book

Computer Security: Protecting Digital Resources

Name: Computer Security: Protecting Digital Resources
Author: Robert C Newman
ISBN: 9780763783051

by Robert C Newman

February 2009

Intermediate to advanced

453 pages

17h 40m

English

Jones & Bartlett Learning

Read now

Unlock full access

Book Cover
Title
Copyright
Contents (1/4)
Contents (2/4)
Contents (3/4)
Contents (4/4)
Preface
Part One: Basics and General Understanding
Chapter 1 Cyber Environment and Security Issues
Chapter ContentsIntroduction

An Historical Perspective
Security Concerns Today
Computer and Internet Environment IssuesValue of the ResourcePortability and SizePersonal Contact
Trusted Systems
Trusted and Untrusted Networks
The Cyber Environment
The Internet and the World Wide WebClient/Server Environment
Cybercrimes
Cyber-Terrorism
SteganographyInformation Warfare
Resource and Asset Protection
CryptanalysisCryptographyEncryption/Decryption
Content Management
Electronic Threats
Cyber Security Goals and Objectives
AvailabilityIntegrity
Confidentiality
Ethics
ISSA Code of Ethics
Intellectual Property ProtectionsCopyrightTrademarkTrade Secrets
Internet Access for Children
Pornography and Violence
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 2 Attacks, Threats, and Vulnerabilities
Chapter ContentsIntroduction
Threats
Threat Targets
Integrity ThreatDenial of Service ThreatDisclosure Threat
Attacks
Social EngineeringPhishingPharming
Phreaking
Virus ThreatsCountering the Virus ThreatVirus Control PoliciesSoftware DetectionEMail Viruses and WormsAn Ounce of PreventionComparing Virus, Worm, and Trojan Software
Combating Viruses, Worms, and Trojans
Vulnerabilities
Malicious AttacksWar DialersBrute Force AttackDictionary AttackMasqueradingEavesdroppingAddress SpoofingHijackers
Session Hijacking
Replay AttackManintheMiddle Attack
Other Security Breaches
Denial of ServiceDistributed Denial of ServiceBrowsingWiretappingBackdoor
Data Modifications
Additional Security ChallengesSpamHoaxSpyware and AdwareMalwareSpybotsCookies
Responding to Internet and Network Attacks
AntiVirus Software PackagesFirewalls
Network Intruders
HackersWeb Players
Malicious Tools
War DialerKeyloggers
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 3 Scams, Identity Theft, and Fraud
Chapter ContentsIntroduction
Scams and Scam Artists
Free PrizesPyramid Schemes and Chain LettersWork-at-Home OffersCharitiesJob AdvertisementsFree Credit ReportsCredit Information RequestsCheck CashingQuestionnaires
Protecting Personal Information
Credit Card Fraud Prevention TipsMonitor Credit Reports
Identity Theft
Avoid Becoming a Victim of Identity TheftContactsCredit Reporting AgenciesFederal Deposit Insurance Corporation
Check Verification Companies
Internet FraudInternet Fraud TipsNew SolutionsInternet Fraud StatisticsExploiting Children on the Web
Combating Identity Theft and Fraud
Awareness and EducationShop Online SafelySecurity on the Internet
Laws
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 4 Computer and Digital Assets Security
Chapter ContentsIntroduction
Property Theft Awareness
BurglariesStolen Computer and Networking Components
Educational Site Computer Security
Device SecurityAdministration SecurityHousing SecurityPrecautions
Carelessness
Security and Integrity for Internet UsersPasswordsFraudulent EMails and Letters
Physical Property Security
Physical Security for the Individual Computer and Network UserPhysical Security for the Data Center
Physical Security for the Database and Storage Devices
Preventing Damage to Physical AssetsFire HazardsWater DamageEarthquake Damage
Storm Damage
HumanInitiated DamagePhysical Security ControlsNetwork AccessMedia AccessData and Information SecurityDevice SecurityPhysical Access SecurityPersonnel SecurityCustomer SecurityVisitor Security
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Part Two: Computer Systems and Networks
Chapter 5 The Internet and Web Network Environment
Chapter ContentsIntroduction
The Internet
Wide Area NetworksWAN Access
Network Access Communication Devices
ModemModem and Access Server ConsiderationsDSUSplitter/DSLAMWireless Network Interface Card
World Wide Web (WWW), aka the Web
Web Threats
Intranet and Extranet Networks
Virtual Private Networks
Security Issues in Virtual Networks
TunnelingAuthenticationEncryptionIntegrity
Nonrepudiation
Content FilteringCompressionNetwork, Hardware, and Software ComponentsThreats to Network ComponentsThreats to Hardware ComponentsThreats to Software Components
Network Resource Access
IdentificationAuthenticationAccountingAuthorizationOneTime PasswordsPassword MaintenanceSecurity Cards
Internet Search Tools
BrowsersFile Transfer ProtocolTrivial File Transfer ProtocolGopherNewsgroupsTelnetBrowser Security
Software
Software IssuesElectronic Mail
EMail Security
Security in the NetworkSecurity IssuesInternet SecurityPrivacy on the InternetSecurity Services
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 6 Wired and Wireless Local Area Networks
Chapter Contentsintroduction
Local Area Network
Wired LAN Connectivity
Bus TopologyRing TopologyStar TopologyVLAN Described
Wireless LAN
Wireless LAN ConnectivityAccess PointsRoaming
LAN Network Components (1/2)
Firewalls, Routers, and GatewaysFirewallsRoutersGatewayProxy Servers
LAN Network Components (2/2)
Demilitarized Zone and Bastion HostsServers and Workstations
Extranet and Intranet LAN Issues
Extranet Security
Intranet Security
Secure Protocols
Wireless Technologies
Biometric SystemsFinger ScanningFinger GeometryHand GeometryPalm ImagingRetina RecognitionIris ImagingFace RecognitionSignature Verification
Biometric Security
Wired LAN Security
LAN Network Management
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 7 Computer, Server, and Database Security Issues
Chapter ContentsIntroduction
Computer Systems
Historical OverviewMainframe Computer SystemMainframe ComponentsFrontEnd ProcessorControllersOperating SystemDirectoriesDisk TechnologyRAID Storage DevicesStorage Management
Client/Server Systems
Client/Server ComponentsServer IssuesServer SecurityServer Security Methods
Portable Computer and Electronic Devices
Database Management SystemData and Database Security
Data and Database Attacks
Inference ProblemAggregation ProblemSecurity Approaches
Access Rights
Protecting the Data and Database AssetIntegrity of Data and Database ElementsNIST Security GoalsBackup and Data ArchivingData and Database RestorationApplication Programming Interface
Software Threats
Voice Communication SystemsPrivate Branch ExchangeAutomatic Call DistributorsKey SystemsHybrid SystemsVoice Over IP SystemsVoice Security Issues
Physical Asset Protection
Natural DisastersVandals and Destructive IndividualsFire and Water DamagePower LossHeat and HumidityEnvironmental Safeguards Recap
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 8 ECommerce Security Mechanisms
Chapter ContentsIntroduction
ECommerce Environment
Electronic Commerce and Transactions
Secure Electronic Transaction
Securing Network TransactionsDigital Certificates and SignaturesCertificates and Certificate SystemsPublic and Private KeysDigital Envelopes
Data Security and Encryption
Symmetric EncryptionAsymmetric EncryptionHash Functions
ECommerce Security and Distributed Computing
Securing Electronic TransactionsSecurity Services
Financial Transactions
Payment ProtocolsSmart CardCredit Card TransactionsSET and ECommerce
Wireless LAN
Service Access PointsHotspotWireless Application ProtocolWar DrivingWar ChalkingCell Phone Security
Wireless LAN Security
Unauthorized AccessIntegrityDenial of ServiceInference and DeceptionVulnerabilities
Security Protocols
IPSec and ECommerce
ECommerce System Design Concerns
Security IssuesServer Access
Credit Cards
Maintenance and UpgradesDistributed Security and Privacy IssuesWireless NetworksSecurity and Privacy in Wireless Systems
Implementation Issues
ESecurity and EThieves
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Part Three: Security and Operations Administration
Chapter 9 Business Continuity and Disaster Recovery Planning
Chapter ContentsIntroduction
Security Goals and Objectives
AvailabilityConfidentiality
Protecting Assets and Resources
Infrastructure Security and Control
Physical Security
Access Security of Computer and Network Resources
Access Control for Internal PersonnelAccess Control for ContractorsAccess Control for Visitors
Theft Prevention Techniques
Guard SolutionLock SolutionElectronic SolutionBiometric Access Control
Security Cost Justification
Security Systems Design
Security Evaluation
Administration
Corporate Planning
Security Requirements Assessment
Maintaining Network Integrity
Network BaselineSecurity PoliciesHardware and Software StandardsUpgrade GuidelinesSecurity ThreatsSecuring Data Systems
Authentication Techniques
DialBack SystemsBiometrics
Token Authentication
Data ManagementData Backup and ArchivingData Migration and WarehousingData Resource Security
Protection Against Intruders
Theft ProtectionNatural Disaster Protection
Database and DBMS Protection
Documentation
Threat Assessment
Identifying Critical AssetsIdentifying Threat SourcesDeveloping the Risk AnalysisPrototyping the Solution
Documenting the Results
Gap AnalysisAuditing
Security Policy
Site Security Policy
Contingency Planing/Disaster Recovery
Continuity PlanDisaster PlanningContingency Planning
Preemptive Precautions
Disaster RecoveryDisaster Recovery Plan
Service Level Agreement
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 10 Intrusion Detection and Prevention
Chapter ContentsIntroduction
Computing Security Issues
Intrusion Detection
False Positives and False Negatives
Intrusion Detection SystemMisuse Detection Versus Anomaly DetectionPassive System Versus Reactive SystemHoneypot
Intrusion Detection System Configurations
NetworkBased Intrusion Detection System
HostBased Intrusion Detection System
Benefits of an Intrusion Detection System
Intrusion Detection Systems and Vendors
Intrusion Detection Tools
Intrusion Detection Decisions
Intrusion Prevention
Intrusion Prevention Systems
IPS and Application FirewallsIntrusion Detection and Prevention
System Processes
Stateful InspectionDeep Packet Inspection
Protocol Analysis
Intrusion Prevention System TypesHostBased Intrusion Prevention SystemsNetworkBased Intrusion Prevention SystemsRateBased Intrusion Prevention SystemsHost-Based Versus NetworkBased IPS Comparisons
Implementation Challenges
Requirements for Efective Prevention
Unquestionable Detection AccuracyReliability and Availability
Resilience
Low LatencyHigh PerformanceFineGrained Granularity and ControlAdvanced Alert Handling and Forensic Analysis CapabilitiesManagement and Administration Considerations
Organizations and Standards
Organizations
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 11 Problem Solving and Security Administration
Chapter ContentsIntroduction
The Need for Problem Solving
The Security Audit
Computer Security Audit
BaselineNetwork Management and Monitoring
Security Investigations
Incident ResponseComputer InvestigationsIntrusion DetectionMonitoringPreemptive ActivitiesComputer Security Organizations
Network Problem Solving
Collecting Information MethodologyTroubleshooting Documentation
Network Testing Support and Resources
Network Utilities and Software RoutinesTraceroute (tracert)PINGWHOISIPCONFIGPort scanSecurity Probes and Network Penetration Testing Tools
Security Tools
SnifferProtocol AnalyzerNetwork MonitoringNetwork Analyzers
Managing the Network
Network Management ToolsNetwork Management SystemNetwork Management System ElementsDatabase and DBMS Protection
Network Management and Control
MonitoringReportingControllingProtect Against IntrudersTheft ProtectionNatural Disaster Protection
Common Management Information Protocol
Accounting ManagementConfiguration ManagementFault ManagementPerformance Management
Security Management
Network Management Standards Organizations
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Part Four: Security Resources, Education, and Standards
Chapter 12 Security Solutions for Digital Resources
Chapter ContentsIntroduction
Understanding the Issues
Security Solution Categories
Companies Providing Security Solutions
Security System Procurement
