210 Index Internetwork Packet Exchange (IPX) , 62 Intrusion detection system (IDS) , 6­9 , 72 , 130 Intrusion prevention system (IPS) , 8 IP spoofing , 63­4 iSCSI SAN , 54 ITU-T X.509 , 139 J Jamming , 85 Java , 35 , 36 Java Runtime Environment (JRE) , 35 Java Virtual Machine (JVM) , 35 Javascript , 36 , 37 Job rotation , 93 Jscript , 36 , 37 K Kerberos , 114­15 Key escrow , 160 Key management , 140­1 Key recovery agents , 161 Key Recovery Information (KRI) , 161 Key Usage value , 139 L L2TP (Layer 2 Tunneling Protocol) , 147 LANMAN (LAN Manager) , 138 LDAP , 115­16 directories , 115 objects, attributes, and the schema , 116­17 organizational units , 116 securing , 117 Least privilege , 93 "Least privileged" principle , 18 Legislation and organizational policies , 193 acceptable use policies , 195 change management , 196 due care , 199­200 due diligence , 200 due process , 200 information classification , 196­7 password complexity , 195 administrator accounts , 196 password changes and restrictions , 196 strong passwords , 195 personally identifiable information (PII) , 198­9 secure disposal of systems , 193 destruction , 194 retention/storage , 194 security-related HR policies , 203 code of ethics , 203 service level agreements (SLAs) , 200­1 user education and awareness training , 201 communication , 201­2 education , 202 online resources , 202­3 user awareness , 202 vacations , 197 Linux Security Modules (LSM) , 22 LM Hash , see LANMAN Local area network (LAN) , 66 Local Group Policy , 21 Logging and auditing , 130­2 Logic bomb , 6 Logical access control methods , 98 access control lists , 98­9 account expiration , 100 domain policies , 99­100 group policies , 99 logical tokens , 100­1 time of day restrictions , 100 Logical Link Control (LLC) layer , 79 Logical tokens , 100­1 Multipath interference , 78 Mutual authentication , 119­20 N National Security Agency , 154 .NET , 36 NetBIOS Extended User Interface (NetBEUI) , 25 Netscape , 143 Network access access control , 89­90 models , 90­1 security controls , 98 security groups , 97 authentication models and components , 91­2 identity , 92 logical access control methods , 98 access control lists , 98­9 account expiration , 100 domain policies , 99­100 group policies , 99 logical tokens , 100­1 time of day restrictions , 100 methods and models , 92 discretionary access control , 94­5 job rotation , 93 least privilege , 93 mandatory access control , 93­4 role-and rule-based access control , 96 separation of duties , 92 physical access security methods , 101­2 access lists and logs , 102­3 door access systems , 104­5 hardware locks , 103 ID badges , 103­4 man-trap , 105 video surveillance , 105 Network Access Control (NAC) , 26 , 71­2 Network access protection , 71­2 Network address translation (NAT) , 71 Network Attached Storage , 54 Network attached storage (NAS) , 13 Network authentication authentication methods one-factor , 111 single sign-on , 112 three-factor , 112 two-factor , 112 M Magnetic tapes , 13 Malware , 1 Man-trap , 105 Mandatory access control (MAC) , 93­4 Mandatory vacation policies , 197­8 Man-in-the-middle (MITM) attack , 63 , 64 MD5 (Message Digest 5) , 138 Media Access Control (MAC) layer , 65 , 66 , 79 Microsoft Active Directory technology , 99 Microsoft Baseline Security Analyzer (MBSA) , 23 Microsoft Hyper-V , 51 Microsoft Terminal Services , 55 Microsoft updates , 19 Microsoft Virtual Server 2005 ; 50 MTA (Mail Transport Agent) , 148 MUA (Mail User Agent) , 148 Multi-core processors , 52 Multifactor authentication , see Three-factor authentication