Читаем CISSP Practice полностью

A switch port that can see all network traffic going through the switch.

Spanning tree

Multicast and broadcast routing is performed using spanning trees, which makes excellent use of bandwidth where each router must know which of its lines belong to the tree. The spanning tree is also used in conducting risk analysis, to build plug-and-play bridges, and to build Internet relay chat (IRC) server network so it routes messages according to a shortest-path algorithm.

Specialized security with limited functionality

An environment encompassing systems with specialized security requirements, in which higher security needs typically result in more limited functionality.

Specification

(1) An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional descriptions, and architectural designs) associated with an information system. (2) A technical description of the desired behavior of a system, as derived from its requirements. (3) A specification is used to develop and test an implementation of a system.

Split domain name system (DNS)

Implementation of split domain name system (DNS) requires a minimum of two physical files (zone files) or views. One file or view should exclusively provide name resolution for hosts located inside the firewall and for hosts outside the firewall. The other file or view should provide name resolution only for hosts located outside the firewall on in the DMZ and not for any hosts inside the firewall. In other words, split DNS requires one physical file for external clients and one physical file for internal clients.

Split knowledge

(1) A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. (2) The condition under which two or more parties separately have part of the data, that, when combined, will yield a security parameter or that will allow them to perform some sensitive function. (3) The separation of data into two or more parts, with each part constantly kept under control of separate authorized individuals or teams so that no one individual will be knowledgeable of the total data involved.

Split tunneling

(1) A virtual private network (VPN) client feature that tunnels all communications involving an organization’s internal resources through the VPN, thus protecting them, and excludes all other communications from going through the tunnel. (2) A method that routes organization-specific traffic through the SSL VPN tunnel, but other traffic uses the remote user’s default gateway.

Spoofing attacks

Many spoofing attacks exist. An example is the Internet Protocol (IP) spoofing attack, which refers to sending a network packet that appears to come from a source other than its actual source. It involves (1) the ability to receive a message by masquerading as the legitimate receiving destination or (2) masquerading as the sending machine and sending a message to a destination.

Spread spectrum

Uses a wide band of frequencies to send radio signals. Instead of transmitting a signal on one channel, spread spectrum systems process the signal and spread it across a wider range of frequencies.

Spyware

(1) It is malware intended to violate a user’s privacy. (2) It is a program embedded within an application that collects information and periodically communicates back to its home site, unbeknownst to the user. Spyware programs have been discovered with many shareware or freeware programs and even some commercial products, without notification of this hidden functionality in the license agreement or elsewhere. Notification of this hidden functionality may not occur in the license agreement. News reports have accused various spyware programs of inventorying software on the user’s system, collecting or searching out private information, and periodically shipping the information back to the home site. (3) It is software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge. It is a type of malicious code and malware.

Spyware detection and removal utility

A program that monitors a computer to identify spyware and prevent or contain spyware incidents.

Stackguarding

Stackguarding technology makes it difficult for attackers to exploit buffer overflows and to prevent worms from gaining control of low-privilege accounts.

Standard