDI) in Data Link Layer, 60

defined, 602 copyrights, 515–516, 602

CORBA (Common Object Broker Architecture), 184–185, 185, 600

corrective access control, 3, 602 corrective controls, 406, 602 corrosion, 577

costs of assets, 160 COUNT function, 190

countermeasures, 41, 434–437 costs, 157

defined, 603 malicious code, 229 networks, 116–118 password attacks, 232

covert channels, 380–381 defined, 603

storage, 193, 381, 603 timing, 380, 603

CPUs (central processing units), 319 Crack program, 231

crackers, 45, 436, 603

CRCs (cyclic redundancy checks), 109, 604 credentials, logon, 6, 620

crime. See computer crime; laws criminal law, 508–509, 603 crisis management, 485–486 critical path analysis, 565, 603

CRLs (certificate revocation lists), 299–300, 598 Crossover Error Rate (CER), 10, 11, 603 crosstalk, 67

cryptanalysis, 258, 603 cryptography, 254

applied. See applied cryptography asymmetric, 288

El Gamal, 291

elliptic curve, 291–292

keys in, 268–270, 288–289, 288, 595 RSA, 289–290

attacks on, 307–308

for authentication, 257, 257 concepts in, 257–258 defined, 603

exam essentials for, 277–278 goals of, 256–257

hashing algorithms for, 270–271

history of, 254–255

keys in, 13, 266–267, 603 mathematics in, 258–262 review questions, 280–285 summary, 277

symmetric, 270–271 AES, 275 Blowfish, 274

DES, 271–272

IDEA, 273–274

keys in, 267–268, 268, 275–277, 641 Skipjack, 274

Triple DES, 272–273 written lab for, 279, 286

cryptosystems, 258, 603 cryptovariables, 603

CSA (Computer Security Act) of 1987, 512, 601 CSIRTs (Computer Security Incident Response

Teams), 549

CSMA (Carrier Sense Multiple Access) technologies, 70–71

custodians, 21, 154, 604

cyclic redundancy checks (CRCs), 109, 604

D

D channels, 106

DAAs (Designated Approving Authorities), 200 DACK lines, 337

DARPA model, 63 data

classification of

for confidentiality, 131 defined, 604

in physical security, 567

in security management, 138–139 confiscating, 550

extraction of, 426, 604

hiding, 136, 208, 339–340, 604 integrity of, 131–132

in access control, 2–3 cryptography for, 256 defined, 616

in European Union privacy law, 525 in incidents, 551

mining, 191–192, 604 owners of, 154, 605 security for, 180

data storage, 192–193 knowledge-based systems, 193–195 system development controls. See system

development controls storage. See storage

data circuit-terminating equipment (DCE), 87, 604 data custodians, 154, 604

Data Definition Language (DDL), 187, 604 data dictionaries, 191

data diddling, 383, 604

Data Encryption Standard (DES), 15 defined, 604

modes of, 271–272 security of, 267

Data Link layer, 60–61, 77, 604

Data Manipulation Language (DML), 187, 604 data marts, 191, 604

data mining tools, 32 data remanence, 335

data terminal equipment (DTE), 87, 604 data warehouses, 191–192, 605 database management systems (DBMSs),

186–187, 605 databases, 186

aggregation in, 190 data mining, 191–192

DBMS architecture, 186–187 defined, 605

inference attacks in, 190–191 multilevel security for, 189 normalization, 187 polyinstantiation in, 191 recovering, 489–490 transactions, 188–189

views for, 189

DBMSs (database management systems),

186–187, 605

DCE (data circuit-terminating equipment), 87, 604 DCOM (Distributed Component Object Model),

185–186, 607

DDL (Data Definition Language), 187, 604 DDoS (distributed denial of service) attacks, 40,

228, 606

decentralized access control, 17–18, 605 decision making, 455

declassification, 405, 605 decoy techniques, 242–243 decryption, 257, 605 dedicated lines, 106

dedicated security mode, 208, 326–327, 605 deencapsulation, 605

defense in depth, 136

Defense Information Technology Security Certification and Accreditation Process (DITSCAP), 201

defined phase in Capability Maturity Model, 204 definition phase in certification and

accreditation, 201 degaussing, 405, 605

degrees of databases, 186 Delphi technique, 164, 605 deluge systems, 579, 605

denial of service (DoS) attacks, 40–42, 42, 232 and availability, 132

defined, 605

distributed DoS toolkits, 234 DNS poisoning, 237

from e-mail, 111

on Gibson Research, 548–549 Land attacks, 237

ping of death attacks, 238 Smurf attacks, 234–235, 235 SYN floods, 232–233 teardrop, 236, 236–237

deployment values for safeguards, 162–163 DES (Data Encryption Standard), 15

defined, 604 modes of, 271–272 security of, 267

design

computer. See computer design facility, 566

flaws in, 381–384

in system development, 200

Designated Approving Authorities (DAAs), 200 destruction of media, 404–405

detective access control, 3, 406, 605 deterrent access control, 3, 606 development phase in business continuity

planning, 452 device firmware, 338

diagnosing phase in IDEAL model, 205 dictionaries, data, 191, 604

dictionary attacks defined, 606

in Internet worm, 227

on passwords, 9, 38–39, 231 differential backups, 493–494, 606 Diffie-Hellman encryption, 276–277, 606 diffusion, 262, 606

digital certificates, 297–298 defined, 598

generation and destruction of, 298–300 digital communications, 69

Digital Millennium Copyright Act (DMCA) of 1998, 516, 606

Digital Signature Standard (DSS), 296, 606 digital signatures, 294–295

in asymmetric key algorithms, 270 defined, 606

DSS, 296

HMAC, 295–296

in message digests, 292

direct access control, 606 direct addressing, 332, 606 direct evidence, 606

Direct Memory Access (DMA), 337–338, 606 directive controls, 4, 406, 606

Disaster Recovery Planning (DRP), 450, 476 defined, 606

development of, 491–495 emergency response in, 491–492 exam essentials for, 498–499 external communications in, 495 logistics and supplies in, 495

for man-made disasters, 481–484 for natural disasters, 477–480 personnel notification in, 492–493

recovery strategy. See recovery strategy recovery vs. restoration in, 495

review questions, 500–505

software escrow arrangements in, 494–495 storage in, 493–494

summary, 498

testing and maintenance in, 496–498 training and documentation in, 496 utilities in, 495

written lab for, 499, 506 disaster recovery plans, 606 disasters, 606

discretionary access controls, 16, 369, 607 discretionary protection systems, 372 Discretionary Security Property, 607 disgruntled employees, 545

distributed access control, 17–18, 607 distributed application security, 182–186 distributed architecture, 342–344

Distributed Component Object Model (DCOM), 185–186, 607

distributed denial of service (DDoS) attacks, 40, 228, 607

distributed DoS toolkits, 234

distributed reflective denial of service (DRDoS) attacks, 40, 234–235, 607

DITSCAP (Defense Information Technology Security Certification and Accreditation Process), 201

DMA (Direct Memory Access), 337–338, 606 DMCA (Digital Millennium Copyright Act) of

1998, 516, 606

DML (Data Manipulation Language), 187, 604 DMQ lines, 337

DMZs, 81

DNS poisoning, 237, 607 DNS spoofing, 118 Dobbertin, Hans, 294

documentary evidence, 527–528, 607 documentation

in business continuity planning, 462–465 in disaster recovery planning, 496

DOD model, 63 dogs, 568–570 domains

in access control, 18 broadcast, 68 defined, 607

of relations, 186

DoS attacks. See denial of service (DoS) attacks Double DES (2DES), 307

DRDoS (distributed reflective denial of service) attacks, 40, 234–235, 607

DRP. See Disaster Recovery Planning (DRP) dry pipe systems, 579, 607

DSS (Digital Signature Standard), 296, 607 DTE (data terminal equipment), 87, 605 due care, 153, 401–402, 513, 607

due diligence, 21, 401–402, 453, 607 dumb cards, 572, 608

dumpster diving, 241, 432–433, 608 durability in ACID model, 188–189, 608 DVD legal issues, 516

dynamic NAT, 76

dynamic packet-filtering firewalls, 608 dynamic password tokens, 13–14 dynamic passwords, 8, 608

dynamic RAM, 331

E

e-commerce, 304 e-mail

cryptography for, 301–302 security for, 84–85, 109–112

EALs (evaluation assurance levels), 377–378

EAP (Extensible Authentication Protocol), 85, 102 earthquakes, 477–478

eavesdropping, 116–117, 431–432, 608 EBC (Electronic Codebook), 272, 609 EBCDIC (Extended Binary-Coded Data

Interchange Mode), 62

Economic Espionage Act of 1996, 519, 608 ECPA (Electronic Communications Privacy Act) of

1986, 522, 609

EDI (Electronic Data Interchange), 63 education. See training and education EEPROMs (electronically erasable PROMs),

