CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Firewalls

March 12, 2010 · Posted in Don's eBook Report, InfoSec Docs, Information Security, Information Systems, Information Technology · Comment 

Firewalls

Packet Filtering Firewall – First Generation

  • Screening router
  • Operates at Network and Transport Level
  • Examines Source and Destination IP address
  • Can deny based on ACLs
  • Can specify port

You may also want to consider these CISSP resources from Amazon.com

Read more

Tags: <, , , , , , , , , , , , >

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – More Protocols

March 10, 2010 · Posted in Don's eBook Report, Information Security, Information Systems, Information Technology · Comment 

Host-to-Host Transport Layer Protocols

TCP – Transmission Control Protocol

  • Connection oriented
  • Sequenced packets
  • Acknowledgement is sent back for received packets
  • If no acknowledgement then packet is resent
  • Packets are re-sequenced
  • Manageable data flow is maintained

Note: TCP and UDP use dynamic port numbers greater than 1023

Read more

Tags: <, , , , , , , , , , , , , , , , , , , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2012-1034 (episerver_cms) February 7, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2011-5076 (hdwiki) February 6, 2012
      SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
    • CVE-2012-1021 (4images) February 6, 2012
      Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]
      nvd@nist.gov
    • CVE-2012-1031 (episerver_cms) February 6, 2012
      Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]
      nvd@nist.gov
    • CVE-2012-1008 (officesip_server) February 6, 2012
      OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]
      nvd@nist.gov
    • CVE-2012-0992 (openemr) February 6, 2012
      interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]
      nvd@nist.gov
    • CVE-2012-1004 (foswiki) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]
      nvd@nist.gov
    • CVE-2012-1019 (xwiki_enterprise) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]
      nvd@nist.gov
    • CVE-2012-1002 (openconf) February 6, 2012
      Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2012-1029 (tube_ace) February 6, 2012
      SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes