www.it-ebooks.info CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio i The Complete Reference™ Information Security Second Edition www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio ii About the Author Mark Rhodes-Ousley is experienced with every aspect of security, from program management to technology That experience includes risk management, security policies, security management, technology implementation and operations, physical security, disaster recovery, and business continuity planning A resident of Silicon Valley, he has been fortunate to live through the early years, boom times, and mainstreaming of computers and the Internet, practicing information security even before Windows existed Mark holds a CISSP certification from the International Information Systems Security Certification Consortium (ISC)2, a CISM certification from the Information Systems Audit and Control Association (ISACA), and certifications from ITIL, Microsoft (MCSE: Security 2003), Cisco, Security Dynamics, Raptor Systems, Hewlett-Packard, and Digital Equipment Corporation, along with a bachelor’s degree in applied mathematics and electrical engineering from the University of California, San Diego (UCSD) Specializing in information security since 1994 when he built the first Internet firewall for Santa Clara County, California, Mark has built quality-focused security programs, processes, and technologies at Robert Half International (RHI), Merrill-Lynch, National City Bank, Fremont Bank, Sun Microsystems, PG&E, Clorox, The Gap, Aspect Communications, Hitachi Data Systems (HDS), SunPower, and the original Napster He holds two core beliefs: that business processes are just as important as technology because security relies on people; and that security should be a business enabler, with a goal of enhancing the customer experience Believing that maturity of a security program should be improved one step at a time, measured on a five-point maturity scale, with targets agreed upon by business stakeholders, Mark is also a proponent of “management by measurement”—performance measured with metrics (raw data) to manage down and key performance indicators (KPI dashboards) to manage up His experience has shown that building bridges and fostering cross-departmental collaboration, along with executive sponsorship and engagement, enhances the success of the security program Mark can be reached at mro@engineer.com or www.facebook.com/pages/InformationSecurity-The-Complete-Reference-2nd-Ed on Facebook About the Contributors and Technical Reviewers Andrew Abbate, contributor, enjoys the position of principal consultant and partner at Convergent Computing With nearly 20 years of experience in IT, Andrew’s area of expertise is understanding a business’s needs and translating that to processes and technologies to solve real problems Having worked with companies from the Fortune 10 to companies of ten employees, Andrew has a unique perspective on IT and a grasp on “big picture” consulting Andrew has also written nine industry books on varying technologies ranging from Windows to security to unified communications and has contributed to several others Andrew can be reached via e-mail at andrew@abbate.org After being battered about for 20 years in the construction industry, Barrington Allen, technical reviewer, packed up his transferable skills and began a career in information technology 16 years ago Working in a Fortune 100 company has provided Barrington the opportunity to work on interesting and complex enterprise systems, while also providing the continual learning support which is essential to any IT career Barrington is often seen walking his border collies, or seeking to ride on a velodrome near you www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio iii Brian Baker, contributor, has been an IT professional for nearly three decades Brian has supported environments consisting of large, multi-mainframe data centers, international corporations, and smaller, single-site e-commerce infrastructures He has worked for EDS, ACS, Merrill Lynch, Ross Dress for Less, and others over the course of his career His roles have included systems, network, messaging, and security, and for the past ten years he has been supporting and managing storage infrastructures Brian initially began his storage career while he worked as part of a small team to select and design a SAN implementation From there he managed the backup and storage infrastructure for a division of Merrill Lynch As his experience grew, Brian accepted a position with a large hosting provider, joining a small team that managed over petabytes of storage consisting of various SAN array vendors and SAN fabrics within 16 data centers Brian is an EMC Storage Specialist (EMCSA) and holds a bachelor’s degree in information technology from National University He may be contacted at bmbaker@gmail.com As a security researcher at McAfee, contributor Zheng Bu’s every day work is on host and network security He likes to innovate and address security problems His recent research includes application and mobile He is a runner, badminton player, and photographer Feel free to contact him at zheng.bu.sec@gmail.com Brian Buege, contributor, is the Director of Engineering at Spirent Communications He has more than ten years of software development experience and has been developing large-scale, enterprise Java applications since 1998 He lives in McKinney, Texas, with his wife and son Anil Desai (MCSE, MCSA, MCSD, MCDBA), contributor, is an independent consultant based in Austin, Texas He specializes in evaluating, developing, implementing, and managing solutions based on Microsoft technologies He has worked extensively with Microsoft’s server products and the NET platform Anil is the author of several other technical books, including MCSE/MCSA Managing and Maintaining a Windows Server 2003 Environment Study Guide Exam 70-290 (McGraw-Hill/Osborne, 2003), Windows 2000 Directory Services Administration Study Guide (McGraw-Hill/Osborne, 2001), Windows NT Network Management: Reducing Total Cost of Ownership (New Riders, 1999), and SQL Server 2000 Backup and Recovery (McGraw-Hill/ Osborne, 2001) He has made dozens of conference presentations at national events and is also a contributor to magazines When he’s not busy doing techie-type things, Anil enjoys cycling in and around Austin, playing electric guitar and drums, and playing video games For more information, you can contact him at anil@austin.rr.com Leo Dregier, contributor, got his start in networking when he took the MCSE 4.0 Microsoft track After a few short months, he was recognized as a very knowledgeable subject matter expert, so much so that the corporate school he attended offered him a job to teach other aspiring Microsoft engineers Leo has the ability to learn very quickly and is highly adaptable, analytical, and an overachiever (as demonstrated by having expertise in over 40 of the popular computer certifications, including CISSP, ISSEP, CISM, CISA, CRISC, PMP, CEH, CHFI, and several others) Leo has been a principal at the computer security firm The Security Matrix, LLC, since 1995 He has provided consulting services to many U.S federal clients, including the Department of State, the Department of Labor, the Internal Revenue Service, and the Centers for Medicaid and Medicare Services Additionally, Leo has helped thousands of IT professionals achieve their certifications online at TheCodeOfLearning.com and maintains an evaluation level above 90+% When Leo is not working as a consultant or in the classroom, you can find him working on his other personal projects TheProfitCycle.com is geared toward people who need help learning how to adapt to technology and want to www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio iv make money using technology as a solution Leo has also created FindRealEstateHelp.com, which is