Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010345568 | TK5102.85 S55 2014 | Open Access Book | Book | Searching... |
Searching... | 30000010285196 | TK5102.85 S55 2014 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Most introductory texts provide a technology-based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. By providing a strategy-based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. This understanding provides a basis for engineering and risk-management decisions in the defense of information.
Information security is a rapidly growing field, with a projected need for thousands of professionals within the next decade in the government sector alone. It is also a field that has changed in the last decade from a largely theory-based discipline to an experience-based discipline. This shift in the field has left several of the classic texts with a strongly dated feel.
Author Notes
Dr. Timothy J. Shimeall is a senior member of the technical staff with the CERT Division of the Software Engineering Institute, and an Adjunct Professor at the Heinz College, both of Carnegie Mellon University.
Jonathan M. Spring is a member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, Carnegie Mellon University, and an Adjunct Professor at the University of Pittsburgh.
Reviews 1
Choice Review
This work can best serve as a supplemental general resource to accompany a more-technical work on information security (IS). Shimeall and Spring (both, Carnegie Mellon Univ.) provide much relevant content, but their conversational writing style is not conducive to using the work as the sole textbook in an IS course. The authors' central purpose of focusing on strategy is readily apparent, and students will gain insight from this approach. The book contains 16 chapters and four parts: "Deception," "Frustration," "Resistance," and "Recognition/Recovery." This organization and the ideas presented are arranged logically to support IS fundamentals, with concepts usually clearly linked to each other. For the most part, students will be able to follow the authors' line of reasoning; overall, the text is well written and engaging. Discussions will keep students' attention, but there are some dry spots. Further, the end-of-chapter review questions and exercises are not particularly stimulating and will not necessarily help students apply knowledge gained from previous chapters to chapters that follow. The authors state in the introduction that the exercises are focused on understanding concepts, but including some practical hands-on exercises would have been useful. A glossary of terms would also have been helpful. Summing Up: Recommended. Lower-division undergraduates, two-year technical program students, faculty. C. W. Brown University of Baltimore
Table of Contents
Acknowledgments | p. xiii |
Introduction | p. xvii |
Chapter 1 Motivation and Security Definitions | p. 1 |
Introduction | p. 1 |
Information Security and its Motivation | p. 1 |
Terminology: Vulnerabilities of Software, Exploits, Malware, Intrusions, and Controls | p. 6 |
Security Risk Management | p. 11 |
How to use this Book | p. 15 |
By Security Strategy | p. 15 |
By Security Technology | p. 16 |
Summary | p. 16 |
References | p. 17 |
Chapter 2 Strategies and Security | p. 21 |
Introduction | p. 21 |
Security Strategies | p. 22 |
Attack Strategies | p. 22 |
Defense Strategies | p. 28 |
Deception | p. 29 |
Frustration | p. 31 |
Resistance | p. 32 |
Recognition and Recovery | p. 33 |
Security Controls | p. 35 |
Summary | p. 37 |
References | p. 37 |
Part 1 Deception | |
Chapter 3 Deception Strategies: Networks, Organization, and Structures | p. 43 |
Introduction | p. 43 |
How the Internet Works | p. 44 |
Deception and Network Organization | p. 48 |
Outsourcing | p. 51 |
Application Hosting | p. 53 |
Dynamic Addressing | p. 56 |
