| |
| |
Introduction | |
| |
| |
| |
Laying the Groundwork | |
| |
| |
| |
Why Do I Need Security? | |
| |
| |
The Importance of an Effective Security Infrastructure | |
| |
| |
People, Process, and Technology | |
| |
| |
What Are You Protecting Against? | |
| |
| |
Security as a Competitive Advantage | |
| |
| |
Choosing a Solution | |
| |
| |
Finding Security Employees | |
| |
| |
The Layered Approach | |
| |
| |
| |
Understanding Requirements and Risk | |
| |
| |
What Is Risk? | |
| |
| |
Embracing Risk | |
| |
| |
Information Security Risk Assessment | |
| |
| |
Assessing Risk | |
| |
| |
Insurance | |
| |
| |
| |
Security Policies and Procedures | |
| |
| |
Internal Focus Is Key | |
| |
| |
Policy Life Cycle | |
| |
| |
Developing Policies | |
| |
| |
Components of a Security Policy | |
| |
| |
Sample Security Policies | |
| |
| |
Procedures | |
| |
| |
| |
Understanding Basic Security Technologies | |
| |
| |
| |
Cryptography and Encryption | |
| |
| |
A Brief History of Cryptography | |
| |
| |
Cryptography Today | |
| |
| |
Hash Algorithms | |
| |
| |
Digital Signatures | |
| |
| |
e-Signature Law | |
| |
| |
Digital Certificates | |
| |
| |
Public Key Infrastructure (PKI) | |
| |
| |
Secure Sockets Layer (SSL) | |
| |
| |
Other Protocols and Standards | |
| |
| |
Pretty Good Privacy (PGP) | |
| |
| |
Other Uses of Encryption | |
| |
| |
| |
Authentication | |
| |
| |
Multifactor Authentication | |
| |
| |
Methods of Authentication | |
| |
| |
Single Sign-On | |
| |
| |
Centralized Administration Remains Elusive | |
| |
| |
| |
Building the Frame | |
| |
| |
| |
Network Architecture and Physical Security | |
| |
| |
Changing Network Architecture | |
| |
| |
Common Configurations | |
| |
| |
Anson, Inc. Architecture | |
| |
| |
Internal Architecture | |
| |
| |
VLANs | |
| |
| |
Physical Security | |
| |
| |
| |
Firewalls and Perimeter Security | |
| |
| |
Firewall Advances | |
| |
| |
Firewall Technologies | |
| |
| |
Firewall Features | |
| |
| |
The Best Firewall for You | |
| |
| |
Hardware Appliance Versus Software | |
| |
| |
In-House Versus Out-Source | |
| |
| |
Firewall Architectures | |
| |
| |
Which Architecture Will Work for You? | |
| |
| |
Configuring Your Firewall | |
| |
| |
Firewall Rules | |
| |
| |
Firewall Add-Ons | |
| |
| |
A Good Start | |
| |
| |
| |
Intrusion Detection | |
| |
| |
What Are Intrusion Detection Systems? | |
| |
| |
Categories of Intrusion Analysis | |
| |
| |
Characteristics of a Good Intrusion Detection System | |
| |
| |
Errors | |
| |
| |
Categories of Intrusion Detection | |
| |
| |
Separating the Truth from the Hype | |
| |
| |
Network Architecture with Intrusion Detection | |
| |
| |
Managed Services | |
| |
| |
Problems with Intrusion Detection | |
| |
| |
Technologies Under Development | |
| |
| |
| |
Remote Access | |
| |
| |
Remote Access Users | |
| |
| |
Remote Access Requirements | |
| |
| |
Remote Access Issues | |
| |
| |
Remote Access Policies | |
| |
| |
Remote Access Technologies | |
| |
| |
Deploying and Supporting Remote Access | |
| |
| |
End-User Security | |
| |
| |
| |
Applications, Servers, and Hosts | |
| |
| |
| |
Host Security | |
| |
| |
Implementing Host Security | |
| |
| |
Understanding System Functions | |
| |
| |
Operating System (OS) Hardening | |
| |
| |
Security Monitoring Programs | |
| |
| |
System Auditing | |
| |
| |
| |
Server Security | |
| |
| |
OS Hardening Versus Server Security | |
| |
| |
Firewalls | |
| |
| |
Web Servers | |
| |
| |
E-Mail Servers | |
| |
| |
Databases | |
| |
| |
DNS Servers | |
| |
| |
Domain Controllers | |
| |
| |
Appliances | |
| |
| |
E-Mail Security | |
| |
| |
Policy Management | |
| |
| |
Policy Control | |
| |
| |
| |
Client Security | |
| |
| |
Locking Down Systems | |
| |
| |
Protecting Against Viruses | |
| |
| |
Protecting Against Malware | |
| |
| |
Microsoft Applications | |
| |
| |
Instant Messaging | |
| |
| |
| |
Application Development | |
| |
| |
Identifying Threats | |
| |
| |
Web Application Security | |
| |
| |
Prevention | |
| |
| |
Technology Tools and Solutions | |
| |
| |
| |
Review, Response, and Maintenance | |
| |
| |
| |
Security Maintenance and Monitoring | |
| |
| |
Security Is an Ongoing Process | |
| |
| |
Patches | |
| |
| |
Monitor Mailing Lists | |
| |
| |
Review Logs | |
| |
| |
Periodically Review Configurations | |
| |
| |
Managed Security Services | |
| |
| |
| |
Vulnerability Testing | |
| |
| |
How Does the Assessment Work? | |
| |
| |
When Are Vulnerability Assessments Needed? | |
| |
| |
Why Assess Vulnerability? | |
| |
| |
Performing Assessments | |
| |
| |
Data Interception | |
| |
| |
Password Cracking | |
| |
| |
Common Attacks | |
| |
| |
Taking Control | |
| |
| |
| |
Security Audits | |
| |
| |
Audit Overview | |
| |
| |
The Audit | |
| |
| |
Types of Audits | |
| |
| |
Analysis of an Audit | |
| |
| |
Surviving an Audit | |
| |
| |
The Cost of an Audit | |
| |
| |
Sample Audit Checklist | |
| |
| |
| |
Incident Response | |
| |
| |
Understanding Incident Management | |
| |
| |
Importance of CSIR Teams | |
| |
| |
Justifying a Response Team | |
| |
| |
Cost of an Incident | |
| |
| |
Assessing Your Needs | |
| |
| |
How to Use Your Assessment | |
| |
| |
Building an Incident Response Plan of Attack | |
| |
| |
When an Incident Occurs | |
| |
| |
The SANS Institute's Incident Response Plan | |
| |
| |
Analyzing an Attack | |
| |
| |
| |
Putting It All Together | |
| |
| |
| |
Integrating People, Process, and Technology | |
| |
| |
Your Security Infrastructure | |
| |
| |
How to Maintain a Successful Security Infrastructure | |
| |
| |
Security Awareness Training | |
| |
| |
Security ROI | |
| |
| |
Security Infrastructure Components | |
| |
| |
Interoperability and Management | |
| |
| |
Security Infrastructure Myths | |
| |
| |
| |
Trends to Watch | |
| |
| |
PDA | |
| |
| |
Peer-to-Peer Networks | |
| |
| |
Wireless LAN Security | |
| |
| |
Mobile Commerce | |
| |
| |
Honeypots | |
| |
| |
The Rewards Are Yours | |
| |
| |
| |
Resources | |
| |
| |
Antivirus | |
| |
| |
Apache Web Server | |
| |
| |
Authentication | |
| |
| |
Automated Scanning Tools for Security Analysis | |
| |
| |
Backup and Recovery | |
| |
| |
Buffer Overflows | |
| |
| |
Build/Buy Security Systems | |
| |
| |
Computer Crime | |
| |
| |
Cryptography and Encryption | |
| |
| |
Databases | |
| |
| |
Digital Certificates and E-Signatures | |
| |
| |
DNS Security | |
| |
| |
E-Mail Security | |
| |
| |
Exchange Server | |
| |
| |
File Encryption | |
| |
| |
Firewalls | |
| |
| |
Hiring Hackers | |
| |
| |
Host Security | |
| |
| |
Hubs and Switches | |
| |
| |
IIS Web Servers | |
| |
| |
Information Security Professionals | |
| |
| |
Instant Messaging | |
| |
| |
Intrusion Detection | |
| |
| |
Log Analysis | |
| |
| |
Malware | |
| |
| |
Managed Service Providers | |
| |
| |
Network Security | |
| |
| |
Personal Firewalls | |
| |
| |
Physical Security | |
| |
| |
Policy Management | |
| |
| |
Probability of Attack | |
| |
| |
Public Key Infrastructure (PKI) | |
| |
| |
Remote Access | |
| |
| |
Remote Management | |
| |
| |
Risk Management | |
| |
| |
Secure Shell (SSH) | |
| |
| |
Secure Sockets Layer (SSL) | |
| |
| |
Security Audits | |
| |
| |
Security Policies | |
| |
| |
Sendmail | |
| |
| |
Smart Cards | |
| |
| |
System Auditing | |
| |
| |
Technology Insurance | |
| |
| |
Terminal Services | |
| |
| |
Virtual Private Networks (VPNs) | |
| |
| |
VLANs | |
| |
| |
Vulnerability Scanners | |
| |
| |
Index | |