a real estate problem-solving and investment company In his spare time, he sleeps and spends time with his beautiful wife Leo can be contacted for consulting, public speaking, TV appearances, and more at www.leodregier.com Dr Nick Efford, contributor, is a senior teaching fellow in the School of Computing at the University of Leeds in the United Kingdom, where he currently teaches object-oriented software engineering, distributed systems, and computer security His previous published work includes a book on digital image processing using Java Aaron Estes, technical reviewer, has over twelve years of experience in software development and security engineering His expertise includes secure coding and code review, penetration-testing, security architecture review, and network security Aaron has had key security engineering roles on several of Lockheed Martin’s largest contracts In addition to Lockheed Martin, Aaron has worked with a number of Fortune 500 companies as a security consultant He has over four years of teaching experience at Southern Methodist University at the undergraduate and graduate level, and expects to complete his doctorate degree this year in Software Engineering with a focus on security software at Southern Methodist University in Dallas Thaddeus Fortenberry (MCSE, MCT), contributor, is a senior member technical staff and the remote access architect for employee access at HP For the past year, he has been working on the consolidation of the remote access solutions for the merged Compaq and HP environments Thaddeus specializes in complete security plans for remote deployments that address real-world issues and protection Christian Genetski, contributor, is a Senior Vice President and General Counsel at the Entertainment Software Association Christian is a former prosecutor in the Department of Justice Computer Crime Section, where he coordinated the investigations of several prominent computer crime cases, including the widely publicized denial of service attacks that hit e-commerce sites eBay, Amazon.com, and others in February 2000 In private practice, he counsels clients on compliance with information security regulations, conducts investigations into computer security breaches or other hostile network activity, and represents clients in civil litigation or criminal referrals arising from network incidents Christian graduated from the Vanderbilt University School of Law, Order of the Coif He regularly lectures to a wide variety of audiences on computer crime and information security issues, and he serves as an adjunct professor at the Georgetown University Law Center Christian would like to thank David Tonisson for his thoughtful contributions to Chapter on legal issues Christine Grayban, technical reviewer, is the Enterprise Security practice lead for Stach & Liu, where she oversees all projects related to information security compliance and controls, risk management, governance, and security strategy She has helped several organizations reach compliance with PCI DSS, HIPAA, ISO 27001/2, and other information security frameworks Prior to joining Stach & Liu, Christie spent several years in the security consulting practices at Accenture and Ernst & Young for clients in the Global 500, with verticals including financial services, telecommunications, health care, and resources She is currently based in New York City and has worked and lived internationally in San Francisco, London, and Mumbai Roger A Grimes (CPA, MCSE NT/2000, CNE 3/4, A+), contributor, is the author of Malicious Mobile Code: Virus Protection for Windows (O’Reilly, 2001), Honeypots for Windows (Apress, 2004), and Professional Windows Desktop and Server Hardening (Wrox, 2006) and www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio v has been fighting malware since 1987 He has consulted for some of the world’s largest companies, universities, and the U.S Navy Roger has written dozens of articles for national computer magazines, such as Windows & NET Magazine, Microsoft Certified Professional Magazine, and Network Magazine, and Newsweek covered his work fighting computer viruses You can contact him at rogerg@cox.net Gregory Hoban, technical reviewer, is a Senior Systems Engineer currently in Emeryville, California He has over 17 years of experience dealing with a wide range of servers and storage, specializing in systems and database installation and configuration Gregory has deployed highly available Oracle and SQL server databases on a number of SANs He has been responsible for implementing security restrictions and business IT process controls at both FDA- and SOX-compliant facilities Gregory holds an NCDA certification for NetApp and an Advanced CXE certification for Xiotech Michael Howard, contributor, is a Principal CyberSecurity Architect at Microsoft Corp., a founding member of the Secure Windows Initiative group at Microsoft, and a coauthor of Writing Secure Code (Microsoft Press, 2001) He focuses on the short- and long-term goals of designing, building, testing, and deploying applications to withstand attack and yet to still be usable by millions of nontechnical users Ayush Jain, technical reviewer, is a Senior IT Infrastructure Manager in Emeryville, California Ayush’s professional experiences cover all facets of information security, including, but not limited to, designing and deploying secure infrastructures, BYOD, VDI, implementing intrusion detection and data leak prevention systems, and developing policies and procedures for IT Governance He holds a bachelor’s degree in information technology from Rochester Institute of Technology (R.I.T.) and Advanced CXE certification for Xiotech Michael Judd (a.k.a Judd), contributor, is a Senior Application Engineer at FTEN (a NASDAQ OMX company) He has taught and developed technical courseware on subjects ranging from Java syntax, object-oriented analysis and design, patterns, and distributed programming, to Java security and J2EE He lives in Denver, Colorado Dr Bryan Kissinger, contributor, is a seasoned security professional with over 18 years of experience advising government and various private sector organizations on enhancing their security posture He is currently responsible for assessing risk, recommending infrastructure enhancements, and managing compliance for a major healthcare provider Bryan was previously a Director in PricewaterhouseCoopers’ Security practice with leadership responsibilities in the Pacific Northwest and Bay Area markets He is considered a healthcare and technology sector specialist and is a published author and frequent public speaker on the topics of security and information technology strategy Thomas Knox, contributor, has done Unix administration for more years than he wants to admit He is currently a Streaming Media Engineer at Comcast and previously worked as a network and system engineer for National Geographic and Amazon.com His thanks go to his wife Gisela for all her love and support Brenda Larcom, technical reviewer, is a Senior Security Consultant throughout the United States and occasionally beyond She has over 17 years of experience securing software and the odd bit of hardware throughout the development and deployment lifecycle, particularly for Agile organizations Brenda cofounded an open source threat modeling methodology that analyzes security requirements as well as architecture Brenda holds a bachelor’s degree in computer science from the University of Washington She may be contacted at blarcom@stachliu.com www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio vi Eric Milam, contributor, is a Principal Security Assessor with over 14 years of experience in information technology Eric has performed innumerable consultative engagements, including enterprise security and risk assessments, perimeter penetration testing, vulnerability assessments, social engineering, physical security testing, and wireless assessments, and has extensive experience in PCI compliance controls and assessments Eric is a project steward for the Ettercap project as well as creator and developer of the easy-creds and smbexec open source software projects He can be reached at emilam@accuvant.com and jbrav hax@gmail.com Michael T Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), contributor, applies over 20 years of security technology experience and evangelism to the technical delivery of security research and solutions Michael’s technology experience includes penetration testing, wireless security assessments, compliance assessments, firewall and IDS/IPS deployments, mobile device security, incident response and forensics, and security research, and he is also a former security trainer As a Product Manager at AirDefense, he co-designed a new and innovative product (Wireless Vulnerability Assessment; U.S patent #7,577,424), a wireless “hacker-in-a-box” add-on module for AirDefense’s Wireless IPS solution In addition, Michael conducts ongoing independent research on various wireless and mobile hacking techniques, as well as data hiding He has presented on various security topics at numerous conferences around the world (including BlackHat, DefCon, SANS, DoD Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon You can find out more on his security research website at www.spyhunter.org Eric Reither, technical reviewer, is the Vice President and a Senior Security Consultant at Security by Design Inc Since 2001, he has been involved with numerous projects, and his project management skills have proven invaluable for keeping projects on time and on budget Eric’s project involvement also extends to engineering, drafting, and database management This deep level of project involvement combined with Eric’s experience helps to guarantee client expectations are exceeded on a regular basis Eric also has over ten years of experience in the fire suppression and facilities communication systems industries During that period, his responsibilities included systems installation, all facets of project management, systems engineering and design, and training program development He can be reached at eric_reither@sbd.us Ben Rothke (CISSP), technical reviewer, is a Corporate Services Information Security Manager at Wyndham Worldwide, and he has more than 15 years of industry experience in the area of information systems security His areas of expertise are in PKI, HIPAA, 21 CFR Part 11, design and implementation of systems security, encryption, firewall configuration and review, cryptography, and security policy development Prior to joining ThruPoint, Inc., Ben was with Baltimore Technologies, Ernst & Young, and Citicorp, and he has provided security solutions to many Fortune 500 companies Ben is also the lead mentor in the ThruPoint CISSP preparation program, preparing security professionals to take the rigorous CISSP examination Ben has written numerous articles for such computer periodicals as the Journal of Information Systems Security, PC Week, Network World, Information Security, SC, Windows NT Magazine, InfoWorld, and the Computer Security Journal Ben writes for Unix Review and Security Management and is a former columnist for Information Security and Solutions Integrator magazine; he is also a frequent speaker at industry conferences Ben is a Certified Information Systems Security Professional (CISSP) and Certified Confidentiality Officer (CCO), and a member of HTCIA, ISSA, ICSA, IEEE, ASIS, and CSI While not busy making corporate America a more secure place, Ben enjoys spending time with his family www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio vii Zeke (Ezekiel) Rutman-Allen, technical reviewer and contributor, is first and foremost a fanatical technologist Zeke carries an active interest in all disciplines of technology application, from tradecrafts to supercomputing, with expertise in many different areas of telecommunications, networking, and data centers Originally a network engineer, he has held a variety of technical and management positions in enterprise and government organizations in network engineering, data center, and voice/VoIP architecture, design, and operation Currently, Zeke holds the position of Senior Manager, Global Network Services for a multibillion dollar green energy company His responsibilities include several key technology stacks, including data center spec/design/operation, LAN/WAN, global voice and VoIP platforms, and all remote access These duties have allowed Zeke to satiate his hunger for knowledge while maintaining a wide variety of expertise across a multitude of disciplines Zeke can be reached at zekera@gmail.com Stephen Singam, technical reviewer, has extensive experience in information security architecture and management, stakeholder management, strategic planning, and security project management and delivery He is currently a CTO at Hewlett-Packard, and has held security leadership positions at Commonwealth Bank of Australia (Sydney), 20th Century Fox/News Corporation (Los Angeles), Salesforce.com (San Francisco), IBM (New York), and Nokia (Helsinki) His accomplishments include developing a Cyber Security Operation Center (SOC) encompassing the provisioning of security monitoring via IDaaS, threat and vulnerability intelligence using Big Data technologies and managed security infrastructure, and creating a cloud security reference architecture for a large telecommunication SaaS market offering At 20th Century Fox, Stephen developed Intellectual Property Security Architecture, Standards, and Policies that cover all release platforms from Script Development to Home Entertainment worldwide This was accomplished with a focus on the most successful movie of all time—James Cameron’s Avatar As a result, Fox became the first Media & Entertainment firm to successfully attain a zero pre-release IP leak of major DVD releases in Russia Stephen has an MS in management of technology from the University of Pennsylvania, a joint program of Wharton Business School and the School of Applied Science & Engineering He is a Moore Fellow in Management of Technology at University of Pennsylvania He also has an MS in international management from University of Reading (United Kingdom) Stephen has been an Invited Panelist at: Tech ROI; New York Times Business-Innovation; and Silicon Valley’s ISACA Annual Meeting and United Kingdom’s Knowledge Transfer Network In 2011, he was invited by the Chinese government in Chongqing to advise on non-monitored cloud services for MNCs such as Microsoft, JP Morgan and IBM Corp He can be reached at stephen@ssingam.com Keith Strassberg (CPA, CISSP), technical reviewer, contributor, and first edition coauthor, is now CEO/CTO of Universal Survey, one of the world’s largest independent market research data collection companies Keith oversees Universal’s operations and pushes the company to be a highly competitive and efficient partner Universal’s clients benefit from Keith’s insight and extensive technical abilities, and he is known for developing and executing solutions in dynamic and fast-moving technology environments Keith has been in the information security field for over 15 years and has worked at firms such as The Guardian Life Insurance Company of America and Arthur Andersen Keith holds a BS in accounting from Binghamton University, and he can be reached at kstrassberg@yahoo.com www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio viii Simon Thorpe, contributor, has been working with information security technologies since 1999 He was the first employee of SealedMedia after the founder received the first round of funding He was involved in the development, support, QA, sales, consulting, product management, and marketing of the SealedMedia product In 2006, when the technology was acquired by Oracle, Simon continued his involvement by working on IRM solutions with companies around the globe as well as deploying the technology internally, protecting Oracle’s most valuable information Simon has written for the Oracle IRM blog, Oracle Profit Magazine, and other online publications, and has extensive knowledge of many of the unstructured data security solutions in the market today Simon then moved from Oracle to Microsoft, where he continues to apply his IRM knowledge with the Microsoft AD RMS technology Simon is often looking for feedback on how people implement document and file security technologies, so feel free to contact him at simon@securitypedant.com Dr Andrew A Vladimirov (CISSP, CCNP, CCDP, CWNA, TIA Linux+), contributor, currently holds the position of Chief Security Manager for Arhont Information Security Ltd (www.arhont.com), a fast-growing information security company based in Bristol, UK Andrew is a graduate of King’s College London and University of Bristol He is a researcher with wide interests, ranging from cryptography and network security to bioinformatics and neuroscience He published his first scientific paper at the age of 13 and dates his computing experience back to the release of Z80 Andrew was one of the cofounders of Arhont, which was established in 2000 as a pro-open-source information security company with attitude Over the years, Andrew has participated in Arhont’s contributions to the security community via publications at BugTraq and other security-related public e-mail lists, network security articles for various IT magazines, and statistical research Andrew’s wireless networking and security background predates the emergence of the 802.11 standard and includes hands-on experience designing, installing, configuring, penetrating, securing, and troubleshooting wireless LANs, Bluetooth PANs, and infrared links implemented using a wide variety of operating systems and hardware architectures Andrew was one of the first UK IT professionals to obtain the CWNA certification, and he is currently in charge of the wireless consultancy service provided by Arhont He participates in wireless security equipment beta testing for major wireless hardware and firmware vendors, such as Proxim, Belkin, and Netgear Barak Weichselbaum, contributor and technical reviewer, is a network and security consultant who started his career in the Israeli Defense Forces and served in the intelligence corps He spearheaded the development of numerous network security products and solutions, including B2B, P2P, IPS, and IDS, from the ground up to the deployment and integration stage He is the founder and CEO of B.W Komodia Ltd You can contact him at www.komodia.com Marcia Wilson, contributor, is an information technology veteran who has focused on information security for the last decade She holds the CISSP and CISM designations She received her master’s degree from the University of San Francisco and is finishing up her doctoral studies in information assurance at Capella University Marcia has worked in a number of capacities in information security, including managing and directing security teams in a global environment, as an individual contributor, and as a consultant for small, medium, and large organizations She is experienced in healthcare, financial, and high tech organizations in both the private and public sectors Marcia’s passion is protecting the privacy of individual personal and healthcare information www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio ix The Complete Reference™ Information Security Second Edition Mark Rhodes-Ousley New York  Chicago  San Francisco Lisbon  London  Madrid  Mexico City Milan  New Delhi  San Juan Seoul  Singapore  Sydney  Toronto www.it-ebooks.info 00-FM.indd 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 842   Index  inappropriate administrator access, 263, 588 inbound Internet communication ports, 127 incident management, 730 incident response, 741–743 confidentiality and privilege issues, 784–785 incident detection, 768 law enforcement referrals, 781 overview, 767–768 preservation of evidence, 782–784 recovery and resumption, 770 response and containment, 768–769 review and improvement, 770–771 incident response plans, 17 information classification of, 3–4 confidential, evolution of, 5–8 handling of, for internal use only, personally identifiable information (PII), protected health information (PHI), specialized or secret, Information Assurance Manager (IAM), 153 information classification, 128 information rights management (IRM), 208–209, 211 access auditing and reporting, 238 architecture, 218–219 auditing and reporting, 228–230 authentication, 236–237 authorization, 237 automating offline rights caching, 231 classification creation, 232–233 clients and servers, 219–220 content access and rights invocation, 237–238 cryptography, 221–222 defining an IRM technology, 217–218 the difference between DRM and IRM, 212–215 distributing content, 236 evolution from encryption to IRM, 216–217 identities, 222–224 installing and configuring the IRM client, 236 offline authentication and authorization, 230 overview, 212 and photography, 229 rights, 224–228 rights assignment, 234–235 rights retrieval and storage, 237 rights revocation, 238 secured content format, 220–221 securing content, 235 tamper-proofing cached rights, 231 and unstructured data formats, 231–232 user provisioning, 233–234 information security defined, 11 importance of, 3–5 insurance analogy, 8–9 justifying the investment, 8–10 legislation and regulations, Infrastructure-as-a-Service (IaaS), 579 inode, 185 input validation, 567 insider threats, 29 instability, 268–269, 593–594 integer overflows, 639–642 avoiding integer overflow vulnerabilities, 642–643 integer underflow, 641 integrity, 86 risks to, 266–267, 590–592 integrity labels, 471 intellectual property, 129 intellectual property infringement, 80 intentional radiator (IR), 377 Internet Control Message Protocol See ICMP Internet integration, 579 Internet network routing, 761 Internet proxies and circumventors, 345 Internet usage monitoring, 123 InterNex, intranets, 7, 313 introspection, 577 intrusion detection, 351 intrusion detection systems See IDSs intrusion prevention, 351 intrusion prevention systems See IPSs intrusion-detection monitoring, 133 IP addresses, 322 IP spoofing attacks, IPSec, 181–182, 357–358 IPSs, 567 deployment plan, 419–420 disadvantages, 415 vs firewalls, 415 overview, 414–415 IRM See information rights management (IRM) IRT See Security Incident Response Team ISACA, 56 www.it-ebooks.info 36-Index.indd 842 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   ISAPI-based products, 566 ISDN protocol, 448–449 ISO standards, 55 27000 series, 57–60 relating to authentication and authorization, 186–187 relating to business continuity planning, 762 relating to encryption, 250 relating to physical security, 797–798 relating to secure network design, 318 relating to Unix, 496–497 relating to Windows, 538–539 isolated storage, 698–699 J J2EE architecture, 658 attacks on the JVM, 657–658 authentication, 664–665 authorization, 666–667 bytecode verifier, 656 classloaders, 656 communication between components in same container, 673–674 containers, 662–664 controller servlet, 659 Enterprise JavaBeans (EJB), 661–662 HTTP, 668–669 HTTPS, 670–671 IIOP, 672–673 Java language, 655–657 JavaServer Pages (JSP), 660–661 JDBC, 676 JMS, 675–676 JRMP, 674–675 overview, 655 proprietary communication protocols, 675 security manager, 657 servlets, 658–659 SOAP, 671–672 Jacky virus, 36 Java, 30 Java Authentication and Authorization Service (JAAS), 666–667 JavaServer Pages (JSP), 660–661 JDBC, 676 JMS, 675–676 JRMP, 674–675 JS.ExitW, 39 See also Trojan horse programs Index   843 K Kerberos, 171–173 key performance indicators (KPIs), 727–728 Kucala Enterprises, Ltd v Auto Wax Co., Inc., 784 Kuhns, Anne, 118 L L2L tunnels, 355 L2TP over IPSec See PPTP labels, 470–471 