Cover image for Intranet security : stories from the trenches
Title:
Intranet security : stories from the trenches
Personal Author:
Publication Information:
Mountain View, CA : Sun Microsystems Press, 1998
ISBN:
9780138947590

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
30000003950205 TK5105.875.I6 M33 1998 Open Access Book Book
Searching...
Searching...
30000005027044 TK5105.875.I6 M33 1998 Open Access Book Book
Searching...

On Order

Summary

Summary

Illustrates security flaws that make corporate intranets easy targets for hackers with true stories of network administrators tracking intrusions and struggling with security problems. Each chapter details a real-world case and offers advice to prevent that particular situation. Includes a glossary, acronyms, and lists of vendors and organizations. Annotation copyrighted by Book News, Inc., Portland, OR


Table of Contents

1 Visitors in the Night
An Unwanted Guest
Day 1 A Nice Night for a Hack
Day 2 Out of Sight, Out of Mind
Day 3 The Hack is Back
Days 4 to 7 Waiting to Exhale
Day 8 Too Little, Too Late
Day 9 Just the Facts
Summary: It Can Come from Within
Let's Not Go There
Focus on Prevention
Prepare for the Worst
React Quickly and Decisively
Follow Up
Checklist
Final Words
2 The Bogus Box
Out-of-the-box Security
Day 1 False Security from a Box
Two Years Later: It Was Bound to Happen Eventually
+ Two Weeks
+ Three Weeks: No Quick Fix
The Saga Continues
A Disaster Awaits
Summary: Would You Hire this ISP?
Let's Not Go There
Know Your Risks
Avoid Out-of-the-box Installations
Audit Your Network
Know the People Who Know Your Data
Assign or Acquire Adequate Funding for Security
Don't Export Read/Write Permissions to the World
Remove Old Accounts
Forbid the Use of Crackable Passwords
Apply Security Patches
Follow Policies and Procedures
Get Help
Use Training
Checklist
Final Words
3 Executive Nightmare
Can You Hear Me At The Top?
Day 1 Not a Security Measure in Sight
A Year Later: The Hacks Continue
Summary: Take an Active Approach
Let's Not Go There
Commit to Security from the Top Down
Speak Softly and Act Loudly
Keep Levels of Management to a Minimum
Report Back! Set Security as a Management Goal
Provide or Take Training as Required
Make Sure that All Managers Understand Security
Check that System Administrators Communicate Needs Clearly
Checklist
Final Words
4 Controlling Access
The Never-ending Network
Day 1 An Ill Fated Plan for Outside Access
A Few Weeks Later: Dave's Big Mistake
The Next Day: Who's Job is Security, Anyway?
Over the Next 29 Days: And the Hacker Wanders Quietly
+ One Month: A Spot Audit Spots the Hacker
Audit Day 1 Follow the Network Map to Follow the Security Hole
Audit Day 2 An Unenforced Policy is a Useless Policy
The Last Audit Day: The Wrong Man for the Job is Worse than No Man for the Job
Summary: Close the Door to the Competition
Let's Not Go There
Use Standard Architecture Designs
Track External Connections
Take Responsibility for Your Territory
Require Approval for External Connections
Enforce Policies and Procedures
Disable Unnecessary Services
Stress the Importance of Training
Follow Through
Don't Connect Unsecured Systems to the Internet
Checklist
Final Words
5 What You Don't Know
Sink or Swim? Initial Contact: A Good Sign
Day 1 Don't Put Your Security Eggs in One Basket
Day 2 The Penetration Begins
Day 3 Sink or Swin Always Means Sink. Summary: Can't Afford the Power of Negative Training
Let's Not Go There
Have Management Send the Right Security Message
Educate Executive Management
Protect the Security Training Budget
Make Security a Management Requirement
Make Training a System Administrator Requirement
Attend Security Seminars
Have Brown Bag Lunches
Disseminate Security Information
Join Security Aliases
Write White Papers
Write for Newsletters
Develop Tools into Products
Checklist
Final Words
6 Risking the Corporation
Trauma Zone
Day 1 An Unscheduled Audit
A Game of Risk is a Game of Strategy
Phase One: Dress the
Part
Phase Two: Infiltrate Physical Security
Phase Three: A Walk Through the System Park
Day 2 Patient Records at Risk
Summary: Look Before You Leap
Let's Not Go There
Assess Risks. Classify Systems
Forbid Out-of-the-box Installations
Don't Be Too Trusting
Learn from the Past
Target Budget Cuts
Conduct Security Audits
Hold Management Accountable
Don't Set Yourself Up
Include Training in Right-sizing Budgets
Keep Score
Checklist
Final Words
7 Not My Job
Come On In, The Door's Open
Day 1 Why Can't We Lock the Hackers Out?
Day 2 The