Title:
Intranet security : stories from the trenches
Personal Author:
Publication Information:
Mountain View, CA : Sun Microsystems Press, 1998
ISBN:
9780138947590
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000003950205 | TK5105.875.I6 M33 1998 | Open Access Book | Book | Searching... |
Searching... | 30000005027044 | TK5105.875.I6 M33 1998 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Illustrates security flaws that make corporate intranets easy targets for hackers with true stories of network administrators tracking intrusions and struggling with security problems. Each chapter details a real-world case and offers advice to prevent that particular situation. Includes a glossary, acronyms, and lists of vendors and organizations. Annotation copyrighted by Book News, Inc., Portland, OR
Table of Contents
1 Visitors in the Night |
An Unwanted Guest |
Day 1 A Nice Night for a Hack |
Day 2 Out of Sight, Out of Mind |
Day 3 The Hack is Back |
Days 4 to 7 Waiting to Exhale |
Day 8 Too Little, Too Late |
Day 9 Just the Facts |
Summary: It Can Come from Within |
Let's Not Go There |
Focus on Prevention |
Prepare for the Worst |
React Quickly and Decisively |
Follow Up |
Checklist |
Final Words |
2 The Bogus Box |
Out-of-the-box Security |
Day 1 False Security from a Box |
Two Years Later: It Was Bound to Happen Eventually |
+ Two Weeks |
+ Three Weeks: No Quick Fix |
The Saga Continues |
A Disaster Awaits |
Summary: Would You Hire this ISP? |
Let's Not Go There |
Know Your Risks |
Avoid Out-of-the-box Installations |
Audit Your Network |
Know the People Who Know Your Data |
Assign or Acquire Adequate Funding for Security |
Don't Export Read/Write Permissions to the World |
Remove Old Accounts |
Forbid the Use of Crackable Passwords |
Apply Security Patches |
Follow Policies and Procedures |
Get Help |
Use Training |
Checklist |
Final Words |
3 Executive Nightmare |
Can You Hear Me At The Top? |
Day 1 Not a Security Measure in Sight |
A Year Later: The Hacks Continue |
Summary: Take an Active Approach |
Let's Not Go There |
Commit to Security from the Top Down |
Speak Softly and Act Loudly |
Keep Levels of Management to a Minimum |
Report Back! Set Security as a Management Goal |
Provide or Take Training as Required |
Make Sure that All Managers Understand Security |
Check that System Administrators Communicate Needs Clearly |
Checklist |
Final Words |
4 Controlling Access |
The Never-ending Network |
Day 1 An Ill Fated Plan for Outside Access |
A Few Weeks Later: Dave's Big Mistake |
The Next Day: Who's Job is Security, Anyway? |
Over the Next 29 Days: And the Hacker Wanders Quietly |
+ One Month: A Spot Audit Spots the Hacker |
Audit Day 1 Follow the Network Map to Follow the Security Hole |
Audit Day 2 An Unenforced Policy is a Useless Policy |
The Last Audit Day: The Wrong Man for the Job is Worse than No Man for the Job |
Summary: Close the Door to the Competition |
Let's Not Go There |
Use Standard Architecture Designs |
Track External Connections |
Take Responsibility for Your Territory |
Require Approval for External Connections |
Enforce Policies and Procedures |
Disable Unnecessary Services |
Stress the Importance of Training |
Follow Through |
Don't Connect Unsecured Systems to the Internet |
Checklist |
Final Words |
5 What You Don't Know |
Sink or Swim? Initial Contact: A Good Sign |
Day 1 Don't Put Your Security Eggs in One Basket |
Day 2 The Penetration Begins |
Day 3 Sink or Swin Always Means Sink. Summary: Can't Afford the Power of Negative Training |
Let's Not Go There |
Have Management Send the Right Security Message |
Educate Executive Management |
Protect the Security Training Budget |
Make Security a Management Requirement |
Make Training a System Administrator Requirement |
Attend Security Seminars |
Have Brown Bag Lunches |
Disseminate Security Information |
Join Security Aliases |
Write White Papers |
Write for Newsletters |
Develop Tools into Products |
Checklist |
Final Words |
6 Risking the Corporation |
Trauma Zone |
Day 1 An Unscheduled Audit |
A Game of Risk is a Game of Strategy |
Phase One: Dress the |
Part |
Phase Two: Infiltrate Physical Security |
Phase Three: A Walk Through the System Park |
Day 2 Patient Records at Risk |
Summary: Look Before You Leap |
Let's Not Go There |
Assess Risks. Classify Systems |
Forbid Out-of-the-box Installations |
Don't Be Too Trusting |
Learn from the Past |
Target Budget Cuts |
Conduct Security Audits |
Hold Management Accountable |
Don't Set Yourself Up |
Include Training in Right-sizing Budgets |
Keep Score |
Checklist |
Final Words |
7 Not My Job |
Come On In, The Door's Open |
Day 1 Why Can't We Lock the Hackers Out? |
Day 2 The |