CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)
.pdf
|
asymmetric cryptography – backups |
651 |
|
asymmetric cryptography, 288 |
|
record retention in, 426–427 |
|
El Gamal, 291 |
|
reporting concepts in, 425–426 |
|
elliptic curve, 291–292 |
|
review questions, 443–448 |
|
keys in, 268–270, 288–289, 288, 595 |
|
sampling in, 426 |
|
RSA, 289–290 |
|
summary, 438–439 |
|
asynchronous communications, 69 |
|
time frames in, 424 |
|
asynchronous dynamic password tokens, 14, 595 |
|
auditors, 154, 156, 427–428, 595 |
|
asynchronous transfer mode (ATM) |
|
authentication, 134 |
|
in Data Link layer, 60 |
|
in access control, 5–6 |
|
defined, 595 |
|
cryptography for, 257, 257 |
|
in WANs, 64, 87, 107 |
|
defined, 595 |
|
atomicity, 188, 595 |
|
protection, 82 |
|
attackers, 542, 595 |
|
techniques, 7 |
|
attacks, 37–38 |
|
biometrics, 10–13, 11–12 |
|
application, 238–239 |
|
passwords, 7–10 |
|
brute force and dictionary, 38–39 |
|
tickets, 14–15 |
|
business, 543–544 |
|
tokens, 13–14 |
|
crackers, 45 |
|
two-factor, 6, 39 |
|
cryptographic, 307–308 |
|
Authentication Headers (AHs) in IPSec |
|
decoy techniques, 242–243 |
|
defined, 595 |
|
defined, 595 |
|
purpose of, 84, 306, 369–370 |
|
DoS, 40–42, 42, 232–238, 233, 235–237 |
|
Authentication Service (AS), 15, 595 |
|
exam essentials for, 46–48, 244 |
|
authorization, 6, 134, 595 |
|
financial, 544 |
|
automated attack tools, 37 |
|
fun, 545 |
|
automated monitoring and auditing systems, 429 |
|
grudge, 545 |
|
automated recovery, 400 |
|
inference, 190–191 |
|
automated recovery without undue loss, 400 |
|
malicious code, 220–229 |
|
auxiliary alarm systems, 571, 573, 596 |
|
man-in-the-middle, 43–44 |
|
AV (asset value), 456, 595 |
|
masquerading, 241 |
|
availability |
|
military and intelligence, 543 |
|
in access control, 2–3 |
|
network, 116–118 |
|
defined, 596 |
|
password, 230–232 |
|
in security management, 132–133 |
|
reconnaissance, 240–241 |
|
in security models, 367–368 |
|
review questions, 49–54, 246–251 |
|
AVG function, 190 |
|
scanning, 547 |
|
awareness |
|
sniffer, 44 |
|
defined, 596 |
|
spamming, 44 |
|
training for, 166 |
|
spoofing, 43 |
|
|
|
summary, 45–46, 243 |
|
|
|
terrorist, 544–545 |
|
|
|
|
B |
|
|
written lab for, 245, 252 |
|
|
attenuation, 67, 595 |
B channels, 106 |
|
attributes in databases, 186, 595 |
||
B1 (labeled security) systems, 372 |
||
audio motion detectors, 571 |
||
B2 (structured protection) systems, 372 |
||
auditing, 9, 32, 135, 422 |
||
B3 (security domain) systems, 372 |
||
in access control, 6–7 |
||
back doors, 383, 545 |
||
accountability in, 423 |
||
Back Orifice Trojan horse, 226 |
||
audit trails in, 403, 424–425, 573, 595 |
||
background checks, 151–152 |
||
compliance testing in, 423 |
||
backups |
||
configuration, 206 |
||
for access control violations, 45 |
||
defined, 595 |
||
in disaster recovery planning, 493–494 |
||
exam essentials for, 439–442 |
||
in electronic vaulting, 490 |
||
external auditors in, 427–428 |
||
in operations security, 398 |
||
|