Contents
Foreword
Acknowledgments
Introduction
ix
xi
xiii
The Internet and Security
I. I The history of the Internet
1.2 TCP/IP: the nails of the Internet
2
13
2 The Security Review Process
2.1
2.2
2.3
2.4
2.5
2.6
Introduction
Review the state of the business
Analyze the technology being used
Risk analysis
Plans and policies
Implementation
39
40
41
45
49
52
61
Cryptography
3.1
3.2
3.3
3.4
The history
Key types
RSA: public and private key
PKI and business solutions
67
68
71
74
75
vi Contents
4
6
7
8
Secure Networks
4.1
4.2
4.3
4.4
TCP/IP and OSI
Denial-of-service attacks
Virtual private networks
Secure sockets layer
Protecting Your Intranet from the Extranet and Internet
5.1
5.2
5.3
5.4
5.5
5.6
5.7
So many choices!
Firewall product functional summaries
Firewall buyer's assessment form
Firewall vendors: Picking the products that are right for you
SSL network appliance overview
Secure access~SSL based extranet appliances
Understanding air gap-based filtering proxies and their
benefits when used for deploying web applications
Authentication and Authorization
6. I The basics
6.2 Authentication
6.3 Authorization
6.4 Smart cards
E-Commerce: Public Key Infrastructure
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
PKI and you
X.509
Certificate authority
Certification practice statement
Certificate revocation list
Key recovery
Lightweight directory access protocol
Public key cryptography standards
Public key infrastructure (X.509) standards
Messaging Security
8.1
8.2
8.3
Safe communication: Messaging
Junk mail
Keep it running
89
90
92
95
98
107
108
119
124
132
134
138
141
149
150
151
158
166
169
170
172
178
183
187
189
190
194
195
199
200
207
214
Contents vii
10
What Are We Doing Here?
9.1
9.2
9.3
9.4
9.5
Risk analysis
The threats
Technology security review
Control directory and environment risk table
Competitive asset
Disaster Recovery
10.1
10.2
10.3
10.4
10.5
10.6
Introduction
Incident handling requirements
Incident handling processes
Incident handling procedures
Incident handling team implementation
Disaster recovery and business continuity
Appendix I Security Tools
Appendix 2
The CERT Report
Glossary
References
Index
231
232
234
237
241
243
253
254
256
257
259
262
263
273
283
313
321
391
I Contents
This Page Intentionally Left Blank

Get Internet Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.