CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – More Protocols
March 10, 2010 · Posted in Don's eBook Report, Information Security, Information Systems, Information Technology · Comment
Host-to-Host Transport Layer Protocols
TCP – Transmission Control Protocol
- Connection oriented
- Sequenced packets
- Acknowledgement is sent back for received packets
- If no acknowledgement then packet is resent
- Packets are re-sequenced
- Manageable data flow is maintained
Note: TCP and UDP use dynamic port numbers greater than 1023
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse
Class A
- Unauthorized access through circumvention of security access controls
- Masquerading, logon abuse (primarily internal attacks)
Class B – non-business use of systems
Class C
- Eavesdropping
- Active: Tampering with a transmission to create a covert signaling channel or probing the network
- Passive – Covertly monitoring or listening to transmissions that is unauthorized
- Covert Channel – using a hidden unauthorized communication
- Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more
Join Me On Facebook
Business Tech Press Releases- SAIC Awarded Contract by Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs February 9, 2012
- New York University School of Continuing and Professional Studies Selects Destiny One to Streamline Non-Credit Business, Course Development, Enrollment, and Marketing Operations February 9, 2012
- afterBOT Awarded Fourth Patent for Secondary Selling Using Digital Receipt Links Across Sellers February 9, 2012
- Verne Global Selects Veteran Systems Integrator Opin Kerfi as its IT Service Partner in Iceland February 9, 2012
- Neuland Labs Launches App at Informex Allowing Customers 24/7 Access to GuarD Project Management System for On-Time Production February 9, 2012
- From the National Vulnerability Database
- CVE-2012-1034 (episerver_cms) February 7, 2012Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]nvd@nist.gov
- CVE-2011-5076 (hdwiki) February 6, 2012SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1021 (4images) February 6, 2012Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]nvd@nist.gov
- CVE-2012-1031 (episerver_cms) February 6, 2012Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]nvd@nist.gov
- CVE-2012-1008 (officesip_server) February 6, 2012OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]nvd@nist.gov
- CVE-2012-0992 (openemr) February 6, 2012interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]nvd@nist.gov
- CVE-2012-1004 (foswiki) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]nvd@nist.gov
- CVE-2012-1019 (xwiki_enterprise) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]nvd@nist.gov
- CVE-2012-1002 (openconf) February 6, 2012Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]nvd@nist.gov
- CVE-2012-1029 (tube_ace) February 6, 2012SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1034 (episerver_cms) February 7, 2012