Title page
by John R. Vacca, John R. Vacca, John R. Vacca
Computer and Information Security Handbook
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedication
- Foreword
- Preface
- Acknowledgments
- About the Editor
- Contributors
- Part I: Overview of System and Network Security: A Comprehensive Introduction
- Chapter 1. Building a Secure Organization
- Chapter 2. A Cryptography Primer
- Chapter 3. Preventing System Intrusions
- Chapter 4. Guarding Against Network Intrusions
- Chapter 5. Unix and Linux Security
- Chapter 6. Linux and Unix Security
- Chapter 7. Internet Security
- Chapter 8. The Botnet Problem
- Chapter 9. Intranet Security
- 1. Plugging the Gaps: NAC and Access Control
- 2. Measuring Risk: Audits
- 3. Guardian at the Gate: Authentication and Encryption
- 4. Wireless Network Security
- 5. Shielding the Wire: Network Protection
- 6. Weakest Link in Security: User Training
- 7. Documenting the Network: Change Management
- 8. Rehearse the Inevitable: Disaster Recovery
- 9. Controlling Hazards: Physical and Environmental Protection
- 10. Know Your Users: Personnel Security
- 11. Protecting Data Flow: Information and System Integrity
- 12. Security Assessments
- 13. Risk Assessments
- 14. Conclusion
- Chapter 10. Local Area Network Security
- 1. Identify Network Threats
- 2. Establish Network Access Controls
- 3. Risk Assessment
- 4. Listing Network Resources
- 5. Threats
- 6. Security Policies
- 7. The Incident-Handling Process
- 8. Secure Design Through Network Access Controls
- 9. IDS Defined
- 10. NIDS: Scope and Limitations
- 11. A Practical Illustration of NIDS
- 12. Firewalls
- 13. Dynamic NAT Configuration
- 14. The Perimeter
- 15. Access List Details
- 16. Types of Firewalls
- 17. Packet Filtering: IP Filtering Routers
- 18. Application-layer Firewalls: Proxy Servers
- 19. Stateful Inspection Firewalls
- 20. NIDS Complements Firewalls
- 21. Monitor and Analyze System Activities
- 22. Signature Analysis
- 23. Statistical Analysis
- 24. Signature Algorithms
- Chapter 11. Wireless Network Security
- Chapter 12. Cellular Network Security
- Chapter 13. RFID Security
- Part II: Managing Information Security
- Chapter 14. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
- Chapter 15. Security Management Systems
- Chapter 16. Information Technology Security Management
- Chapter 17. Identity Management
- Chapter 18. Intrusion Prevention and Detection Systems
- 1. What is an “Intrusion,” Anyway?
- 2. Unauthorized Access by an Outsider
- 3. Malware Infection
- 4. The Role of the “0-Day”
- 5. The Rogue’s Gallery: Attackers and Motives
- 6. A Brief Introduction to TCP/IP
- 7. The TCP/IP Data Architecture and Data Encapsulation
- 8. Survey of Intrusion Detection and Prevention Technologies
- 9. Anti-Malware Software
- 10. Network-based Intrusion Detection Systems
- 11. Network-based Intrusion Prevention Systems
- 12. Host-based Intrusion Prevention Systems
- 13. Security Information Management Systems
- 14. Network Session Analysis
- 15. Digital Forensics
- 16. System Integrity Validation
- 17. Putting it all Together
- Chapter 19. Computer Forensics
- 1. What is Computer Forensics?
- 2. Analysis of Data
- 3. Computer Forensics in the Court System
- 4. Understanding Internet History
- 5. Temporary Restraining Orders and Labor Disputes
- 5. First Principles
- 6. Hacking a Windows XP Password
- 7. Network Analysis
- 8. Computer Forensics Applied
- 9. Testifying as an Expert
- 10. Beginning to End in Court
- Chapter 20. Network Forensics
- Chapter 21. Firewalls
- 1. Network Firewalls
- 2. Firewall Security Policies
- 3. A Simple Mathematical Model for Policies, Rules, and Packets
- 4. First-match Firewall Policy Anomalies
- 5. Policy Optimization
- 6. Firewall Types
- 7. Host and Network Firewalls
- 8. Software and Hardware Firewall Implementations
- 9. Choosing the Correct Firewall
- 10. Firewall Placement and Network Topology
- 11. Firewall Installation and Configuration
- 12. Supporting Outgoing Services Through Firewall Configuration
- 13. Secure External Services Provisioning
- 14. Network Firewalls for Voice and Video Applications
- 15. Firewalls and Important Administrative Service Protocols
- 16. Internal IP Services Protection
- 17. Firewall Remote Access Configuration
- 18. Load Balancing and Firewall Arrays
- 19. Highly Available Firewalls
- 20. Firewall Management
- 21. Conclusion
- Chapter 22. Penetration Testing
- 1. What is Penetration Testing?
- 2. How does Penetration Testing Differ from an Actual “Hack?”
- 3. Types of Penetration Testing
- 4. Phases of Penetration Testing
- 5. Defining What’s Expected
- 6. The Need for a Methodology
- 7. Penetration Testing Methodologies
- 8. Methodology in Action
- 9. Penetration Testing Risks
- 10. Liability Issues
- 11. Legal Consequences
- 12. “Get Out of Jail Free” Card
- 13. Penetration Testing Consultants
- 14. Required Skill Sets
- 15. Accomplishments
- 16. Hiring a Penetration Tester
- 17. Why Should a Company Hire You?
- 18. All’s Well that Ends Well
- Chapter 23. What Is Vulnerability Assessment?
- 1. Reporting
- 2. The “It Won’t Happen to Us” Factor
- 3. Why Vulnerability Assessment?
- 4. Penetration Testing Versus Vulnerability Assessment
- 5. Vulnerability Assessment Goal
- 6. Mapping the Network
- 7. Selecting the Right Scanners
- 8. Central Scans Versus Local Scans
- 9. Defense in Depth Strategy
- 10. Vulnerability Assessment Tools
- 11. Scanner Performance
- 12. Scan Verification
- 13. Scanning Cornerstones
- 14. Network Scanning Countermeasures
- 15. Vulnerability Disclosure Date
- 16. Proactive Security Versus Reactive Security
- 17. Vulnerability Causes
- 18. DIY Vulnerability Assessment
- 19. Conclusion
- Part III: Encryption Technology
- Chapter 24. Data Encryption
- 1. Need for Cryptography
- 2. Mathematical Prelude to Cryptography
- 3. Classical Cryptography
- 4. Modern Symmetric Ciphers
- 5. Algebraic Structure
- 6. The Internal Functions of Rijndael in AES Implementation
- 7. Use of Modern Block Ciphers
- 8. Public-key Cryptography
- 9. Cryptanalysis of RSA
- 10. Diffie-Hellman Algorithm
- 11. Elliptic Curve Cryptosystems
- 12. Message Integrity and Authentication
- 13. Summary
- References
- Chapter 25. Satellite Encryption
- Chapter 26. Public Key Infrastructure
- 1. Cryptographic Background
- 2. Overview of PKI
- 3. The X.509 Model
- 4. X.509 Implementation Architectures
- 5. X.509 Certificate Validation
- 6. X.509 Certificate Revocation
- 7. Server-based Certificate Validity Protocol
- 8. X.509 Bridge Certification Systems
- 9. X.509 Certificate Format
- 10. PKI Policy Description
- 11. PKI Standards Organizations
- 12. PGP Certificate Formats
- 13. PGP PKI Implementations
- 14. W3C
- 15. Alternative PKI architectures
- 16. Modified X.509 Architectures
- 17. Alternative Key Management Models
- Chapter 27. Instant-Messaging Security
- 1. Why Should I Care About Instant Messaging?
