... important to the bank. A firewall could be installed to
restrict access to these systems from other parts of the bank.
NOTE:
I said “as a general rule” in the last paragraph. Different firewall vendors ... is not a bad turn of events as it allows security administrators to tailor the
solution to their particular circumstances.
Firewall Configurations
Now let’s take a look back at the DMZ arch...
... own
DNS, the DNS server must be accessible for queries from the outside. DNS will also be a
critical part of your organization’s infrastructure. Because of this, you may choose to have
redundant DNS ... important to the bank. A firewall could be installed to
restrict access to these systems from other parts of the bank.
NOTE:
The choice of a wireless ISP should be governed by the same requi...
... PART
V
Appendixes
341
Copyright 2001 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
More recently, tools have appeared that allow intruders to modify particular entries ... add the appropriate groups to the list (see
Figure 17-9). Standard user accounts should not be part of the Administrator group.
Setting File Permissions
Groups should be used to set permissions ... securi...
... well as assur
-
ance requirements. Thus, in order for a system to meet the qualifications for a particular
level of certification it had to meet the functional and the assurance requirements.
The ... classification, access would be denied.
This concept of modeling eventually lead to United States Department of Defense
Standard 5200.28, The Trusted Computing System Evaluation Criteria (TCSEC,...
... individuals.
Vulnerability Scanning
Scanning computer systems for vulnerabilities is an important part of a good security
program. Such scanning will help an organization to identify potential entry ... cannot be the all-encompassing solution.
Anti-Virus Software
Anti-virus software is a necessary part of a good security program. If properly imple
-
mented and configured, it can reduce an...
... information is found.
Eavesdropping
When someone listens in on a conversation that they are not a part of, that is eavesdrop
-
ping. To gain unauthorized access to information, an attacker must
... by the electronic mail
system to verify the identity of the sender.
Chapter 2: Types of Attacks
25
Chapter 2: Types of Attacks
21
MODIFICATION ATTACKS
A modification attack is an attempt to modify
... difficult. Making
multiple copies of the information and distributing the copies to interested parties makes it
difficult to successfully change all of the documents at the same time.
Chapter ... exists. For paper files, the physical paper file must be protected. The
physical file must exist at a particular location; therefore, access to this location must be
controlled. The confidentiality ....
... or a network within the control of the organization. What if the file is to be
copied to other parties or organizations? In this case, it is clear that the access controls on a
single computer ... signature was created. In order to be worthwhile, the digital signature must be
identified with a particular user; thus, the integrity service must work with the identifica
-
tion and authentication...