Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000004727297 | TK5105.59 P36 2005 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Understand the total cost of ownership and return on investment for network security solutions *Understand what motivates hackers and how to classify threats *Learn how to recognize common vulnerabilities and common types of attacks *Examine modern day security systems, devices, and mitigation techniques *Integrate policies and personnel with security equipment to effectively lessen security risks *Analyze the greater implications of security breaches facing corporations and executives today *Understand the governance aspects of network security to help implement a climate of change throughout your organization *Learn how to qualify your organization's aversion to risk *Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI
Author Notes
Catherine Paquet is a freelancer in the field of internetworking and return on security investment. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP(tm)) and a Cisco Certified Network Professional (CCNP®). Her internetworking career started as a LAN manager; she then moved to MAN manager and eventually became the nationwide WAN manager. Catherine was also a certified Cisco Systems instructor with the largest Cisco® training partner, serving as the course director/ master instructor for security and remote access courses. Most recently she held the position of director of technical resources for Canada, where she was responsible for instructor corps and equipment offerings, including Cisco courses. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine has an MBA with a major in management information systems (MIS).
Catherine coauthored the Cisco Press books Building Scalable Cisco Networks, CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), and CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), Second Edition, and she edited Building Cisco Remote Access Networks.
Warren Saxe has an extensive background in profit and loss (P&L) management as general manager for a Fortune 1000 semiconductor distributor. As a top- and bottom-line-focused senior manager, he brings a unique perspective to this business decision maker oriented book. He applies an overriding business strategy to drive IT decisions by utilizing a value-driven approach. He has extensive background in sales management, marketing management, and demand creation fundamentals. He directed a large multidisciplinary team composed of managers, engineers, sales, and marketing professionals. He was responsible for strategic and tactical planning, and he negotiated directly with CxO-level executives, both internally and with customers across many industries. He is currently focusing in the areas of security governance, risk management, and return on security investment planning. He earned his degree at McGill University.
Table of Contents
Introduction |
I Vulnerabilities and Technologies |
1 Hackers and Threats |
Contending with Vulnerability |
Realizing Value in Security Audits |
Analyzing Hacking |
Assessing Vulnerability and Response |
Hackers: Motivation and Characteristics |
The Enemy Within: Maliciousness and Sloppiness |
Threats Classification |
The Future of Hacking and Security |
Summary |
End Notes |
2 Crucial Need for Security: Vulnerabilities and Attacks |
Recognizing Vulnerabilities |
Design Vulnerabilities Issues |
Human Vulnerability Issues |
Implementation Vulnerability Issues |
Categories of Attacks |
The Human Component in Attacks |
Reconnaissance Attacks |
Access Attacks |
Denial of Service Attacks |
Additional Common Attacks |
Footprinting |
Scanning and System Detailing |
Eavesdropping |
Password Attacks |
Impersonating |
Trust Exploitation |
Software and Protocol Exploitation |
Worms |
Viruses |
Trojan Horses |
Attack Trends |
Wireless Intrusions |
Wireless Eavesdropping |
Man-in-the-Middle Wireless Attacks |
Walk-By Hacking |
Drive-By Spamming |
Wireless Denial of Service |
Frequency Jamming |
The Hapless Road Warrior |
Social Engineering |
Examples of Social Engineering Tactics |
Summary of Attacks |
Cisco SAFE Axioms |
Routers Are Targets |
Switches Are Targets |
Hosts Are Targets |
Networks Are Targets |
Applications Are Targets |
Summary |
3 Security Technology and Related Equipment |
Virus Protection |
Traffic Filtering |
Basic Filtering |
Advanced Filtering |
Filtering Summary |
Encryption |
Encrypted VPNSSL Encryption |
File Encryption |
Authentication, Authorization, and Accounting: AAA |
Authentication |
Authorization |
Accounting |
Public Key Infrastructure |
From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems |
IDS Overview |
Network- and Host-Based IDSIPS Overview |
Target-Based IDS |
Content Filtering |
URL Filtering |
E-Mail Content Filtering |
Assessment and Audit |
Assessment Tools |
Audit Tools |
Additional Mitigation Methods |
Self-Defending Networks |
Stopping a Worm with Network-Based Application Recognition |
Automated Patch Management |
Notebook Privacy Filter |
Summary |
End Notes |
4 Putting It All Together: Threats and Security Equipment |
Threats, Targets, and Trends |
Lowering Risk Exposure |
Security Topologies |
SAFE Blueprints |
SAFE Architecture |
Using SAFE |
Summary |
II Human and Financial Issues |
5 Policy, Personnel, and Equipment as Security Enablers |
Securing the Organization: Equipment and Access |
Job Categories |
Departing Employees |
Password Sanctity |
Access |
Managing the Availability and Integrity of Operations |
Implementing New Software and Privacy Concerns |
Custom and Vendor-Supplied Software |
Sending Data: Privacy and Encryption Considerations |
Regulating Interactivity Through Information and Equipment Control |
Determining Levels of Confidentiality |
Inventory Control: Logging and Tagging |
Mobilizing the Human Element: Creating a Secure Culture |
Employee Involvement |
Management Involvement: Steering Committee |
Creating Guidelines Through the Establishment of Procedural Requirements |
Policy Fundamentals |
Determining Ownership |
Determining Rules and Defining Compliance |
Corporate Compliance |
User Compliance |
Securing the Future: Business Continuity Planning |
Ensuring a Successful Security Policy Approach |
Security Is a Learned Behavior |
Inviting the Unknown |
Avoiding a Fall into the Safety Trap |
Accounting for the Unaccountable |
Workflow Considerations |
Striving to Make Security Policies More Efficient |
Surveying IT Management |
The Need for Determining a Consensus on Risk |
Infosec Management Survey |
Infosec Management Quotient |
Summary |
6 A Matter of Governance: Taking Security to the Board |
Security-A Governance Issue |
Directing Security Initiatives |
Steering Committee |
Leading the Way |
Establishing a Secure Culture |
Securing the Physical Business |
Securing Business Relationships |
Securing the Homeland |
Involving the Board |
Examining the Need for Executive Involvement |
Elements Requiring Executive Participation |
Summary |
End Notes |
7 Creating Demand for the Security Proposal: IT Management's Role |
Delivering the Security Message to Executive Management |
Recognizing the Goals of the Corporation |
Knowing How the Organization Can Use ROP |
Understanding |