detailed description of activities that occur during an attack

6 steps in contingency planning process

three shared functions in continuity strategies

implementation of cryptographic technology, private and secure network connection

provides service for a fee

dynamic filtering, particular packet with a particular source, destination

configured application software, runs on general-purpose computer

categorization by development generation

should be managers or their representatives from various communities of interest

to get sites up and running quickly, organization ability to port data into new site's system

matches supplicant to resource, often uses access control matrix

logic based on set of guidelines most commonly referred to as

data within IP packet is encrypted, but header information is not, allows user to establish secure link directly with remote host, encrypting only data contents of packet

incident recovery

application proxy examines at ______

set of activities taken to plan for, detect, and correct the impact

unverified entity

these servers act as _______, encrypting all traffic that will traverse and secured network

provide guidance in the event of a disaster

Kernel proxy, works in the windows NT executive, evaluates at multiple layers

tied to the role a user performs

protocol for handling TCP traffic through a proxy server

series of scenarios showing impact

Leeds project and make sure sound project planning process is used

propriety circuit-level proxy server, places special SOCS client-side agents on each workstation

ties to a set of tasks user performs

inconsist of two separate firewall devices, each separate firewall system, but are connected to work in tandem

goes between external request and web page

all controls rely on:

operates at transport level

control measure that reduces accidental security breaches

Access control for dial-up

high level manager to support promote and endorse findings of project

used in conjunction with filtering router

inspect networks at the network layer

combined elements of other types of firewalls, elements of packet filtering and proxy servers or circuit gateways

determine the extent of resulting damage

metric key encryption to validate, keeps a database containing the private keys

uses a state table

three exclusive options in continuity strategies

covers identification of, classification of, and response to an incident

something a supplicant knows, has, is

installed on dedicated computer

authorization based on addresses

clear establishment of priorities, clear delegation of roles and responsibilities, alert key personnel, document disaster, mitigate impact, evacuation of physical assets

broadband gateways or DSL or cable modem routers

uses data classification schemes

has two network interface cards

outlines re-establishment of critical business operations

doesn't include actual applications, application may not be installed in configured, required hours today is to become operational

objectives of the network, organizations ability to develop and implement architecture

allows administrators to restrict content access from within network

analysis and prioritization-business functions, identify and prioritize functions within organization units

non-discretionary controls

allows specific types of packets that are acceptable to each host

5 major categories in processing mode

firewall architectures

three types of off-site disaster data storage

lacks auditing and strong authentication and can degrade network performance

automatic phone-dialing program that dials every number in a configured range in records number if modern picks up

stateful, uses state tables

authentication systems

basis for classification as disastrous not disastrous

prevent information from moving between the outside and inside world

more reactive than proactive with the exception of planning that must occur to prepare IR teams to be ready to react to an incident

transfer of large batches of data, receiving server archives data

One of least frequently implemented but most beneficial programs

rudimentary services and facilities, no hardware or peripherals, empty room

seek access to a resource by label, mapped to one and only one entity

label is called an

fully configured computer facilities, all services and communication links, physical plant operations

duplicated databases, multiple servers, processes duplicated, three or more copy simultaneously

categorized by structure

filtering firewall, examine header information and data packets

known as auditability, all actions on a system can be attributed to an authenticated identity, system logs and database journals

combines packet filtering router with dedicated firewall: proxy server, allows router to pre-screen packets

able to consider specific host computer identity in filtering

hot, warm, cold, leased with other organizations

involves providing members of organization with detailed information enhance on instruction designed to prepare them to perform their duties securely

transfer of live transactions to off-site, only transactions are transferred, transfer is real time

intrusion detection systems, virus detection, system admin, end users

tracks of the state in context of each packet

data classification schemes

dominant architecture used today, provides DMZ

estimate cost of best, worst, probable

static packet filtering, simple networking devices, filter packets according to their headers

between trusted and untrusted network, exposed to risk, can place additional filtering routers behind, restricted to a single application

components of contingency plan

a contract between two or more organizations that specifies how each will assist the other and the event of a disaster

designed to operate at Media Access sublayer

State-alone, combination of hardware and software

organization established 2 perimeter tunnel servers

create tunnels between networks

application level or proxy servers, dedicated systems, provides intermediate services for the requests

similar to Kerberos, user first authenticated to an authentication server and receives a token