Summary | p. 57 |
References | p. 50 |
Chapter 4 Deception Strategies: Defensive Technologies | p. 61 |
Introduction | p. 61 |
Internet Protocols | p. 61 |
Proxies and Gateways | p. 64 |
Honeypots and Honeynets | p. 69 |
Tarpits | p. 73 |
Virtual Hosts | p. 75 |
Summary | p. 77 |
References | p. 77 |
Part 2 Frustration | |
Chapter 5 Frustration Strategies: Technical Controls | p. 83 |
Introduction | p. 83 |
Minimization Goals and Objectives | p. 84 |
Asymmetry in Information Security | p. 84 |
Host Hardening | p. 86 |
Disabling Services | p. 86 |
Importance of Disabling Services | p. 87 |
Local Intrusion Detection | p. 88 |
Service Wrappers | p. 89 |
Application Management | p. 90 |
Network Devices and Minimization | p. 91 |
Routers and Access Control Lists | p. 92 |
Firewalls | p. 94 |
Proxies | p. 95 |
Network Architecture and Frustration | p. 100 |
Summary | p. 102 |
References | p. 103 |
Chapter 6 Frustration Strategies: Formal Verification | p. 107 |
Introduction | p. 107 |
Formal Models and Model Verification | p. 108 |
Discretionary Models | p. 110 |
Confidentiality Models | p. 113 |
Integrity Models | p. 116 |
Limits of Formal Models | p. 117 |
Summary | p. 118 |
References | p. 118 |
Part 3 Resistance | |
Chapter 7 Resistance Strategies: Authentication and Permissions | p. 125 |
Introduction | p. 125 |
Authentication and Permission Goals and Objectives | p. 126 |
Authentication Methods | p. 126 |
Passwords | p. 127 |
A Brief Note on Cryptology | p. 131 |
Security Tokens | p. 132 |
Biometrics | p. 136 |
Authentication Systems | p. 138 |
Permissions and Access Control | p. 140 |
Agent-based Permissions | p. 141 |
Role-based Access Control | p. 143 |
Attacks | p. 144 |
Social Engineering and Phishing | p. 145 |
Password Cracking | p. 148 |
Summary | p. 150 |
References | p. 161 |
Chapter 8 Resistance Strategies: Symmetric Encryption | p. 155 |
Introduction | p. 155 |
Encryption Concepts | p. 156 |
Utility and Failings | p. 158 |
Symmetric Encryption | p. 159 |
Historic Ciphers | p. 159 |
Modern Ciphers | p. 165 |
File and Disk Encryption | p. 173 |
Asymmetric Encryption | p. 175 |
Key Management and Distribution | p. 177 |
Computer Identification | p. 179 |
Digital Certificates | p. 180 |
Transport Layer Security | p. 182 |
Steganography | p. 182 |
Summary | p. 184 |
References | p. 184 |
Chapter 9 Resistance Strategies: Partitioning and Need to Know | p. 187 |
Introduction | p. 187 |
Outsider and Insider Threat | p. 188 |
Internal Security Partitions | p. 190 |
Need to Know | p. 192 |
Policy Management | p. 194 |
Summary | p. 197 |
References | p. 197 |
Chapter 10 Change Management | p. 201 |
Introduction | p. 201 |
Change Management Versus Configuration Management | p. 203 |
Why Use Change and Configuration Management Systems | p. 204 |
Change Management Process | p. 207 |
Phase 1 Request for Change is Submitted to a Change Manager | p. 210 |
Phase 2 Change Manager Assesses the RFC | p. 210 |
Phase 3 Change Request is Forwarded to an IT Executive Committee for Approval | p. 211 |
Phase 4 Change Request is Passed to the Change Advisory Committee for Scheduling | p. 211 |
Phase 5 Change Request is Passed to the Change Implementers | p. 211 |
Phase 6 Change Process Evaluation | p. 212 |
Minor or Insignificant Change Process | p. 212 |
Automation of the Change Process | p. 214 |
Change Management and Security-Related Issues | p. 214 |
Change Management and Software Control issues | p. 214 |
Change Management Documentation | p. 215 |
Patch Management | p. 216 |
Security and Patch Information Knowledge | p. 218 |
Establishing Patch Priorities and Scheduling | p. 218 |
Patch Testing | p. 218 |
Patch Installation and Deployment | p. 219 |
Patch Audits | p. 219 |
Configuration Management System | p. 219 |
Configuration Management Example | p. 222 |
Software Configuration Management | p. 223 |
Configuration Management and Information Assurance | p. 224 |
Configuration Management and System Maintenance | p. 225 |
Automation of Configuration Management | p. 225 |
Network Configuration Management System | p. 227 |
Configuration Management Database | p. 228 |
Certification | p. 229 |
Summary | p. 229 |
References | p. 230 |
Part 4 Recognition/Recovery | |
Chapter 11 Network Analysis and Forensics | p. 235 |
Introduction | p. 235 |
Introduction to the OSI Model | p. 236 |
Analysis for Managers | p. 239 |
Flow-Level Analysis | p. 240 |
Metadata Analysis | p. 242 |
Application-Level Analysis | p. 243 |
Signature Analysis | p. 245 |
Full-Packet Capture | p. 246 |
Network Forensics | p. 247 |
Sensor Network Architecture | p. 249 |
Summary | p. 249 |
References | p. 250 |
Chapter 12 Recognition Strategies: Intrusion Detection and Prevention | p. 253 |
Introduction | p. 253 |
Why Intrusion Detection | p. 265 |
Network Intrusion Detection Pitfalls | p. 256 |
Fragmentation and IP Validation | p. 257 |
Application Reassembly | p. 259 |
Out-of-Band Problems | p. 259 |
Centrality Problems | p. 260 |
Base-rate Fallacy | p. 261 |
Modes of Intrusion Detection | p. 264 |
Network Intrusion Detection: Signatures | p. 264 |
Network Intrusion Detection: Anomaly Based | p. 267 |
Network Behavior Analyzers | p. 267 |
Wireless IDPS | p. 268 |
Network Intrusion Prevention Systems | p. 269 |
Summary | p. 271 |
References | p. 271 |
Chapter 13 Digital Forensics | p. 275 |
Introduction | p. 275 |
Uses of Digital Forensics | p. 275 |
Forensic Fundamentals | p. 276 |
General Forensic Principles | p. 276 |
Digital Forensic Process | p. 280 |
Hashing | p. 281 |
Types of Hashing Algorithms | p. 281 |
Uses of Hashing | p. 281 |
Technology | p. 282 |
Characteristics of Digital Evidence | p. 283 |
Inside the Host Machine | p. 285 |
Solid-State Drives | p. 287 |
Volatile versus Nonvolatile Memory | p. 288 |
File Systems | p. 289 |
How Magnetic Hard Drives Store Data | p. 290 |
Onsite Collections | p. 293 |
Documenting the Incident | p. 294 |
Photography | p. 295 |
Notes | p. 295 |
Marking Evidence | p. 295 |
Purpose of Cloning | p. 296 |
Cloning Process | p. 296 |
Live System versus Dead System | p. 297 |
Conducting and Documenting a Live Collection | p. 299 |
Final Report | p. 300 |
Organizational Preparedness | p. 301 |
Summary | p. 301 |
References | p. 301 |
Chapter 14 Recognition Strategies: Integrity Detection | p. 303 |
Introduction | p. 303 |
Checksums | p. 304 |
Parity Bits | p. 304 |
Repetition Codes | p. 305 |
Hamming Codes | p. 306 |
Cryptographic Integrity Detection | p. 307 |
Digital Signatures | p. 307 |
Rule-Based Integrity Checking | p. 311 |
Entity Integrity | p. 311 |
Referential Integrity | p. 312 |
Domain Integrity | p. 312 |
Content Comparisons | p. 312 |
An Example: GPS | p. 314 |
Summary | p. 315 |
References | p. 315 |
Chapter 15 Recovery of Security | p. 317 |
Introduction | p. 317 |
Emergency Management | p. 318 |
Recovery Priorities | p. 319 |
Building a Response Policy | p. 321 |
Recovery from Accidents: Continuity of Operations | p. 323 |
Recovery from Malicious Events | p. 324 |
Incident Handling | p. 326 |
CSIRTs | p. 327 |
Incidents | p. 329 |
Incorporating Lessons Learned | p. 332 |
Summary | p. 334 |
References | p. 334 |
Chapter 16 Professional Certifications and Overall Conclusions | p. 339 |
Introduction | p. 339 |
Professional Certifications | p. 339 |
Certified Information Systems Security Professional | p. 340 |
Global Information Assurance Certifications | p. 341 |
CERT Computer Security Incident Handler | p. 342 |
Certified Ethical Hacking | p. 342 |
Vendor-specific Certifications | p. 342 |
Other Certifications | p. 343 |
Critiques of Certification | p. 344 |
Tying the Pieces Together | p. 346 |
Where to Go from Here | p. 348 |
References | p. 350 |
Index | p. 353 |