CISSP 的問題

1. P144: Synchronous token device 可用 time and counter 做為身分驗證過程的核心部分.
 => 請問counter 的值怎麼進行同步(device and authentication server)
2. 可以帶字典進去
3. Lattice Mode p.277
4. 為什麼SQL 屬於 Session Layer? (P.382)

CISSP Note(Ch3 Access Control)

Authentication factors

what a person knows, has, or is
Biometrics: most effective and accurate methods of verifying identification.
Password: Passwords are the weakestform of authentication and can be easily sniffed as they travel over a network
Cognitive Password (感知密碼): fact- or opinion-based information used to verify an individual’s
identity. A user is enrolled by answering several questions based on her life experiences. Ex: mother's name, CAPTCHA

Access Control and Markup Languages

SPML(Service Provisioning Markup Language): allows for the exchange of provisioning data between applications, which could reside in one organization or many. SPML allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems.

SAML (Security Assertion Markup Language): allows the exchange of authentication and authorization data to be shared between security domains

XACML(Extensible Access Control Markup Language): used to express security policies and access rights to assets provided through web services and other enterprise applications

FRR, RAR, CER

Type I error (false rejection rate) => FRR

Type II error (false acceptance rate) =>FAR

crossover error rate (CER): represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the system’s accuracy. => 職越小準確性越高

The goal is to obtain low numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid.

digital signature

uses a private key to encrypt a hash value (message digest).

Authorization Creep

As employees work at a company over time and move from one department to another, they often are assigned more and more access rights and permissions.

Main Components in Kerberos

Key Distribution Center (KDC): holds all users’ and services’ secret keys. It provides an authentication service, as well as key distribution functionality.

ticket granting service (TGS) : A ticket is generated by TGS on the KDC and given to a

principal when that principal, let’s say a user, needs to authenticate to another principal, let’s say a print server.

Examples of Single Sign-On Technologies

Kerberos : use symmetric algorithm

SESAME: use symmetric and asymmetric algorithm

Security domains: Resources working under the same security policy and managed by the same group

Directory services: Technology that allows resources to be named in a standardized manner and access control to be maintained centrally

Thin clients: Terminals that rely upon a central server for access control, processing, and storage

Access Control Models

1. Discretionary Access Control (DAC): enables the owner of the resource to specify which subjects can access specific resources. The most common implementation of DAC is through ACLs, which are dictated and set by the owners and enforced by the operating system.

2. Mandatory Access Control(MAC): users do not have the discretion of determining who can access objects as in a DAC model.In most systems based upon the MAC model, a user cannot install software, change file permissions, add new users, etc. The system can be used by the user for very focused and specific purposes. The rules for how subjects access objects are made by the organization’s security policy, configured by the security administrator, enforced by the operating system, and supported by security technologies. 

3. Role -Based Access Control(RBAC): role is defined in terms of the operations and tasks the role

will carry out, whereas a DAC model outlines which subjects can access what objects based upon the individual user identity

在Adobe 開啟編譯文字功能

注釋 => 新增文字注釋

CISSP Note(CH2 Information Security Governance and Risk Management)

CIA

Availability

• Redundant array of inexpensive disks (RAID)

• Clustering

• Load balancing

• Redundant data and power lines

• Software and data backups

• Disk shadowing

• Co-location(用戶設備代管,客戶自已的網路服務主機搬到ISP機房去的服務) and off-site facilities

• Roll-back functions

• Fail-over configurations

 Integrity

• Hashing (data integrity)

• Configuration management (system integrity)

• Change control (process integrity)

• Access control (physical and technical)

• Software digital signing

• Transmission CRC functions

 Confidentiality

• Encryption for data at rest (whole disk, database encryption)

• Encryption for data in transit (IPSec, SSL, PPTP, SSH)

• Access control (physical and technical)

Security Definitions

vulnerability: lack of a countermeasure or a weakness in a countermeasure that is in place. It can be a software, hardware, procedural, or human weakness that can be exploited.

threat: any potential danger that is associated with the exploitation of a vulnerability.

risk:the likelihood of a threat agent exploiting a vulnerability and the corresponding

business impact.

Control Types

• Deterrent Intended to discourage a potential attacker

• Preventive Intended to avoid an incident from occurring

• Corrective Fixes components or systems after an incident has occurred

• Recovery Intended to bring the environment back to regular operations

• Detective Helps identify an incident’s activities and potentially an intruder

• Compensating Controls that provide an alternative measure of control

it is most productive to use a preventive model and then use detective, recovery, and corrective mechanisms to help support this model.

COSO and CobiT

COSO is a model for corporate governance, and CobiT is a model for IT governance.COSO deals more at the strategic level, while CobiT focuses more at the operational level.

ITIL (Information Technology Infrastructure Library)

the de facto standard of best practices for IT service management.

ISO/IEC27000 (Policy level, blueprints) -> COBIT (check list, control objective) -> ITIL (Operation)

CMMI

Level 0 -> Level 6

Nonexistent management -> Unpredictable processes -> Repeatable processes -> Defined processes ->Managed processes -> Optimized processes

SLE and ALE

SLE(single loss expectancy) = Asset Value × Exposure Factor (EF)

ALE (annual loss expectancy) = SLE × Annualized Rate of Occurrence (ARO)

Policies, Standards, Baselines, Guidelines, and Procedures

A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization

Standards refer to mandatory activities, actions, or rules. Standards can give a policy

its support and reinforcement in direction.

Baselines are also used to define the minimum level of protection required.

Guidelines are recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard does not apply. Guidelines can deal with the methodologies of technology, personnel, or physical security.

Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal.Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues.

CISSP Note(CH11 Security Operations)

QA/QC

   QA (Quality Assurance): 重點在於「監督」企業或專案的「流程」是否被適當遵循，以及流程有沒有改進的空間。

   QC (Quality Control): 重點在於「量測」專案產出是否符合當初訂定的品質標準。

Administratie Management

Separation of duties: a preventive measure that requires collusion to occur in order for someone to commit an act that is against policy.
Job rotate: helps identify fraudulent activities, and therefore can be considered a detective type of

control.
Least privilege and need to know
Mandatory vacations

Clipping Levels

predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious.

Change Control Process

1. Request for a change to take place

2. Approval of the change

3. Documentation of the change

4. Tested and presented

5. Implementation

6. Report change to management

Network and Resource Availability

Mean time between failures (MTBF): estimated lifespan of a piece of equipment. MTBF is calculated by the vendor of the equipment or a third party.This value is to know approximately when a particular device will need to be replaced.

Mean time to repair (MTTR): the amount of time it will be expected to take to get a device fixed and back into production.

RAID Levels

Penetration Testing Steps

1. Discovery: Footprinting and gathering information about the target

2. Enumeration: Performing port scans and resource identification methods

3. Vulnerability mapping: Identifying vulnerabilities in identified systems and resources

4. Exploitation: Attempting to gain unauthorized access by exploiting vulnerabilities

5. Report to management: Delivering to management documentation of test findings along with suggested countermeasures

Operational threats

1. disclosure (洩漏)

2. theft (竊取)

3. corruption (腐敗)

4. interruption (中斷)

5. destruction (破壞)

麥肯錫工作術

專案趕不上進度

內心想的不是「怎麼辦?來不及了！」 而是以正面積極的心態思考: 「該怎麼做才趕得上?」

問卷調查不算工作

只要是尚未成形的計畫，都不應該跟上司報告。因為麥肯錫認為，只有當你把所有過程都考慮周延後，才可能和價值沾上邊。

成為獨一無二的職人

麥肯錫人有一個特徵，那就是對別人的事情不太關心。意思是他們不在乎內部的人際關係，也不太會把同期進公司的夥伴當成競爭對手，他們關心的是「該怎麼做，才能讓工作產生更高的價值」。

他們工作的時候嚴以律己，擁有堅強的信念，並且一心追求高品質。他們不太喜歡出風頭，認為自己的評價端看「工作的結果」而定。

別只是解決眼前的問題

人們對於自己正在關注的事情，特別容易產生反應。因此，當我們聽對方說「這個部分有問題，請幫我解決」的同時，別忘了在腦中保留一塊空間，發揮批判性思考，想想「真正的問題有沒有可能在別的地方?」

參考書目

1. 麥肯錫新人培訓7堂課

CISSP Note(CH10 Software Development Security)

System Development Life Cycle

1. Initiation:Need for a new system is defined
   - Preliminary risk assessment

2. Acquisition/development: New system is either created or purchased
   - Security function requirement analysis
   - Security control development

3. Implementation: New system is installed into production environment
   - Inspection and acceptance
   - Security certification
   - Security accreditation

4. Operation/maintenance: System is used and cared for
   - Configuration management and control
   - Continuous monitoring

5. Disposal: System is removed from production environment
   - Media sanitization
   - Hardware and software disposal

certification and accreditation (C&A)

1.Certification (認證) : technical testing of a system. Established verification procedures are followed to ensure the effectiveness of the system and its security controls.

2. Accreditation (認可): he formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process.

Testing Types

1. Unit testing:programmers validate data structure, logic, and boundary conditions.

2. Integration testing: Verifying that components work together as outlined in design specifications.

3. Acceptance testing: Ensuring that the code meets customer requirements.

4. Regression testing: After a change to a system takes place, retesting to ensure functionality, performance, and protection.

Standard

1. CMMI: process improvement model
    Initial > Repeatable > Defined > Managed > Optimizing

2. WASC and OWASP: focus on integrating security into software development processes

3. BSI: focus of protecting critical infrastructure but can be used in any software development project

4. ISO/IEC 27034: general approach that is used more in the private industry

CORBA and ORBs

This standard defines the APIs, communication protocol, and client/server communication methods to allow heterogeneous applications written in different programming languages and run on various platforms to work together.

COM and DCOM

Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. 

Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network.Without DCOM, programmers would have to write much more complicated code to find necessary objects, set up network sockets, and incorporate the services necessary to allow communication.DCOM has been faded out and replaced with the .NET framework, which is mainly used for applications that run in Windows environments.

OLE DB

It provides a low level interface to link information across different databases, and provides

access to data no matter where they are located or how they are formatted.

The following are some characteristics of an OLE DB:

• It’s a replacement for ODBC, extending its feature set to support a wider variety of nonrelational databases, such as object databases and spreadsheets that do not necessarily implement SQL.

• A set of COM-based interfaces provide applications with uniform access to data stored in diverse data sources

• Because it is COM-based, OLE DB is limited to being used by Microsoft Windows–based client tools.

• A developer accesses OLE DB services through ActiveX Data Objects (ADO).

Relational Database Components

1. Data definition language (DDL): Defines the structure and schema of the database. The structure could mean the table size, key placement, views, and data element relationship. The schema describes the type of data that will be held and manipulated, and their properties. It defines the structure of the

database, access operations, and integrity procedures.

2. Data manipulation language (DML): Contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete commands).

3. Query language (QL):  Enables users to make requests of the database.

4. Report generator:  Produces printouts of data in a user-defined manner.

Database integrity

1. Semantic integrity:makes sure structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints, and operations that could adversely affect the structure of the database.

2. Referential integrity:all foreign keys reference existing primary keys.

3. Entity integrity: guarantees that the tuples are uniquely identified by primary key values.

two-phase commit

In transactional processes, many times a transaction will require that more than one database be updated during the process. The databases need to make sure each database is properly modified, or no modification takes place at all. When a database change is submitted by the user, the different databases initially store these changes temporarily. A transaction monitor will then send out a “pre-commit” command to each database. If all the right databases respond with an acknowledgment, then the monitor sends out a “commit” command to each database.

Polyinstantiation

enables a table that contains multiple tuples with the same primary keys, with each instance distinguished by a security level.

Tunneling Virus

attempts to install itself “under” the antivirus program. When the antivirus goes around doing its health check on critical files, file sizes, modification dates, and so on, it makes a request to the operating system to gather this information. Now, if the virus can put itself between the antivirus

and the operating system, when the antivirus sends out a command (system call) for this type of information, the tunneling virus can intercept this call. Instead of the operating system responding to the request, the tunneling virus responds with information that indicates that everything is fine and healthy and that there is no indication of any type of infection.

CISSP Note (CH9 Legal, Regulations, 9 Investigations, and Compliance)

Advanced Persistent Threat (APT).

   - The “advanced” aspect of this term pertains to the expansive knowledge, capabilities, and skill base of the APT.

   - The “persistent” component has to do with the fact that the attacker is not in a hurry to launch and attack quickly, but will wait for the most beneficial moment and attack vector to ensure that its activities go unnoticed.

Safe Harbor requirements

   - outlines how any entity that is going to move privacy data to and from Europe must go about protecting it.

   - Notice: Individuals must be informed that their data is being collected and about how it will be used.
   - Choice: Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
   - Onward Transfer: Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
   -Security: Reasonable efforts must be made to prevent loss of collected information.
   - Data Integrity: Data must be relevant and reliable for the purpose it was
collected for.
   - Access: Individuals must be able to access information held about them, and
correct or delete it if it is inaccurate.
   - Enforcement: There must be effective means of enforcing these rules.

Wassenaar Arrangement

Implements export controls for “Conventional Arms and Dual-Use Goods and Technologies.

Intellectual Property Laws

1. Trade Secret: A trade secret is something that is proprietary to a company and important for its

survival and profitability. An example of a trade secret is the formula used for a soft

drink, such as Coke or Pepsi.

2. Copyright: protects the right of an author to control the public distribution, reproduction, display, and adaptation of his original work. It protects the expression of the idea of the resource instead of the resource itself. People are provided copyright protection for life plus 50 years.

3. Trademark: A trademark is slightly different from a copyright in that it is used to protect a word,

name, symbol, sound, shape, color, or combination of these.Companies cannot trademark a number or common word. This is why companies create new names—for example, Intel’s Pentium and Standard Oil’s Exxon.

4. Patent: Patents are given to individuals or companies to grant them legal ownership of, and

enable them to exclude others from using or copying, the invention covered by the patent. The invention must be novel, useful, and not obvious.Usually 20 years from the date of approval

Personally Identifiable Information (PII)

Data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

Laws,Directions, and Regulation

1. Sarbanes-Oxley Act (SOX): SOX provides requirements for how companies must track, manage, and report on financial information. This includes safeguarding the data and guaranteeing its integrity

and authenticity.

2. Health Insurance Portability and Accountability Act (HIPAA): provide national standards and procedures for the storage,use, and transmission of personal medical information and healthcare data.

3. Gramm-Leach-Bliley Act of 1999 (GLBA): Requires financial institutions to develop privacy notices and give their customers the option to prohibit financial institutions from sharing their information with nonaffiliated third parties.

4. Computer Fraud and Abuse Act: It is the primary U.S. federal antihacking statute.This is the most widely used law pertaining to computer crimeand hacking.
5. Payment Card Industry Data Security Standard (PCI DSS): The PCI DSS applies to any entity that processes, transmits, stores, or accepts creditcard data.PCI DSS is a private-sector industry initiative. It is not a law. Noncompliance or violations of the PCI DSS may result in financial penalties or possible revocation of merchantstatus within the credit card industry, but not jail time.
6. Federal Information Security Management Act (FISMA):is a U.S. law that requires every federal agency to create, document, and implement an agency-wide security program to provide protection for the information and information systems.NIST 800-53 document, which outlines all of the necessary security controls that need to be in place to protect federal systems. This NIST document is used to help ensure compliance with FISMA.
7. USA Patriot Act (愛國者法案): Reduced restrictions on law enforcement agencies’ ability to search telephone, e-mail communications, medical, financial, and other records.

