Corporate Computer Security

BRIEF CONTENTS

Preface xviii
About the Authors xxiv

Chapter 1 The Threat Environment 1
1.1 Introduction 1
1.2 Employee and Ex-employee Threats 9
1.3 Malware 17
1.4 Hackers and Attacks 30
1.5 The Criminal Era 40
1.6 Competitor Threats 50
1.7 Cyberwar and Cyberterror 53
1.8 Conclusion 55
Chapter 2 Planning and Policy 59
2.1 Introduction 60
2.2 Compliance Laws and Regulations 69
2.3 Organization 76
2.4 Risk Analysis 85
2.5 Technical Security Architecture 94
2.6 Policy-Driven Implementation 99
2.7 Governance Frameworks 117
2.8 Conclusion 123
Chapter 3 Cryptography 127
3.1 What is Cryptography? 128
3.2 Symmetric Key Encryption Ciphers 139
3.3 Cryptographic System Standards 145
3.4 The Negotiation Stage 147
3.5 Initial Authentication Stage 149
3.6 The Keying Stage 152
3.7 Message-By-Message Authentication 157
3.8 Quantum Security 169
3.9 Cryptographic Systems 170
3.10 SSL/TLS 173
3.11 IPsec 179
3.12 Conclusion 185
Chapter 4 Secure Networks 191
4.1 Introduction 191
4.2 DoS Attacks 195
4.3 ARP Poisoning 207
4.4 Access Control for Networks 214
4.5 Ethernet Security 216
4.6 Wireless Security 220
4.7 Conclusion 240
Chapter 5 Access Control 245
5.1 Introduction 246
5.2 Physical Access and Security 250
5.3 Passwords 260
5.4 Access Cards and Tokens 268
5.5 Biometric Authentication 273
5.6 Cryptographic Authentication 287
5.7 Authorization 290
5.8 Auditing 292
5.9 Central Authentication Servers 294
5.10 Directory Servers 296
5.11 Full Identity Management 301
5.12 Conclusion 307
Chapter 6 Firewalls 313
6.1 Introduction 314
6.2 Static Packet Filtering 321
6.3 Stateful Packet Inspection 323
6.4 Network Address Translation 335
6.5 Application Proxy Firewalls and Content Filtering 337
6.6 Intrusion Detection Systems and Intrusion Prevention Systems 345
6.7 Antivirus Filtering and Unified Threat Management 349
6.8 Firewall Architectures 354
6.9 Firewall Management 357
6.10 Firewall Filtering Problems 367
6.11 Conclusion 369
Chapter 7 Host Hardening 375
7.1 Introduction 375
7.2 Important Server Operating Systems 385
7.3 Vulnerabilities and Patches 392
7.4 Managing Users and Groups 401
7.5 Managing Permissions 404
7.6 Creating Strong Passwords 408
7.7 Testing for Vulnerabilities 416
7.8 Conclusion 429
Chapter 8 Application Security 433
8.1 Application Security And Hardening 433
8.2 WWW and E-Commerce Security 446
8.3 Web Browser Attacks 454
8.4 E-Mail Security 463
8.5 Voice over IP Security 468
8.6 Other User Applications 477
8.7 Conclusion 480
Chapter 9 Data Protection 485
9.1 Introduction 485
9.2 Data Protection: Backup 487
9.3 Backup Media and Raid 495
9.4 Data Storage Policies 503
9.5 Database Security 511
9.6 Data Loss Prevention 523
9.7 Conclusion 537
Chapter 10 Incident and Disaster Response 541
10.1 Introduction 541
10.2 The Intrusion Response Process For Major Incidents 548
10.3 Intrusion Detection Systems 566
10.4 Business Continuity Planning 581
10.5 It Disaster Recovery 585
10.6 Conclusion 591

A.1 Introduction 595
A.2 A Sampling of Networks 596
A.3 Network Protocols and Vulnerabilities 604
A.4 Core Layers in Layered Standards Architectures 605
A.5 Standards Architectures 606
A.6 Single-Network Standards 608
A.7 Internetworking Standards 610
A.8 The Internet Protocol 611
A.9 The Transmission Control Protocol 616
A.10 The User Datagram Protocol 625
A.11 TCP/IP Supervisory Standards 626
A.12 Application Standards 632
A.13 Conclusion 634

Glossary 637
index 655