Employing multiple layers of controls to avoid a single point-of-failure.
time-based model of security
Implementing a set of preventive, detective, and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised.
Using deception to obtain unauthorized access to information resources.
Verifying the identity of the person or device attempting to access the system.
Using unique physical characteristics such as fingerprints, voice patterns, retina prints, and signature dynamics to identify people.
The use of two or more authentication methods (passwords, ID badges, biometrics, etc.) in conjunction to achieve a greater level of security.
The use of multiple authentication credentials of the same type to achieve a greater level of security.
Granting an employee power to perform certain organizational functions.
access control matrix
An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform.
Determining whether a person attempting to access an information system resource is authorized to do so. The computer matches the user's authentication credentials against the access control matrix to determine whether the employee is allowed access to that resource or to perform the requested operation.
A device that connects an organization's information system to the Internet.
A combination of security algorithms and router communications protocols that prevent outsiders from tapping into corporate databases and e-mail systems.
demilitarized zone (DMZ)
Placing the organization's Web servers and e-mail servers in a separate network that sits outside the corporate network but is accessible from the Internet.
Transmission Control Protocol (TCP)
specifies the procedures for dividing documents and files into packets to be sent over the internet and the methods for reassembly of the original docu. or file at the destination
Internet Protocol (IP)
Protocol that specifies the structure of the TCP packets and how to route them to the proper destination. -header (packet's origin and destination address, type of body data ) + body
Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send the packet next.
access control list (ACL)
A set of rules that determines which packets of information transmitted over a network are allowed entry and which are dropped.
static packet filtering
Border router, A process that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header.
stateful packet filtering
Firewall, A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet. The firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer.
deep packet inspection
cost of speed!/ When the firewall examines the data in the body of an IP packet rather than looking only at the information in the IP header.
intrusion prevention system (IPS)
new type/ monitors patterns in the traffic flow rather than only inspecting individual packets, to identify and automatically block attacks./ block + notify security admin. (real-time response to attack)/ no replacement of firewall but complementary
Remote Authentication Dial-In User Service (RADIUS)
A standard method for verifying the identity of users attempting to connect via dial-in access.
Searching for an idle modem by programming a computer to dial thousands of phone ./ the way to control rogue modem(unauthorized modem)
Collective term for the workstations, servers, printers, and other devices that comprise an organization's network.
Flaws in programs that can be exploited to either crash the system or take control of it.
Automated tools designed to identify whether a given system possesses any well-known vulnerabilities.
The process of turning off unnecessary program features.
The process of examining logs to monitor security.
intrusion detection system (IDS)
A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions.
An authorized attempt to break into the organization's information system.
computer incident response team (CIRT)
A team that is responsible for dealing with major security incidents.
The set of instructions for taking advantage of a vulnerability.
Code released by software developers that fixes a particular vulnerability.
The process of regularly applying patches and updates to software.
Taking advantage of the power and speed of modern computers to run multiple systems simultaneously on one physical computer.
takes advantages of the high bandwidth of the modern global telecommunication network to enable employees to use a browser to remotely access software -remotely accessed resources (Software applications,Data storage, Hardware, entire application environment)
Network interface card (NIC)
every workstation, printer, or other computing device needs to connect to the organization's internet network
Chief Information Security Officer (CISO)
independent of other information system functions and should report to either the chief operating officer(COO) or the CEO