330, 608

658 EF (exposure factor) – evidence

EF (exposure factor) defined, 610

in impact assessment, 457 in risk analysis, 161–163 El Gamal algorithm, 291, 608

electromagnetic interference (EMI) coaxial cable for, 65

defined, 608

problems from, 576–577

in radiation monitoring, 432, 574–575

in TEMPEST technology, 318, 335–336, 385, 432, 574–575

electromagnetic pulse (EMP), 574 Electronic Codebook (EBC), 272, 608

Electronic Communications Privacy Act (ECPA) of 1986, 522, 609

Electronic Data Interchange (EDI), 63 electronic mail

cryptography for, 301–302 security for, 84–85, 109–112

electronic vaulting, 490, 609

electronically erasable PROMs (EEPROMs), 330, 608 elliptic curve cryptography, 291–292, 609

elliptic curve groups, 291–292, 609 emanation security, 574–575 emergency communications, 486 emergency response

in business continuity planning, 465 in disaster recovery planning, 491–492

EMI (electromagnetic interference) coaxial cable for, 65

defined, 608

problems from, 576–577

in radiation monitoring, 432, 574–575

in TEMPEST technology, 318, 335–336, 385, 432, 574–575

EMP (electromagnetic pulse), 574 employees

defined, 609 disgruntled, 545 sabotage by, 435

employment agreements, 152, 609 employment policies and practices, 150

awareness training, 166 for employees, 150–153

exam essentials for, 169–171 policies, 154–156

review questions, 172–177 roles, 153–154

security management planning, 167 summary, 167–168

Encapsulating Security Payloads (ESPs) defined, 609

in IPSec, 306, 370 in VPNs, 84

encapsulation, 108, 208 defined, 609

in OSI model, 58–59, 58–59 in tunneling, 100–101

encrypted viruses, 225

encryption, 137, 257. See also cryptography circuit, 305

for confidentiality, 131 defined, 609

for e-mail, 84–85, 111–112 export controls on, 521 for facsimiles, 112 one-way, 9, 625

password files, 39 end-to-end encryption, 305, 609

enforcement requirements in European Union privacy law, 525

Enigma codes, 255–256 enrollment

with biometric devices, 11 for certificates, 298–299 defined, 609

of users, 8, 19–20 enticement, 36 entities, 2, 610 entrapment, 36

environment in physical security, 575–580 EPROM (erasable programmable read-only

memory), 330, 610 equipment

confiscating, 550 failures in, 580

erasing media, 404–405, 610

Escrowed Encryption Standard, 277, 610 espionage, 436

defined, 610 industrial, 544

ESPs (Encapsulating Security Payloads) defined, 609

in IPSec, 306, 370 in VPNs, 84

establishing phase in IDEAL model, 205 /etc/passwd file, 231–232

/etc/shadow file, 232 Ethernet technology, 60

defined, 610

for LANs, 68–69 ethics, 552–554, 610

European Union privacy law, 525–526 evaluation assurance levels (EALs), 377–378 evidence

admissible, 526, 593

of computer crimes, 546 defined, 610

types of, 526–528

exam essentials

access control, 22–23

administrative management, 411–413 applied cryptography, 309–310 attacks, 46–48, 244

auditing, 439–442

business continuity planning, 466–467 communications security, 120–121 computer crime, 555–556

computer design, 352–354 cryptography, 277–278

disaster recovery planning, 498–499 employment policies and practices, 169–171 laws, 530–531

monitoring, 439–442 networks, 91–92

physical security, 581–583 security management, 141–142 security models, 386–387

system development controls, 210–211 exclusive OR operations, 260–261

.EXE files, 222

exit interviews, 153, 610 expert opinions, 610 expert systems, 194, 610 explosions, 481

export laws, 520–521 exposure, 158, 610 exposure factor (EF)

defined, 610

in impact assessment, 457 in risk analysis, 161–163

Extended Binary-Coded Data Interchange Mode (EBCDIC), 62

Extended Terminal Access Controller Access

Control System (XTACACS), 86

Extensible Authentication Protocol (EAP), 85, 102 external auditors, 427–428

external audits, 423

external communications, 495 extranets, 78–82, 610

F

face scans, 10, 611 facilities

in business continuity planning, 460–461 in physical security, 564–567

facsimile security, 112

factor ratings, biometric, 10, 11

fail-open systems, 196 fail-safe features, 89 fail-soft features, 89 failover solutions, 89

failure recognition and response, 429

Fair Cryptosystems escrow system, 277, 611 False Acceptance Rate (FAR), 10, 11, 611 false alarms in intrusion detection, 35