laws Computer Fraud and Abuse Act, 71–74 Economic Espionage Act, 80 electronic communication laws, 76–79 Electronic Communications Privacy Act, 76–79 hacking laws, 71–75 and other cyber crimes, 80–81 overview, 70–71 state legislation, 81–82 USA PATRIOT Act, 75, 79 layered security, 88–90 legislation Gramm-Leach-Bliley Act (GLBA), HIPAA, Link Manager Protocol (LMP), 385 link-state protocols, 329 Linux, 30 LIST command, 555–556 listen queue, 465 litigation, role of information security in, 783–784 local addresses, 348 locks, 794–795 logging, 340 activity logs, 736–739 IDS, 417–418, 419 SIEM systems, 422–423 Logical Link Control and Adaptation Protocol (L2CAP), 385 logical unit numbers (LUNs), 256 login message, 125 login modules, 666–667 lollipop model, 87–88 loopback, 515 loss, 72 lsof, 491 www.it-ebooks.info 36-Index.indd 843 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 844   Index  M MAC addresses, 322 MAC filtering, 386 MAC flooding, 49 macro viruses, 35–36 See also viruses Maginot Line, 11 MAIL FROM command, 547–549 maintenance, 17 malfunctions, 266, 591 malicious HTML, 40–41 malicious mobile code, 31–33 malware, highest severity malware programs, 32 malware blocking, 350–351 Managed Security Service Providers (MSSPs) overview, 160–162 services monitored by, 163 services performed by, 162–163 managed service providers (MSPs), 579 Management Information Base Object Identifiers (MIB OIDs), 336 man-in-the-middle attacks, 7, 48–51, 344 mantraps, 795 MCUs, 432–433 MDM See Mobile Device Management (MDM) Melissa virus, 36 memory-resident viruses See also viruses message-driven beans (MDBs), 662 message-of-the-day (MOTD) banners, 333–334 Metcalfe, Bob, 371 metrics, 727, 728 MGCP protocol, 442 microkernel architecture, 463 Microsoft, 30 Microsoft DNS, 568 Microsoft Office, and IRM, 231 Microsoft Word Concept macro virus, 35 mid-infecting viruses, 34 See also viruses misconfigured access points, 389 misuse, defined, 400 misuse of data, 264, 589–590 mitigation, 18 MITM See man-in-the-middle attacks Mitnick, Kevin, mixed threats, 31 Mobile Device Management (MDM), 603–606 mobile devices application risks, 597, 599–600 baseband hacking, 599 Bluetooth snooping and fuzzing, 599 built-in security features, 600–603 data loss prevention (DLP), 606 data storage, 598 device risks, 597, 598–599 encryption, 601–603 hidden malicious URLs, 599 jailbreaking, 600 open hotspots, 598 passwords, 601 phishing, 600 rooting, 600 smishing, 600 Trojaned apps, 599 viruses on, 36–37 war texting, 600 weak passwords, 598 Wi-Fi hijacking, 598 monitoring databases, 293–294 Morris worm, 74 MS-CHAP, 171 multi-conference units See MCUs multipartite viruses, 35 See also viruses multiple simultaneous logins, 127 N NASD Rule 3110, 782 NERC CIP, 68–69 NET Framework application domains, 696–698 authentication, 710 authorization, 711 CAS policy, 694 code access security, 687–696 code groups, 687, 690–691 configuring CAS for ASP.NET, 709 evidence, 687, 688–690 imperative and declarative security, 694–696 impersonation, 686–687, 710–711 isolated storage, 698–699 managed code, 679–680 membership conditions, 690–691 overview, 679 permission sets, 690–691 policy levels, 691–692 policy resolution, 692–694 principals, 684–686 remoting, 708 role-based security, 684–687 running with least privilege, 709 securing web services and web applications, 708–711 www.it-ebooks.info 36-Index.indd 844 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   using cryptography, 699–708 validation, 680–682 verification, 682–684 Netstat, 490–491 network address translation (NAT), 347–348, 577 dynamic NAT, 349 Port Address Translation (PAT), 349–350 static NAT, 348–349 network bridging, 577 network defense, best practices, 93–104 network discovery protocols, 331–332 network DLP, 207 See also data loss prevention (DLP) network perimeter, 309 electronic security perimeter (ESP), 299–300 wireless impact on the perimeter, 309–310 network redundancy, 132 network security, defined, 11 network security monitoring, 134 network segmentation, 92–93 network segments, 408–409 network-attached storage (NAS), 255 network-based IDS (NIDS), 407–409 network-layer attacks, 44–46 networks, 201 challenges in current network security solutions, 201–202 hardening, 330–340 See also secure network design new access requests, 141 new account requests, 124 new employee access approval, 137 Nimda, 37–38 NIST standards, 55, 60–62 relating to authentication, 186 relating to encryption, 244–245, 250 relating to secure network design, 317 relating to Windows, 537–538 SP 800-53, 113 SP 800-125, 577 non-corporate usage agreement, 124 nondisclosure agreements (NDAs), 4, 136 non-employee access to corporate information, 137 non-employee access to corporate systems, 139 nonresident viruses, 34 See also viruses O OCTAVE, 114 offsite backup storage, 132 offsite data storage, best practices, 271 Index   845 one-time pad, 174, 243 onion model, 88–90 online backups, 132, 756 online transaction processing (OLTP), 274 onsite backup storage, 132 open proxies, 559 open relays, 559 Open Systems Interconnection (OSI) model, 322, 323, 324 operating system models, 463–464 access control lists (ACLs), 465–466 insecurity of the underlying protocols, 464–465 MAC vs DAC, 466–467 operating system security, 277–278 international standards for, 473–475 Operationally Critical Threat, Asset, and Vulnerability Evaluation See OCTAVE Oracle Corporation, 30, 150 Orange Book See Common Criteria Organization for Economic Co-operation and Development (OECD), 86 organizational unique identifiers (OUIs), 379 organizational units (OUs), 514 OS networking services, 632 OSI stack, 322, 323, 324 outage, 268, 593 outbound filtering, 315–317 outbound Internet communication ports, 127 overwriting viruses, 34 See also viruses P P2P attacks, 48 packet capturing See packet sniffing packet injectors, 46 packet replay, 262–263, 588 packet sniffing, 44–46, 262–263, 588 packet-level drivers, 408 parameterized queries, 650–651 parasitic viruses See also viruses Parker, Donn B., 86 Parkerian Hexad, 86 partition table viruses, 34, 35 See also viruses partition tables, 774 partitioning, 576 partitions, 773 PASS command, 555 www.it-ebooks.info 36-Index.indd 845 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 846   Index  passive scanning, 384 password construction, 125 password cracking, 48 password expiration, 125 password privacy, 125 password protect booting, 93 password protect CMOS, 94 password reset, 125 password reuse, 126 passwords, 167, 168–175 clear text, 129 mobile devices, 601 one-time password systems, 173–175 securing with encryption and securing the password file, 169–170 in Unix, 494–495 weak, 598 in Windows, 520–523 patching, 330, 518–519 payload, 33 Payment Card Industry Data Security Standard, 69–70 PBX, 456–457 PCI DSS, 69–70 PDFs, and IRM, 231 peer-to-peer applications, 715–716 peer-to-peer file sharing, 345 penetration testing, 137 performance enhanced network performance, 351 in secure network design, 303–305 perimeter security, 87–88 personal use of information systems, 123 personal use of long-distance, 124 personal use of telephones, 124 personal web sites, 124 personally identifiable information (PII), personnel management policies, 132–135 phishing, 265–266, 592, 600 phone phreaking, 427 physical addresses See MAC addresses physical attacks, 44 physical intrusion detection alarms, 797 closed-circuit television, 796 physical security choosing site location, 791–794 classification of assets, 789–790 and COBIT provisions, 798–801 entry controls, 795–796 and ISO standards, 797–798 locks, 794–795 physical vulnerability assessment, 790–791 physical security for critical systems, 139 physical security for laptops, 139 physical security policies, 138–142 piggybacking See tailgating placeholder queries, 650–651 Plan, Do, Check, Adjust (PDCA) growth cycle, 56, 57 planning, 16–17 Platform-as-a-Service (PaaS), 579 Point-to-Point Tunneling Protocol See PPTP policies acceptable use policies, 122–124 audience, 111–112 categories, 112–113 computer policies, 124–127 contributors, 110–111 data integrity policies, 130–132 data privacy policies, 128–130 defined, 107 development, 109–110 enforcement, 119–121 frameworks, 113–114 network policies, 127–128 ongoing maintenance of, 147 overview, 108 personnel management policies, 132–135 physical security policies, 138–142 security management policies, 135–138 policy files, 667 policy pockets, 92 POP3, 553–557 vs IMAP4, 557–558 SSL support for, 558 POP3 proxy, 570 Port Address Translation (PAT), 349–350 port hopping, 714 port mirroring, 408–409 port spanning, 408–409 port zoning, 257–258 portability, 10 ports, and TCP/IP, 323–325 position of computer monitors, 139 Postfix, 485–486 posture validation, 311 PPTP, 359 prepending viruses, 34, 35 See also viruses preventative controls, 29, 30 printed data, securing, 205–206 privacy cell phone, 130 data privacy policies, 128–130 www.it-ebooks.info 36-Index.indd 846 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   privileges, 182 procedures, 17 defined, 107 example, 144–145 ongoing maintenance of, 147 product security incident response, 615 production staff access, 141 profiles, 720 programmers, as administrators, 526 project plans, 16–17 promiscuous mode, 408 protected health information (PHI), protocol analyzing See packet sniffing protocol anomaly detection, 409 protocol filtering, 386 protocol-anomaly attacks, 46 Proxy ARP, 331 proxy servers direct mapping, 570 FTP proxy, 570 HTTP connect, 571 HTTP proxy, 570 overview, 569–570 POP3 proxy, 570 reverse proxy, 571–572 public key cryptography, 245–246, 705–707 Public Key Infrastructure (PKI), 247–249 See also encryption Q Qmail, 486 Quality of Service (QoS), 347 quarter-end and year-end backups, 132 R radio frequency security antenna choice and positioning, 373–376 closed-system SSIDs, 386 compliance with FCC regulations, 373 controlling the range of wireless devices via power output tuning, 376–379 data-link layer, 383–386 distinguishing security violations from malfunctions, 372 layer one security solutions, 373–383 MAC filtering, 386 principle of least access, 372 proper network design, 372 protocol filtering, 386 RATs, 39–40 RCPT TO command, 549 read-only domain controller (RODC), 523 Index   847 real-time interception, 76–78 recovery controls, 29, 30 redirects, 339 Redundant System Slot (RSS), 760 reference checks, 138 reference monitor, 471–472 regular expression syntax, 646–647 regulations 15 U.S.C Section 6801(b)(1)-(3), 64 duty of care, 63 Federal Trade Commission Safeguards Rule, 64, 65 Gramm-Leach-Bliley Act (GLBA), 62, 63–65 HIPAA, 66–68 HITECH Act, 68 NERC CIP, 68–69 overview, 62–63 Payment Card Industry Data Security Standard, 69–70 Regulation S-P, 65 retention regulations, 782–783 Sarbanes-Oxley Act of 2002, 62, 66 See also standards remediation planning, 16 remote access, 345 considerations, 311 Trojans, 39–40 VPN security, 360–368 remote administration custom, 631–632 HTTP authentication methods, 630–631 reasons for, 629 securing web-based remote administration, 631 using a web interface, 630 remote firewall management, 135 remote network security monitoring, 135 remote server security management, 135 remote virus-signature management, 135 requests for change (RFC), 731 resourcing plan, 15 RETR command, 556 return on investment (ROI), revocation of certificates, 248–249 RFCs, 544 Rights Management Services (RMS), 216 See also information rights management (IRM) risk acceptable risk, 300 defined, 52 risk analysis, 16, 51–52 Ritchie, Dennis, 477 www.it-ebooks.info 36-Index.indd 847 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 848   Index  roadmaps, 16 rogue access points, 382, 388–389 role separation, 249 role-based authorization (RBAC), 182–183 role-based security, 684–687 roles and responsibilities application security functions, 157 business continuity and disaster recovery planning functions, 157 Chief Information Security Officer (CISO), 151 Chief Security Risk Officer (CSRO), 151 example security organization, 152 Facility Security Officer, 156–157 non-security jobs with security responsibilities, 157–158 overview, 149–151 Security Administrator, 155 Security Analyst, 155–156 Security Architect, 154 Security Awareness Trainer, 156 Security Director, 151–153 Security Engineer, 154 Security Incident Response Team, 158–160 Security Investigator, 156 Security Manager, 153–154 room access based on job function, 138, 141 rootkits, danger of, 775–776 routers, 327–328 routing protocols, 328–329 RTCP protocol, 446 RTP protocol, 446 RTSP protocol, 446 rule-based access control (RBAC), 466 rule-based authorization, 186 S same passwords, 126 Sarbanes-Oxley Act of 2002, 62, 66 Sarbox See Sarbanes-Oxley Act of 2002 SCCP protocol, 445–446 screened subnets, 314–315 SDL See secure development lifecycle SDP protocol, 446 search of personal property, 129, 142 secret information, secure by design, 472–473 secure development lifecycle, 611–613 decisions to proceed, 615 dependency patch monitoring, 614 product security incident response, 615 secure coding, 614 secure design, 613 secure development infrastructure, 613 secure release management, 614 security code review, 614 security documentation, 614 security requirements, 613 security testing, 614 security training, 613 threat modeling, 613–614 secure in deployment, 473 secure logs, 567 secure network design acceptable risk, 300 availability, 306–307 Cisco Hierarchical Internetworking model, 303–304 and COBIT provisions, 319 cost of security, 302–303 designing an appropriate network, 302 designing security into a network, 301 DMZ networks, 314–315 electronic security perimeter (ESP), 299–300 extranets, 313–314 internal security practices, 311–313 intranets, 313 and ISO standards, 318 network design models, 301–302 and NIST standards, 317 outbound filtering, 315–317 performance, 303–305 remote access considerations, 311 screened subnets, 314–315 security, 308–317 two-tier approach, 305 wireless impact on the perimeter, 309–310 Secure Shell See SSH Secure Sockets Layer (SSL), 177–179, 630 Securities and Exchange Commission Regulation S-P, 65 Rule 17a-4, 782 security defined, 11 in secure network design, 308–317 three Ds of, 12–14 Security Administrator, 155 Security Analyst, 155–156 Security Architect, 154 security architecture, 16 security audits, 136 www.it-ebooks.info 36-Index.indd 848 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   security awareness programs, 17, 114 case study, 118 implementing, 118–119 importance of, 114–115 increasing effectiveness, 117 objectives of, 115–117 Security Awareness Trainer, 156 security council, 164 Security Director, 151–153 security document lifecycle, 136 security drills, 137, 142 Security Engineer, 154 security guards, 796 security identifiers (SIDs), 184 Security Incident Response Team, 158–160 Security Information and Event Management systems See SIEM systems Security Investigator, 156 security management four waves of, 55 policies, 135–138 Security Manager, 153–154 security methodology, 11–14 security models Bell-LaPadula, 467 Biba, 468 Clark-Wilson, 468 TCSEC, 468–470 security organization application security functions, 157 business continuity and disaster recovery planning functions, 157 Chief Information Security Officer (CISO), 151 Chief Security Risk Officer (CSRO), 151 example, 152 Facility Security Officer, 156–157 non-security jobs with security responsibilities, 157–158 overview, 149–151 Security Administrator, 155 Security Analyst, 155–156 Security Architect, 154 Security Awareness Trainer, 156 Security Director, 151–153 Security Engineer, 154 Security Incident Response Team, 158–160 Security Investigator, 156 Security Manager, 153–154 security personnel responsibilities, 137 security policy, 15 security policy enforcement, 138, 139 