Acknowledgments Foreword Preface Introduction Chapter 1 Introduction and Security Trends The Security Problem Security Incidents Threats to Security Security Trends Avenues of Attack The Steps in an Attack Minimizing Possible Avenues of Attack Types of Attacks Ghapter Review Chapter 2 General Security Concepts Basic Security Terminology Security Basics Access Control Authentication Security Models Confidentiality Models Integrity Models Chapter Review Chapter 3 Operational/Organizational Security Security Operations in Your Organization Policies, Procedures, Standards, and Guidelines The Security Perimeter Physical Security Access Controls Physical Barriers Social Engineering Environment Fire Suppression Wireless Electromagnetic Eavesdropping Shielding Location Chapter Chapter 4 The Role of People in Security People--A Security Problem Poor Security Practices Social Engineering People as a Security Tool Security Awareness Chapter Review Chapter 5 Cryptography Algorithms Hashing SHA Message Digest (MD) Hashing Summary Symmetric Encryption DES 3DES AES CAST RC Blowfish IDEA Symmetric Encryption Summary Asymmetric Encryption RSA Diffie-Hellman EIGamal ECC Asymmetric Encryption Summary Usage Confidentiality Integrity Nonrepudiation Authentication Digital Signatures Key Escrow Chapter Review Chapter 6 Public Key Infrastructure The Basics of Public Key Infrastructures Certificate Authorities Registration Authorities Local Registration Authorities Certificate Repositories Trust and Certificate Verification Digital Certificates Certificate Attributes Certificate Extensions Certificate Lifecycles Centralized or Decentralized Infrastructures Hardware Storage Devices Private Key Protection Key Recovery Key Escrow Public Certificate Authorities In-House Certificate Authorities Outsourced Certificate Authorities Tying Different PI(Is Together Trust Models Certificate Usage Chapter Review Chapter 7 Standards and Protocols PKIX/PKCS PKIX Standards PKCS Why You Need to Know X.509 SSL/TLS ISAKMP CMP XKMS S/MIME IETFS/MIME v3 Specifications PGP How It Works Where Can You Use PCP? HTFPS IPSec CEP FIPS Common Criteria (CC) WTLS WEP WEP Security Issues ISO 17799 Chapter Review Chapter 8 The Impact of Physical Security on Network Security The Problem Physical Security Safeguards Policies and Procedures Access Controls Authentication Chapter Review Chapter 9 Network Fundamentals Network Architectures Network Topology Network Protocols Packets TCP vs. UDP ICMP Packet Delivery Local Packet Delivery Remote Packet Delivery Subnetting Network Address Translation Chapter Review Chapter 10 Infrastructure Security Devices Workstations Savers Network Interface Cards (NICs) Hubs Bridges Switches Routers Firewalls Wireless Modems RAS Telecom/PBX VPN IDS Network Monitoring/Diagnostic Mobile Devices Media Coax UTP/STP Fiber Unguided Media Security Concerns for Transmission Media Physical Security Removable Media Magnetic Media Optical Media Electronic Media Security Topologies Security Zones VLANs NAT Tunneling Ghapter Review Chapter 11 Remote Access The Remote Access Process Identification Authentication Authorization Telnet SSH L2TP and PPIp PPIP L2TP IEEE 802.11 VPN IPSec IPSec Configurations IPSec Security IEEE 802. Ix RADIUS RADIUS Authentication RADIUS Authorization RADIUS Accounting DIAMETER TACACS+ TACACS+ Authentication TAGACS+ Authorization TAGAGS+ Accounting Vulnerabilities Connection Summary Ghapter Review Chapter 12 Wireless and Instant Hessaging Wireless WAP and WTLS 802.11 Instant Messaging Chapter Review Chapter 13 Intrusion Detection Systems History of Intrusion Detectiion Systems IDS Overview Host-Based Intrusion Detection Systems Advantages of Host-Based IDSs Disadvantages of Host-Based IDSs Active vs. Passive Host-Based IDSs Network-Based Intrusion Detection Systems Advantages of a Network-Based IDS Disadvantages of a Network-Based 1DS Active vs. Passive Network-Based IDSs Signatures False Positives and Negatives