Surviving Security

Surviving Security is your guide to formulating a security strategy that fits your company's business and budget needs. Network and information security is no longer optional in today's connected business environment, but finding the right combination of technology and processes for your needs can be an overwhelming and frustrating process. This book is an essential tool for network managers and administrators who need to implement a security infrastructure, understand how different security technologies work together, develop or revise security processes, make purchasing decisions, or hire a security consultant or outsourcing firm.

1. Laying the Groundwork
1. Why Do I Need Security?
• The Importance of an Effective Security Infrastructure
• People, Process, and Technology
• What Are You Protecting Against?
• Types of Attacks
• Types of Attackers
• Security as a Competitive Advantage
• Choosing a Solution
• Buy Versus Build
• Single Vendor Versus Best of Breed
• In-Source Versus Outsource
• Finding Security Employees
• The Layered Approach
2. Understanding Requirements and Risk
• What Is Risk?
• Embracing Risk
• Information Security Risk Assessment
• Introducing Anson Inc.
• Assessing Risk
• Step 1: Inventory, Definition, and Requirements
• Step 2: Vulnerability and Threat Assessment
• Step 3: Evaluation of Controls
• Step 4: Analysis, Decision, and Documentation
• Step 5: Communication
• Step 6: Monitoring
• Insurance
3. Security Policies and Procedures
• Internal Focus Is Key
• Policy Life Cycle
• Policy Development
• Enforcement
• Monitoring
• Developing Policies
• British Standards 7799
• Components of a Security Policy
• Acceptable Use Policy
• User Account Policy
• Remote Access Policy
• Information Protection Policy
• Firewell Management Policy
• Special Access Policy
• Network Connection Policy
• Business Partner Policy
• Other Important Policies
• Customer Policy
• Sample Security Policies
• Procedures
2. Understanding Basic Security Technologies
4. Cryptography and Encryption
• A Brief History of Cryptography
• Cryptography Today
• Secret Key (Symmetric) Method
• Public Key (Asymmetric) Method
• Hybrid Encryption Systems
• Hash Algorithms
• Digital Signatures
• Identifying the Signer
• Verification of Content
• How Digital Signatures Work
• e-Signature Law
• Digital Certificates
• Obtaining a Digital Certificate
• Using your Digital Certificate to Send a Message
• Public-Key Infrastructure (PKI)
• PKI Versus CA Service
• Trust
• Secure Sockets Layer (SSL)
• SSL Accelerators
• TLS
• SSH
• Other Protocols and Standards
• IPSec
• Pretty Good Privacy (PGP)
• Other Uses of Encryption
5. Authentication
• Multifactor Authentication
• When Is Strong Authentication Required?
• Methods of Authentication
• User ID and Password
• Digital Certificates
• SecurID
• Biometrics
• Kerberos
• Smart Cards
• iButton
• Single Sign-On
• Is SSO Secure?
• One-Stop Shopping for Hackers
• Failure or Denial of Service
• Cross-Platform Support
• Centralized Administration Remains Elusive
• Weighing Factors
3. Building the Frame
6. Network Architecture and Physical Security
• Changing Network Architecture
• Common Configurations
• A Centralized Company
• A Centralized Company Using a Co-Location Facility
• Branch Offices
• Anson Inc.'s Architecture
• Internal Architecture
• Hubs Versus Switches
• VLANs
• Physical Security
• Common Solutions
• Choosing a Location
• Policies and Procedures
7. Firewalls and Perimeter Security
• Firewell Advances
• Firewall Technologies
• Packet Filtering
• Proxies
• Stateful Inspection
• Hybrid Firewalls
• Firewall Features
• NAT
• High Availability and Failover
• The Best Firewall for You
• Hardware Appliance Versus Software
• In-House Versus Outsource
• Firewall Architectures
• