Process of Network Security, The - Thomas Wadlow

Process of Network Security, The

Designing and Managing a Safe Network

(Autor)

Buch | Softcover
304 Seiten
2000
Addison Wesley (Verlag)
978-0-201-43317-3 (ISBN)
49,10 inkl. MwSt
  • Keine Verlagsinformationen verfügbar
  • Artikel merken
Presenting the process behind securing an enterprise network, this text includes information on the modelling behind the implementation. It offers a wide-ranging perspective on the many issues surrounding security within the workplace.
This wide-ranging, up-to-date, conversational guide to network security focuses on the most important success factors: process and mindset. Security expert Thomas Wadlow shows exactly what it means to "be" a successful network security manager within a large business organization. Learn how to define what an organization's security goals ought to be -- and how to implement an effective security policy quickly, without endless committee meetings or company politics. Understand who may be attacking you, and how to "think pathologically" about your network, putting yourself in the shoes of your attacker. Evaluate which information resources are most worth protecting; learn how to build an effective security team; and discover how to build security systems that protect the enterprise as a whole, not just individual devices. Learn how to fortify your network components and design; monitor and audit your network; even quantify the value of security. The book also presents five exceptionally detailed chapters on how to respond effectively to an attack -- from forensics and log analysis to damage control. For every manager and executive concerned with network security, including sysadmins, netadmins, security managers, CIOs, CFOs, and CEOs.

Thomas A. Wadlow is co-founder, Chief Technology Officer, and Vice-President of Engineering and Security for Pilot Network Services, Inc., a company specializing in Internet security. He has also worked as a networking and systems professional for Lawrence Livermore Laboratory, Schlumberger's Palo Alto Research Center, Xerox's Palo Alto Research Center, ParcPlace Systems, and Sun Microsystems Laboratories. 0201433176AB04062001

Preface.


Acknowledgments.


1. Understanding Security.


What Are We Protecting?



Thinking Like a Defender.



The Reader of This Book.



The Organization We Are Protecting.



The Process of Security.



How Do You Know That the Process Is Working?



Trend Analysis.



2. Writing a Security Policy.


Pitfalls.



Staging a Coup



Contents of the Policy



3. Who Is Attacking You?


The Nature of the Beast.



Security as an Evolutionary Strategy.



4. Security Design Process.


Thinking About Security.



Principles of Security.



The Shape of Your Defenses.



The Shape of Your Security Organization.



5. Building a Security Team.


Employee Characteristics.



Job Functions in a Security Team.



Training and Cross-Training.



Interviewing Security Candidates.



Background Checks.



Hiring.



Firing.



6. Fortifying Network Components.


What Is a Network Component?



Component Types.



Selecting Components.



Component Categories.



Fortifying Components.



System Fortification.



7. Personnel Security.


Management Issues.



Hiring Process.



Trouble with Employees.



Firing Process.



Resignation Process.



Contractors.



8. Physical Security.


What Are the Threats?



Physical Security Basics.



Going Overboard.



Backups.



Denial of Service.



Electrical Power.



Telephones.



Access Control Logging and Log Analysis.



9. Monitoring Your Network.


The Shape of the Logging System.



What to Log.



Logging Mechanisms.



Time.



Sensors.



Logging System Design.



Log Management.



Log Analysis.



10. Auditing Your Network.


Why Should You Audit Your Network?



Types of Audit.



What Should the Audit Measure?



Who Should Do the Audit?



Expectations.



11. Quantifying the Value of Security.


Perception of Value.



Process of Explaining Security Issues.



Measurements.



12. Preparing for an Attack.


Getting Started.



War Games.



Post-Mortem Analysis.



Developing a Response Plan.



Personnel.



Safety Equipment.



Survival Pack Contents.



Choosing Hiding Places.



Set Your Own Ground Rules.



13. Handling an Attack.


Exciting, but Not Fun.



Thinking Pathologically.



About Attacks.



What You Can Do.



What You Should Not Do.



Response Team.



Priorities During an Attack.



14. Forensics.


Getting Started.



The Art of Investigation.



The Clean Room.



Analyzing the Contaminated File System.



Analysis Tools.



What to Look For.



15. Log Analysis.


Integrity Checks.



Log Analysis.



The Hunt.



Developing Theories.



Legalities.



16. Damage Control.


Priorities.



Advance Preparation.



Post-Mortem Analysis.



Appendix A: Glossary. 0201433176T04062001

Erscheint lt. Verlag 16.3.2000
Verlagsort Harlow
Sprache englisch
Maße 235 x 186 mm
Gewicht 435 g
Themenwelt Mathematik / Informatik Informatik Netzwerke
Informatik Theorie / Studium Kryptologie
Informatik Weitere Themen Hardware
ISBN-10 0-201-43317-6 / 0201433176
ISBN-13 978-0-201-43317-3 / 9780201433173
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich