• client/server program
• when a computer is attacked, loki server sw is installed on computer
• server "listens" to a port which creates a backdoor
• commands are sent using the ICMP packets because most routers allow ICMP traffic

• A level of confidence of a trusted system’s architecture and implementation that enforces the system’s security policy. This can include system architecture, covert channel analysis, system integrity, and trusted recovery.

• Software, hardware, and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.

• monitor incoming network traffic to the host computer and control what can and cannot access the services mapped to specific ports

1. Request a change
2. Approve a change
3. Document the change
4. Test the change
5. Implement the change
6. Report the change to management

Security Administrator Tool for Analyzing Networks

• scanning tool that can uncover weaknesses within a network

• access control mechanisms
• seperation of privledged and user program code
• auditing and monitoring capabilities
• covert channel analysis
• trusted recovery when product experiences unexpected circumstances

• design specifications
• clipping level configurations
• unit and integration testing
• configuration management
• trusted distribution

Initial Program Load

• mainframe term for loading the operating system's kernal into the computer's main memory.
• On a PC, booting or rebooting into the OS is the same equivalent.
• This activity takes place to prepare the computer for user operation.

1. System reboot - restards in a controlled manner
2. Emergencey reboot - restarts when normal procedures can not be initiated
3. System cold start - OS brings the system down to maintenance mode and operator intervention is required to complete the recovery.

• when an attacker modifies a packet to contain the same source and destination address. 
• some systems may not know what to do with these types of packets so they may freeze
• considered a DoS attack.

• involves a third party inserting herself between two connected computers without being noticed.
• Two examples of session hijacking tools are Juggernaut and the HUNT project. These tools enable  the attacker to spy on the TCP connection and then hijack it if the attacker decides that is what she wants to do.
• If session hijacking is a concern on a network, the administrator can implement a protocol, such as IPSec or Kerberos, that requires mutual authentication between users or systems

• Slamming - when a user’s service provider has been changed without that user’s consent.
• Cramming - adding on charges that are bogus in nature that the user did not request