False Rejection Rate (FRR), 10, 11, 611 Family Educational Rights and Privacy Act

(FERPA), 523, 611 Faraday cages, 574

Fault Resistant Disk Systems (FRDS), 90 faults, 576, 611

FDDI (Fiber Distributed Data Interface) in Data Link Layer, 60

defined, 611 in LANs, 69 federal laws, 509

Federal Sentencing Guidelines, 513 feedback and response processes, 164 feedback composition theory, 349 fences, 568, 611

FERPA (Family Educational Rights and Privacy Act), 523, 611

Fiber Distributed Data Interface (FDDI) in Data Link Layer, 60

defined, 611 in LANs, 69

fiber-optic cable, 66–67, 611 field-powered proximity readers, 572 fields in databases, 186

file infector viruses, 222, 611

File Transfer Protocol (FTP), 63, 77 filters, 229

financial attacks, 544, 611

financial institutions, regulatory requirements for, 454

Finger utility, 227 fingerprints, 5, 10, 611

finite state machines (FSMs), 344

fire detection and suppression, 578–580 fire extinguishers, 578

fires, 480–481 firewalls, 74

defined, 611 working with, 78–81

firmware, 338, 612 flag signals, 255

flame actuated systems, 579 flash floods, 478

660 flood attacks – hijack attacks

flood attacks defined, 612 DoS, 40–42

SYN, 232–233, 233 floods, 478–479, 577–578 foreign keys, 187 formats, reporting, 425

Fourth Amendment, 521, 529, 612 Fraggle attacks, 41, 234–235 fraggles, 612

fragmentation, 236, 612

fragmentation attacks, 236, 236–237, 612 Frame Relay, 64, 87, 107, 612

fraud

threat of, 435

in voice communications, 113–114 FRDS (Fault Resistant Disk Systems), 90 frequency analysis, 255, 612

FRR (False Rejection Rate), 10, 11, 611 FSMs (finite state machines), 344

FTP (File Transfer Protocol), 63, 77 full backups, 493–494, 612 full-duplex session mode, 62 full-interruption tests, 498, 612 full knowledge teams, 431

fun attacks, 545, 612 fuzzy logic techniques, 194

G

gas discharge systems, 579–580 gates, 568, 612

gateways, 81, 612

GBL (Gramm-Leach-Bliley) Act, 523, 613 General Protection Faults (GPFs), 207

GFS (Grandfather-Father-Son strategy), 493–494 Gibson Research, 548–549

Good Times virus warning, 226

Government Information Security Reform Act (GISRA) of 2000, 513–514, 612

government/military classification, 138, 612 GPFs (General Protection Faults), 207 Gramm-Leach-Bliley (GBL) Act of 1989, 523, 613 Grandfather-Father-Son strategy (GFS), 493–494 Green Book, 373

ground connections, 576, 613 groups, 16, 613

grudge attacks, 545, 613 guards, 569–570 guidelines, 155–156

for computer security, 512 defined, 613

H

hack backs, 530 hackers, 45, 436, 613 hail storms, 479

half-duplex session mode, 62 Halon, 567, 579–580, 613

handling sensitive information, 403–404 handshaking process

defined, 613

in SYN flood attacks, 232–233, 233 harassment, 434

hardening provisions, 461 hardware, 319

defined, 613 failures in, 484

input and output devices, 335–336 memory, 329–334

processors, 319–329 storage, 334–335

hardware controls, 407–408 hardware segmentation, 206, 340, 613 hash functions, 292–293

defined, 613 MD2, 293–294

MD4, 294

MD5, 294

SHA, 293

hash totals, 109, 613 hash values, 613

Hashed Message Authentication Code (HMAC),

295–296, 614

hashing algorithms, 270–271

HDLC (High-Level Data Link Control) protocol defined, 614

in WANs, 64, 88, 107

Health Insurance Portability and Accountability Act (HIPAA) of 1996, 522, 614

hearsay evidence, 528, 614 heart/pulse patterns, 10, 614 heartbeat sensors, 574 heat-based motion detectors, 571 heat damage, 577, 580

heuristics-based intrusion detection, 35 hiding data, 136, 208, 339–340 high-level attacks, 614

High-Level Data Link Control (HDLC) protocol defined, 614

in WANs, 64, 88, 107 high-level languages, 197

High Speed Serial Interface (HSSI) protocol, 87, 108, 614

hijack attacks, 43, 614