Muutke küpsiste eelistusi

Network Security A Beginner's Guide, Third Edition 3rd edition [Pehme köide]

3.74/5 (35 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 336 pages, kõrgus x laius x paksus: 231x191x18 mm, kaal: 583 g, 70 Illustrations
  • Sari: Beginner's Guide
  • Ilmumisaeg: 16-Nov-2012
  • Kirjastus: Osborne/McGraw-Hill
  • ISBN-10: 0071795707
  • ISBN-13: 9780071795708
Teised raamatud teemal:
Network Security A Beginner's Guide, Third Edition 3rd editionSuurem pilt
  • Formaat: Paperback / softback, 336 pages, kõrgus x laius x paksus: 231x191x18 mm, kaal: 583 g, 70 Illustrations
  • Sari: Beginner's Guide
  • Ilmumisaeg: 16-Nov-2012
  • Kirjastus: Osborne/McGraw-Hill
  • ISBN-10: 0071795707
  • ISBN-13: 9780071795708
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780071795708.html
Märksõnad:
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.Security Smarts for the Self-Guided IT ProfessionalDefend your network against a wide range of existing and emerging threats. Written by a Certified Information Systems Security Professional with more than 20 years of experience in the field, Network Security: A Beginner's Guide, Third Edition is fully updated to include thelatest and most effective security strategies.

You'll learn about the four basic types of attacks, how hackers exploit them, and how to implement information security services to protect information and systems. Perimeter, monitoring, and encryption technologies arediscussed in detail. The book explains how to create and deploy an effective security policy, manage and assess risk, and perform audits. Information security best practices and standards, including ISO/IEC 27002, arecovered in this practical resource.

Network Security: A Beginner's Guide, ThirdEdition features:





Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on theauthor's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to applynew skills and techniques at work
Acknowledgments xvii
Introduction xix
About The Series xxi
PART I Information Security Basics
1 What Is Information Security?
3(16)
Where Sorcery Is Traded for Fallible, Manageable Realities
4(9)
A Retrospective Look at Security
5(8)
Define Security as a Process, Not as Point Products
13(6)
Anti-virus Software
13(1)
Access Controls
13(1)
Firewalls
13(1)
Smart Cards
14(1)
Biometrics
15(1)
Intrusion Detection and Prevention
16(1)
Policy Management
16(1)
Vulnerability Scanning
16(1)
Encryption
17(1)
Data Loss Prevention
17(1)
Physical Security Mechanisms
17(2)
2 Types of Attacks
19(16)
Access Attacks
21(6)
Snooping
21(1)
Eavesdropping
22(1)
Interception
23(1)
How Access Attacks Are Accomplished
23(4)
Modification Attacks
27(2)
Changes
28(1)
Insertion
28(1)
Deletion
28(1)
How Modification Attacks Are Accomplished
28(1)
Denial-of-Service Attacks
29(3)
Denial of Access to Information
30(1)
Denial of Access to Applications
30(1)
Denial of Access to Systems
30(1)
Denial of Access to Communications
30(1)
How Denial-of-Service Attacks Are Accomplished
30(2)
Repudiation Attacks
32(3)
Masquerading
32(1)
Denying an Event
32(1)
How Repudiation Attacks Are Accomplished
32(3)
3 Hacker Techniques
35(44)
A Hacker's Motivation
37(3)
Challenge
37(1)
Greed
38(1)
Malicious Intent
39(1)
Hacking Techniques
40(21)
Bad Passwords
40(1)
Open Sharing
41(2)
Software Vulnerabilities
43(4)
Network Hacking
47(6)
Social Engineering
53(1)
Denial-of-Service
54(4)
Malicious Software
58(3)
Methods of the Untargeted Hacker
61(8)
Targets
61(1)
Reconnaissance
61(3)
Attack Methods
64(1)
Use of Compromised Systems
64(5)
Methods of the Targeted Hacker
69(10)
Targets
70(1)
Reconnaissance
70(4)
Attack Methods
74(2)
Use of Compromised Systems
76(3)
4 Information Security Services
79(18)
The Confidentiality Service
80(5)
Confidentiality of Files
81(1)
Confidentiality of Information in Transmission
82(2)
Traffic Flow Confidentiality
84(1)
Attacks That Can Be Prevented
85(1)
The Integrity Service
85(2)
Integrity of Files
86(1)
Integrity of Information During Transmission
87(1)
Attacks That Can Be Prevented
87(1)
The Availability Service
87(2)
Backups
88(1)
Fail-Over
88(1)
Disaster Recovery
89(1)
Attacks That Can Be Prevented
89(1)
The Accountability Service
89(8)
Identification and Authentication
90(1)
Audit
91(1)
Attacks That Can Be Prevented
92(5)
PART II Groundwork
5 Policy
97(32)
Why Policy Is Important
98(1)
Defining What Security Should Be
99(1)
Putting Everyone on the Same Page
99(1)
The Various Policies Used by Organizations
99(24)
Information Policy
100(3)
Security Policy
103(5)
Acceptable Use Policy
108(1)
Internet Use Policy
109(1)
E-mail Policy
110(1)
User Management Procedures
110(2)
System Administration Procedure
112(2)
Backup Policy
114(1)
Incident Response Procedure
115(3)
Configuration Management Procedure
118(1)
Design Methodology
119(2)
Disaster Recovery Plans
121(2)
Creating Appropriate Policy
123(2)
Defining What Is Important
123(1)
Defining Acceptable Behavior
124(1)
Identifying Stakeholders
124(1)
Defining Appropriate Outlines
124(1)
Policy Development
125(1)
Deploying Policy
125(1)
Gaining Buy-In
125(1)
Education
126(1)
Implementation
126(1)
Using Policy Effectively
126(3)
New Systems and Projects
127(1)
Existing Systems and Projects
127(1)
Audits
127(1)
Policy Reviews
127(2)
6 Managing Risk
129(20)
Defining Risk
130(12)
Threat
131(6)
Vulnerability
137(1)
Consequences
138(3)
Countermeasures
141(1)
Measuring Risk
142(7)
Probabilistic
144(2)
Maximum Impact
146(1)
A Hybrid Approach
147(2)
7 The Information Security Process
149(30)
Conducting an Assessment
152(12)
Network
154(2)
Physical Security
156(2)
Policies and Procedures
158(1)
Precautions
159(1)
Awareness
160(1)
People
161(1)
Workload
162(1)
Attitude
162(1)
Adherence
162(1)
Business
163(1)
Assessment Results
163(1)
Developing Policy
164(2)
Choosing the Order of Policies to Develop
165(1)
Updating Existing Policies
166(1)
Implementing Security
166(6)
Security Reporting Systems
167(1)
Use-Monitoring
167(1)
System Vulnerability Scans
167(1)
Policy Adherence
168(1)
Authentication Systems
169(1)
Perimeter Security
169(1)
Network Monitoring Systems
170(1)
Encryption
170(1)
Physical Security
171(1)
Staff
171(1)
Awareness Training
172(2)
Employees
172(1)
Administrators
173(1)
Developers
173(1)
Executives
173(1)
Security Staff
173(1)
Audits
174(1)
Policy Adherence Audits
175(4)
Periodic and New Project Assessments
175(1)
Penetration Tests
175(4)
8 Information Security Best Practices
179(28)
Administrative Security Practices
180(13)
Policies and Procedures
181(1)
Resources
182(3)
Responsibility
185(1)
Education
186(3)
Contingency Plans
189(2)
Security Project Plans
191(2)
Technical Security Practices
193(8)
Network Controls
193(1)
Malicious Code Protection
194(1)
Authentication
195(1)
Monitoring
196(2)
Encryption
198(1)
Patching Systems
198(1)
Backup and Recovery
199(1)
Physical Security
199(2)
Making Use of ISO 27002
201(6)
Key Concepts of the Standard
202(1)
How This Standard Can Be Used
203(4)
PART III Network Security Technology
9 Perimeter Technology
207(22)
Perimeters and Perimeter Policy Basics
209(1)
Perimeter Controls
210(11)
Routers
210(1)
Firewalls
211(2)
Network Intrusion Prevention Systems
213(2)
Web Application Firewalls
215(1)
Proxies and URL Filters
216(1)
Data Loss Prevention
216(1)
Anti-malware Controls
217(1)
Virtual Private Networks
218(1)
Physical Separation
219(1)
Defense-in-Depth
220(1)
Creating a Perimeter Architecture
221(8)
DMZ Perimeter Architecture
222(3)
Employee Perimeter Architecture
225(4)
10 Monitoring Technology
229(16)
The Purposes of Monitoring
230(1)
Monitoring Technologies
231(6)
Intrusion Detection Systems
232(1)
Network Behavior Analysis
233(1)
Network Forensics
234(1)
System Logs
235(1)
Application Logs
236(1)
Vulnerability Scanning
236(1)
Creating a Monitoring Architecture
237(3)
Correlating Events
240(1)
Separation of Duties
241(4)
11 Encryption Technology
245(34)
Basic Encryption Concepts
247(1)
Encryption Terms
247(3)
Attacks Against Encryption
248(2)
Symmetric Key Encryption
250(6)
Substitution Ciphers
251(1)
One-Time Pads
252(1)
Data Encryption Standard
253(1)
Password Encryption
254(1)
The Advanced Encryption Standard: Rijndael
255(1)
Public Key Encryption
256(6)
Diffie-Hellman Key Exchange
258(1)
RSA
259(2)
Other Public Key Algorithms
261(1)
Digital Signatures
262(2)
Secure Hash Functions
263(1)
Key Management
264(10)
Key Creation
265(1)
Key Distribution
266(1)
Key Certification
267(1)
Key Protection
267(1)
Key Revocation
268(1)
Key Recovery
269(1)
Trust in the Encryption System
270(4)
Other Considerations
274(5)
The Supporting Cast
274(1)
Availability
275(4)
Glossary 279(14)
Index 293
Eric Maiwald is a Research Vice President with Gartner, Inc. where he focuses on enterprise security infrastructure and mobility technologies. Mr. Maiwald has over twenty years of experience in information security where has worked as a security officer and consultant for large financial institutions, healthcare providers, services firms, and manufacturers. He has extensive experience in the security field performing assessments, policy development, architecture design, and product implementations. Mr. Maiwald holds a Bachelors of Science in Electrical Engineering degree from Rensselaer Polytechnic Institute and a Masters of Engineering in Electrical Engineering from Stevens Institute of Technology and is a Certified Information Systems Security Professional. He is a named inventor on patent numbers 5,577,209, Apparatus and Method for Providing Multi-level Security for Communications among Computers and Terminals on a Network, 5,872,847, Using Trusted Associations to Establish Trust in a Computer Network, 5,940,591 Apparatus and Method for Providing Network Security, and 6,212,636 Method for Establishing Trust in a Computer Network via Association. Mr. Maiwald is a regular presenter at a number of well-known security conferences. He has also written Security Planning and Disaster Recovery (with William Sieglein), and Fundamentals of Network Security, both published by Osborne/McGraw-Hill and is a contributing author for Hacking Linux Exposed, and Hackers Challenge also published by Osborne/McGraw-Hill.