Information Security Illuminated

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

ISBN: 9780763726775 | 076372677X
Cover: Paperback
Copyright: 12/23/2004

Rent

(Recommended)

$146.24

Term

Due

Price

Semester

Dec 12

$162.49

Quarter

Sep 4

$154.37

Short Term

Aug 13

$146.24

*This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping bag.
Buy Used

Usually Ships in 3-5 Business Days

$187.43
Buy New

Usually Ships in 3-5 Business Days

$260.05
eBook

Available Instantly

Online: 180 Days

Downloadable: 180 Days

*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

$173.56*

A comprehensive survey of the most current and critical information security practices, Information Security Illuminated is an excellent introduction to the fundamental concepts and applications for students and professionals alike. Key security concepts are discussed with clear, accessible language and reinforced by a large number of scenario-based exercises and practical review questions. Readers are then able to apply their knowledge through hands-on experience with computer security-related tools. Coverage begins with the basics of computer security (CIA and DAD triads, risk analysis, etc.), and moves quickly through to important, real-world topics such as access control methodologies, security principles and practices, business continuity planning and disaster recovery, firewalls, incident handling, and much more. In addition to providing the requisite material for a complete course in information security practices, the book can be used as a self-study guide for many of the basic security certifications.

Chapter 1 Introducing Computer and Network Security

(24)

1.1 Computer Security Basics

(5)

1.1.1 CIA Triad

(3)

1.1.2 DAD Triad

(2)

1.2 Introducing Networks

(1)

1.3 Threats to Society

(3)

1.3.1 Hackers

(1)

1.3.2 Malicious Code Objectives

(1)

1.3.3 The Malicious Insider

(1)

1.4 Risk Analysis

(5)

1.4.1 Identifying and Valuing Assets

(1)

1.4.2 Identifying and Assessing Risks

(2)

1.4.3 Managing Risks

(2)

1.5 Considering Security Tradeoffs

(1)

1.6 Policy and Education

(1)

1.7 Chapter Summary

(1)

1.8 Key Terms

(2)

1.9 Challenge Questions

(4)

1.10 Challenge Exercises

(1)

1.11 Challenge Scenarios

(2)

Chapter 2 Access Control Methodologies

(30)

2.1 Basics of Access Control

(3)

2.1.1 Subjects and Objects

(1)

2.1.2 Least Privilege

(1)

2.1.3 Controls

(1)

2.2 Access Control Techniques

(3)

2.2.1 Access Control Designs

(3)

2.3 Access Control Administration

(1)

2.3.1 Centralized Access Control

(1)

2.3.2 Decentralized Access Control

(1)

2.4 Accountability

(1)

2.5 Access Control Models

(4)

2.5.1 State Machine Model

(4)

2.6 Identification and Authentication Methods

(4)

2.6.1 Single Sign-On

(1)

2.6.2 Kerberos

(1)

2.7 File and Data Ownership

(1)

2.7.1 Data Owner

(1)

2.7.2 Data Custodian

(1)

2.7.3 Data User

(1)

2.8 Related Methods of Attacks

(2)

2.8.1 Brute Force Attack

(1)

2.8.2 Dictionary Attack

(1)

2.8.3 Spoofing Attack

(1)

2.9 Chapter Summary

(1)

2.10 Key Terms

(3)

2.11 Challenge Questions

(4)

2.12 Challenge Exercises

(1)

2.13 Challenge Scenarios

(2)

Chapter 3 General Security Principles and Practices

(28)

3.1 Common Security Principles

(5)

3.1.1 Separation of Privileges

(1)

3.1.2 Least Privilege

(1)

3.1.3 Defense in Depth

(1)

3.1.4 Security through Obscurity

(2)

3.2 Security Policies

(8)

3.2.1 Types of Security Policies

(4)

3.2.2 Implementing Policy

(3)

3.3 Security Administration Tools

(1)

3.3.1 Security Checklists

(1)

3.3.2 Security Matrices

(1)

3.4 Physical Security

(3)

3.4.1 Perimeter Protection/Access Controls

(1)

3.4.2 Electronic Emanations

(1)

3.4.3 Fire Protection

(1)

3.5 Personal Security

(1)

3.6 Chapter Summary

(1)

3.7 Key Terms

(1)

3.8 Challenge Questions

(3)

3.9 Challenge Exercises

(1)

3.10 Challenge Scenarios

(3)

Chapter 4 The Business of Security

(26)

4.1 Building a Business Case

(1)

4.2 Business Continuity Planning

(3)

4.2.1 Vulnerability Assessment

(1)

4.2.2 Implementing Controls

(1)

4.2.3 Maintaining the Plan

(1)

4.3 Disaster Recovery Planning

(7)

4.3.1 Selecting the Team

(1)

4.3.2 Building the Plan

(2)

4.3.3 Training and Testing

(3)

