General
 Home
 FAQ
 Terminology
 Acronymns
 Tech Topics

Related Links
 STP and PLM
 Security Links

Development
 Documentation
 Planning

Security Topics

A bullet list arranged topically from Julie (minor modifications by Chris):

  • Access Control (Mandatory and Discretionary)
    • Discretionary Access Control (DAC)
    • Mandatiory Access Control (MAC)
      • Bell-LaPadula, Mutilevel Security (MLS)
      • Type Enforcement (TE)
      • Domain Type Enforcement (DTE)
      • Role-Based Access Control (RBAC)
  • Attacks:
    • Passive network snooping
    • Active network attacks (e.g. man-in-the-middle attacks)
    • Client hijacking (e.g. browsers)
    • Session hijacking
    • Identity theft
    • Back door attacks
    • Password guessing
    • Network saturation attacks (e.g. the SMURF attack)
    • Network protocol attacks (e.g. Ping-of-death)
    • Web server attacks (e.g. Cross-site scripting)
    • Application Protocol injection attacks (SQL injection and others)
    • Port scans (a way to gather intelligence about the target)
    • System invasion attacks (buffer overflow etc.)
    • Attacks on cryptographic protocols (e.g. 802.11 WEP)
    • Replay attacks
  • Authorization
  • Auditing
    • Basic Security Module (BSM) - Typical with Solaris
    • SNARE
  • Authentication
  • Accountability or Non-repudiation
  • Certification Authority
  • Cryptography
    • Advanced Encryption Standard (AES)
    • Data Encryption Standard (DES)
    • etc...
  • Firewall
  • Integrity
  • Intrusion Detection System (IDS)
    • Tripwire
    • Snort
  • Intrusion Response System (IRS)
  • Least Privilege
  • Public Key Infrastructure (PKI)
  • Privacy/Confidentiality (or Secrecy)
  • Privileges/Capabilities
Brought to you by the Open Source Development Labs