Sie sind auf Seite 1von 2

The Internet Architecture Board (IAB) has developed an ethics-related statement concerning the use of

the Internet. As part of this statement, the IAB states that Internet use is a privilege, not a right.
Unethical behavior includes: purposely seeking to gain unauthorized access, disrupting Internet use,
purposely wasting resources, destroying the integrity of computer-based information, and
compromising another person's privacy.

The Internet Engineering Task Force (IETF) is a committee that is overseen by IAB. The IETF's goal is
to make the Internet better. It adheres to the same ethics as the IAB, but the IETF does not have its own
ethics statement.
The Institute of Electrical and Electronics Engineers (IEEE) develops standards for new technologies,
including wireless.
The Internet Corporation for Assigned Names and Numbers (ICANN) is the organization responsible
for the allocation of IP addresses and management of DNS.
Another organization that you should understand is the National Institute of Standards and Technology
(NIST), which is a measurement standards laboratory that is part of the United States Department of
Commerce. This organization develops risk management methodologies. The NIST has identified
several accepted self-testing techniques: network mapping, vulnerability scanning, penetration testing,
password cracking, log review, virus detection, and war dialing.

----------------------
Mutual authentication checks the identity of both ends of the connection. It is often referred to as two-
way authentication.

Biometric authentication authenticates a user based on some physical quality, such as a fingerprint, iris
scan, retina scan, and so on.

Kerberos authentication requires a centralized management database of all user accounts and resource
passwords. It does not authenticate both ends of the connection. Windows 2000 and later implement
Kerberos as the primary mechanism for authenticating users requesting access to a network.

RADIUS provides centralized remote user authentication, authorization, and accounting. It does not
authenticate both ends of the connection.
------------------------
Raking is a technique used by intruders to circumvent a lock. For example, a pick is used to circumvent
a pin tumbler lock. Shimming is a technique in which an authorized user disassembles a lock without
the use of an operating key. Therefore, lock-picking is an example of shimming.

Spamming involves sending large number of unsolicited commercial emails to unsuspecting clients.
Spamming floods the mailbox of a user and overloads a network, which adversely affects the
performance of the network.

A SYN flood is an example of network-based attack. In a SYN flood attack, the attacker repeatedly
sends synchronization (SYN) packets from a spoofed IP addresses to the victim's host computer. The
victim's host computer responds with valid synchronization acknowledgement (SYN-ACK) packets and
keeps waiting for the acknowledgement (ACK) packet to establish a TCP three-way handshake process
for data transfer. In the absence of the ACK packets from the malicious computer, the victim's host
computer continues to respond to each connection attempt from the hostile computer. This results in
denial of service to legitimate hosts because of resource exhaustion.
A capability corresponds to a row in the access control matrix. A capability is a list of all the access
permission that a subject has been granted.

An object is an entity in the access control matrix to which subjects can be granted permissions. A
column in an access control matrix corresponds to the access control list (ACL) for an object.

A row in an access control matrix corresponds to a subject's capabilities, not just the subject.

By storing a list of rights on each subject, the granting of capabilities is accomplished.


--------------------
Memory dumps are admissible in the court of law as evidence to prosecute a suspect. Memory dumps
contain the latest state of the system before the attack occurred. To ensure a clear chain of custody for
evidence collection, the system should be removed from the network, and the contents of the memory
should be dumped due to the sensitive and fragile nature of the information. This memory dump might
contain vital information regarding the incident and can prove helpful in prosecuting the suspect.

User login names, passwords, and hard disk data copies are not helpful in prosecuting a suspect.
Therefore, none of them is considered admissible evidence in the court of law. Law enforcement may
need to obtain passwords as part of an investigation. Law enforcement may use the following methods
to obtain passwords:

Use password cracker software.


Compel the suspect to provide the password.
Contact the developer of the software for information to gain access to the computer or network
through a back door.
While hard disk data copies are not admissible in court, the original hard drive is admissible, providing
the proper chain of custody was maintained and the evidence was secured.
----------------------
Identification is the method used by a user or process to claim who they are or to assert who they claim
to be. Identification involved supplying your user name, account number, or some other form of
personal identification. It is the means by which a user provides a claim of his or her identity to a
system.

Authentication is the process of being recognized by a system. Authentication involves supplying a


second piece of information, such as a password, that is checked against a database for accuracy. If this
piece of information matches the stored information, the subject is authenticated. It is the testing or
reconciliation of evidence of a user's identity.

Authorization is the process of determining if the user can access a particular object within a system.
Authorization involves checking the user credentials to see if the subject has the necessary permissions
to carry out a certain action. It is the rights and permissions granted to an individual to access a
computer resource.
---------------------