auditing – backups 461
biometrics, 108, 111, 115, 122, 211
device fingerprinting, 418
EAP, 100
factor types, 104
falsified credentials, 216
Google, 118
hybrid, 409
identity platforms and, 211
Kerberos, 105, 110
knowledge-based, 365, 408
LEAP, 100
logs, 168
multifactor, 3, 223
OpenID, 123
PEAP, 100
port-based, 90
PPP, 82
requiring, 426
scans, 378
something you have, 216
ticket-based protocols, 116
token-based, 121
tools, 22
traveling users, 113
Type 3 authenticators, 123
U.S. government, 120
voice pattern recognition, 104
VPN protocols, 82
wireless networks, 93
Authentication Header, 449
authorization, 361, 432
planning phase, 374
privilege creep, 110
tools, 6
automated recovery, 441, 452
awareness, 353
awareness training, 319B
backdoors, 55, 339
backups, 294–295
archive status, 293logic bombs, 402
man-in-the-middle, 105, 172, 360, 391
masquerading, 412
meet-in-the-middle, 344
modification, 412
passwords, 176
phases, 150
phishing, 361
ping flood, 418
ping of death, 169, 390
precise timing, 67
preventing, 161
privileges and, 165
rainbow table, 56, 105, 211, 363, 409,
424
ransomware, 194–195, 320, 402
replay, 412
scripted, 373
smurf, 223, 320, 415
SPI T, 90
spoofing, 185, 412, 448
SQL injection, 23, 398, 403
state tokens and, 118
SYN flood, 213, 386, 390, 410
teardrop, 356
timing conditions, 191, 273
TLS and, 28
TOC/TOU, 186, 241, 398
trust relationships and, 176
URL encoding, 188
VoIP and, 235
web applications, 181
XSS (cross-site scripting), 187, 311, 399
zero-day, 386
auditing, 239–241, 387
assessments, 164
audit standards and, 142
external auditors, 424
internal auditors, 424
log modification, 437
records, Windows, 296
authentication, 17, 65, 116, 120, 121, 209,
233, 302, 429
Active Directory system, 125