Inside Internet Security

This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the internet. It will arm system administrators with a thorough understanding of the problems of network security and their solutions, and thus help realize the tremendous potential of e-business.

With the explosive growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment.

However, a great deal of this fear is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defence mechanisms to be created, to the extent that security becomes a business enabler, rather than an inhibitor.

Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses to focus on lessons that can be learned, and how to protect against recurrence.

Features:

• practical hands-on advice on securing networked systems
• security checklists for common scenarios
• pointers to other detailed information sources
• in-depth theoretical background information
• real world examples of actual attacks
• a glimpse into the future of IT security.

• Introduction
• Magic or just a trick?
• Striking the right balance
• 'Hacker' disclaimer
• Part 1: Sizing up the situation: Security concepts
1. Bringing down the Net
1. Talking the talk
2. Insecure from the start
2. Is it safe?
1. Rising from the ashes
2. You can't have it all
3. The hacker's obstacle course
4. The lesson of Lord Lovell — or — Too much of a good thing?
5. But what's all this going to cost?
6. News from the front
3. What is a hacker
1. Homogenized hackers?
2. Portrait of a hacker
3. The joy of hacking
4. What do they want?
5. The real payback
6. An eye for an eye
7. Cyberterrorism
8. Hacking for fun and profit
9. Prime-time hacking
10. You've got the money and they've got the time
4. Analyzing the risks (and counting the costs)
1. Risk analysis or post mortem
2. Acceptable risk
3. Sizing up the situation
4. Cumulative insecurity
5. A meteorite-proof car?
6. Cost-effective countermeasures
5. The role of policy
1. How to mess up a security policy without even trying
2. KISS that policy goodbye
3. Policy that teaches
4. Getting it right
6. Putting all the pieces together
• Part 2: The hacker's edge: Internet security vulnerabilities
7. What you don't know can hurt you
1. Gotcha!
8. Hackers don't want you to know that … firewalls are just the beginning
1. What is a firewall?
2. Under the hood
3. What a firewall can do
4. Drawing the battle lines
5. What a firewall should not do …
6. Firewalls and policy
7. Holes in the firewall filter
8. Traditional firewall options
9. Firewalls, firewalls, everywhere …
10. Keeping the firewall in its place
9. Hackers don't want you to know that … not all the bad guy's are 'out there'
1. Model employee or spy?
2. Good firewalls make good neighbours
3. Managing the revolving door
10. Hackers don't want you to know that … humans are the weakest link
1. Hacker or con man?
2. It's a dirty job but somebody's going to do it
3. I know who you are and what you did
4. Plugging the leaks
5. The spirit of the law
11. Hackers don't want you to know that … passwords aren't secure
1. The problems with passwords
2. Insecurity administrators?
3. Password guessing
4. Password nabbing
5. Password cracking
6. Throwing the book at them
7. Doing it the hard way
8. Exceptions to the (password) rules
9. Following the rules
10. Sign me on
11. Are you really you?
12. The burden of proof
12. Hackers don't want you to know that … they can see you but you can't see them
1. What's that smell
2. Aroma or stench?
3. The 'silent attack'
4. Sniffing for sniffers
5. Hanging up on the party line
6. Moving to a private line
7. Choices, choices, choice …
13. Hackers don't want you to know that … downlevel software is vulnerable
1. It's déja vu all over again
2. Pardon me, but your buffer is overflowing
3. You're breaking me up
4. This doesn't belong here!
5. A cure that's worse than the disease?
6. Exterminating the bugs
7. Spreading the world
14. Hackers don't want you to know that … defaults are dangerous
1. 'De'faults are your faults
2. The security afterthought
3. Minding the virtual store
15. Hackers don't want you to know that … it takes a thief to catch a thief
1. Levelling the playing field
2. Eating from the same through
3. Keeping up with the hackers
16. Hackers don't want you to know that … attacks are getting easier
1. A deal with the devil?
2. Tools of the hacker trade
3. Coming in through the back door
4. Burning bridges
5. 'You've got mail … bombs'
6. I hope yo can swim
7. Lowering the bar
8. The bottom line
17. Hackers don't want you to know that … virus protection is inadequate
1. Merry Christmas and a Happy New Worm
2. One good worm deserves another
3. Pick your parasite
4. Where do they come from?
5. How do they spread?
6. I'm not feeling so well …
7. Epidemic or hysteria?
8. Publish or perish
9. The virus is in the mail
10. Viruses in the pipes
11. Killer viruses!
12. The sky is falling!!!
13. Crying 'wolf'
14. In search of a cure
18. Hackers don't want you to know that … active content is more active than you think
1. Active hacking
19. Hackers don't want you to know that … yesterday's strong crypto is today's weak crypto
1. Cracking
2. The mathematicians war
3. Strong crypto?
4. How strong is strong?
5. The politics of cryptography
6. Securing the information highway for e-business
20. Hackers don't want you to know that … the backdoor is open
1. Lessons from the battlefront
2. High-tech defences
3. The door swings both ways
4. Dialling for dollars
5. Switching off
6. Locking the back door
21. Hackers don't want you to know that … there's no such thing as a harmless attack
1. E-graffiti
2. But it is only …
3. We've only just begun … to hack
4. Winning by losing
5. 'Unimportant' systems
22. Hackers don't want you to know that … information is your best defence
1. The hacker's prize
2. Your best defence
3. Information for the masses
4. Calling in reinforcements
5. Winning the war
23. Hackers don't want you to know that … the future of hacking is bright
1. I see more IT in your future
2. Upping the ante
3. Naked on the Net
4. Networks out of thin air
5. Cryptic solutions
6. Computers everywhere
7. The NC's niche
8. Conclusion
• Appendix A: Crypto tutorial
1. The 'key' to understanding crypto
2. Symmetric cryptography
3. Asymmetric cryptography
4. The best of both worlds
5. Getting 'carded' in cyberspace
6. Digital ink?

Despite a bad title and an even worse subtitle, this is a very good and thoughtful book. Read it.