- 2. What is Instant Messaging?
- 3. The Evolution of Networking Technologies
- 4. Game Theory and Instant Messaging
- 5. The Nature of the Threat
- 6. Common IM Applications
- 7. Defensive Strategies
- 8. Instant-messaging Security Maturity and Solutions
- 9. Processes
- 10. Conclusion
- Chapter 24. Data Encryption
- Part IV: Privacy and Access Management
- Chapter 28. NET Privacy
- Chapter 29. Personal Privacy Policies
- 1. Introduction
- 2. Content of Personal Privacy Policies
- 3. Semiautomated Derivation of Personal Privacy Policies
- 4. Specifying Well-Formed Personal Privacy Policies
- 5. Preventing Unexpected Negative Outcomes
- 6. The Privacy Management Model
- 7. Discussion and Related Work
- 8. Conclusions and Future Work
- Chapter 30. Virtual Private Networks
- Chapter 31. Identity Theft
- Chapter 32. VoIP Security
- Part V: Storage Security
- Chapter 33. SAN Security
- 1. Organizational Structure
- 2. Access Control Lists (ACL) and Policies
- 3. Physical Access
- 4. Change Management
- 5. Password Policies
- 6. Defense in Depth
- 7. Vendor Security Review
- 8. Data Classification
- 9. Security Management
- 10. Auditing
- 11. Management Access: Separation of Functions
- 12. Host Access: Partitioning
- 13. Data Protection: Replicas
- 15. Encryption in Storage
- 16. Application of Encryption
- 17. Conclusion
- References
- Chapter 34. Storage Area Networking Security Devices
- Chapter 35. Risk Management
- Chapter 33. SAN Security
- Part VI: Physical Security
- Chapter 36. Physical Security Essentials
- 1. Overview
- 2. Physical Security Threats
- 3. Physical Security Prevention and Mitigation Measures
- 4. Recovery from physical security breaches
- 5. Threat Assessment, Planning, and Plan Implementation
- 6. Example: a Corporate Physical Security Policy
- 7. Integration of Physical and Logical Security
- References
- Chapter 37. Biometrics
- Chapter 38. Homeland Security
- Chapter 39. Information Warfare
- Chapter 36. Physical Security Essentials
- Part VII: Advanced Security
- Chapter 40. Security Through Diversity
- 1. Ubiquity
- 2. Example Attacks Against Uniformity
- 3. Attacking Ubiquity with Antivirus Tools
- 4. The Threat of Worms
- 5. Automated Network Defense
- 6. Diversity and the Browser
- 7. Sandboxing and Virtualization
- 8. DNS Example of Diversity Through Security
- 9. Recovery from Disaster is Survival
- 10. Conclusion
- Chapter 41. Reputation Management
- Chapter 42. Content Filtering
- Chapter 43. Data Loss Protection
- Chapter 40. Security Through Diversity
- Part VIII: Appendices
- Appendix A. Configuring Authentication Service on Microsoft Windows Vista
- Appendix B. Security Management and Resiliency
- Appendix C. List of Top Security Implementation and Deployment Companies
- Appendix D. List of Security Products
- Appendix E. List of Security Standards
- Appendix F. List of Miscellaneous Security Resources
- Appendix G. Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
- Appendix H. Configuring Wireless Internet Security Remote Access
- Adding the Access Points as RADIUS Clients to IAS
- Adding Access Points to the First IAS Server
- Scripting the Addition of Access Points to IAS Server (Alternative Procedure)
- Configuring the Wireless Access Points
- Enabling Secure WLAN Authentication on Access Points
- Additional Settings to Secure Wireless Access Points
- Replicating RADIUS Client Configuration to Other IAS Servers
- Appendix I. Frequently Asked Questions
- Appendix J. Glossary
- Index
Computer and Information Security Handbook
Edited by
John R. Vacca
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.