CISSP Video Course

Video description

The fast, powerful way to prepare for your CISSP exam!

30+ hours of personal video training from leading security expert Shon Harris

Achieving the (ISC)2’s globally recognized CISSP can give your IT career a lift. In this DVD, the world’s #1 CISSP trainer brings her legendary five-day boot camp to your computer screen. Packed with over 30 hours of instruction adapted from Shon’s classes, this video course includes realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-word settings. Preparing for the CISSP has never been this easy or convenient.

Master the skills and concepts you need for all ten CISSP common body of knowledge domains:

  • Access Control

  • Application Security

  • Business Continuity and Disaster Recovery Planning

  • Cryptography

  • Information Security and Risk Management

  • Legal, Regulations, Compliance, and Investigations

  • Operations Security

  • Physical (Environmental) Security

  • Security Architecture and Design

  • Telecommunications and Network Security

  • System Requirements

    OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4 (Tiger) or later
    MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card with speakers
    COMPUTER: 500MHz or higher CPU; 128MB RAM or more

    Table of contents

    1. None
      1. Introduction
      2. Introduction
    2. Domain 1 — Information Security and Risk Management
      1. Information Security and Risk Management
      2. Mainframe Days
      3. Today’s Environment
      4. Security Definitions
      5. Examples of Some Vulnerabilities that Are Not Always Obvious
      6. Risk — What Does It Really Mean?
      7. Relationships
      8. Who Deals with Risk?
      9. AIC Triad
      10. Who Is Watching?
      11. Social Engineering
      12. What Security People Are Really Thinking
      13. Security Concepts
      14. Security?
      15. The Bad Guys Are Motivated
      16. Open Standards
      17. Without Standards
      18. Controls
      19. Holistic Security
      20. Different Types of Law
      21. How Is Liability Determined?
      22. Due Diligence and Due Care
      23. Prudent Person Rule
      24. Risk Management
      25. Planning Stage — Scope
      26. Planning Stage — Analysis Method
      27. Risk Management Tools
      28. Defining Acceptable Levels
      29. Acceptable Risk Level
      30. Collecting and Analyzing Data Methods
      31. What Is a Company Asset?
      32. Data Collection — Identify Assets
      33. Data Collection — Assigning Values
      34. Asset Value
      35. Data Collection — Identify Threats
      36. Data Collection — Calculate Risks
      37. Scenario Based — Qualitative
      38. Risk Approach
      39. Qualitative Analysis Steps
      40. Want Real Answers?
      41. Qualitative Risk Analysis
      42. ARO Values
      43. Can a Purely Quantitative Analysis Be Accomplished?
      44. Risk Types
      45. Losses
      46. Cost/Benefit Analysis
      47. Cost of a Countermeasure
      48. Cost/Benefit Analysis Countermeasure Criteria
      49. Calculating Cost/Benefit
      50. Controls II
      51. Quantitative Analysis
      52. Can You Get Rid of All Risk?
      53. Uncertainty Analysis
      54. Dealing with Risk
      55. Management’s Response to Identified Risks
      56. Risk Acceptance
      57. Risk Analysis Process Summary
      58. Components of Security Program
      59. A Layered Approach
      60. In Security, You Never Want Any Surprises
      61. Building Foundation
      62. Security Roadmap
      63. Functional and Assurance Requirements
      64. Most Organizations
      65. Silo Security Structure
      66. Security Is a Process
      67. Approach to Security Management
      68. Result of Battling Management
      69. Industry Best Practices Standards
      70. Pieces and Parts
      71. Numbering
      72. New ISO Standards
      73. COBIT
      74. Measurements
      75. Information Technology Infrastructure Library
      76. Security Governance
      77. Security Program Components
      78. Policy Framework
      79. Standards
      80. Data Collection for Metrics
      81. Tying Them Together
