Presentation is loading. Please wait.

Presentation is loading. Please wait.

William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ Domain 1 Intro to IT Security Access.

Published byAllen Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ Domain 1 Intro to IT Security Access."— Presentation transcript:

1 William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ slater@billslater.com Domain 1 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP: A High-Speed Introduction to the Exam Domains

2 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 2 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Agenda Domain Definition Why Control Access? –Protection of Assets and Resources –Assurance of Accountability –Prevention of Unauthorized Access Types of Access Controls –Physical Controls –Logical Controls Access Control Mechanisms –Token-based Access Controls –Characteristics-Based Access Controls –System Level Accounts –Account-Level Access Controls Conclusion (Isaac and Isaac, 2005)

3 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 3 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Domain Definition (Isaac and Isaac, 2005)

4 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 4 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Why Control Access? Access control supports all three of the security objectives: –Confidentiality – through controls that protect access based on authorization –Integrity – through access controls to data and processes –Availability – Through the proper implementation and administration or controls so that they do not deny service to authorized users. Protection of Assets and Resources Assurance of Accountability Prevention of Unauthorized Access (Isaac and Isaac, 2005)

5 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 5 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Protection of Assets and Resources Proper protection of IT assets requires proper planning: A system could be made so well protected, that no one could access it. (Isaac and Isaac, 2005)

6 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 6 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Assurance of Accountability When an operating system security monitor logs the users comings and goings, as well as his or her activities while they are logged in, this enforces the concept of assurance of accountability. (Isaac and Isaac, 2005)

7 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 7 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Prevention of Unauthorized Access DoS / DDoS Attacks Spamming Brute Force Attacks Masquerade Attacks Man-in-the-Middle Attacks Self-Inflicted DoS Attacks New Types of Unauthorized Access –Spyware –Adware –Phishing (Isaac and Isaac, 2005)

8 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 8 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP DoS / DDoS Attacks DoS attacks are Denial of Service attacks. They cause a system to seize up because they are interrupted, usually to to an external attack, such as the “ping of death.” A DDoS attack is a Distributed Denial of Service Attack, which can be coordinated by two or more computers, often called, “zombies.” DDoS attacks were successfully launched against some of the largest commercial websites in February 2000. (Isaac and Isaac, 2005)

9 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 9 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP DoS / DDoS Attacks

10 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 10 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP DoS / DDoS Attacks

11 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 11 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP DoS / DDoS Attacks

12 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 12 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Spamming SPAM, or e-mails that are unsolicited and usually unwanted, is one of the costliest problems on the Internet. SPAM can also be considered a DoS attack. (Isaac and Isaac, 2005)

13 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 13 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Brute Force Attacks Involves attempting to gain access to a system by beating on known “doors” to the system. Usually it involves launching a password cracking program against the password file, trying known vendor “backdoors,” or searching for accounts without passwords. (Isaac and Isaac, 2005)

14 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 14 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Masquerade Attacks Also known as a “spoof,” a masquerade attack is when a user logs on as a legitimate user, usually using a valid user account and valid password that were acquired via a social engineering technique or a theft compromise. This type of attack can be extremely damaging and difficult to detect. Often, other attacks are set up after access is obtained, such as a logic bomb or a Trojan. (Isaac and Isaac, 2005)

15 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 15 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Man-in-the-Middle Attacks This type of attack occurs during a communication transmission, where an interloper will clandestinely penetrate the network and intercept information prepared for a legitimate user. The interloper then arranges to pass the message along to its intended legitimate receiver, without ever leaving a trace that the message was intercepted, and perhaps even modified. In such attacks, usually the sender and receivers are totally unaware that the “man-in-the-middle.” is there. A message authentication code can thwart this type of attack. (Isaac and Isaac, 2005)

16 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 16 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Self-Inflicted DoS Attacks A self-inflicted DoS attack can inadvertently occur when an event such as misapplied permissions occurs on a a system resource such as a folder or an application, or even a database. If a malicious user does something like this, it can be a costly, unfortunate act of sabotage. (Isaac and Isaac, 2005)

17 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 17 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP New Types of Unauthorized Access Spyware –This type of attack has become increasingly problematic. Many Spyware programs have compromised sensitive data such as credit card numbers, bank account information, and even social security numbers. Adware –This type of attack has also become increasingly problematic. Many Adware programs have compromised sensitive data such as credit card numbers, bank account information, and even social security numbers. Both adware and spyware programs monopolize system resources causing confusion and often severe performance problems. Phishing –This type of attack usually comes in the form of a well- disguised piece of SPAM e-mail and it fools the user into surrendering sensitive data such as credit card numbers, bank account information, and even social security numbers. These types of attacks are successful about 10% of the time, which explains why the attackers persist.

18 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 18 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Types of Access Controls Physical Controls Logical Controls (Isaac and Isaac, 2005)

19 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 19 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Physical Controls Physical controls include: –Fences –Locks –Alarms –Biometric devices –Closed-Circuit TV cameras –Guards –Locked data centers with restricted access –Electronic badged access to secure areas (Isaac and Isaac, 2005)

20 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 20 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Logical Controls Firewalls IDS Passwords Restrictive permissions, based on a need to know (Isaac and Isaac, 2005)

21 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 21 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Access Control Mechanisms Three generally accepted methods for performing user authentication: –Something the user possesses (badge or card, called a token –Something the user is (a physical characteristic, or biometric, such as a fingerprint) –Something the user knows (such as a password) (Isaac and Isaac, 2005)

22 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 22 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Access Control Mechanisms Token-based Access Controls Characteristics-Based Access Controls System Level Accounts Account-Level Access Controls (Isaac and Isaac, 2005)

23 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 23 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Token-Based Access Controls Elevator key Metro passes Door keycard Smart card Fortezza cards (Isaac and Isaac, 2005)

24 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 24 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Characteristics-Based Access Controls Retina Hand geometry reader Iris Fingerprint Facial recognition Speech pattern (Isaac and Isaac, 2005)

25 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 25 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP System Level Accounts DAC – Discretionary Access Control –You restrict access to objects (files, data, programs) based on the identity of the subject (user or program). This method works because the subject has certain characteristics and permissions assigned to it. It is called discretionary because of its implementation, many system processes can bypass the restriction. (Isaac and Isaac, 2005)

26 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 26 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP System Level Accounts MAC - Mandatory Access Control –You still restrict access to objects (files, data, programs) based on the identity of the subject (user or program), but this time, formal authorization is also required. The formal authorization must always occur and cannot be bypassed, even by privileged subjects such as system administrators. This is much more secure than DAC. (Isaac and Isaac, 2005)

27 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 27 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP System Level Accounts (Isaac and Isaac, 2005)

28 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 28 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Some Data or Information Sensitivity Categories and example Classifications (Isaac and Isaac, 2005)

29 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 29 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Trusted Computing Base (Isaac and Isaac, 2005)

30 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 30 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Trusted Computing Base (Isaac and Isaac, 2005)

31 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 31 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Least Privilege Principle Based on the idea that each subject is authorized the minimum amount privilege(s) or access needed to perform its tasks (Isaac and Isaac, 2005)

32 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 32 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Account-Level Access Controls Privileged Accounts Individual and Group I&A Controls Password Management and Policy Role-based Access Controls Session-Level Access Controls Data-Level Acces Controls (Isaac and Isaac, 2005)

33 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 33 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Privileged Accounts This is a special access control concern because it allows privileged users to bypass most access control schemes and are capable of modifying most if not all, system objects. Great discretion must be exercised when giving out these types of accounts. (Isaac and Isaac, 2005)

34 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 34 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Individual and Group I&A Controls Identity and Attribute controls are necessary to ensure that users are associated with the proper security attributes, such as identity, protection level, or location. Passwords, though over 40 years old, are the most common example of this type of access control (Isaac and Isaac, 2005)

35 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 35 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Individual and Group I&A Controls One-time Passwords – One-time passwords are a security mechanism set up on many UNIX and LINUX systems. In a normal system, a person would type in his or her passwrd when prompted, but the one-time password asks you to enter a different password every time you log in, according to the code it has given you. OPIE – One-time Passwords in Everything (OPIE) is a freely distributed kit that will drop int most UNIX systems and replace your login and file transfer protocol daemon with versions that use OTP for use authentication. It also includes an OTP generator and a library to make it easy to add OTP authentication to existing clients and servers. Single Sign-on (SSO) –An access control mechanism that provides brokering acces sto files, applications, etc., (each user has one authentication point for all authorised use of system resources Kerberos –A network authentication protocol developed at MIT, that uses secret-key cryptography and system time stamps. The Kerberos protocol is used in a client/server environment to authenticate the client to the server and the server to the client. After authenticating client/server identity, you can use Kerberos to encrypt data. Kerberos does not send any data that might enable an impersonation of a legitimate user. (Isaac and Isaac, 2005)

36 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 36 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Password Management and Policy Passwords, because they can be a huge security risk must be managed by policies, which are preferably enforced by system controls. Typical password policies include specification for –Types of characters –Minimum Length –Maximum length –Types of words or strings –Reuse –Complexity –How often passwords must be changed –Storage of passwords (memorize vs. writing down) –Authorization of access (by supervisor signature) (Isaac and Isaac, 2005)

37 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 37 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Role-based Access Controls RBACs are a means of assigning users the ability to create, modify, and review information and transactions for which they are responsible, based on their functional role. This function is another method of applying the least-privilege principle. (Isaac and Isaac, 2005)

38 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 38 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Session-Level Access Controls Session controls are an additional layer of access control that many systems activate to provide an additional layer of protection. Some common session-level access controls are: Multiple Logon Control – being able to set limits on multiple simultaneous user logons User Inactivity – Timed out forced logon due to user account inactivity over a defined period of time. Logon Notification – The user can be notified of the last time they logged in, as a possible check for masquerading by a rogue user (Isaac and Isaac, 2005)

39 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 39 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Data-Level Access Controls Data (or information) has three states: processed, transmitted, or stored. The access controls for each state differ, and many type sof systems provide data-level access controls. These are controls for the data with the program (or DBMS), that manage it (transactions), controls for data that have confidentiality or privacy concerns or are being transmitted, and controls for handling and storing the data when outside the system in human readable format (hard-copy) or removable media. (Isaac and Isaac, 2005)

40 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 40 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Data-Level Access Controls Transaction-Level Data Access Control – These controls are typically seen in applications such as DBMSs and/or financial systems. This level of control is used when the integrity of the data is critical. ACLs – access control lists are used to provide access control to the data that an application manages. ACLs are also used by firewalls to provide the basis for the rules they enforce. MAC protocols – are used to enable the smooth flow of information packets between networked computers Encryption – Encoding data according to some method and algorithm in order to make it difficult to recognize, is a also method of maintaining access control (Isaac and Isaac, 2005)

41 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 41 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Handling and Storing Output and Media Access controls to physical output and media are normally considered as handling and storage procedures. Policies and Procedures need to address the handling and final disposition of data according to its use, type of media, and sensitivity categories. (Isaac and Isaac, 2005)

42 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 42 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Handling and Storing Output and Media – Document Shredding (Isaac and Isaac, 2005)

43 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 43 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Handling and Storing Output and Media – Media Destruction (Isaac and Isaac, 2005)

44 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 44 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Handling and Storing Output and Media – Media Destruction (Isaac and Isaac, 2005)

45 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 45 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Conclusion Access Control covers many critical areas involving an organization’s data and information resources. The SSCP should be familiar with all of the concepts involving these areas

46 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 46 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP Questions and Answers

47 Mile2 Training & ConsultingSSCP: A High-Speed Introduction to the Exam Domains April 26 – 28, 2005 Slide 47 of 47 Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips SSCP References & Text Resources Barman, S. (2002). Writing Information Security Policies. Boston, MA: New Riders Publishing. Hansche, S., Berti, J. and Hare, C. (2004). Official (ISC)2 Guide to the CISSP Exam. Boca Raton, FL: Auerbach Publications. Harris, S. (2003). All-In-One CISSP Certification Exam Guide, second edition. Emeryville, CA: Osborne McGraw-Hill. Isaac, D. S. and Isaac, M. J. (2003). The SSCP Prep Guide. Indianapolis, IN: Wiley Publishing. Middleton, B. (2005). Cyber Crime Investigator’s Field Guide, second edition. Auerbach Publications: Boca Raton, FL. Mitnick, K., and Simon, W. (2002). The Art of Deception: Controlling the Human Element of Security. Indianapolis, IN: Wiley Publishing. Mitnick, K., and Simon, W. (2005). The Art of Intrusion: Controlling the Human Element of Security. Indianapolis, IN: Wiley Publishing. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in Computing, Third Edition. Upper Saddle River, NJ: Prentice Hall. Schneir, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C, second edition. New York: John Wiley & Sons. Shema. M. and Johnson, B. C. (2004). Anti-Hacker Tool Kit, second edition. New York, NY: Osborne McGraw-Hill. Stallings, W. (2000). Network Security Essentials: Applications and Standards. Upper Saddle River, NJ: Prentice Hall. Wyler, N. (editor), et al. (2005). Aggressive Network Defense. Rockland, MA: Syngress.

Download ppt "William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ Domain 1 Intro to IT Security Access."

Similar presentations

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies

Access Control Methodologies
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.

Similar presentations

Ads by Google