Index   849 security programs, how to build, 14–17 security zones, 139 self-critical analysis, 785 sendmail, replacing, 484–486 sensitivity labels, 470 sensors, 408 sequence guessing, 464 sequential keys, 174–175 server access, 130 servers best practices, 270 keeping servers up to date, 292 service administration, 734 service commerce platforms, 579 Service Discovery Protocol (SDP), 385 service management, 730 service set identifiers (SSIDs), 379 servlets, 658–659 and JSP, 660–661 session beans, 661 session hijacking, 464 shredding of private documents, 129 SID filtering, 533–534 side-channel attacks, 576 SIEM systems, 420–421 additional features, 424–425 alerts, 421 analysis, 423–424 data aggregation, 421–423 logs, 422–423 operational interface, 424 real-time data, 421–422 signal-to-noise ratio (SNR), 378 SIGTRAN protocol, 449 Silicon Graphics, 90 Simile virus, 36 Simple Network Management Protocol See SNMP single loss-expectancy (SLE), 52 SIP protocol, 443–444 sites, 514 six atomic elements of information, 86 slack, 774 slowness, 269, 594 smart cards, 179–180 smishing, 600 SMS protocol, 449–450 SMTP, 544–550 command sequence, 546 common e-mail header fields, 550 common SMTP response codes, 548 manually connecting to an SMTP server, 545 www.it-ebooks.info 36-Index.indd 849 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 850   Index  SMTP (Cont.) SSL support for, 558 typical session, 548 See also Extended SMTP (ESMTP) smurf attacks, 339 snapshot HIDS, 406–407 sniffing See packet sniffing SNMP, 336–337 SOAP, 671–672 social networking, software installation monitoring, 136 software testing, 131 Software-as-a-Service (SaaS), 7, 579 Sony BMG, 214 source routing, 340 SOX 404 See Sarbanes-Oxley Act of 2002 spam defined, 558–559 how ISPs fight spam, 560 how you can fight spam, 560–561 open proxies, 559 open relays, 559 zombies, 559 span ports, 408 spear-phishing, 19, 42 specialized information, split horizon, 329 split-tunnel routing, 364–368 spoofing, 464 spread spectrum, 379–381 SQL injection, 47, 288, 615, 649–650 avoiding SQL injection vulnerabilities, 650–651 common SQL server stored procedures that are abused by hackers, 619 procedure invocations and SQL administration, 619 simple login bypass, 616–618 solutions for, 619–620 SQL database configuration, 651–652 when SQL injection goes bad, 618–619 SQL Slammer worm, 37, 38 SRT See Security Incident Response Team SRTP protocol, 447 SS7 protocol, 449 SSDL See secure development lifecycle SSH, 181, 333, 334 SSL VPNs, 359–360 staff, best practices, 271 standards, 15 COBIT, 56–57 Common Criteria, 473–475 defined, 107 example, 142–143 ISO 27000 series, 57–60 NIST, 60–62 ongoing maintenance of, 147 overview, 55, 142 See also regulations standby systems, 761 stateful firewalls, 344 See also firewalls static NAT, 348–349 stealth viruses See also viruses steering committee, 164 storage encryption of, 204–205 overview, 203–204 storage area networks (SANs), 255 storage DLP, 207 See also data loss prevention (DLP) storage networks, 256–258 storage persistence, 263, 589 storage platform attacks, 264, 589 storage security access by an unauthorized person, 261 access by an unauthorized system, 260–261 administration channel, 260 arrays, 258–259 availability risks, 267–270 best practices, 270–271 confidentiality risks, 262–266 evolution of, 253–254 integrity risks, 266–267 servers, 259 storage infrastructure, 255–259 storage networks, 256–258 stored communications, 78–79 stored procedures, 284 strategic planning, 20 strategy, 20–21 structured data, vs unstructured data, 191–193 sudo, 495–496 switches, 326–327 switch security practices, 330 symmetric-key cryptography, 243–245, 701–705 SYN flooding, 465 system access control lists (SACLs), 466 system activity monitoring, 136 system administrator account login, 135 system administrator account monitoring, 134 system administrator appropriate use monitoring, 135 system administrator authentication, 135 system administrator authorization, 134 www.it-ebooks.info 36-Index.indd 850 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   system administrator disk-space usage monitoring, 135 System Center Configuration Manager (SCCM), 519 system communication ports, 127 system images, 773 system redundancy, 132 system vulnerability scanning, 136 T T.38 protocol, 448 tactics, 20–21 tailgating, 139, 142 See also mantraps taps, 408 TCP Wrappers, 483–484 TCP/IP, 321–322, 323–325 TCSEC, 468–470 labels, 470–471 technical controls, vs business processes, 21–22 Telecom Expense Management (TEM), 457–458 templates, 720–722 Temporal Key Integrity Protocol (TKIP), 391 temporary badges, 139 TFTP server, 332 theft, 262, 587–588 Thompson, Ken, 477 threat agents, 25 threat intelligence, 741 threat sources and targets, 29–30 threat vectors, 26–29 threats defined, 52 identifying, 25–26 three Ds of security, 12–14 three-badge access requirement, 141 time-based keys, 174 timestamps, 418 tokens, 576 traceroutes, 337–338, 356 trade secrets, theft of, 80 traffic generators, 46 traffic redirection, 408–409 traffic replay tools, 46 transference, 18 transitive security, 18–19 Transport Layer Security (TSL), 177–179 trap doors See back doors traps, 336–337, 768 triggers, 284 Index   851 Trojan horse programs, 28, 39 remote access Trojans, 39–40 Trojaned apps, 599 zombie Trojans, 40 trusted computing base (TCB) See operating system models trusts, 530 See also Windows Trusts Trustworthy Computing initiative, 472–473 tunneling, 345 type confusion attacks, 657 U unattended session logoff, 126 unauthorized access, 72 unauthorized access of network shares, 47 unauthorized data-access blocking, 130 unauthorized Internet access blocking, 127 undocumented administrative accounts See back doors unified threat management (UTM), 321 United States v Councilman, 78 United States v Morris, 74 Unix, 477 alternatives to passwords, 495 auditing cron jobs, 487–488 auditing scripts, 489–490 auditing your applications, 480 backing up the system, 496 booting into run level by default, 481 and COBIT provisions, 497–498 configuring all your daemons to log, 491 configuring secure settings, 486–493 fresh install, 477–478 hardening, 479 installing OpenSSL, 481 installing secure software, 481–486 and ISO standards, 496–497 keeping out of your PATH, 488–489 keeping software up to date, 493 knowing what ports are open, 490–491 limiting administrators and their privileges, 495–496 limiting physical access to systems, 495 placing servers into network zones, 493 reducing the attack surface, 479–481 removing unneeded daemons, 479 replacing sendmail, 484–486 replacing unsecure daemons with OpenSSH, 481–483 requiring strong passwords, 494 www.it-ebooks.info 36-Index.indd 851 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 852   Index  Unix (Cont.) reviewing startup scripts, 479–480 root privilege, 486 running CIS scans, 492–493 scanning for SUID and SGID files, 488 strengthening authentication processes, 493–495 subscribing to security lists, 496 using a centralized log server, 491–492 using a software firewall, 484 using chroot to isolate processes, 486–487 using lsof, 491 using Netstat, 490–491 using TCP Wrappers, 483–484 Unix file-access permissions, 185 unreachable messages, 338–339 unstructured data in applications, 198–201 challenge of securing, 193–194 in computers, 202–203 data loss prevention (DLP), 207–208 in data printed into the physical world, 205–206 in databases, 195–198 formats, 231–232 information rights management (IRM), 208–209 in networks, 201–202 at rest, in transit and in use, 193–194 in storage, 203–205 vs structured data, 191–193 unused services, disabling, 331–332 U.S National Institute of Standards and Technology Special Publication 800-27, Revision A, 86 USA PATRIOT Act, 75, 79 USER command, 555 user rights, 182 user separation, 127 user-constructed passwords, 126 usernames, 167, 168–175 utility computing, 579 V variants, 412 vendor-supplied