Procurement Checklist for Security Systems
Security System Project Management
Requirements and ScopeThe Technical PlanResourcesEstimatesProject Management
Software Security Solutions
Security Products and Vendors
Quality Control Issues
System Evaluation Criteria
Develop In-House or Outsource
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 13 Standards, Specifications, and Protocols
Chapter ContentsIntroduction
Standards (1/2)
Open Systems InterconnectionStandards OrganizationsISO 17799ISO/IEC 27002Data Encryption Standard
Standards (2/2)
Advanced Encryption StandardDigital Signature StandardPayment Card Industry Standard
Request for Comments
ProtocolsTransmission Control Protocol/Internet ProtocolCommon Management Information ProtocolSimple Network Management ProtocolIP SecuritySimple Mail Transfer ProtocolHypertext Transfer ProtocolHypertext Transfer Protocol Over Secure Socket LayerSecure Hypertext Transfer ProtocolSecure Socket Layer
Specifications
International Data Encryption AlgorithmRivest, Shamir, and Adleman AlgorithmMessage Digest Algorithm 5Secure Hash AlgorithmCyclic Redundancy CheckSecure Electronic TransactionSOCKSPublicKey InfrastructurePretty Good PrivacyRainbow SeriesTrusted Computer System Evaluation Criteria/Orange BookThe Orange BookTrusted Network Interpretation/Red BookITU StandardsPhysical Interface Standards
Laws and Regulations
Federal Rules of Civil ProcedureSecurity Reform ActServerGated CryptographySarbanesOxley Regulation
HIPAA Privacy Regulation
FFIEC GuidelineChapter Summary
Key Terms
Security Review Questions
Research Activities
Chapter 14 Training, Certifications, and Careers
Chapter ContentsIntroduction
Security Certifications
Certification Programs
Training
Centers of ExcellenceNIST 800 Series PublicationsNSA National Centers of Academic Excellence
Security Organizations
SANSSANS Computer and Information Security TrainingComputer Security InstituteInfoSec Institute
Certificates
Trustwave CertificateCAPISCCompTIA Security+™ CertificationsCompTIA SecuritySANSCiscoNew Horizons Information SecurityITT Technical InstituteSecurity University
Computer Security Careers
Occupational OutlookSecurityRelated Career TitlesCareer and Certification TipsAmerican Society for Industrial SecurityCertified Protection Professional (CPP)ASIS InternationalProfessional Certified Investigator (PCI)Physical Security Professional (PSP)Association of Certified Fraud ExaminersCertified Fraud Examiner (CFE)BrainbenchBrainbench HIPAA (Security)Brainbench Information Technology Security FundamentalsBrainbench Internet Security (BIS)Brainbench Network Security (BNS)CERT®CompTIASecurity+Cyber Enforcement Resources, Inc.CERI Advanced Computer Forensic Examination (CERI-ACFE)CERI Advanced Computer System Security (ACSS)CERI Computer Forensic Examination (CFE)CyberSecurity InstituteCyberSecurity Forensic Analyst (CSFA)eBusiness Process SolutionsCertified Cyber-Crime(C3C) ExpertECCouncilCertified Ethical Hacker (CEH)Computer Hacking Forensic Investigator (CHFI)Espionage Research InstituteCertified Counterespionage and Information Security Manager (CCISM)Field Certified Professional AssociationField Certified Security Specialist (FCSS)Global Information Assurance CertificationGlobal Information Assurance Certification (GIAC)
High-Tech Crime Network Certifications
Certified Computer Crime Investigator—Basicand Advanced (CCCI)Certified Computer Forensic Technician—Basicand Advanced (CCFT)Information Systems Audit and Control AssociationCertified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Institute of Internal AuditorsCertification in Control Self-Assessment(CCSA)Certified Internal Auditor (CIA)International Association of Computer Investigative SpecialistsCertified Electronic Evidence Collection Specialist (CEECS)Certified Forensic Computer Examiner (CFCE)International Information Systems Forensics AssociationCertified Information Forensics Investigator (CIFI)International Webmasters’ Association (IWA)Certified Web Professional (CWP) Security SpecialistISCInformation Systems Security Architecture Professional (ISSAP)Information Systems Security Engineering Professional (ISSEP)Information Systems Security Management Professional (ISSMP)Systems Security Certified Practitioner (SSCP)Certified Information Systems Security Professional (CISSP)Key Computer ServiceCertified Computer Examiner (CCE)Learning Tree InternationalNetwork Security Certified Professional (NSCP)Prosoft Training, Inc.CIW Security AnalystCertified Internet Webmaster Security Professional (CIW-SP)
SANS
SANS GIAC Security Essentials Certification (GSEC)SANS GIAC Security Specialist CertificationsSecurity Certified ProgramSecurity Certified Network Architect (SCNA)Security Certified Network Professional (SCNP)Security UniversityAdvanced Information Security (AIS)
TruSecure ICSA Practitioner Certification
TruSecure ICSA Certified Security Associate (TICSA)Top 10 Benefits of a Security CertificationTruSecure ICSA Certified Security Associate (TICSA)
Chapter Summary
Key Terms
Security Review Questions
Research Activities
Appendices
Appendix A: Computer and Information Systems Security Review
Computer System Security Review (1/2)
Policies and ProceduresTrainingPersonnelData Integrity and SecurityComputer and Network AccessBuilding Equipment Rooms, Raised Floors, and ClosetsComputer and Networking EquipmentWiring and Cable PlantTrouble Reporting and MaintenanceSystem AdministrationOperational PerformanceContingency Planning and Disaster RecoveryIntrusion Detection and PreventionIdentity Theft and Fraud PreventionVoice Systems
Computer System Security Review (2/2)
Miscellaneous
Appendix B: Information Security (InfoSec) Acceptable Use Policy
1.0 Overview2.0 Pur pose3.0 Scope
4.0 Policy
4.1 General Use and Ownership4.2 Security and Proprietary Information4.3 Unacceptable UseSystem and Network ActivitiesE-Mail and Communications Activities
4.4 Blogging
5.0 Enforc ement6.0 Definitions6.1 Term Definition7.0 Revision History
Appendix C: Answers to Chapter Security Review Questions
Chapter 1Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Appendix D: Computer Security Acronyms
Appendix E: Internet Protocol Addresses
IPv4 Addressing Notation
IPv6 Addressing Notation
Appendix F: Security Applications and Solutions
SnortNessus
Honeyd
SamhainNetwork Attacks ProtectionSymantec
Internet Security Suite
Comprehensive Security SystemsStealthWatch
NetIQ
NovellConfiguration Audit and Control SystemsTripwire EnterpriseIntrusion
LogLogic
Check Point Software TechnologiesData Leak Prevention or Content Monitoring and FilteringSentry
EMail Encryption
Encrypted EMail ServerDatabase Activity Detection and MonitoringDatabase DefenderGuardiumIntrusion Detection and Prevention Systems (IDS/IPS) SystemsJuniper NetworksOSSECPreludeNetworkICEInternet Security SystemsTrustwaveCiscoSecureNetBro
Internet Security Systems (ISS)
Unified Network ManagementProviderNetwork TapsSecure Tap
Glossary (1/3)
Glossary (2/3)
Glossary (3/3)
Selected Bibliography
Index (1/2)
Index (2/2)

Content preview from Computer Security: Protecting Digital Resources

246 Chapter 9  Business Continuity and Disaster Recovery Planning

PROTECTION AGAINST INTRUDERS

Intruders can be described as unauthorized visitors who are not members of the normal user

community. These people can cause three problems, namely:

Theft.1.

Destruction of equipment, software, or data.2.

Viewing of sensitive data and information.3.

Intruders can use various methods to gain access to a computer or network facility. Access

can be physical or electronic, and there are methods to counter both. Intruders can be pre-

vented from accessing a LAN by ensuring that users protect passwords, log off when not at

the workstation, and take security seriously. There are operating system parameters that can

be set to limit time- of- day acce

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

Aaron Woland, Vivek Santuka, Mason Harris, Jamie Sanbower

Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security and Privacy for Non-Techies

Publisher Resources

ISBN: 9780763759940

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills