involves providing members of organization with detailed information enhance on instruction designed to prepare them to perform their duties securely

One of least frequently implemented but most beneficial programs

high level manager to support promote and endorse findings of project

Leeds project and make sure sound project planning process is used

should be managers or their representatives from various communities of interest

components of contingency plan

detailed description of activities that occur during an attack

covers identification of, classification of, and response to an incident

more reactive than proactive with the exception of planning that must occur to prepare IR teams to be ready to react to an incident

set of activities taken to plan for, detect, and correct the impact

intrusion detection systems, virus detection, system admin, end users

incident recovery

provide guidance in the event of a disaster

clear establishment of priorities, clear delegation of roles and responsibilities, alert key personnel, document disaster, mitigate impact, evacuation of physical assets

outlines re-establishment of critical business operations

three exclusive options in continuity strategies

fully configured computer facilities, all services and communication links, physical plant operations

doesn't include actual applications, application may not be installed in configured, required hours today is to become operational

rudimentary services and facilities, no hardware or peripherals, empty room

three shared functions in continuity strategies

hot, warm, cold, leased with other organizations

provides service for a fee

a contract between two or more organizations that specifies how each will assist the other and the event of a disaster

to get sites up and running quickly, organization ability to port data into new site's system

three types of off-site disaster data storage

transfer of large batches of data, receiving server archives data

transfer of live transactions to off-site, only transactions are transferred, transfer is real time

duplicated databases, multiple servers, processes duplicated, three or more copy simultaneously

6 steps in contingency planning process

control measure that reduces accidental security breaches

uses data classification schemes

data classification schemes

non-discretionary controls

tied to the role a user performs

ties to a set of tasks user performs

all controls rely on:

unverified entity

seek access to a resource by label, mapped to one and only one entity

label is called an

something a supplicant knows, has, is

matches supplicant to resource, often uses access control matrix

known as auditability, all actions on a system can be attributed to an authenticated identity, system logs and database journals

prevent information from moving between the outside and inside world

5 major categories in processing mode

filtering firewall, examine header information and data packets

inspect networks at the network layer

uses a state table

tracks of the state in context of each packet

installed on dedicated computer

used in conjunction with filtering router

goes between external request and web page

between trusted and untrusted network, exposed to risk, can place additional filtering routers behind, restricted to a single application

operates at transport level

authorization based on addresses

create tunnels between networks

designed to operate at Media Access sublayer

able to consider specific host computer identity in filtering

allows specific types of packets that are acceptable to each host

combined elements of other types of firewalls, elements of packet filtering and proxy servers or circuit gateways

inconsist of two separate firewall devices, each separate firewall system, but are connected to work in tandem

categorization by development generation

static packet filtering, simple networking devices, filter packets according to their headers

application level or proxy servers, dedicated systems, provides intermediate services for the requests

stateful, uses state tables

dynamic filtering, particular packet with a particular source, destination

Kernel proxy, works in the windows NT executive, evaluates at multiple layers

categorized by structure

State-alone, combination of hardware and software

configured application software, runs on general-purpose computer

broadband gateways or DSL or cable modem routers

firewall architectures

objectives of the network, organizations ability to develop and implement architecture

lacks auditing and strong authentication and can degrade network performance

combines packet filtering router with dedicated firewall: proxy server, allows router to pre-screen packets

application proxy examines at ______

has two network interface cards

dominant architecture used today, provides DMZ

protocol for handling TCP traffic through a proxy server

propriety circuit-level proxy server, places special SOCS client-side agents on each workstation

logic based on set of guidelines most commonly referred to as

allows administrators to restrict content access from within network

authentication systems

Access control for dial-up

metric key encryption to validate, keeps a database containing the private keys

automatic phone-dialing program that dials every number in a configured range in records number if modern picks up

similar to Kerberos, user first authenticated to an authentication server and receives a token

implementation of cryptographic technology, private and secure network connection

data within IP packet is encrypted, but header information is not, allows user to establish secure link directly with remote host, encrypting only data contents of packet

organization established 2 perimeter tunnel servers

these servers act as _______, encrypting all traffic that will traverse and secured network

analysis and prioritization-business functions, identify and prioritize functions within organization units

series of scenarios showing impact

estimate cost of best, worst, probable

basis for classification as disastrous not disastrous

determine the extent of resulting damage