Network Security a Beginner's Guide, Third Edition

Name: Network Security a Beginner's Guide, Third Edition
Price: 7.26 USD
Availability: InStock
ISBN: 9780071795708

ISBN-10: 0071795707

ISBN-13: 9780071795708

Edition: 3rd 2013

Authors: Eric Maiwald

List price: $49.00

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $7.26

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Tap into network security smarts for the self-guided IT professional!Filled with invaluable lessons that it took the author years to learn,Network Security: A Beginner’s Guide, Third Editionprovides you with a thorough overview of network security, reinforced by sophisticated insider tips, best practices, and experienced practitioner know-how. You’ll build a rock-solid foundation in understanding and defending networks—from the most effective tools and resources to tested techniques for detecting even the most elusive vulnerabilities, as well as assessing proven threats.This complete yet concise guide is divided into four parts. Part 1: Information Security Basics covers the foundations of…

Book details

List price: $49.00
Edition: 3rd
Copyright year: 2013
Publisher: McGraw-Hill Education
Publication date: 10/16/2012
Binding: Paperback
Pages: 336
Size: 8.00" wide x 9.00" long x 1.00" tall
Weight: 1.188
Language: English



Acknowledgments


Introduction


About the Series



Information Security Basics



What is Information Security?


Where Sorcery Is Traded for Fallible, Manageable Realities


A Retrospective Look at Security


Define Security as a Process, Not as Point Products


And-virus Software


Access Controls


Firewalls


Smart Cards


Biometrics


Intrusion Detection and Prevention


Policy Management


Vulnerability Scanning


Encryption


Data Loss Prevention


Physical Security Mechanisms



Types of Attacks


Access Attacks


Snooping


Eavesdropping


Interception


How Access Attacks Are Accomplished


Modification Attacks


Changes


Insertion


Deletion


How Modification Attacks Are Accomplished


Denial-of-Service Attacks


Denial of Access to Information


Denial of Access to Applications


Denial of Access to Systems


Denial of Access to Communications


How Denial-of-Service Attacks Are Accomplished


Repudiation Attacks


Masquerading


Denying an Event


How Repudiation Attacks Are Accomplished



Hacker Techniques


A Hacker's Motivation


Challenge


Greed


Malicious Intent


Hacking Techniques


Bad Passwords


Open Sharing


Software Vulnerabilities


Network Hacking


Social Engineering


Denial-of-Service


Malicious Software


Methods of the Untargeted Hacker


Targets


Reconnaissance


Attack Methods


Use of Compromised Systems


Methods of the Targeted Hacker


Targets


Reconnaissance


Attack Methods


Use of Compromised Systems



Information Security Services


The Confidentiality Service


Confidentiality of Files


Confidentiality of Information in Transmission


Traffic Flow Confidentiality


Attacks That Can Be Prevented


The Integrity Service


Integrity of Files


Integrity of Information During Transmission


Attacks That Can Be Prevented


The Availability Service


Backups


Fail-Over


Disaster Recovery


Attacks That Can Be Prevented


The Accountability Service


Identification and Authentication


Audit


Attacks That Can Be Prevented



Groundwork



Policy


Why Policy Is Important


Defining What Security Should Be


Putting Everyone on the Same Page


The Various Policies Used by Organizations


Information Policy


Security Policy


Acceptable Use Policy


Internet Use Policy


E-mail Policy


User Management Procedures


System Administration Procedure


Backup Policy


Incident Response Procedure


Configuration Management Procedure


Design Methodology


Disaster Recovery Plans


Creating Appropriate Policy


Defining What Is Important


Defining Acceptable Behavior


Identifying Stakeholders


Defining Appropriate Outlines


Policy Development


Deploying Policy


Gaining Buy-In


Education


Implementation


Using Policy Effectively


New Systems and Projects


Existing Systems and Projects


Audits


Policy Reviews



Managing Risk


Defining Risk


Threat


Vulnerability


Consequences


Countermeasures


Measuring Risk


Probabilistic


Maximum Impact


A Hybrid Approach



The Information Security Process


Conducting an Assessment


Network


Physical Security


Policies and Procedures


Precautions


Awareness


People


Workload


Attitude


Adherence


Business


Assessment Results


Developing Policy


Choosing the Order of Policies to Develop


Updating Existing Policies


Implementing Security


Security Reporting Systems


Use-Monitoring


System Vulnerability Scans


Policy Adherence


Authentication Systems


Perimeter Security


Network Monitoring Systems


Encryption


Physical Security


Staff


Awareness Training


Employees


Administrators


Developers


Executives


Security Staff


Audits


Policy Adherence Audits


Periodic and New Project Assessments


Penetration Tests



Information Security Best Practices


Administrative Security Practices


Policies and Procedures


Resources


Responsibility


Education


Contingency Plans


Security Project Plans


Technical Security Practices


Network Controls


Malicious Code Protection


Authentication


Monitoring


Encryption


Patching Systems


Backup and Recovery


Physical Security


Making Use of ISO 27002


Key Concepts of the Standard


How This Standard Can Be Used



Network Security Technology



Perimeter Technology


Perimeters and Perimeter Policy Basics


Perimeter Controls


Routers


Firewalls


Network Intrusion Prevention Systems


Web Application Firewalls


Proxies and URL Filters


Data Loss Prevention


Anti-malware Controls


Virtual Private Networks


Physical Separation


Defense-in-Depth


Creating a Perimeter Architecture


DMZ Perimeter Architecture


Employee Perimeter Architecture



Monitoring Technology


The Purposes of Monitoring


Monitoring Technologies


Intrusion Detection Systems


Network Behavior Analysis


Network Forensics


System Logs


Application Logs


Vulnerability Scanning


Creating a Monitoring Architecture


Correlating Events


Separation of Duties



Encryption Technology


Basic Encryption Concepts


Encryption Terms


Attacks Against Encryption


Symmetric Key Encryption


Substitution Ciphers


One-Time Pads


Data Encryption Standard


Password Encryption


The Advanced Encryption Standard: Rijndael


Public Key Encryption


Diffie-Hellman Key Exchange


RSA


Other Public Key Algorithms


Digital Signatures


Secure Hash Functions


Key Management


Key Creation


Key Distribution


Key Certification


Key Protection


Key Revocation


Key Recovery


Trust in the Encryption System


Other Considerations


The Supporting Cast


Availability


Glossary


Index