SANS Security+ 2008 Study Guide

Virtualization Technology is a method of allocating and presenting the physical resources of one piece of computer hardware to multiple operating system instances. It is used for far more than honeypots, but honeypots depend on this technology. The presentation to each operating system has the appearance of a complete, discrete system.

Replay attacks use a simple method of exploiting a captured packet or packets, and resend that traffic to cause unexpected results. Evan describes the various replay attacks that can be crafted to attack your enterprise as well as the means to defend against such attacks.

The people assaulting your network have a hundred or more ways that they can use to get in. Many of those come from flaws in the software used, flaws that allow unscrupulous souls myriad ways to get the information they seek. They are limited only by their imagination and your defenses.

A description of Network Attached Storage and how to keep it secure.

Many of the security risks that you and your organization face can be reduced if you patch your systems regularly. Although this can be expensive and time-consuming, and the more complex your IT environment, the more complex patch management becomes. However, the costs of not patching can be ever higher.

A discussion on the security issues surrounding Instant Messaging that concern businesses today.

An interesting attack against domain names is called domain kiting. This term was coined by Bob Parsons, CEO and founder of GoDaddy.com. The term "kiting" comes from the familiar and illegal practice of check kiting. Check kiting (also known as check floating) involves taking advantage of the time between the negotiation of the check and its clearance at the check-writer’s bank to draw out these funds. Domain kiting is an exploit that takes advantage of the domain name registration grace period where a person (or entity) registers, cancels, and re-registers the same domain name within that grace period to use, but avoid paying the registration fees, for the domain.

From a Security due diligence perspective, Wardriving (or walking) is absolutely necessary for the protection of your network and data. It should be assigned to someone in the Security department as a regular task to assess your network's integrity.

Adware is bestdefined as software containing advertising features bundled with an application (that a user may or may not have knowledge of) that contains additional software allowing advertisements or the tracking of user activities.

An overview of backup site considerations, including a comparison of hot, warm and cold sites.

Even before the advent of e-mail as a mechanism for delivery, urban legends, hoaxes and scams lay in wait for the unwary. E-mail delivers the old tricks in new packages (and more widely and quickly than ever before) but the underlying mechanisms still remain.

In light of the recent increase in e-discovery concerns, retention policies have become an essential proactive step in any organization’s information security preparedness.The universal imperative for all organizations is that they must establish an electronic data retention policy and be held accountable for observing that policy in a consistent manner.

Anonymous or Blind FTP refers to the extremely common Internet situation where an FTP (File Transfer Protocol) server is making information available to the general public. Because it does not matter who is getting the information, all are welcome, the server does not care what the FTP client’s user name is or what the FTP client’s password is.