      82. Entity Relationships
      83. Senior Management’s Role
      84. Security Roles
      85. Information Classification
      86. Data Leakage
      87. Do You Want to End Up In the News?
      88. Types of Classification Levels
      89. Data Protection Levels
      90. Classification Program Steps
      91. Classification Levels
      92. Information Owner Requirements
      93. Clearly Labeled
      94. Testing Classification Program
      95. Employee Management
      96. Employee Position and Management
      97. Hiring and Firing Issues
      98. Unfriendly Termination
      99. Security Awareness and Training
      100. Training Characteristics
      101. Security Enforcement Issues
      102. Answer This Question
      103. Domain 1 Review
    3. Domain 2 — Access Control
      1. Access Control
      2. Agenda 1
      3. Access Control Mechanism Examples
      4. Technical Controls
      5. Access Control Characteristics
      6. Preventive Controls
      7. Control Combinations
      8. Detective — Administrative Control
      9. Detective Examples
      10. Administrating Access Control
      11. Authorization Creep
      12. Accountability and Access Control
      13. Trusted Path
      14. Fake Login Pages Look Convincing
      15. Who Are You?
      16. Identification Issues
      17. Authentication Mechanisms Characteristics
      18. Strong Authentication
      19. Fraud Controls
      20. Internal Control Tool: Separation of Duties
      21. Authentication Mechanisms in Use Today
      22. Verification Steps
      23. What a Person Is
      24. Why Use Biometrics?
      25. Identification or Authentication?
      26. Iris Sampling
      27. Finger Scan
      28. Hand Geometry
      29. Downfalls to Biometric Use
      30. Biometrics Error Types
      31. Crossover Error Rate
      32. Biometric System Types
      33. Passwords
      34. Password Attacks
      35. Attack Steps
      36. Many Tools to Break Your Password
      37. Rainbow Table
      38. Passwords Should NOT Contain…
      39. Countermeasures for Password Cracking
      40. Cognitive Passwords
      41. One-Time Password Authentication
      42. Synchronous Token
      43. One Type of Solution
      44. Administrator Configures
      45. Challenge Response Authentication
      46. Asynchronous Token Device
      47. Challenge Response Authentication
      48. Cryptographic Keys
      49. Passphrase Authentication
      50. Key Protection
      51. Memory Cards
      52. Memory Card Characteristics
      53. Smart Card
      54. Characteristics
      55. Card Types
      56. Smart Card Attacks
      57. Software Attack
      58. Side Channel Attack
      59. Side Channel Data Collection
      60. Microprobing
      61. Identity Management
      62. How Are These Entities Controlled?
      63. Some Current Issues
      64. Management
      65. Typical Chaos
      66. Different Identities
      67. Identity Management Technologies
      68. Directory Component
      69. Enterprise Directory
      70. Directory Responsibilities
      71. Authoritative Sources
      72. Meta Directory
      73. Directory Interactions
      74. Web Access Management
      75. Web Access
      76. Password Management
      77. Legacy Single Sign-On
      78. Account Management Systems
      79. Provisioning Component
      80. Profile Update
      81. Working Together
      82. Enterprise Directory
      83. Identity Management Solution Components
      84. Federated Identity
      85. Identity Theft
      86. Fake Login Tools
      87. Instructional Emails
      88. Knowing What You Are Disposing of Is Important
      89. Other Examples
      90. Another Danger to Be Aware of… Spyware
      91. Is Someone Watching You?
      92. What Does This Have to Do with My Computer?
      93. New Spyware Is Being Identified Every Week
      94. How to Prevent Spyware
      95. Different Technologies
      96. Single Sign-on Technology
      97. Security Domain
      98. Domains of Trust
      99. Thin Clients
      100. Example
      101. Kerberos as a Single Sign-on Technology
      102. Tickets
      103. Why Go Through All of this Trouble?
