CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Intrusion Detection Systems

November 25, 2009 · Posted in Information Security, Information Systems · Comment 

Intrusion Detection Systems

An Intrusion detection system (IDS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior. (Source: http://en.wikipedia.org/wiki/Intrusion_detection_system)

Terminologies:

  • Alert/Alarm- A signal suggesting that a system has been or is being attacked.
  • True attack stimulus- An event that triggers an IDS to produce an alarm and react as though a real attack were in progress.
  • False attack stimulus- The event signaling an IDS to produce an alarm when no attack has taken place.
  • False (False Positive)- An alert or alarm that is triggered when no actual attack has taken place.
  • False negative- A failure of an IDS to detect an actual attack.
  • Noise- Data or interference that can trigger a false positive.
  • Site policy- Guidelines within an organization that control the rules and configurations of an IDS.
  • Site policy awareness- The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.
  • Confidence value- A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
  • Alarm filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks. Read more

Tags: <, , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Remote Access Security Management

November 24, 2009 · Posted in Information Security, Information Systems · Comment 

Key Concepts:

  • Confidentiality – no disclosure of data
  • Integrity – no alteration of data
  • Availability – no destruction of data

Common Remote Connections

  • xDSL – Digital Subscriber Line
  • Cable Modem
  • Wireless
  • ISDN – Integrated Services Digital Network

Common Tools in Securing External Remote Connections

  • VPN – Virtual Private Network
  • SSL – Secure Socket Layer
  • SSH – Secure Shell Read more

Tags: <, , , , , , , , , , >

CISSP Exam Note (Domain 1: Access Control) – Centralized & Decentralized, etc…

November 23, 2009 · Posted in Information Security, Information Systems · Comment 

Access Control – Centralized and Decentralized

Centralized Access Control – is a facility in which all the core functions for access such as Authentication, Authorization, and Accountability (AAA) are performed from a centralized location.

  • RADIUS – Remote Access Dial-In User Service (incorporates an AS and dynamic password)
  • TACACS – Terminal Access Controller Access Control System (for network applications, static pwd)
  • TACACS+ – Terminal Access Controller Access Control System Plus, supports token authentication

CHAP – Challenge Handshake Authentication Protocol

  • Supports encryption, protects password

Decentralized Access Control – generally require medium to large workgroups of individuals and carry higher administrative overhead accordingly. In a decentralized environment, maintaining a homogeny of equipment and services scales in increasing difficulty with proportion to the number of access control points. Changes effected on individual systems are spread locally, instead of having the wide-reaching consequences and effects of a singular centralized system. Read more

Tags: <, , , , , , , , , , >

CISSP Note (Domain 1: Access Control) – Three Things to Consider

November 17, 2009 · Posted in Information Security · Comment 

Three things to consider

  • Threats – potential to cause harm
  • Vulnerabilities – weakness that can be exploited
  • Risk – potential for harm

Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm.

The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk.

Planning to take the CISSP Exam?

Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00.

Click the Add To Cart Button to Purchase

Click the Add To Cart Button to Purchase

Plus you will also get copies of notes from other CISSPs.

Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM.

CLICK BELOW TO MAKE YOUR PURCHASE NOW.

All Purchases are securely processed through Paypal.

IMPORTANT NOTICE:

I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Tags: <, , , , , >

CISSP Note (Domain 1: Access Control): C.I.A. – Quick Definitions

November 16, 2009 · Posted in Information Security · Comment 

Information Security has three key focus ensuring the Confidentiality, Integrity and Availability of information, commonly known as C.I.A. Below are their definitions.

Confidentiality – ensure that information is not disclosed to unauthorized person

Integrity

  • Prevention of modification by unauthorized users
  • Prevention of unauthorized changes by otherwise authorized users
  • Internal and external consistency
    • Internal consistency within the system (i.e. within a database the sum of subtotals is equal to the sum of all units)
    • External consistency – database with the real world (i.e. database total is equal to the actual inventory in the warehouse)

Availability – ability of authorized personnel to access information on time and as necessary Read more

Tags: <, , , , , , >

« Previous Page

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    May 2012
    M T W T F S S
    « Mar    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

  • RSS From the National Vulnerability Database

    • CVE-2012-1090 (linux_kernel) May 16, 2012
      The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. […]
      nvd@nist.gov
    • CVE-2012-2123 (linux_kernel) May 16, 2012
      The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process […]
      nvd@nist.gov
    • CVE-2012-0044 (linux_kernel) May 16, 2012
      Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. […]
      nvd@nist.gov
    • CVE-2012-2121 (linux_kernel) May 16, 2012
      The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. […]
      nvd@nist.gov
    • CVE-2012-0207 (linux_kernel) May 16, 2012
      The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. […]
      nvd@nist.gov
    • CVE-2012-1601 (linux_kernel) May 16, 2012
      The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. […]
      nvd@nist.gov
    • CVE-2011-4621 (linux_kernel) May 16, 2012
      The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. […]
      nvd@nist.gov
    • CVE-2012-1179 (linux_kernel) May 16, 2012
      The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. […]
      nvd@nist.gov
    • CVE-2012-0879 (linux_kernel) May 16, 2012
      The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. […]
      nvd@nist.gov
    • CVE-2012-1146 (linux_kernel) May 16, 2012
      The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes