RFC 1918, 707 RFI radio frequency interference, 642, 705 rights in access control, 30–32, 33 Rijndael cipher, 320–321, 708 ring topology, 87, 88 rings, protection, 375–376, 376 RIP Routing Information Protocol, 75 risk in business continuity planning acceptance and mitigation, 525 assessment, 524 identification, 516–517 defined, 708 risk analysis, 185, 708 risk management, 185 defined, 708 handling risk, 195–196 methodologies, 188–190 qualitative analysis, 193–194 quantitative analysis, 190–193 terminology, 186–187, 187 risk mitigation, 195 risk tolerance, 195, 708 Rivest, Ronald, 337, 342 Rivest, Shamir, and Adleman RSA encryption, 337–338, 708 Rivest Cipher 5 RC5 algorithm, 320 Rogier, Nathalie, 342 role-based access controls RBAC, 23, 25–26, 708 roles, security, 179–180 ROLLBACK command, 219 ROM read-only memory, 382–383, 705 root accounts, 494 root level, 708 rootkits, 278, 708 Rosenberger, Rob, 264 ROT3 Rotate 3 cipher, 294, 307 routers, 101 defined, 708 in Network layer, 75 Routing Information Protocol RIP, 75 rows in databases, 217 Royce, Winston, 237 RPC Remote Procedure Call, 76 RSA Rivest, Shamir, and Adleman encryption, 337–338, 708 RTO recovery time objective, 706 rule-based access controls, 24, 708 running key ciphers, 309–310, 708 running state, 377, 708 S S-HTTP Secure HTTP, 353, 710 SMIME Secure Multipurpose Internet Mail Extensions protocol, 105, 134, 352–353, 710 S-RPC Secure Remote Procedure Call, 77, 104, 710 sabotage, 493 safe computing, 451 safe harbor sites, 590 safeguards, 187 calculating, 192–193 defined, 708 in distributed architecture, 395–396 safety of people, 520–521, 640 in physical security, 640–647 sags, 641, 709 salami attacks, 438, 709 salts for passwords, 496, 709 sampling in auditing, 482, 709 sandbox concept, 214, 268, 709 sanitation of media, 460, 709 SAs security associations, 357, 710 SATAN tool, 487 scalability in symmetric key algorithms, 313 scanning attacks, 279–280, 611, 709 scavenging, 490, 709 schemas, database, 219, 709 Schneier, Bruce, 319, 321 screened hosts, 98–99 screening job candidates, 177–178 script kiddies, 258, 609 scripted access, 23, 709 scripts, logon, 693 SDLC Synchronous Data Link Control protocol defined, 716 polling in, 87 in WANs, 79, 108, 130 search warrants, 594, 614, 709 second-tier attacks, 140–141, 709 secondary evidence, 592, 709 secondary memory, 385–386, 709 secondary storage, 225, 387, 709 Secret classification, 164, 709 secure communication protocols, 710 Secure Electronic Transaction SET protocol, 77,

105, 354–355, 710

Secure European System for Applications in a Multivendor Environment SESAME authentication mechanism, 22, 711 secure facility plans, 629 Secure Hash Algorithm SHA, 341–342, 710 Secure HTTP S-HTTP, 353, 710 Secure Multipurpose Internet Mail Extensions SMIME protocol, 105, 134, 352–353, 710 Secure Remote Procedure Call S-RPC, 77, 104, 710 Secure Shell SSH, 355–356, 710 Secure Sockets Layer SSL protocol, 104 defined, 710 in Session layer, 76, 96 for Web, 353 X.509 for, 347 security associations SAs, 357, 710 security awareness training, 196–197 security clearances, 178 security control architecture, 244–246 abstraction in, 246 process isolation in, 244 protection rings in, 244–246, 245 security modes in, 246 service level agreements in, 247 security control types, 461 security domain B3 systems, 426 security guards, 634 security IDs, 635, 710 security kernel, 245 defined, 710 in TCB, 417–418 security labels, 23, 710 security management, 154 accountability in, 159 auditing in, 159 authentication in, 158 authorization in, 158 availability in, 156–157 change control in, 161 confidentiality in, 154–155 data classification in, 162–165 exam essentials for, 166–167 identification in, 157–158 integrity in, 155–156 nonrepudiation in, 159 planning, 181–182 privacy in, 157 protection mechanisms in, 159–161 review questions, 168–173 summary, 165–166 security models, 397, 416 access control matrices, 399–400 Bell-LaPadula model, 400–402, 401, 419 Biba model, 402, 403, 419–420 Brewer and Nash model, 403–404 certification in, 416–417 Clark-Wilson model, 403, 420 classifying and comparing, 404–405 closed and open systems, 421 confidentiality, integrity, and availability in, 422 controls in, 423 evaluation in, 424 certification and accreditation, 432–434 Common Criteria, 429–432 ITSEC classes, 428–429 rainbow series, 424–428 TCSEC classes, 425–426 exam essentials for, 441–442 flaws and issues in, 435 covert channels, 435 design and coding, 435–437 electromagnetic radiation, 439–440 incremental attacks, 438 input and parameter checking, 436–437 maintenance hooks and privileged programs, 438 programming, 439 timing, state changes, and communication disconnects, 439 information flow model, 398 noninterference model, 398 objects and subjects in, 420–421 review questions, 443–448 state machine model, 397–398 summary, 440 Take-Grant model, 398 TCB in, 417–418 tokens, capabilities, and labels in, 418 trust and assurance in, 423 security modes, 246, 378–381 security perimeter defined, 710 in TCB, 417 security policies, 4, 182–183, 710 security professional role, 180, 711 star Security Property, 400–401, 419, 660 security requirements in European Union privacy law, 590 security roles, 179–180, 711 security through obscurity, 311 segmentation, hardware, 244, 393, 685 semantic integrity in databases, 221 sendmail program, 132, 266 senior management, 179–180 in business continuity planning, 513 defined, 711 Sensitive classification, 165, 711 Sensitive but unclassified classification, 164, 711 sensitive information and media, 458–461 sensitivity adjustments for biometric devices, 15–16, 711 sensors, 635 separation of duties and responsibilities in access control, 31–32, 33 defined, 711 in employment practices, 177 separation of privilege, 394, 711 Sequenced Packet Exchange SPX, 76, 711 sequential storage, 226, 387–388, 711 Serial Line Internet Protocol SLIP, 74, 105, 711 series layering, 160 server rooms, 631 servers countermeasures on, 267 redundant, 109 service bureaus, 549 Service Level Agreements SLAs in contracts, 515 defined, 711 for hardware, 648 issues addressed by, 247 service ports, 90 service-specific remote access technique, 107 services, network and protocol, 107–108 SESAME Secure European System for Applications in a Multivendor Environment authentication mechanism, 22, 711 session hijacking, 281, 712 Session layer, 76, 712 SET Secure Electronic Transaction protocol, 77,

105, 354–355, 710

setgid utility, 494 setuid utility, 494 sexual harassment, 492 SHA Secure Hash Algorithm, 341–342, 710 shadow file, 271 Shamir, Adi, 337 shared secret encryption keys, 312 shielded twisted-pair STP wire, 81, 712 Shiva Password Authentication Protocol SPAP, 124 shoplifting, 608 shoulder surfing, 13, 631, 712 shrink-wrap license agreements, 584, 712 sign off letters, 195 signature-based filters, 268 signature detection method, 47–48, 262, 712 signatures, 344 in asymmetric key algorithms, 314 in biometric identification, 15, 712 defined, 676 DSS, 345–346 HMAC, 345 in message digests, 341 Simple Integrity Axiom SI Axiom, 402, 419, 712 Simple Key Management for Internet Protocols SKIP tool, 75, 104, 712 Simple Mail Transfer Protocol SMTP in Application layer, 77, 95 defined, 712 in WANs, 132 Simple Network Management Protocol SNMP in Application layer, 77, 96 for scans, 611 Simple Security Property SS Property, 400, 419, 712 simplex session mode, 76 simulation tests, 561, 712 single loss expectancy SLE, 191 defined, 712 in impact assessment, 518 single points of failure, 108–111 Single Sign On SSO mechanism, 20 defined, 712 examples, 22–23 Kerberos authentication in, 21–22 single state processing systems, 374, 713 single-use passwords, 10, 713 sites alternative, 521, 547–550 selection, 629 SKIP Simple Key Management for Internet Protocols tool, 75, 104, 712 Skipjack algorithm, 320, 713 SLAs Service Level Agreements in contracts, 515 defined, 711 for hardware, 648 issues addressed by, 247 SLE single loss expectancy, 191 defined, 712 in impact assessment, 518 SLIP Serial Line Internet Protocol, 74, 105, 711 smart cards, 637, 713 SMDS Switched Multimegabit Data Services, 108, 130, 716 smoke actuated systems, 645 smoke damage, 647 smoke stage in fires, 643, 644 SMP symmetric multiprocessing, 372, 716 SMTP Simple Mail Transfer Protocol in Application layer, 77, 95 defined, 712 in WANs, 132 Smurf attacks, 54, 55, 273–274, 274, 713 sniffer attacks, 57, 713 sniffing, 489, 713 SNMP Simple Network Management Protocol in Application layer, 77, 96 for scans, 611 snooping attacks, 57 social engineering, 12, 491 defined, 713 in password attacks, 270 through voice communications, 136–137 sockets, 713 software confiscating, 614–615 copyrights for, 579 developing, 229 assurance procedures, 229–230, 231 object-oriented programming, 233–234 programming languages in, 232 system failure avoidance, 230–231, 231 escrow arrangements for, 557–558 failures in, 543 testing, 243–244 software capability maturity model, 239–240 software IP encryption SWIPE protocol, 104, 713 SPA Anti-Piracy group, 584 spam, 713 spamming attacks, 57–58, 134, 713 SPAP Shiva Password Authentication Protocol, 124 spikes, 641, 713 spiral model, 238–239, 239 split knowledge, 304, 713 spoofing with ARP, 141 defined, 714 in e-mail, 134 IP, 280–281 spoofing attacks, 55–56, 714 sprinklers, 646 SPX Sequenced Packet Exchange, 76, 711 SQL Structured Query Language, 76, 218–219, 715 SS Property Simple Security Property, 400, 419, 712 SSH Secure Shell, 355–356, 710 SSL Secure Sockets Layer protocol, 104 defined, 710 in Session layer, 76, 96 for Web, 353 X.509 for, 347 SSO Single Sign On mechanism, 20 defined, 712 examples, 22–23 Kerberos authentication in, 21–22 standards, 184 for computer security, 576 defined, 714 star topology, 88, 88 state changes, 439 state laws, 573 state machine model, 397–398, 714 state packet-filtering firewalls, 714 stateful inspection firewalls, 98, 714 stateful NAT, 126 statements in business continuity planning of importance, 523–524 of organizational responsibility, 524 of priorities, 524 of urgency and timing, 524 states defined, 714 process, 377–378, 378 static electricity, 642 static NAT, 93 static packet-filtering firewalls, 97–98