CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols – Continued
March 7, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems, Information Technology · Comment
Data Encapsulation
- The process in which information from one packet is wrapped around or attached to the data of another packet
- In the OSI model each layer encapsulates the layer immediately above it
OSI Layers
- Process down the stack and up the stack
- Each layer communicates with corresponding layer through the stack
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Protocols
January 11, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment
Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences
Layered architecture
- Shows how communication should take place
- Clarify the general functions of a communication process
- To break down complex networking processes into more manageable sub-layers
- Using industry standard interfaces enables interoperability
- To change the features of one layer without changing the code in every layer
- Easier troubleshooting Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Common Back-up Problems
Common Backup Problems
- Slow transfer of data to back-up
- Retrieval time to restore
- Off-hour processing and monitoring
- Server disk space expands over time
- Loss of data between last back-up
- Physical security of tapes Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – The Responsibilities of CIRT aka Computer Incident Response Team
What is CIRT?
CIRT (Computer Incident Response Team) is also commonly called CERT (Computer Emergency Response Team) – they are personnel responsible for coordinating the response to computer security incidents in an organization (Source: www.net.ttu.edu/security/policy_definitions.doc) Read more
Join Me On Facebook
Business Tech Press Releases- ConvergEx Offers Eze OMS Clients Access to LiquidPoint's Latest Options Execution and Routing Technologies March 11, 2010
- NI Technology Updates Outlooks for Microvision, Towerstream, National Semiconductor, TriQuint Semiconductor and RF Micro Devices March 11, 2010
- Fund.com Forms Strategic Alliance With Transparensee to Create Next Generation Search Engine for Mutual Funds and ETFs March 11, 2010
- Allion Test Labs Selects LeCroy USB 3.0 Test Suite for Complete SuperSpeed USB Compliance Testing March 11, 2010
- High Gear Media Launches All-New Used Car Listings Marketplace March 11, 2010
- From the National Vulnerbility Database
- CVE-2010-0958 (tribisur) March 9, 2010Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2010-0957 (saskias_shopsystem) March 9, 2010Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter. […]nvd@nist.gov
- CVE-2010-0947 (bbsmax) March 9, 2010Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. […]nvd@nist.gov
- CVE-2010-0956 (opencart) March 9, 2010SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. […]nvd@nist.gov
- CVE-2010-0949 (natychmiast-cms) March 9, 2010Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php. […]nvd@nist.gov
- CVE-2010-0955 (bild_flirt_community) March 9, 2010SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. […]nvd@nist.gov
- CVE-2010-0791 (ncpfs) March 9, 2010The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. […]nvd@nist.gov
- CVE-2010-0954 (pre_e-learning_portal) March 9, 2010SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. […]nvd@nist.gov
- CVE-2010-0103 (duo_usb) March 9, 2010UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. […]nvd@nist.gov
- CVE-2010-0953 (phpcoin) March 9, 2010Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. […]nvd@nist.gov
- CVE-2010-0958 (tribisur) March 9, 2010