      104. Issues Pertaining to Kerberos
      105. Kerberos Issues
      106. SESAME as a Single Sign-on Technology
      107. SESAME Steps for Authentication
      108. Combo
      109. Models for Access
      110. Access Control Models
      111. ACL Access
      112. File Permissions
      113. Security Issues
      114. Mandatory Access Control Model
      115. MAC Enforcement Mechanism — Labels
      116. Formal Model
      117. Software and Hardware
      118. Software and Hardware Guards
      119. MAC versus DAC
      120. Role-Based Access Control
      121. RBAC Hierarchy
      122. Rule-Based Access Control
      123. Firewall Example
      124. Access Control Matrix
      125. Temporal Access Control
      126. Access Control Administration
      127. Remote Centralized Administration
      128. RADIUS
      129. RADIUS Characteristics
      130. TACACS+ Characteristics
      131. Diameter Characteristics
      132. Diameter Protocol
      133. Mobile IP
      134. Diameter Architecture
      135. Two Pieces
      136. AVP
      137. Decentralized Access Control Administration
      138. Controlling Access to Sensitive Data
      139. IDS
      140. IDS Steps
      141. Network IDS Sensors
      142. Host IDS
      143. Combination
      144. Types of IDSs
      145. Signature-Based Example
      146. Behavior-Based IDS
      147. Statistical Anomaly
      148. Statistical IDS
      149. Protocol Anomaly
      150. What Is a Protocol Anomaly?
      151. Protocol Anomaly Issues
      152. Traffic Anomaly
      153. IDS Response Mechanisms
      154. Responses to Attacks
      155. IDS Issues
      156. Vulnerable IDS
      157. Domain 2 Review
    4. Domain 3 — Cryptography
      1. Cryptography
      2. Services Provided by Cryptography
      3. Cryptographic Definitions
      4. Cipher
      5. A Few More Definitions
      6. Symmetric Cryptography — Use of Secret Keys
      7. Scytale Cipher
      8. Substitution Ciphers
      9. Simple Substitution Cipher Atbash
      10. Caesar Cipher Example
      11. Simple Substitution Cipher ROT13
      12. Historical Uses
      13. Vigenere Algorithm
      14. Enigma Machine
      15. Historical Uses of Symmetric Cryptography — Running Key and Concealment
      16. Agenda 1
      17. Transposition Ciphers
      18. Key and Algorithm Relationship
      19. Ways of Breaking Cryptosystems — Brute Force
      20. Brute Force Components
      21. Ways of Breaking Cryptosystems — Frequency Analysis
      22. Strength of a Cryptosystem
      23. Developing Cryptographic Solutions In-House
      24. Characteristics of Strong Algorithms
      25. Open or Closed More Secure?
      26. Types of Ciphers Used Today
      27. S-Boxes Used in Block Ciphers
      28. Binary Mathematical Function 1
      29. Type of Symmetric Cipher — Stream Cipher
      30. Symmetric Characteristics
      31. Initialization Vectors
      32. Security Holes
      33. Strength of a Stream Cipher
      34. Out-of-Band Transmission
      35. Symmetric Key Management Issue
      36. Asymmetric Cryptography
      37. Key Functions
      38. Public Key Cryptography Advantages
      39. Asymmetric Algorithm Disadvantages
      40. Confusing Names
      41. Symmetric versus Asymmetric
      42. Questions 1
      43. When to Use Which Key
      44. Encryption Steps
      45. Receiver’s Public Key Is Used to Encrypt the Symmetric Key
      46. Receiver’s Private Key Is Used to Decrypt the Symmetric Key
      47. Digital Envelope
      48. Secret versus Session Keys
      49. Asymmetric Algorithms We Will Dive Into
      50. Diffie-Hellman
      51. Key Agreement Schemes
      52. Asymmetric Algorithm — RSA
      53. Factoring Large Numbers
      54. RSA Operations
      55. RSA Key Size
      56. El Gamal
      57. Asymmetric Mathematics
      58. Asymmetric Security
      59. Mathematics
      60. Block Cipher
      61. Double DES
      62. Evolution of DES
      63. Modes of 3DES
      64. Encryption Modes
      65. Block Cipher Modes — CBC
      66. Different Modes of Block Ciphers — ECB
      67. ECB versus CBC
      68. Block Cipher Modes — CFB and OFB
      69. CFB and OFB Modes
      70. Counter Mode