4.3.4 Implementing the Plan

(1)

4.3.5 Maintaining the Plan

(1)

4.4 Data Classification

(3)

4.4.1 Security Clearances

(1)

4.4.2 Need to Know

(1)

4.4.3 Classification Systems

(2)

4.5 Security Ethics

(1)

4.5.1 Monitoring

(1)

4.6 Computer Security Law

(2)

4.6.1 Electronic Communications Privacy Act (ECPA)

(1)

4.6.2 USA Patriot Act

(1)

4.6.3 Children's Online Privacy Protection Act (COPPA)

100

(1)

4.6.4 Health Insurance Portability and Accountability Act (HIPPA)

100

(1)

4.6.5 Gramm-Leach-Bliley Act

100

(1)

4.6.6 European Union Directive on Data Privacy

100

(1)

4.7 Chapter Summary

101

(1)

4.8 Key Terms

101

(1)

4.9 Challenge Questions

102

(4)

4.10 Challenge Exercise

106

(1)

4.11 Challenge Scenarios

106

(3)

Chapter 5 Cryptographic Technologies

109

(26)

5.1 Goals of Cryptography

110

(2)

5.1.1 Confidentiality

110

(1)

5.1.2 Integrity

110

(1)

5.1.3 Nonrepudiation

111

(1)

5.1.4 Authentication

111

(1)

5.2 Cryptographic Algorithms

112

(8)

5.2.1 Symmetric Algorithms

113

(4)

5.2.2 Asymmetric Algorithms

117

(2)

5.2.3 Symmetric Versus Asymmetric Cryptosystems

119

(1)

5.3 Digital Signatures

120

(2)

5.3.1 Signature Creation

120

(2)

5.3.2 Signature Verification

122

(1)

5.4 Digital Certificates

122

(2)

5.4.1 Certification Authorities

123

(1)

5.4.2 Certificate Generation

123

(1)

5.4.3 Certificate Verification

124

(1)

5.5 Chapter Summary

124

(1)

5.6 Key Terms

125

(1)

5.7 Challenge Questions

126

(4)

5.8 Challenge Exercises

130

(3)

5.9 Challenge Scenario

133

(2)

Chapter 6 Securing TCP/IP

135

(30)

6.1 Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP)

136

(12)

6.1.1 TCP/IP Protocols

136

(6)

6.1.2 Open Systems Interconnection Model

142

(6)

6.2 Anatomy of a Packet

148

(4)

6.2.1 Packet Header

149

(3)

6.2.2 Packet Payload

152

(1)

6.3 Internet Protocol Security (IPSec)

152

(2)

6.3.1 Protocols

153

(1)

6.3.2 Encryption Modes

154

(1)

6.4 Web Security

154

(2)

6.4.1 Secure Sockets Layer (SSL)

155

(1)

6.4.2 Secure-HTTP (HTTP-S)

155

(1)

6.5 Chapter Summary

156

(1)

6.6 Key Terms

157

(1)

6.7 Challenge Questions

158

(4)

6.8 Challenge Exercises

162

(2)

6.9 Challenge Scenario

164

(1)

Chapter 7 Handling Security Incidents

165

(26)

7.1 Attack Terms and Concepts

166

(3)

7.1.1 Types of Attacks

166

(3)

7.2 Understanding Security Incidents

169

(1)

7.3 Handling Security Incidents

169

(2)

7.3.1 Types of Incidents

170

(1)

7.4 Incident Management Methods and Tools

171

(2)

7.5 Maintaining Incident Preparedness

173

(1)

7.6 Using Standard Incident Handling Procedures

174

(1)

7.7 Postmortem: Learn from Experience

175

(1)

7.8 About Malicious Code

176

(1)

7.8.1 Viruses

176

(1)

7.8.2 Worms

176

(1)

7.8.3 Logic Bombs

177

(1)

7.8.4 Trojan Horses

177

(1)

7.8.5 Active Content Issues

177

(1)

7.9 Common Types of Attacks

177

(36)

7.9.1 Back Doors

177

(1)

7.9.2 Brute Force

178

(1)

7.9.3 Buffer Overflows

178

(1)

7.9.4 Denial of Service

179

(1)

7.9.5 Man-in-the-Middle

179

(1)

7.9.6 Social Engineering

179

(1)

7.9.7 System Bugs

179

(1)

7.10 Unauthorized Access to Sensitive Information

180

(1)

7.11 Chapter Summary

180

(2)

7.12 Key Terms

182

(1)

7.13 Challenge Questions

183

(4)

7.14 Challenge Exercises

187

(2)

7.15 Challenge Scenarios

189

(2)

Chapter 8 Firewall Security

191

(24)

8.1 Perimeter Security Devices

192

(5)

8.1.1 Routers

193

(2)

8.1.2 Proxies

195

(2)

8.1.3 Firewalls

197

(1)

8.2 Types of Firewalls

197

(3)

8.2.1 Hardware Versus Software Firewalls

198

(1)

8.2.2 Packet Filtering

198

(1)

8.2.3 Stateful Inspection

199

(1)

8.3 Firewall Topologies

200

(4)

8.3.1 Bastion Host

201

(1)

8.3.2 Screened Subnet

202

(1)

8.3.3 Dual Firewalls

203

(1)

8.4 Firewall Rulebases

204

(2)

8.4.1 Special Rules

205

(1)

8.5 Chapter Summary

206

(1)

8.6 Key Terms

206

(1)

8.7 Challenge Questions

207

(4)

8.8 Challenge Exercises

211

(2)

8.9 Challenge Scenario

213

(2)

Chapter 9 Operating System Security

215

(32)

9.1 Operating System Security Terms and Concepts

216

(1)

9.2 Organizing System Security

217

(2)

9.3 Built-in Security Subsystems and Mechanisms

219

(1)

9.4 System Security Principles and Practices

220

(1)

9.5 Windows Security Design

221

(2)

9.6 UNIX and Linux Security Design

223

(3)

9.7 System Backups

226

(1)

9.8 Typical System Security Threats

227

(2)

9.8.1 Bugs

227

(1)

9.8.2 Back Doors

228

(1)

9.8.3 Impersonation of Identity Threat

228

(1)

9.9 Keystroke Logging

229

(1)

9.10 Well Known Windows Risks

230

(2)

9.11 Well Known UNIX Risks

232

(2)

9.12 System Forensics: Scanning and Footprinting

234

(1)

9.13 The Security Auditor's Role

234

(1)

9.14 Assessing Security Risks

235

(1)

9.15 Chapter Summary

236

(1)

9.16 Key Terms

237

(1)

9.17 Challenge Questions

238

(4)

9.18 Challenge Exercises

242

(2)

9.19 Challenge Scenarios

244

(3)

Chapter 10 Securing Operating Systems

247

(28)

10.1 Security Maintenance Practices and Principles

248

(1)

10.2 Maintaining the Operating System: Patches, Fixes, and Revisions

249

(1)

10.3 Antivirus Software

250

(1)

10.4 Applying a Post-Install Security Checklist

251

(9)

10.4.1 Windows Checklist Elements

252

(8)

10.5 Understanding File System Security Issues

260

(2)

10.5.1 Securing NT File System (NTFS)

260

(1)

10.5.2 Windows Share Security

261

(1)

10.5.3 Securing UNIX File Systems

262

(1)

10.6 Understanding User Accounts and Passwords

262

(2)

10.6.1 Windows Account Security Mechanisms

263

(1)

10.6.2 UNIX Account Security Mechanisms

264

(1)

10.7 Checksums Catch Unauthorized Changes

264

(1)

10.8 Using System Logging Utilities

265

(1)

10.9 Chapter Summary

266

(1)

10.10 Key Terms

266

(2)

10.11 Challenge Questions

268

(3)

10.12 Challenge Exercises

271

(2)

10.13 Challenge Scenario

273

(2)

Chapter 11 Security Audit Principles and Practices

275

(28)

11.1 Configuring Logging

276

(7)

11.1.1 Determining What Should Be Logged

276

(2)

11.1.2 Determining How Long Logs Must Be Maintained

278

(1)

11.1.3 Configuring Alerts

279

(1)

11.1.4 Windows Logging

280

(2)

11.1.5 UNIX Logging

282

(1)

11.2 Analyzing Log Data

283

(3)

11.2.1 Profiling Normal Behavior

283

(1)

11.2.2 Detecting Anomalies

283

(2)

11.2.3 Data Reduction

285

(1)

11.3 Maintaining Secure Logs

286

(1)

11.4 Conducting a Security Audit

287

(5)

11.4.1 Audit Team

287

(1)

11.4.2 Audit Tools

287

(5)

11.4.3 Audit Results

292

(1)

11.5 Chapter Summary

292

(1)

11.6 Key Terms

293

(1)

11.7 Challenge Questions

294

(4)

11.8 Challenge Exercises

298

(2)

11.9 Challenge Scenarios

300

(3)

Chapter 12 Network and Server Attacks and Penetration

303

(22)

12.1 Security Control

304

(6)

12.1.1 Phases of Control

305

(2)

12.1.2 Methods of Taking Control

307

(3)

12.2 Recognizing Attacks

310

(4)

12.2.1 Common Points of Attack

310

(3)

12.2.2 Multifront Attacks

313

(1)

12.3 Auditing to Recognize Attacks

314

(3)

12.3.1 Malicious Code

314

(1)

12.3.2 System Bugs and Vulnerabilities

315

(1)

12.3.3 DoS Attacks

315

(1)

12.3.4 Illicit Nodes

315

(1)

12.3.5 Unwanted Control

316

(1)

12.4 Chapter Summary

317

(1)

12.5 Key Terms

318

(1)

12.6 Challenge Questions

318

(4)

12.7 Challenge Exercises

322

(1)

12.8 Challenge Scenarios

323

(2)

Chapter 13 Intrusion Detection Systems and Practices

325

(28)

13.1 Intrusion Detection Terms and Concepts

326

(2)

13.2 Dealing with Intruders

328

(2)

13.3 Detecting Intruders

330

(1)

13.4 Principles of Intrusion Detection Systems

331

(8)

13.4.1 The IDS Taxonomy

333

(1)

13.4.2 Using Rules and Setting Thresholds for Detection

334

(5)

13.5 Network-Based Versus Host-Based IDS

339

(2)

13.6 Choosing an Appropriate IDS

341

(1)

13.7 Security Auditing with an IDS

342

(1)

13.8 Chapter Summary

343

(1)

13.9 Key Terms

343

(2)

13.10 Challenge Questions

345

(3)

13.11 Challenge Exercises

348

(2)

13.12 Challenge Scenarios

350

(3)

Chapter 14 System Security Scanning and Discovery

353

(28)

14.1 Understanding Security Scanning

354

(3)

14.1.1 Creating a List of Vulnerabilities

354

(1)

14.1.2 Selecting a Security Scanner Tool

355

(2)

14.2 Fingerprinting Utilities

357

(1)

14.3 Network- and Server-Discovery Tools

358

(2)

14.4 Fingerprinting IP Stacks

360

(2)

14.4.1 Share Scans

361

(1)

14.5 Telnet Inquiries

362

(2)

14.6 SNMP Vulnerabilities

364

(1)

14.7 TCP/IP Service Vulnerabilities

364

(2)

14.8 Simple TCP/IP Services

366

(2)

14.9 Understanding Social Engineering

368

(2)

14.10 Obtaining Security-Related Information Fraudulently

370

(1)

14.11 The Footprinting and Fingerprinting Drill (System Profiling)

371

(2)

14.12 Chapter Summary

373

(1)

14.13 Key Terms

374

(1)

14.14 Challenge Questions

374

(4)

14.15 Challenge Exercises

378

(1)

14.16 Challenge Scenarios

379

(2)

Appendix A Online Resources and Information

381

(6)

A.1 General Security Resources

381

(1)

A.2 Access Control Methodologies

382

(1)

A.3 General Security Principles, Practices, and Policies

382

(1)

A.4 Business Continuity Plans, Disaster Recovery Plans, Auditing, and Checklists

382

(1)

A.5 Encryption, Identification, and Authentication Technologies

383

(1)

A.6 Security Models

384

(1)

A.7 TCP/IP, Firewall, and Operating System Security

384

(1)

A.8 Attacks and Incident Management

385

(1)

A.9 System Security Scanning and Discovery

386

(1)

Appendix B Security Tools and Software

387

(6)

B.1 Antivirus Software and Spam Filters

387

(1)

B.1.1 Antivirus Software

387

(1)

B.1.2 Spam Filters

388

(1)

B.2 Biometrics

388

(1)

B.3 Cryptography

388

(1)

B.4 Firewalls

388

(1)

B.4.1 Hardware

389

(1)

B.4.2 Software

389

(1)

B.5 Intrusion Detection Systems

389

(1)

B.6 IP/Port Scanners

390

(1)

B.7 OS Fingerprint Utilities

390

(1)

B.8 Security Scanners

390

(1)

B.9 Vulnerability Scanners

391

(2)

Appendix C Securing Windows, Step-by-Step

393

(20)

C.1 Step 1: Ensuring Physical Security

393

(2)

C.1.1 Access to the Computer

394

(1)

C.1.2 Computer Visibility

394

(1)

C.1.3 Removable Storage Access

394

(1)

C.2 Step 2: Changing the Administrator Password

395

(1)

C.3 Step 3: Turning Off Simple File Sharing

396

(2)

C.4 Step 4: Changing/Creating Group Policy

398

(4)

C.5 Step 5: Disabling Unneeded or Unnecessary Services

402

(4)

C.6 Step 6: Filtering TCP/IP Connections (Firewall)

406

(3)

C.7 Step 7: Installing Antivirus Software

409

(1)

C.8 Step 8: Updating the Operating System

410

(1)

C.9 Summary

411

(2)

Appendix D Glossary

413

(20)

Index

433

Please wait while the item is added to your bag...

FREE SHIPPING

Rent More, Save More! Use code: BBRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Information Security Illuminated

Summary

Table of Contents

Supplemental Materials

FREE SHIPPING

Rent More, Save More! Use code: BBRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Information Security Illuminated

Summary

Table of Contents

Supplemental Materials

Digital License