IDS Models Preventative Intrusion Detection Systems IDS Products and Vendors Honeypots Incident Response Ghapter Review Chapter 14 Security Baselines Oven, Jew Baselines Password Selection Password Polio/Guidelines Selecting a Password Components of a Good Password Password Aging Operating System and Network Operating System Hardening Hardening Microsoft Operating Systems Hardening UNIX-or Linux-BaSed Operating Systems Network Hardening Software Updates Device Configuration Ports and Services Traffic Filtering Application Hardening Application Patches Web Servers Mall Servers FIP Servers DNS Servers File and Print Services Active Directory Chapter Review Chapter 15 Attacks and Malware Attacking Computer Systems and Networks DeniM-of-Service Attacks Backdoors and Trapdoors Sniffing Spoofing Man-in-the-Middle Attacks Replay Attacks TCP/IP Hijacking Attacks on Encryption Password Guessing Software Exploitation Wardialing and WarDriving Social Engineering Malware Auditing Chapter Review Chapter 16 E-mail Security of E-mail Transmissions Malidous Code Hoax E-mails Unsolicited Commercial E-mail (Spare) Mail Encrypfon Chapter Review Chapter 17 Web Components Current Web Components and Concerns Protocols Encryption (SSL and TLS) The Web (HTTP and HTIPS) Web Services Directory Services (DAP and LDAP) File Transfer (FIT and SFTP) Vulnerabilities Code-Based Vulnerabilities Buffer Overflows Java and IavaScript ActiveX CGI Server-Side Scripts Cookies Signed Applets Browser Plug-Ins Chapter Review Chapter 18 Software Development The Software EngineeeingProcess Process Models ROI and Error Correction Secure Code Techniques Good Practices Requirements Testing Chapter Review Chapter 19 Disaster Recovery, Business Continuity, and Organizational Policies Disaster Recovery Disaster Recovery Plans/Process Backups Utilities Secure Recovery High Availability and Fault Tolerance Computer Incident Response Teams Test, Exercise, and Rehearse Policies and Procedures Security Policies Privacy Service Level Agreements Human Resources Policies Code of Ethics Incident Response Policies Chapter Review Chapter 20 Risk Management An Overview of Risk Management Macro-Level Example of Risk Management International Banking Key Terms Essential to Understanding Risk Management What Is Risk Management? Business Risks Examples of Business Risks Examples of Technology Risks Risk Management Models General Risk Management Model Software Engineering Institute Model Qualitatively Assessing Risk Quantitatively Assessing Risk Qualitative vs. Quantitative Risk Assessmem Tools Chapter Review Chapter 21 Change Management Why Change Management? The Key Concept: Segregation of Duties Elements of Change Management Implementing Change Management The Purpose of a Change Control Board Code Integrity The Capability Maturity Model Chapter Review Chapter 22 Privilege Management User, Group, and Role Management User. Groups Role Single Sign-On Centralized vs. Decentralized Management Centralized Management Decentralized Management The Decentralized, Gentralized Model Auditing (Privilege, Usage, and Escalation) Privilege Auditing Usage Auditing Escalation Auditing Handling Access Control (MAC, DAC, and RBAC) Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Chapter Review Chapter 23 Computer Forensics Evidence Standards for Evidence Types of Evidence Three Rules Regarding Evidence Collecting Evidence Acquiring Evidence Identifying Evidence Protecting Evidence Transporting Evidence Storing Evidence Conducting the Investigation Chain of Custody Free Space vs. Slack Space Free Space Slack Space What's This Message Digest and Hash? Analysis Chapter Review Chapter 24 Security and Law Import/Export Encryption Restrictions United States Law Non-U.S. Laws Digital Signature Laws Non-U.S. Laws Digital Rights Management Privacy Laws United States Laws European Laws Computer Trespass Convention on Cybercrime Ethics Chapter Review Glossary Index
鄂公網(wǎng)安備 42010302001612號 