Network Security

The first complete guide to data and voice network security.

LAN and WAN managers and CIOs have long needed an authoritative single-source guide to managing network security threats. Here it is.

Network Security is the first comprehensive hands-on guide to securing data and voice networks from both internal and external security threats.

Starting with the basics, this practical reference quickly brings the reader up to speed on such timely topics as:

• Conducting effective security audits
• Security risks inherent in connecting to the Internet
• Protecting your network from the latest viruses
• Incorporating the latest government encryption initiatives and policies
• Managing passwords, encryption, authentication, and access control
• How to construct "firewalls" to keep hackers out of your systems

Packed with real-life examples, this working reference includes a product selection checklist covering a wide variety of security hardware and software products currently available.

Timely, authoritative, and complete, here is the practical information you need to initiate and maintain state-of-the-art network security.

1. Where Do Security Threats Come From?
• Objectives
• Prologue
• What Can People Do to Our Information?
• Classifying Threat Sources
• Hackers
• Commercial Espionage
• Foreign Government Industrial Espionage
• Internal Threats
• Viruses
• Review
• Notes
2. Preventing, Detecting, and Dealing with Viruses
• Objectives
• What Is a Virus?
• Worms
• Triggering a Virus
• Trap Doors and Back Doors
• The Trojan Horse
• Physical Ways Viruses Propagate
• Recognizing a Rogue Program Infection
• General Antivirus Strategies
• Specific Antivirus Tactics
• Types of Antivirus Software
• LANs as Virus Vectors
• What to Do in Case of Infection
• Common Flaws in Antivirus Strategies
• Trends in Virus Program Development and Detection
• All Viruses Are Not Bad
• Summary
• Review
• Notes
3. Security Standards
• Objectives
• Security Standards
• Who is Making the Standards?
• What Do These Security Standards Do?
• The Clinton Public Encryption Management Directive
• The National Institute of Standards and Technology
• The American National Standards Institute
• The IEEE 802.10B LAN Security Working Group
• The International Standards Organization
• The Federal Telecommunications Standards Committee
• The Internet Architecture Board
• Pretty Good Privacy
• The Vendor Community
• The Computer Security Act of 1987
• National Computer Systems Security and Privacy Advisory Board
• Transborder Encryption Issues
• Do Standards Reduce Security?
• Review
• Appendix. Contact List
4. Authentication Methods
• Objectives
• Authentication
• A Two-Part Process
• How Authentication Works in Electronic SYstems
• Authentication Systems in Use Today
• The RSA Public-Key Technique
• Public Key as a Digital Signature
• Allocating Public-Key Signatures
• What Authentication Can and Cannot Do
• Hashing Algorithms
• Another Public Key: The Digital Signature Standard
• The Secure Hash Algorithm
• Digital Signature Encryption Using RSA
• Authentication via Dial-Back Systems
• Port Protection Devices
• Summary
• Review
• Appendix. Vendors
5. Encryption Methods
• Objectives
• Encryption Basics
• The Data Encryption Standard
• Wide Area Network Techniques
• LAN Network Techniques
• Encryption Key Management
• The Public-Key Infrastructure
• Platforms for Encryption
• DES Single Key versus (RSA) Public Key
• Voice Encryption
• The Future of DES
• Review
• Appendix. Vendors
• Notes
6. Access Control
• Objectives
• Access Control
• The Perimeter Approach
• Individual Authenticators
• User IDs
• Passwords
• Access Control Hardware
• Access Control Software
• Security in Distributed Networks
• Client-Server: Kerberos