      71. Modes Summary
      72. Symmetric Ciphers
      73. Data Integrity
      74. Hashing Steps
      75. Protecting the Integrity of Data
      76. Hashing Algorithms
      77. Data Integrity Mechanisms
      78. Hashing Strength
      79. Question 1
      80. Weakness In Using Only Hash Algorithms
      81. More Protection In Data Integrity
      82. MAC
      83. HMAC — Sender
      84. Another Look
      85. What Services
      86. CBC-MAC
      87. MAC Using Block Ciphers
      88. Integrity?
      89. What Services?
      90. Question 2
      91. Digital Signatures
      92. U.S. Government Standard
      93. What Is…
      94. Not Giving Up the Farm
      95. Zero Knowledge Proof
      96. Message Integrity Controls
      97. Security Issues In Hashing
      98. Example of a Birthday Attack
      99. Birthday Attack Issues
      100. Key Management
      101. Key Usage
      102. M-of-N
      103. Key Types
      104. Why Do We Need a PKI?
      105. PKI and Its Components
      106. RA Roles
      107. CA
      108. Digital Certificates
      109. Certificate
      110. Signing the Certificate
      111. Verifying the Certificate
      112. Trusted CA’s
      113. Non-Trusted CA
      114. What Do You Do with a Certificate?
      115. Components of PKI, Repository, and CRLs
      116. Revoked?
      117. CRL Process
      118. Different Uses for Certificates
      119. Cross Certification
      120. PKI and Trust
      121. Historical Uses of Symmetric Cryptography
      122. Binary Mathematical Function 2
      123. One-Time Pad in Action
      124. One-Time Pad Characteristics
      125. Steganography
      126. Digital Watermarking
      127. Link versus End-to-End Encryption
      128. End-to-End Encryption
      129. Encryption Location
      130. Email Standards
      131. You Decide
      132. Non-Hierarchical
      133. Secure Protocols
      134. SSL Connection Setup
      135. Example — SSL
      136. Validating Certificate
      137. Secure Protocols (Cont.)
      138. SSL and the OSI Model
      139. E-Commerce
      140. How Are You Doing?
      141. Secure Email Standard
      142. Network Layer Protection
      143. IPSec Key Management
      144. IPSec Handshaking Process
      145. VPN Establishment
      146. SAs In Use
      147. Key Issues within IPSec
      148. Configuration of SA Parameters
      149. IPSec Configuration Options
      150. IPSec Is a Suite of Protocols
      151. AH and ESP Modes
      152. IPSec Modes of Operation
      153. VPN Establishment (Cont.)
      154. Review
      155. Questions 2
      156. Attack Types
      157. Attacks on Cryptosystems
      158. Known-Plaintext Attack
      159. Chosen-Plaintext Attack
      160. Chosen-Ciphertext Attack
      161. Adaptive Attacks
      162. Side Channel Attacks
      163. Domain 3 Review
    5. Domain 4 — Physical Security
      1. Physical Security
      2. Different Types of Threats
      3. Wake Up Call
      4. Legal Issues
      5. Physical Security Program Goals
      6. Planning Process
      7. Deterrence
      8. Delay
      9. Layered Defense Model
      10. Weak Link In the Chain
      11. Threat Categories
      12. Crime Prevention Through Environmental Design
      13. Construction Materials
      14. Security Zones
      15. Entrance Protection
      16. Perimeter Security — Security Guards
      17. Types of Physical Intrusion Detection Systems
      18. Alarm Systems
      19. Electrical Power
      20. Fire Prevention
      21. Domain 4 Review
    6. Domain 5 — Security Architecture and Design
      1. Security Architecture and Design
      2. Central Processing Unit (CPU)
      3. Registers
      4. Trust Levels and Processes
      5. Interrupts
      6. Bussses
      7. Multiprocessing and Multitasking
      8. Memory Types
      9. CPU and OS
      10. Trusted Computing Base
      11. Security Levels
      12. Enterprise Architecture
      13. Access Control Models
      14. Bell-LaPadula
      15. Clark-Wilson Model
      16. Non-Interference Model
      17. Access Control Matrix Model
      18. Trusted Computer System Evaluation Criteria (TCSEC)
      19. Domain 5 Review
    7. Domain 6 — Law, Investigation and Ethics
      1. Law, Investigation and Ethics
      2. Examples of Computer Crimes
      3. Who Perpetrates These Crimes?
      4. A Few Attack Types
      5. Privacy of Sensitive Data
      6. Different Types of Laws
      7. Computer Crime and Its Barriers
      8. Preparing for a Crime Before It Happens
      9. Domain 6 Review
    8. Domain 7 — Telecommunications and Networking
      1. Telecommunications and Networking
      2. OSI Model
      3. Networking Communications
      4. Application Layer
      5. Presentation Layer
      6. OSI — Session Layer
      7. Transport Layer
      8. Network Layer
      9. Data Link Layer
      10. Physical Layer
      11. Layers Working Together
      12. Network Topologies
      13. LAN Media Access Technologies
      14. Media Access Technologies
      15. Cabling Types-Coaxial
      16. Cabling Types — Twisted Pair
      17. Types of Cabling — Fiber
      18. Signal and Cable Issues
      19. Transmission Types
      20. Network Technologies
      21. Networking Devices
      22. Virtual LANs
      23. Sniffers
      24. Networking Devices — Router
      25. Hops
      26. Routers
      27. Bridges Compared to Routers
      28. Port and Protocol Relationship
      29. TCP/IP Suite
      30. UDP versus TCP
      31. TCP Segment
      32. SYN Flood
      33. Teardrop Attack
      34. Source Routing
      35. Source Routing Types
      36. IP Address Ranges
      37. IPv6
      38. Protocols
      39. Protocols — ARP
      40. IP to MAC Mapping
      41. How ARP Works
      42. ARP Poisoning
      43. ICMP Packets
      44. A Way Hackers Use ICMP
      45. Ping Steps
      46. Protocols — SNMP
      47. SNMP In Action
      48. SNMP
      49. SNMP Output
      50. POP3 and SMTP
      51. Mail Relay
      52. Protocols — FTP, TFTP, Telnet
      53. Protocols — RARP and BootP
      54. DHCP — Dynamic Host Configuration Protocol
      55. Networking Device — Bastion Host
      56. Network Devices — Firewalls
      57. Rule Set Example
      58. Firewall Types — Proxy Firewalls
      59. Firewall Types — Circuit-Level Proxy Firewall
      60. Circuit-Level Proxy
      61. Dedicated Proxy Servers
      62. Dial-Up Protocols and Authentication Protocols
      63. Authentication Protocols
      64. Virtual Private Network Technologies
      65. SDLC and HDLC
      66. Quality of Service (QoS)
      67. Autonomous Systems
      68. Routing Protocols
      69. Routing Protocol Attacks
      70. Network Service — NAT
      71. WAN Technologies Are Circuit or Packet Switched
      72. PSTN
      73. Multiplexing
      74. Types of Multiplexing
      75. Packet Switching
      76. WAN Technologies — Packet Switched
      77. WAN Technologies — X.25
      78. X.25
      79. WAN Technologies — Frame Relay
      80. WAN Example
      81. Frame Relay
      82. WAN Technologies — ATM
      83. Cell Switching
      84. Wide Area Network Technologies
      85. WAN Technologies — Cable Modem
      86. Cable Modems and Satellites
      87. Network Perimeter Security
      88. Complexity Only Increases
      89. Agenda 9
      90. PSTN (Cont.)
      91. Private Branch Exchange
      92. PBX Vulnerabilities
      93. PBX Best Practices
      94. IP Telephony
      95. Mobile Phone Security
      96. Mobile Device Security
      97. Cell Phone
      98. Wireless Technologies
      99. OFDM
      100. 802.11n
      101. Wireless Technologies — Access Point (Cont.)
      102. Architectures
      103. Wireless Technologies — Service Set ID
      104. Authenticating to an AP
      105. 802.11 Authentication
      106. Wireless Technologies — WEP Woes
      107. 802.11 Security Solutions
      108. Types of 802.11 Security
      109. Wireless EAP
      110. Wireless Technologies — WAP and WTLS
      111. Instant Messaging
      112. Domain 7 Review
    9. Domain 8 — Business Continuity
      1. Business Continuity
      2. Needs for BCP
      3. 9/11 Changed Mentalities About BCP
      4. Do We Have a Plan?
      5. What Is the Purpose of a BCP?
      6. More Reasons to Have Plans in Place
      7. BCP Is a Core Component of Every Security Program
      8. Steps of BCP Process
      9. Different BCP Model
      10. Documentation
      11. BCP Policy Outlines
      12. Who Is In Charge and Who Can We Blame?
      13. What’s Needed In a Team?
      14. BCP Development Team
      15. Project Sizing
      16. Properly Determining Scope Is Important
      17. BCP Risk Analysis Steps
      18. BIA Steps
      19. Information from Different Sources
      20. Analysis
      21. How to Identify the Most Critical Company Functions
      22. Interdependencies
      23. Well, Of Course an Organization Knows How It Works!
      24. Business Silos
      25. Maximum Tolerable Downtime
      26. Range of Threats to Consider
      27. Thinking Outside of the Box What If…
      28. Biological Threats
      29. BIA Steps (Cont.)
      30. Potential Disasters
      31. Risk Approach
      32. What Have We Completed Up to Now?
      33. Recovery Strategies
      34. Alternate Business Process Procedures
      35. Business Process Reconstruction
      36. Recovery Strategies
      37. Facility Backups
      38. Compatibility Issues with Offsite Facility
      39. Tertiary Sites
      40. Subscription Costs
      41. Multiple Processing Centers
      42. Choosing Site Location
      43. Other Offsite Approaches
      44. Security Does Not Stop
      45. More Options
      46. Rolling Hot Site
      47. Recovery Strategies (Cont.)
      48. Supply and Technology Recovery
      49. VoIP
      50. Equipment Replacement
      51. What Items Need to Be Considered?
      52. Priorities
      53. Executive Succession Planning
      54. Recovery Strategies (Cont.)
      55. Co-Location
      56. Data Recovery
      57. Backup Redundancy
      58. Recovering Data
      59. Automated Backup Technologies
      60. Tape Vaulting
      61. Clustering for Fault Tolerance
      62. Disk or Database Shadowing
      63. Cost and Recovery Times
      64. Recovery Solutions
      65. Preventative Measures
      66. Reviewing Insurance
      67. Results from the BIA
      68. Basic Structure of BCP
      69. External Groups
      70. Activation Phase
      71. Reconstitution Phase
      72. Who Goes First?
      73. Disaster Hit — Now What?
      74. Termination of BCP
      75. Life Cycle
      76. Types of Tests to Choose From
      77. Test Objectives
      78. Training Requirements
      79. What Is Success?
      80. Out of Date?
      81. Keeping It Current
      82. Change Control
      83. Resulting Plan Should Contain…
      84. Phases of the BCP
      85. Domain 8 Review
    10. Domain 9 — Application Security
      1. Application Security
      2. How Did We Get Here?
      3. Why Are We Not Improving at a Higher Rate?
      4. Usual Trend of Dealing with Security
      5. Software Development Tools
      6. Security Issues
      7. Language Types
      8. Turn Into Machine Code
      9. New and Old
      10. Object-Oriented Programming
      11. Classes and Objects
      12. Functions and Messages
      13. Object-Oriented Programming Characteristic
      14. Polymorphism
      15. Module Characteristics
      16. Low Cohesion
      17. Coupling
      18. Agenda 2
      19. Distributed Computing
      20. Distributed Computing — ORBs
      21. Common Object Request Broker Architecture
      22. COM Architecture
      23. Enterprise Java Beans
      24. J2EE Platform Example
      25. Linking Through COM
      26. Mobile Code with Active Content
      27. Java and Applets
      28. Database Systems
      29. Database Model
      30. Object-Oriented Database
      31. Benefits of OO Database Model
      32. Database Models — Relational Components
      33. Database Integrity
      34. Different Modeling Approaches
      35. Database Access Methods
      36. Database Connectivity
      37. Database Security Mechanisms
      38. Rollback Control
      39. Checkpoint Control
      40. Checkpoint Protection
      41. Lock Controls
      42. Deadlock Example
      43. Two-Phase Commit
      44. Lock Controls Help to Provide ACID
      45. Inference Attack
      46. Database View Control
      47. Common Components
      48. Data Warehousing
      49. Using a Data Warehouse
      50. Metadata
      51. Database Component
      52. Data Mart
      53. Potential Malicious Traffic Tunneling Through Port 80
      54. OLTP
      55. Knowledge Management
      56. Knowledge Components
      57. HR Example
      58. Knowledge Discovery In Databases
      59. Expert Systems
      60. Software Development Models
      61. Project Development — Phases I through V
      62. Project Development — Phases VI and VII
      63. Testing Types
      64. Data Contamination Controls
      65. Best Practices for Testing
      66. Test for Specific Threats
      67. Verification versus Validation
      68. Evaluating the Resulting Product
      69. Controlling How Changes Take Place
      70. Administrative Controls
      71. Common Information Flow
      72. Tier Approach and Communication Components
      73. Tiered Network Architectures
      74. Sensitive Data Availability
      75. Cookies
      76. Find Out Where You Have Been
      77. Pulling Data
      78. Provide the Hackers with Tools
      79. Common Web Server Flaws
      80. Improper Data Validation
      81. Uniform Resource Locator (URL)
      82. Directory Traversal
      83. Buffer Overflow
      84. Cross-Site Scripting Attack
      85. Common SQL Injection Attack
      86. Attacking Mis-configurations
      87. CGI Information
      88. Authentication
      89. Protecting Traffic
      90. Rolling ‘em Out
      91. Virus
      92. More Malware
      93. Trojans
      94. A Back Orifice Attack!
      95. NetBus and Hoaxes
      96. Malware Protection Types
      97. Signature Scanning
      98. Monitoring Activities
      99. Monitoring for Changes
      100. More Bad Stuff
      101. Disclosing Data In an Unauthorized Manner
      102. Covert Timing Channel
      103. Circumventing Access Controls
      104. Attacks
      105. Attack Type — Race Condition
      106. How a Buffer Overflow Works
      107. Watching Network Traffic
      108. Traffic Analysis
      109. Functionally Two Different Types of Rootkits
      110. Examples of Trojaned Files
      111. Domain 9 Review
      112. More Bad Stuff
      113. Disclosing Data In an Unauthorized Manner
      114. Covert Timing Channel
      115. Circumventing Access Controls
      116. Attacks
      117. Attack Type — Race Condition
      118. How a Buffer Overflow Works
      119. Watching Network Traffic
      120. Traffic Analysis
      121. Functionally Two Different Types of Rootkits
      122. Examples of Trojaned Files
      123. Domain 9 Review
    11. Domain 10 — Operations Security
      1. Operations Security
      2. Computer Operations
      3. Problem Management Procedures for Processing Problems
      4. Higher Level Look
      5. Administrative Controls Personnel Controls
      6. Resource Protection
      7. Media Labels and Controls
      8. Software Escrow
      9. Media Reuse
      10. Why Not Just Delete the Files?
      11. Backups
      12. Backup Types
      13. Incremental Backup
      14. Incremental
      15. Differential Backup
      16. Mean Time Between Failure
      17. Mean Time to Repair
      18. Redundant and Fault Tolerance
      19. Mirroring Data
      20. Direct Access Storage Device
      21. Serial Advanced Technology Architecture
      22. SAN
      23. Fault Tolerance
      24. Redundancy Mechanism
      25. Some Threats to Computer Operations
      26. Trusted Recovery of Software
      27. After System Crash
      28. Security Concerns
      29. Contingency Planning
      30. Remote Access Security
      31. Before Carrying Out Vulnerability Testing
      32. Testing for Vulnerabilities
      33. Security Testing Issues
      34. Vulnerability Scanning
      35. Data Leakage — Keystroke Logging
      36. Password Cracking
      37. War Dialing
      38. War Driving
      39. Penetration Testing
      40. Post-Testing and Assessment Steps
      41. Penetration Testing Variations
      42. Types of Testing
      43. Protection Mechanism — Honeypot
      44. Log Reviews
      45. Domain 10 Review
      46. Course Closure

    Product information

    • Title: CISSP Video Course
    • Author(s):
    • Release date: May 2009
    • Publisher(s): Pearson IT Certification
    • ISBN: 9780789740106