application patches, 132 vendor-supplied database patches, 132 vendor-supplied operating system patches, 132 version zero software, 131 views, 283–284 virtual hardware, 575 virtual LANs (VLANs), 327, 330 virtual machine monitor See hypervisor virtual machines, 656 escape, 577 hypervisor, 575, 576 introspection, 577 and NIST standards, 577 overview, 575 protecting the guest OS, 576–577 protecting virtual networks, 577 protecting virtual storage, 577 virtual private networks (VPNs), authentication, 128 authentication process, 361–362 client configuration, 362–364 client networking environment, 364–368 how VPNs work, 355–356 offline client activity, 368 overview, 355 policies, 128 protocols, 356–360 remote access security, 360–368 site-to-site VPN security, 368–369 SSL VPNs, 359–360 virtualization, 575 virus communications, 131 virus detection, monitoring, and blocking, 131 viruses, 7, 28, 33 anatomy of a virus, 33–35 appending viruses, 34 boot sector viruses, 34, 35 Caligula, 33 Donut virus, 36 Elk Cloner virus, 36 history of, 35–36 Jacky virus, 36 macro viruses, 35–36 Melissa virus, 36 memory-resident viruses, 34 Microsoft Word Concept macro virus, 35 mid-infecting viruses, 34 on mobile devices, 36–37 multipartite viruses, 35 nonresident viruses, 34 overwriting viruses, 34 parasitic viruses, 34 partition table viruses, 34, 35 payload, 33 policies related to, 130–131 prepending viruses, 35 See also viruses Simile virus, 36 stealth viruses, 34 www.it-ebooks.info 36-Index.indd 852 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7   virus-signature updating, 130 VoIP action steps, 438 assessment audit, 437–438 background, 428–430 call and contact center components, 434–435 call control, 430–431 dual-tone multi-frequency (DTMF) exploits, 437 gateways and gatekeepers, 431–432 hardware endpoints, 433–434 hosted VoIP, 450, 452–456 main exploitable paths, 436 MCUs, 432–433 protocols, 441–450 software endpoints, 434 system integrators, 450–452 voicemail systems, 435–436 vulnerabilities and exploits, 438–441 See also PBX; Telecom Expense Management (TEM) voluntary standards See standards VRFY command, 550 vulnerabilities defined, 52 overview, 635–636 See also buffer overflows; cross-site scripting; integer overflows; SQL injection vulnerability analysis, 740–741 vulnerability scanners, 567 W Walt Disney World, 118 war texting, 600 weak points, 18–19 web application security, 615 brute-forcing logins, 625 buffer overflows, 625 client-side scripts, 621 encrypting data, 622 managing session information, 622 managing sessions without sending data to the user, 623–624 passing data via hidden fields, 622 passing parameters via URLs, 621–622 securing session tracking, 624 session theft, 623 SQL injection, 615–620 using GUIDs, 622 vulnerable scripts, 624–625 web server cookie attacks, 624 Index   853 web containers, 663 web content (URL) filtering and caching, 351 web mail, 345 web server, 332, 562 buffer overflows, 562–563 default samples, 565 directory browsing, 565 directory traversal, 563 inherent vulnerabilities, 565 other services, 565 protection, 565–567 script permissions, 563–565 web services in the cloud, 579 web user interfaces (web UIs), 321 whitelisting, 518 application whitelisting software, 718–720 vs blacklisting, 652 Windows application whitelisting, 518 applications that require admin access to files and the Registry, 525–526 applying technology and physical controls to protect access points, 523–524 blocking and filtering access to services, 519 and COBIT provisions, 539–540 computer policies, 508–510 configuring remaining software, 501–508 disabling services, 500 disabling unused services, 501, 502–507 elevated privileges, 526 Group Policy, 508, 514–517 groups, 534–535 hardening, 499–500 installing security software, 517 and ISO standards, 538–539 legacy Windows, 512 limiting administrators and their privileges, 525 mitigating the effect of spoofed ports, 519–520 modifying defaults for Windows authentication systems, 524–525 and NIST standards, 537–538 passwords, 520–523 patching systems, 518–519 programmers as administrators, 526 reducing the attack surface, 500 removing software you don’t need, 500–501 requiring administrators to use runas, 526 Security Templates, 513 segmenting the network into zones of trust, 519 www.it-ebooks.info 36-Index.indd 853 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 854   Index  Windows (Cont.) shadow copy, 756 strengthening authentication processes, 520 user policies, 510–512 using Group Policy to manage settings, 508 Windows 2000 through Windows Server R2, 513 Windows file-access permissions, 184–185 Windows forest, 527–529 Windows Security Reference Monitor, 472 Windows Software Update Services (WSUS), 518 Windows Trusts, 530–534 wireless attacks, 50–51 wireless impact on the perimeter, 309–310 wireless networks 802.1x-based authentication and EAP methods, 391–393 antenna choice and positioning, 373–376 Bluetooth IPS, 395–396 built-in Bluetooth network data-link security and threats, 386–387 client isolation, 390 closed-system SSIDs, 386 compliance with FCC regulations, 373 controlling the range of wireless devices via power output tuning, 376–379 Counter Mode with CBC-MAC Protocol (CCMP), 391 data-link layer, 383–386 distinguishing security violations from malfunctions, 372 IPS and IDS, 394–395 layer one security solutions, 373–383 MAC filtering, 386 misconfigured access points, 389 overview, 371–372 positioning and secure gateways, 396 principle of least access, 372 proper network design, 372 protocol filtering, 386 rogue access points, 382, 388–389 security standards, 390–391 Temporal Key Integrity Protocol (TKIP), 391 tips for choosing antennas, 376 wired side leakage, 387–388 wireless phishing, 389–390 wireless phishing, 389–390 wire-tapping, 76–78 workstation antivirus software, 130 worms, Bugbear worm, 37 Code Red worm, 31 computer worms, 37–38 e-mail worms, 38–39 Morris worm, 74 Nimda, 37–38 SQL Slammer worm, 37, 38 WPA2, 390–391 WWN zoning, 258 Z Zimmermann, Phil, 216 zombie Trojans, 40 zones, 183 zones of trust, 90–93 segmenting networks into, 519 zoneset reconfiguration, 257–258 zoning, 256–258 best practices, 270 www.it-ebooks.info 36-Index.indd 854 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio 855 Stop Hackers in Their Tracks Hacking Exposed Malware & Rootkits Hacking Exposed Computer Forensics, 2nd Edition Hacking Exposed Wireless, 2nd Edition Hacking Exposed: Web Applications, 3rd Edition IT Security Metrics Gray Hat Hacking, 2nd Edition Hacking Exposed, 7th Edition Hacking Exposed Linux, 3rd Edition IT Auditing, 2nd Edition Available in print and ebook formats @MHcomputing www.it-ebooks.info 36-Index.indd 855 3/14/13 4:53 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 Blind Folio 856 The Secure Beginner’s Guides Security SmartS for the Self-Guided it ProfeSSional The Secure Beginner’s Guides offer trusted, handson coverage of current and emerging security topics Written by experts in the field, these books make it easy to put security concepts into practice now Security Metrics: A Beginner’s Guide 978-0-07-174400-3 Wireless Network Security: A Beginner’s Guide 978-0-07-176094-2 Computer Forensics: A Beginner’s Guide 978-0-07-174245-0 Web Application Security: A Beginner’s Guide 978-0-07-177616-5 Available in print and e-book format Follow us @MHComputing TM www.it-ebooks.info 36-Index.indd 856 3/14/13 4:53 PM ... 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 xxiv   Information Security: The Complete Reference Chapter 19 Security Information and Event... 25 3/14/13 3:34 PM CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 xxvi   Information Security: The Complete Reference Strengthen Authentication Processes ... CompRef_2010 / Information Security: The Complete Reference / Rhodes / 435-7 xiv   Information Security: The Complete Reference Part V 26 27 28 29 30 Part VI Application Security Secure