Security Architecture

Design, Deployment and Operations

Christopher M. King, Curtis E. Dalton, T. Ertem Osmanoglu

Publisher: Osborne, 2001, 481 pages

ISBN: 0-07-213385-6

Keywords: IT Security

Last modified: June 27, 2021, 11:33 a.m.

Apply the latest security technology to real-world corporate and external applications

Design a secure solution from start to finish and learn the principles needed for developing solid network architecture using this authoritative guide. You'll find hands-on coverage for deploying a wide range of solutions, including network partitioning, platform hardening, application security and more.

Get details on common security practices, standards, and guidelines and learn proven implementation techniques from case studies discussed in each chapter.

Written by recognized experts and endorsed by RSA Security Inc., the most trusted name in e-security, this comprehensive and practical security guide is your essential tool for planning and implementing a safe and reliable enterprise network.

This book will show you how to:

  • Develop an information classification and access control plan
  • Use the appropriate security policies and technology to best meet your security requirements
  • Comprehend security infrastructure design principles
  • Utilize appropriate security technology in the most secure method
  • Fully understand the tradeoffs between usability and liability
  • Ensure complete network security across multiple systems, applications, hosts, and devices
  • Develop and apply policies, assess risks, and understand requirements for running security-specific technology
  • Work with and configure IDS, VPN, PKI, and firewalls
  1. Business and Application Drivers (Case Study)
    • The Multi-National Corporation (MCC)
    • Analysis of Case Study #1 — Corporate
    • Analysis of Case Study #2 — FinApp
    • Analysis of Case Study #3 — HealthApp
    • Implementation Considerations
  2. Security Policies, Standards, and Guidelines
    • Different Types of Policies, Standards, and Guidelines
      • Common Elements
      • Policy Examples
    • Policy, Standard, and Guideline Development
      • Policy Creation
      • Regulatory Considerations
    • Privacy Regulations
    • Analysis of Case Study #1 — Corporate
    • Analysis of Case Study #2 — FinApp
    • Analysis of Case Study #3 — HealthApp
    • References
  3. Information Classification and Access Control Plan
    • Background
    • Creating Classifications
    • Risk Assessment
    • Applying the IC
    • The IC and the Application Development Process
    • Analysis of Case Study #1 — Corporate
    • Analysis of Case Study #2 — FinApp
    • Analysis of Case Study #3 — HealthApp
    • References
  4. Applying the Policies to Derive the Requirements
    • Threats
      • External Security Threats
      • Internal Security Threats
    • Management Security Requirements
      • Defining the Security Model
      • Personnel Security
      • Security Awareness and Training Measures
      • Change Management
      • Password Selection and Change Requirements
    • Operational Security Requirements
      • Physical and Environmental Protection
      • Physical Access Controls
      • Business Continuity and Disaster Recovery Services
      • System and Application Maintenance
      • Disposal of Sensitive Materials
    • Technical Security Requirements
      • Data Integrity
      • Confidentiality
      • Availability
      • User Identification and Authentication
      • Non-repudiation
      • Authorization and Access Control
      • Privacy
      • Network Security Requirements
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Study #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • References
  5. Security Infrastructure Design Principles
    • Component or Infrastructure…?
      • Infrastructure Components
    • Goals of a Security Infrastructure
    • Design Guidelines
      • Authentication
      • Authorization
      • Accounting
      • Physical Access Controls
      • Logical Access Controls
    • Case Study Overview
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Study #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • Conclusion
  6. Network Partitioning
    • Overview of Network Partitioning
      • Firewall Platforms
      • Anatomy of the High-Availability Firewall
      • Air Gap Firewall Strategies
      • Partitioning Models and Methods
      • Perimeter Security Models
      • Internal Partitioning Models and Methods
    • Analysis of Case Study #1 — Corporate
      • MCC Network Security Policy
      • Logical Layout of Network
    • Analysis of Case Study #2 — FinApp
      • Physical Layout of Network
      • Logical Layout of Network
    • Analysis of Case Study #3 — HealthApp
      • MCC HealthApp Security Policy
      • Physical Layout of Network
      • Logical Payout of Network
    • Conclusion
    • References
  7. Virtual Private Networks
    • What Is a VPN?
    • Why VPNs?
    • Types of VPNs
    • VPN Features — A Business Perspective
      • Security
      • Reliability
      • Manageability
      • Scalability
      • Usability
      • Interoperability
      • Quality of Service
      • Multiprotocol Support
    • VPN Technology
      • Cryptography
      • Authentication Systems
      • Tunneling and Security Protocols
    • VPN Solutions
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Study #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • Conclusion
    • References
  8. Wireless Security
    • How Is Wireless Different?
      • Physical Security
      • Device Limitations
    • Bluetooth
      • Bluetooth Security
      • Safeguarding Bluetooth
    • Wireless Application Protocol (WAP)
      • WAP Security
      • Safeguarding WAP
      • What Else Is Available?
    • Wireless Local Area networks (WLANs)
      • Wireless LAN Security
      • Safeguarding Wireless LANs
    • Analysis of Case Study #1 — Corporate
      • Physical and Logical Security
      • Bluetooth Implementation
      • Wireless Application Protocol Implementation
      • Wireless LAN Implementation
    • Analysis of Case Study #2 — FinApp
      • Phase 1: Palm Pilot
      • Phase 2: WAP
    • Analysis of Case Study #3 — HealthApp
    • Conclusion
  9. Platform Hardening
    • Business Case, Costs, and Resource Requirements
    • Platform Anatomy
    • Platform Hardening Approach
      • Identify
      • Assess
      • Design
      • Execute
    • Practical Hardening Guidelines
      • Ports and Processes
      • Patching
      • Password Stores and Strength
      • User Privilege
      • File System Security
      • Remote Access Security
      • Service Banners, OS Fingerprinting, and Disclaimer Screens
    • Hardening Tools
      • Titan3
      • Bastille-Linux4
      • JASS5
      • YASSP6
      • HardenNT7
    • Case Study Overview
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Study #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • Conclusion
  10. Intrusion Detection Systems
      • Benefits of IDSs
      • Existing Limitations of IDSs
    • Security Policy Documents and Acceptable Use Policies
    • Taxonomy of IDSs
      • Classes of Events
      • Classes of IDSs
    • Case Study Overview
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Sudy #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • Conclusions
    • In-Text References
    • Other References
  11. Application Security
    • Application Security Background
    • Application Security Placement
    • Authorization Models
      • Associative Access Control
      • Entitlements
      • Logical Access Control
    • Protected Resources
    • Authentication Schemes
      • Single Sign-On
      • Impersonation
    • Security Repository
      • Authorization Namespace
    • Transparent Application Security (Web)
      • Web Access Control Solution
      • Web Server Integration
    • WAC Security Repository
      • WAC Scalability and High Availability
      • WAC Password Management
    • WAC Security Flow
      • WAC Authentication Schemes
    • Inline Application Security
      • Application Access Control Solution
    • Administration
    • Reporting
    • Analysis of Case Study #1 — SSO
    • Analysis of Case Study #2 — FinApp
    • Analysis of Case Study #3 — HealthApp
    • Conclusion
    • References
  12. PKI: Components and Applications
    • Cryptography
      • Symmetric Key Cryptography
      • Asymmetric Key Cryptography
      • Digital Signatures
      • Strength of Cryptographic Algorithms
    • Digital Certificates
    • PKI Components
      • Certificate Authorities
      • Registration Authorities
      • Certificate Management Protocols
      • Certificate Revocation
      • Certificate Repositories
      • Time Stamp Authority
    • PKI Architectures
      • Hierarchical Model
      • Cross-Certification Model
      • Hybrid
    • Certificate Policy and Certificate Practice Statements
    • Analysis of Case Study #1 — MCC: Corporate E-mail Encryption and Smart card Solution
      • Business Need
      • Solution
      • Implementation
    • Analysis of Case Study #2 — FinApp: Certificate-Based IPSec Authentication for VPNs
      • Business Need
      • Solution
      • Implementation
    • Analysis of Case Study #3 — HealthApp: Web-Based Authentication
      • Business Need
      • Solution
      • Implementation
    • Bibliography
  13. Security Event Management and Consolidation
    • Event Sources
    • Event Protocols
      • Passive Logging — syslog
      • Passive Logging — NT Event Log
      • Passive Logging — Proprietary
      • Active Polling — SNMP GET
      • Active Alerting — SNMP trap
      • Passive Network Host Monitoring
      • Active Host Vulnerability Assessment
    • Event Collection, Logical Grouping, and Classification
    • Logical Grouping and Classification
    • SEM Project Planning and Initiation
      • Project Planning and Initiation
      • Security Device Inventory and Assessment
      • Requirements Analysis
      • SEM Design Phase
      • Report and Recommendations
      • SEM Build Phase
      • SEM Documentation and Knowledge Transfer Phase
      • SEM Conversion and Turn-Up Phase
      • Ongoing Support, Enhancement, and Maintenance
    • Analysis of Case Study #1 — Corporate
      • Business Needs
      • Solution
      • Implementation
      • Operations
    • Analysis of Case Study #2 — FinApp
      • Business Needs
      • Solution
      • Implementation
      • Operations
    • Analysis of case Study #3 — HealthApp
      • Solution
      • Implementation
      • Operations
    • Conclusion
  14. Security Management
    • What Is Security Management?
    • Why Is Security Management Important?
    • Best Practices to Managing the Security Infrastructure
      • Secure It from the Start
      • Understand and Enforce the Security Policies
      • Follow Defined Change Management Guidelines
      • Monitor Information Sources
    • Procedural Management
      • Account Management
      • Role-Based Administrative Functions
      • Security Incident Management
      • Component Management
    • Case Study Overview
      • Analysis of Case Study #1 — Corporate
      • Analysis of Case Study #2 — FinApp
      • Analysis of Case Study #3 — HealthApp
    • Conclusion
    • References
  15. Validation and Maturity
    • Risk Management
    • Security Maturity Model
      • Security Planning
      • Technology and Configuration
      • Operational Processes
    • Threats
      • Threat Agent Examples
      • Threat Scenarios and Countermeasures
      • Insider Threat Scenarios
    • Security Assessment Methodology
      • Security Assessment Techniques
      • Network Security Assessment
      • Platform Security Assessment
      • Database Security Assessment
      • Application Security Assessment
    • Analysis of Case Study #1 — Corporate
    • Analysis of Case Study #2 — FinApp
    • Analysis of Case Study #3 — HealthApp
    • Conclusion
    • References

Reviews

Security Architecture

Reviewed by Roland Buresund

Outstanding ********* (9 out of 10)

Last modified: Nov. 15, 2008, 2:17 a.m.

An excellent overview on what and how to implement IT security measures. Read it, you will not regret it.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required