Validating identity wireless network
The goal of HSPD-12 is to require federal agencies to adopt a standard, secure, and reliable identification card (the “PIV card”) for employees and contractors – and to ensure that it's only issued only to intended individuals. Roles and responsibilities of Certificate Authorities (CAs) Registration and certification process Directories defined Certificate management Certificate value Cross certification Key recovery Leveraging certificates in applications SSL IPsec S/MIME Registration Authority (RA) Interfacing with PKCS & PKIX standards Contrasting online RA vs.Certificates and Signatures When are certificates and signatures used? offline RA Linking with PKI Repository Identifying with distinguished names Accessing the X.500 directory with LDAPv3 Choosing LDAP chaining or referrals X.509v2 Certificate Revocation List (CRL) Timeliness and salability solutions Selecting complete or delta CRL Publishing CA certificates and CRLs Validating certificates with OCSP Validating entity certificate Forming a certificate chain Locating the Trust Anchor Matching CA Certificates Validating via path processing Building a hierarchical trust model Distributing trust to subordinate CAs Increasing security with offline root Issuing CA vs intermediate CA Defining CPS with a policy CA Restricting with Qualified Subordination Constraining trust to subordinates Mapping policies with peer CAs Path processing a Certificate Trust List chain Product Comparisons and Demonstrations The information and answers you need to choose the products that match both your strategic objectives and your existing infrastructure.Network Security Auditing Tools and Techniques Download the sample pages (includes Chapter 4 and Index) Introduction xxi Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars 1 Assessment 2 Prevention 3 Detection 3 Reaction 4 Recovery 4 Building a Security Program 4 Policy 5 Procedures 6 Standards 7 Security Controls 7 Administrative Controls 7 Technical Controls 8 Physical Controls 8 Preventative Controls 8 Detective Controls 8 Corrective Controls 8 Recovery Controls 9 Managing Risk 9 Risk Assessment 10 Risk Mitigation 14 Risk in the Fourth Dimension 16 How, What, and Why You Audit 17 Audit Charter 17 Engagement Letter 18 Types of Audits 19 Security Review 19 Security Assessment 19 Security Audit 20 The Role of the Auditor 20 Places Where Audits Occur 21 Policy Level 21 Procedure Level 21 Control Level 22 The Auditing Process 22 Planning Phase: Audit Subject, Objective, and Scope 22 Research Phase: Planning, Audit Procedures, and Evaluation Criteria 23 Data Gathering Phase: Checklists, Tools, and Evidence 23 Data Analysis Phase: Analyze, Map, and Recommend 24 Audit Report Phase: Write, Present, and File the Audit Report 24 Follow-Up Phase: Follow up, Follow up, Follow up!25 Summary 25 References in This Chapter 26 Chapter 2 Information Security and the Law 27 IT Security Laws 27 Hacking, Cracking, and Fraud Laws 29 Computer Fraud and Abuse Act 29 Access Device Statute 31 Electronic Communications Privacy Act 34 Title I: Wiretap Act 34 Title II: Stored Communications Act 37 Title III: Pen/Trap Statute 38 Intellectual Property Laws 39 Digital Millennium Copyright Act 39 Economic Espionage Act 41 CAN-SPAM Act of 2003 42 State and Local Laws 43 Reporting a Crime 44 Regulatory Compliance Laws 46 SOX 46 HIPAA 48 Privacy Rule 50 Security Rule 51 Transactions and Code Sets Standard Rule 52 Identifiers Rule 52 Enforcement Rule 52 GLBA 54 PCI DSS 55 Summary 59 References in This Chapter 60 Federal Hacking Laws 60 State Laws 60 Chapter 3 Information Security Governance, Frameworks, and Standards 61 Understanding Information Security Governance 61 People: Roles and Responsibilities 64 Information Security Governance Organizational Structure 65 Board of Directors 65 Security Steering Committee 65 CEO or Executive Management 66 CIO/CISO 66 Security Director 66 Security Analyst 66 Security Architect 66 Security Engineer 67 Systems Administrator 67 Database Administrator 67 IS Auditor 67 End User 67 Spotting Weaknesses in the People Aspect of Security 67 Process: Security Governance Frameworks 68 COSO 68 Control Environment 69 Risk Assessment 70 Control Activities 70 Information and Communication 70 Monitoring 70 COBIT 71 ITIL 75 Technology: Standards Procedures and Guidelines 0 Series of Standards 76 NIST 78 Center for Internet Security 80 NSA 80 DISA 81 SANS 82 ISACA 83 Cisco Security Best Practices 84 Summary 85 References in This Chapter 86 Web Resources 86 Chapter 4 Auditing Tools and Techniques 87 Evaluating Security Controls 87 Auditing Security Practices 89 Testing Security Technology 91 Security Testing Frameworks 92 OSSTMM 93 ISSAF 93 NIST 800-115 94 OWASAP 94 Security Auditing Tools 95 Service Mapping Tools 96 Nmap 96 Hping 100 Vulnerability Assessment Tools 101 Nessus 101 Red Seal SRM 105 Packet Capture Tools 111 Tcpdump 111 Wireshark/Tshark 114 Penetration Testing Tools 116 Core Impact 116 Metasploit 120 Back Track 127 Summary 128 References in This Chapter 128 Security Testing Frameworks 128 Security Testing Tools 129 Chapter 5 Auditing Cisco Security Solutions 131 Auditors and Technology 131 Security as a System 132 Cisco Security Auditing Domains 133 Policy, Compliance, and Management 134 Infrastructure Security 135 Perimeter Intrusion Prevention 136 Access Control 136 Secure Remote Access 137 Endpoint Protection 138 Unified Communications 139 Defining the Audit Scope of a Domain 139 Identifying Security Controls to Assess 141 Mapping Security Controls to Cisco Solutions 143 The Audit Checklist 144 Summary 150 Chapter 6 Policy, Compliance, and Management 153 Do You Know Where Your Policy Is?
If this dialog box opens while you are performing the procedures in this guide, and if the dialog box was opened in response to your actions, click Continue.Use the following information along with the product documentation provided by the wireless AP manufacturer to configure your wireless APs.