AD (Active Directory):Included in most Windows Server OS as a set of processes and services. Uses LDAP (Lightweight Directory Access Protocol) versions 2 and 3, Microsoft's version of Kerberos, and DNS.

ISO 27799: Directives on how to protect Protected Health Information (PHI).

A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. Ping (ICMP) is a layer 3 protocol.

Redundant site: Complete identical site to our production, receives a real time copy of our data. Power, HVAC, Raised floors, generators, … If our main site is down the redundant site will r automatically have all traffic fail over to the redundant site. The redundant site should be geographically distant, and have staff at it. By far the most expensive recovery option, end users will never notice the failover.

Internet/Internetwork layer is responsible of sending packets across potentially multiple networks. Requires sending data from the source network to the destination network (routing). The Internet Protocol performs two basic functions: Host addressing and identification: This is done with a hierarchical IP addresses. Packet routing: Sending the packets of data (datagrams) from the source to the destination by forwarding them to the next network router closer to the final destination.

Gray (Grey) box (Partial Knowledge) Pen testing: The attacker has limited knowledge; is a normal user, vendor, or someone with limited environment knowledge.

RAM (Random access memory) would lose its data remanence after a few seconds to a few minutes after the loss of power.

The digital (computer) forensics process: Identify the potential evidence, acquire the evidence, analyze the evidence, make a report. We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs.

Digital forensics: The evidence we collect must be accurate, complete, authentic, convincing, admissible. Everything is documented. Chain of custody: who had it when? What was done? When did they do it? Pull the original, put it in write protected machine, we make a hash. We only do examinations and analysis on bit level copies. We confirm they have the same hash as the original before and after examination.

A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.