Incident Response Procedures

1. Triage

2. Investigation

3. Containment

4. Analysis

5. Tracking

6. Recovery

chain of custody

A history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court.

Evidence

1. Best Evidence:primary evidence used in a trial because it provides the most reliability.

An example of something that would be categorized as best evidence is an original signed contract.

2. Direct Evidence:can prove a fact all by itself and does not need backup information to

refer to.Direct evidence often is based on information gathered from a witness’s five senses.

3. Secondary Evidence: Oral evidence, such as a witness’s testimony, and copies of original documents are placed in the secondary evidence category. Computer-generated logs and documents might also constitute secondary rather than best evidence.

4. Circumstantial Evidence(旁證): can prove an intermediate fact that can then be used to deduce

or assume the existence of another fact. This type of evidence offers indirect proof and cannot be used as the sole evidence, 

5. Corroborative Evidence (佐證): Supporting evidence used to help prove an idea or point. It

cannot stand on its own but is used as a supplementary tool to help prove a primary piece of evidence.

6. Hearsay Evidence: pertains to oral or written evidence presented in court that is secondhand

and has no firsthand proof of accuracy or reliability.

Entrapment and Enticement

1. Entrapment: Persuade someone to commit a crime when the person otherwise had no intention to commit the crime. Entrapment is neither legal nor ethical. Entrapment does not prove that the suspect had the intent to commit a crime; it only proves she was successfully tricked.

2. Enticement: the person is determined to have broken a low or is intent on doing so.  Honeypot is one type of enticement.Enticement is legal and ethical.

A Few Different Attack Types

1. Salami:attacker commits several small crimes with the hope that the overall larger crime will go unnoticed.

2. Data Diddling: alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application.

3. Password Sniffing:sniffing network traffic with the hope of capturing passwords being sent between computers.

4. IP Spoofing: change the IP address within a packet to show a different address or, more commonly, use a tool that is programmed to provide this functionality for them.

5. Dumpster Diving: rummaging through a company or individual’s garbage for discarded documents, information, and other precious items that could then be used in an attack against that company or person.

6. Wiretapping: Most communications signals are vulnerable to some type of wiretapping or eavesdropping. It can usually be done undetected and is referred to as a passive attack.

7. Cybersquatting: someone purchases a domain name with the goal of hurting a company with a similar domain name or to carry out extortion.The United States has a law that deals with this issue (Anti-cybersquatting Consumer Protection Act (ACPA) laws U.S.C. § 1125 and U.S.C. § 1129) but many countries do not.

Code of Ethics (道德規範)

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.

2. Act honorably, honestly, justly, responsibly, and legally.

3. Provide diligent and competent service to principals.

4. Advance and protect the profession.

Reference: CISSP All in One. by Shon Harris.

CISSP Note (CH8 Business Continuity and 8 Disaster Recovery)

Offsite Location

   - alternate facilities: at least 5 miles away from the primary site
   - low-to-medium critical environments: 15 miles is recommended
   - critical operations:50 to 200 miles is recommended

Data Backup (692頁)

   - Full : restoration process is just one step,backup and restore processes could take a long time
   - Differential (差量備份): backs up the files that have been modified since the last full backup
   - Incremental (增量備份): backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0

High Availability (HA) (697頁) - ensure that some specific thing is always up and running

   - Redundancy: commonly built into the network at a routing protocol level.
   - Fault Tolerance: capability of a technology to continue to operate as expected even if something unexpected takes place (a fault).
   - Failover: if there is a failure that cannot be handled through normal means, then processing is “switched over” to a working system.

Due Care: 應有的注意

a company practiced common sense and prudent management and acted responsibly.
Due care pertains to acting responsibly and “doing the right thing.”. Due care ensures
that a minimal level of protection is in place in accordance with the best practice
in the industry.
Many times due diligence (data gathering) has to be performed so that proper due care (prudent actions) can take place.
未執行due care => Negligence (玩忽職守)

Due Diligence: 應有的努力 

the company properly investigated all of its possible weaknesses and vulnerabilities.
Due diligence is the act of gathering the necessary information so the best decision-
making activities can take place.

Cost Recover and Cost Disruption

Summary of BCP Plans

1. Business Resumption Plan

   - Address business procedures. Not IT focused.

2. Continuity Of Operation Plan (COOP)

   - Describe the procedures required to maintain operations during a disaster

3. IT Contingency Plan

   - Recovery a major application or general support system

4. Crisis Communication Plan

   - Disseminating status reports to personnel and he public

5. Cyber Incident Response Plan

   - Detect, respond to and limit consequences of malicious cyber incident

6. Disaster Recovery Plan

   - Recovery of capabilities at an alternative site

7. Occupant Emergency Plan

   - Minimize lost of life or injury and protecting properly damage in response to a physical threat

Recovery Strategy

1. MTD(Maximum tolerable downtime) => RTO + WRT
2. RTO(Recovery Time Objective):earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences
3. WRT(Work Recovery Time): RTO usually deals with getting the infrastructure and systems back up and running, and WRT deals with restoring data, testing processes
4. RPO(Recovery Point Objective):acceptable amount of data loss measured in time.

Testing Plan

1. Checklist Test (desk check test)
   - BCP are distributed to the different departments and functional areas for review.
2. Structured Walk-Through Test
   - each department or functional area come together
and go over the plan to ensure its accuracy.
3. Simulation Test
   - all employees who participate in operational and support functions, or their representatives, come
together to practice executing the disaster recovery plan based on a specific scenario.
4. Parallel Test
  - perform adequately at the alternate offsite facility.
5. Full-Interruption Test
   - The original site is actually shut down, and processing takes place at the alternate site.

Reference: CISSP All in One. by Shon Harris.

霍桑效應 (Hawthorne Effect)

當人知道自己被觀察後，會改變行為的傾向。所以，在管理上，只要給予員工額外的關注，員工就會更為努力，績效也會因此提升。

- 非經濟性的獎賞和懲罰才是激勵員工和提高員工滿意度的重要因素。

A project plan

A project plan should be developed that has the following
components:

• Objective-to-task mapping
• Resource-to-task mapping
• Workflows
• Milestones
• Deliverables
• Budget estimates
• Success factors
• Deadlines

巴菲特經商秘訣

1. 在動盪時保持鎮定
    - 不擔心每季財報數字的波動，比起穩穩賺進12%獲利，寧願選擇撐過震盪後獲得15%豐厚報酬
2. 堅持經營優質企業的價值觀
    - 只看長期報酬
3. 專注於目標
    - 有時甚麼都不做才是聰明人
4. 維持低成本
5. 獎金單純化
    - 獎金發放的原則應該是強況量身訂做，但必須維持單純，且能直接影響每日工作效率。
6.  遠離麻煩
    - 不管未來有多遙遠，最好排除所有可能的後患。
7. 公司估價被低估十別換股交易
8. 維持小規模
     - 規模過大，可能推累企業快速思考和改變的能力。
9. 保持好名聲
     - 20年建立的好名聲可以在5分鐘內毀於一旦，若銘記在心，就會做出聰明的選擇。

參考至: http://udn.com/NEWS/WORLD/WOR2/9062485.shtml

執行創新計劃的三個原則

1. 從非常小的市場開始壟斷

   - 做出區隔

2. 擴大相關市場規模

   - 創新的目標不該侷限在打垮現有對手, 應該以擴大市場的角度思考, 否則無法跳脫既有思維

3. 別直接挑戰大型競爭對手

Reference to Zero to One

CISSP Question List

Ch6:
  1. Why SQL is related to Session Layer in OSI Model?
  2. Why gateway is related to Application Layer in OSI Model? (P.623)

VM Ware Network Setting

If you use VM ware bridge mode and show the following message.

Take the following steps.

1. Go to network control panel.

2. Select the network device and click right button, Install VM ware tool.

3. After the installation, check "VMware Bridge Protocol.