CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse
Class A
- Unauthorized access through circumvention of security access controls
- Masquerading, logon abuse (primarily internal attacks)
Class B – non-business use of systems
Class C
- Eavesdropping
- Active: Tampering with a transmission to create a covert signaling channel or probing the network
- Passive – Covertly monitoring or listening to transmissions that is unauthorized
- Covert Channel – using a hidden unauthorized communication
- Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more
Join Me On Facebook
Business Tech Press Releases- Advocacy Groups Embrace "Extreme Data Mining" to Prove Clout on Capitol Hill February 6, 2012
- AJRR Announces Launch of National Joint Replacement Registry Using Remedy Informatics' Next-Generation Registry Software February 6, 2012
- Faruqi & Faruqi, LLP Announces Investigation of JDA Software Group, Inc. February 6, 2012
- ZTE Honors Xilinx With '2011 Best Comprehensive' Performance Award For Outstanding Technical Support, Quality & Delivery February 6, 2012
- Express Scripts, Inc. Announces Pricing of $3.5 Billion Senior Notes Offering February 6, 2012
- From the National Vulnerability Database
- CVE-2011-4872 (desire_hd, desire_s, droid_incredible, evo_3d, evo_4g, glacier, sensation_4g, sen...) February 4, 2012Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STA […]nvd@nist.gov
- CVE-2011-4512 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HT […]nvd@nist.gov
- CVE-2011-4879 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attac […]nvd@nist.gov
- CVE-2011-4514 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. […]nvd@nist.gov
- CVE-2011-4510 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or H […]nvd@nist.gov
- CVE-2011-4878 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via […]nvd@nist.gov
- CVE-2011-4877 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted […]nvd@nist.gov
- CVE-2011-4513 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. […]nvd@nist.gov
- CVE-2011-4876 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modi […]nvd@nist.gov
- CVE-2011-4511 (wincc_flexible, simatic_hmi_panels, wincc_runtime_advanced, wincc_flexible_runtime) February 2, 2012Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or H […]nvd@nist.gov
- CVE-2011-4872 (desire_hd, desire_s, droid_incredible, evo_3d, evo_4g, glacier, sensation_4g, sen...) February 4, 2012