CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols

January 11, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment 

Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences

Layered architecture

  • Shows how communication should take place
  • Clarify the general functions of a communication process
  • To break down complex networking processes into more manageable sub-layers
  • Using industry standard interfaces enables interoperability
  • To change the features of one layer without changing the code in every layer
  • Easier troubleshooting Read more

Tags: <, , , , , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Key Concepts and Other Definitions

December 22, 2009 · Posted in Information Security, Information Systems · Comment 

Rainbow Series

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria. Read more

Tags: <, , , , , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Denial of Service Attack

December 10, 2009 · Posted in Information Security, Information Systems · Comment 

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Read more

Tags: <, , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse

December 7, 2009 · Posted in Information Security, Information Systems · Comment 

Class A

  • Unauthorized access through circumvention of security access controls
  • Masquerading, logon abuse (primarily internal attacks)

Class B – non-business use of systems

Class C

  • Eavesdropping
  • Active: Tampering with a transmission to create a covert signaling channel or probing the network
  • Passive – Covertly monitoring or listening to transmissions that is unauthorized
  • Covert Channel – using a hidden unauthorized communication
  • Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more

Tags: <, , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Common Back-up Problems

December 3, 2009 · Posted in Information Security, Information Systems · Comment 

Common Backup Problems

  • Slow transfer of data to back-up
    • Retrieval time to restore
    • Off-hour processing and monitoring
  • Server disk space expands over time
  • Loss of data between last back-up
  • Physical security of tapes Read more

Tags: <, , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Back-up Methodologies

December 2, 2009 · Posted in Information Security, Information Systems · Comment 

In information technology, a backup or the process of backing up refer to making copies of data so that these additional copies may be used to restore the original after a data loss event. These additional copies are typically called “backups.” The verb is back up in two words, whereas the noun is backup (often used like an adjective in compound nouns).

Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted. Data loss is also very common. 66% of internet users have suffered from serious data loss. Read more

Tags: <, , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – The Responsibilities of CIRT aka Computer Incident Response Team

November 30, 2009 · Posted in Information Security, Information Systems · Comment 

What is CIRT?

CIRT (Computer Incident Response Team) is also commonly called CERT (Computer Emergency Response Team) – they are personnel responsible for coordinating the response to computer security incidents in an organization (Source: www.net.ttu.edu/security/policy_definitions.doc) Read more

Tags: <, , , , , , , , , , , >

Get Adobe Flash playerPlugin by wpburn.com wordpress themes