A
AAA (Access Control, Authentication, Auditing)
access control, 7 12
auditing, 26 34
authentication, 12 26
described, 4 7
AC (alternating current), 162
acceptable use policies, 637 640, 654
access
logs, 578 579
need to know policy for, 645 646
permissions, 453, 480
restricted access policies, 635 636
access control
authentication and, 5 6
authentication vs., 43
biometrics, 585
as cryptography goal, 519
DAC, 9 10
defined, 6
for extranet, 413
with LDAP, 313
MAC, 8 9
MAC/DAC/RBAC, 8
methods for, 578 582
of multi-zone network, 409
physical barriers, 582 584
RBAC, 10 11
viewing discretionary settings, 11 12
for Web server lockdown, 246
See also privilege management
account, auditing, 666 667
ACK (acknowledgement) packet, 167
ACLs (access control lists)
defined, 396
network hardening and, 467 468
routers and, 342, 343
active attacks, 55 73
DoS/DDoS, 55 63
dumpster diving, 72
MITM attacks, 69
replay attacks, 70
social engineering, 72 73
software exploitation, buffer overflows, 63 64
spoofing, 65 68
SYN attacks, 64 65
TCP/IP hijacking, 70 71
types of, 54
wardialing, 71
on wireless network, 190 191
Active Server Pages (ASP), 270
ActiveX controls
dangers of, 278 280
preventing problems with, 265 269
security issues of, 276 278
vulnerabilities, avoiding, 280 282
vulnerabilities, lessening impact of, 282 286
as Web-based vulnerability, 262, 263 264
Web security and, 276 286
ad-hoc network configuration, 173 174
Address Resolution Protocol. See ARP (Address Resolution Protocol) spoofing
administrator
auditing and, 665, 666
centralized...