• Summary
• Review
• Notes
7. LAN Security
• Objectives
• LAN Security
• Physical Security
• Ethernet — IEEE 802.3 Protocol Hub Security Features
• Dial-In Communications
• Security Risks Using SNMP Version 1
• Inventory Management
• Summary
• Review
• Appendix. Desktop Inventory Software and Hardware-Based Security Vendors
8. Finding Network Operating System and Operating System Weaknesses
• Objectives
• Contents of This Chapter
• Recommendations for All Systems
• Novell NetWare
• NetWare Virus Control
• Additional Security Features in NetWare 4.x
• The RiverBend Group Breach
• Bypassing Novell Login Scripts
• Novell Summary
• Banyan Virtual Network Services (VINES)
• Microsoft LAN Manager
• DOS
• Unix and OS/2
• Windows NT
• Apple System 7
• AppleShare
• General OS Security Notes
• Review
• Appendix. NetWare and Macintosh Security
• Notes
9. Sources of Leaks in LANs and WANs
• Objectives
• Introduction
• Interception: Cable Taps and LAN and WAN Monitors
• Radio-Frequency Systems
• Dial-In Security
• Packet Switches
• Leased Lines
• Bridges, Routers, and Gateways
• Backups
• PCs, Macintoshes, and Notebooks
• Transborder Data Flow
• Keeping Perspective
• Review
• Notes
10. Firewalls: TCP/IP and Internet Security
• Objectives
• TCP/IP and Internet Security
• The Penalties of Excess Conservatism
• A Little Background on TCP/IP
• The Problem of Context
• Firewalls
• Intermediate Networks as Passive Firewalls
• Packet Filters
• Packet-Filter Firewall Advantages and Disadvantages
• Application and Circuit-Level Gateway Firewalls
• General Gateway Notes
• Firewall Buyer's Checklist
• Configurations
• The Packet-Filtering Firewall
• The Dual-Homed Gateway
• The Screened-Host Firewall
• The Screened-Subnet Firewall
• Modem Pools
• Firewall Summary
• Building Your Own Firewall
• Existing Firewall Software
• TCP/IP Site Security
• Flaws in TCP/IP
• Anonymous FTP
• Strengthened TCP/IP Protocols
• Typical TCP/IP Attacks
• Software Tools: SATAN
• Pingware
• TCP/IP Wrappers
• Incursions
• Conclusion
• Review
• Appendix 1. Resource List
• Appendix 2. Source List
11. Sources of Leaks in Voice Systems
• Objectives
• Introduction
• Kinds of Toll Fraud
• PBX Fraud
• How PBX Fraud Takes Place
• Area Codes
• Defensive Tactics
• PBX Vendor Responses
• Fighting Back
• Federal Communications Commission Rulings and Congressional Action
• Call-Accounting and Authentication Products
• Speaker Verification Systems
• Preventing Cellular Fraud
• User Information Exchange
• The Toll Fraud Prevention Committee (TFPC)
• Carrier Toll-Fraud Monitoring Programs
• Local Exchange Carriers
• Employee Abuse
• Summary Checklist
• Review
• Notes
12. How Much Security Is Enough?
• Objectives
• How Much Security Is Enough?
• Identify Assets
• Identify Threats to Assets
• Identify Vulnerabilities
• Consider the Risks
• Take Protective Measures
• Security Responses
• Tying the Principles Together
• Time Value of Information
• Expense-to-Difficulty Ratio
• Baseline versus Extended Protection Measures
• Risk Analysis
• Exposure Analysis
• Scenario Analysis
• Ask!
• Checklists
• Gaining Management Support
• Review
• Notes
13. How to Create a Network Security Policy
• Objectives
• Network Security Policy
• Acceptable Use Policy
• Building an Effective Security Plan
• The Quick Look
• Sources of Information
• The Network Security Task Force
• The Product: Policies and Procedures
• Implementing Policies and Procedures
• "Security through Obscurity"
• Security Awareness
• Review
14. Where to Start
• Objectives
• Introduction
• Take an Audit
• Audit Methodology
• Risk Assessment
• The Cost of Doing Nothing
• Security Checklists
• Review
• Appendix. Vendors

You can easily tell that the author is mainly concerned with telephone communications. Its OK, but boring.