From the Internet
From the inside network
From intruders who gain physical access to the computer resources
White hat hacker
Creating a back door
Launching a DOS attack
Starting a Smurf attack
Conducting social engineering
Defense in Depth
Hijacking a session
It sends a ping request to a subnet, requesting that devices on that subnet send ping replies to a target system.
It sends ping requests in segments of an invalid size.
It intercepts the third step in a TCP three-way handshake to hijack a session
It uses aTrojan horse applications to create a distributed collection of zombie computers, which can be used to launch a coordinated DDoS attack.
Deploy HIPS software on all enduser workstations.
Routinely apply patches to operating systems and applications.
Disable unneeded services and ports on hosts.
Require strong passwords, and enable password expiration.
Operations and Maintenance
Acquisition and development
Initiation and implementation
Execution and termination
Strategic security planning
Using Cisco SDM to perform a network posture validation
Scanning a network for active IP addresses and open ports on those IP addresses
Performing end-user training on the use of antispyware software
Using password-cracking untilities
Performing virus scans
Emergency response phase
Return to normal operations phase
Threat isolation phase
Identity-based networking policy
Acceptable-use executive summary
Chief Security Officer (CSO)
Chief Executive Officer (CEO)
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
They are all equally important