CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse

December 7, 2009 · Posted in Information Security, Information Systems · Comment 

Class A

  • Unauthorized access through circumvention of security access controls
  • Masquerading, logon abuse (primarily internal attacks)

Class B – non-business use of systems

Class C

  • Eavesdropping
  • Active: Tampering with a transmission to create a covert signaling channel or probing the network
  • Passive – Covertly monitoring or listening to transmissions that is unauthorized
  • Covert Channel – using a hidden unauthorized communication
  • Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more

Tags: <, , , , , , , , , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    September 2010
    M T W T F S S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • RSS e-Business News from eCommerceTimes

    • Salesforce.com Spreads Chatter to Mobile Devices
      Salesforce.com has announced it is making its social tool Chatter available for mobile devices within the next several months. Chatter is a real-time social collaboration application and platform for the enterprise, allowing employees to create profiles, and send feeds and status updates about projects, account and clients. […]
    • Ruling Tosses Location Privacy Issues Deeper Into the Gray
      A federal appeals court has ruled that prosecutors may need to get warrants to access cellphone location data. The decision by the 3rd U.S. Circuit Court of Appeals struck down the Justice Department's argument that the Stored Communications Act requires judges to issue orders for access to such data whenever prosecutors show that it would be material a […]
    • US Law Against Online Gambling Makes It the Biggest Loser
      In 2006, the U.S. enacted the Unlawful Internet Gambling Enforcement Act, which outlawed Internet gambling and restricted how financial institutions could pay monies to Internet gambling sites. The UIGEA resulted from four major policy concerns of the federal government. […]
    • AAPL May Yield a Bumper Crop This Fall
      Though it may be some time before AAPL shares again reach the record-setting heights they saw last June, they appear to have made modest gains over the last week. Shares closed Tuesday at US$257.81, down 96 cents for the day but up about $10 since Sept. 1. Meanwhile, Sony has demoed a prototype Google TV at the IFA 2010 consumer electronics show in Berlin. […]
    • Counting Your Negatives
      Back in August I wrote about some research I had gotten into mostly for fun. You might recall it. I searched on a company name and the word "sucks" and reported what I found. The point of the research was not to be salacious or to offend anyone. In political circles, it's known as discovering one's "negatives" -- here's […]
    • Sparks Already Flying as Oracle Brings Hurd Into Fold
      Mark Hurd, the former CEO of HP who resigned in disgrace last month, has joined Oracle as co-president. At the same time, Charles Phillips, co-president and a member of Oracle's board of directors, has resigned. Hurd will serve alongside Co-President Safra Catz. Wall Street investors are excited about the move: Oracle's shares were up by 5 percent […]
    • VMworld: 7 Years Without a Glitch
      First a caveat: As part of my work, I attend a lot of IT vendor conferences and high-tech trade shows. Objectively speaking, most shows provide the means to literally and figuratively peek under the hood of usually interesting, sometimes intriguing vendor products and solutions. But conferences also provide an ideal opportunity to consider how much buzz a gi […]
    • Teaching Sales and Web Strategies to Sing in Harmony
      Consider the left hand of sales methodology and the right hand of digital strategy. It's 2010 and the two hands still do not know what the other is up to. Even with the most advanced of our clients, the digital strategy is focused on lead generation, awareness and a bevy of other activities aimed at the top portion of the sales funnel, traditionally own […]
    • Building a Cloud Businesses Will Actually Want to Use
      We've assembled a panel to examine the business impact of cloud computing, to explore practical implementations of cloud models, and to move beyond the hype and into gaining business paybacks from successful cloud adoption. Coming to you from The Open Group Conference in Boston, the panel tackles such issues as what stands in the way of cloud use, safe […]
    • HP's Wallet-Busting Win
      The insane tug-of-war between Dell and HP for enterprise storage company 3Par has finally drawn to a close. We have a winner, if you want to call it that -- the final sale price is more than double the figure Dell initially put forward when it announced its intentions to buy 3Par a couple weeks ago, so who knows how much of that is real value and how much is […]

  • RSS From the National Vulnerability Database

    • CVE-2010-3245 September 6, 2010
      The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. […]
      nvd@nist.gov
    • CVE-2010-2802 (mantisbt) September 6, 2010
      Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. […]
      nvd@nist.gov
    • CVE-2010-3258 (chrome) September 6, 2010
      The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. […]
      nvd@nist.gov
    • CVE-2010-2739 (windows_2003_server, windows_7, windows_server_2008, windows_vista, windows_xp) September 6, 2010
      Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with […]
      nvd@nist.gov
    • CVE-2010-3257 (chrome) September 6, 2010
      Google Chrome before 6.0.472.53 does not properly perform focus handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. […]
      nvd@nist.gov
    • CVE-2010-3259 (chrome) September 6, 2010
      Google Chrome before 6.0.472.53 does not properly restrict read access to images, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3256 (chrome) September 6, 2010
      Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2010-3213 (outlook_web_access) September 6, 2010
      Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. […]
      nvd@nist.gov
    • CVE-2010-3255 (chrome) September 6, 2010
      Google Chrome before 6.0.472.53 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. […]
      nvd@nist.gov
    • CVE-2009-4996 (xfce) September 6, 2010
      ** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control o […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
My Highlights powered by RoohIt (for WordPress)