Lesson 9
Ongoing Nature of Effective Security
In this module, you learned about strategies that will help you understand the ongoing nature of effective security implementation, and you have seen how to implement the security process. Perhaps most importantly, you learned about the
basic techniques to secure Web, FTP, and SMTP servers, and how to separate your servers from your operating system.
Now that you have completed this module, you should understand how to:
- Consistently apply security principles
- Secure an operating system
- Secure TCP/IP services, including HTTP and FTP
- Apply security principles to secure servers, applications, and gateways
Key terms and Concepts
- Access control list (ACL): A list of individual users and groups of users associated with an object, and the rights that the user or group has when accessing that object. Access control list (ACL)
- Authentication: The process of identifying an individual, usually based on a username and password.
- Common Gateway Interface (CGI): A protocol that allows a Web server to pass control to a software application, based on a user request. It also allows that program to receive and organize that information, then return it to the user in a consistent format. A CGI script resides on a Web server, enabling the CGI process.
- (DNS) Domain Name System lookup: The system that allows a server, administrator or user to enter a host name to find out the corresponding Internet address. A reverse lookup is a procedure (usually automated) that occurs when a user requests the operation of a resource such as an e-mail server. It is an authentication technique.
- (FTP) File Transfer Protocol: An approved method that allows the delivery of files across the Internet. An FTP server stores directories of files using a hierarchical structure. Normally, a user is a client and a company acts as the server.
- (ISAPI) Internet Services Application Programming Interface: A method developed by Microsoft to write programs that communicate with Web servers through OLE.
- Melissa virus: A specific virus embedded in a Microsoft Word document, infecting the user's system when the document is opened.
- Perl: A cross-platform programming language that enables users to write custom CGI programs, as well as system management programs.
- (RFC) Request for Comment: The written definitions of the protocols and policies of the Internet.
- (SMTP) Simple Mail Transfer Protocol: The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.
Securing Resources Review - Quiz
Click the Quiz link below to take a multiple-choice quiz about the material we have covered in this module.
Securing Resources - Quiz