Best IT Documents.com Blog


TCP and UDP ports

Posted in Networking (340) by Guest on the September 27th, 2009

 

Port Category

Port Number Range

Description

Well-known ports 0 – 1023 Typically used by standard system processes or programs executed by users with administrator credentials. Assigned by IANA.
Registered ports 1024 – 49151 Used by ordinary user processes or programs executed by ordinary users. IANA does not assign these ports, but registers use of them as a convenience for the TCP/IP community.
Dynamic or private ports 49152 – 65535 Unassigned and unregistered ports for private applications, client-side processes, or other processes that dynamically allocate port numbers
Comments Off on TCP and UDP ports

Physical and Perimters test cases

Posted in Security (1500) by Guest on the September 21st, 2009

Perimeter Review 

This is a method of testing the physical security of an organization and its assets by reviewing is its physical perimeter security measures. 

Expected Results:

1        Map of physical perimeter

2        Types of physical protective measures

3        List of unprotected / weakly protected areas  

Tasks to perform for a thorough Perimiter review:

  • Map physical perimeter
  • Map physical protective measures (fences, gates, lights, etc)
  • Map physical access routes / methods
  • Map unmonitored areas 

Monitoring Review

This is a method of discovering monitored access points to an organization and its assets through discovery of guard and electronic monitoring.  

Expected Results:

1        List of monitored access points

2        Types of monitoring

3        List of unmonitored standard and privileged access points

4        List of alarm triggers  

Tasks to perform for a thorough Monitoring review:

  • Enumerate monitoring devices
  • Map guarded locations and routes traveled
  • Map unmonitored areas to monitored areas
  • Test monitoring devices for limitations and weaknesses
  • Test monitoring devices for denial of service attacks 

Access Control Testing

This is a method of testing access privileges to an organization and its assets through physical access points.  

Expected Results:

1        List of physical access points

2        Types of authentication

3        Types of alarm systems

4        List of alarm triggers 

Tasks to perform for a thorough Access Controls test::

  • Enumerate access control areas
  • Examine access control devices and types
  • Examine alarm types
  • Determine the level of complexity in an access control device
  • Determine the level of privacy in an access control device
  • Test access control devices for vulnerabilites and weakneses
  • Test access control devices against Denial of Service 

Alarm Response Review

This is a method of discovering alarm procedure and equipment in an organization through discovery of guard and electronic monitoring. 

Expected Results:

1        List of alarm types

2        List of alarm triggers

3        Map of alarm procedure

4        List of persons involved in alarm procedure

5        List of containment measures and safety precautions triggered by

6        Alarm  

Tasks to perform for a thorough Alarm Response review:

  • Enumerate alarm devices
  • Map alarm trigger procedures
  • Map alarm activated security reflexes
  • Discover persons involved in an alarm procedure
  • Test alarm escalation
  • Test alarm enablement and disablement
  • Test alarm devices for limitations and weaknesses
  • Test alarm devices for denial of service attacks
  • Test alarm procedures for Denial of Service attacks 

Location Review

This is a method of gaining access to an organization or its assets through weaknesses in its location and protection from outside elements. 

Expected Results:

1        Map of physical locations of assets

2        List of physical location access points

3        List of vulnerable access points in location

4        List of external 3rd parties accessing locations 

Tasks to perform for a thorough Location review:

  • Enumerate visible areas into the organization (line of sight)
  • Enumerate audible areas into the organization (laser or electronic ear)
  • Test location areas for vulnerabilities and weaknesses to supply delivery
  • List supply delivery persons and organizations
  • List cleaning staff and organizations
  • List hours and days in delivery cycles
  • List hours and days in visitor cycles 

Environment Review

This is a method of gaining access to or harming an organization or its assets through weaknesses in its environment. 

Expected Results:

1        Map of physical locations of assets

2        List of vulnerable locations

3        List of local laws, customs, and ethics

4        List of operational laws, customs, and ethics 

Tasks to perform for a thorough Environment review:

  • Examine natural disaster conditions for the region
  • Examine political environmental conditions
  • Examine back-up and recovery procedures
  • Identify weaknesses and vulnerabilities in back-up and recovery procedures
  • Identify Denial of Service attacks in back-up and recovery procedures
  • Examine physical and electronic handicaps in various weather patterns
  • Compare operational procedures with regional laws, customs, and ethics

http://www.bestitdocuments.com/Assessments.html

 

Comments Off on Physical and Perimters test cases

Identity Theft

Posted in Information Rights Management (100),Security (1500) by Guest on the September 5th, 2009

Identity theft is a crime where a person’s legal identity is stolen and used to conduct financial fraud. Identity thieves steal information about a victim such as bank account information, Social Security number and driver’s license number in order to open accounts in the victim’s name or to change the victim’s account information. In 2009, there were millions of cases of identity theft reported in the United States.

The damage from identity theft is considerable, both to financial institutions and victims. Since most identity thieves are never caught, financial institutions cover a majority of the costs from fraud. The average victim will pay over $1,000 to have their good credit restored and it could take years for their credit record to be rectified. During this time, the victim will not be eligible for home, car or student loans, nor will they pass a credit check required for some jobs. The possible non-financial repercussions to the victim of identity include criminal investigation, arrest and even conviction.

While you can’t prevent identity theft, you can minimize your risk by managing your personal information wisely. Basic, everyday transactions are often the target of identity thieves. A check written at a department store, a credit card receipt from dinner, and other records of day-to-day financial transactions that require the sharing of personal information are all targets for identity thieves.

Here are some steps to help you not be a victim of identity theft:

  • Order your credit report from the three major credit bureaus each year and check to see if all the information is correct.  (Equifax, Experian, and Trans Union)
  • Follow up with creditors if bills do not arrive on time, as the identity thief may have taken your bill and use that information to conduct fraud in your good name.
  • Shred or tear up papers that you do not intend to keep that contain personal, financial or account information.  Examples of these are credit card offers, credit card checks, papers with personal identification numbers (PINs), etc.
  • Be careful when sharing personal information in person, over the phone and on the Internet. 
  • Be careful what you keep in your purse or wallet. If your purse or wallet is stolen, report it right away to the police and follow up with your credit-card company, credit union, and insurance company so they can stop activity on your accounts.
  • Keep a copy of all the contact information of your financial companies safe at home so you can quickly contact each institution for reporting stolen credit cards, checks, and insurance cards.
Comments Off on Identity Theft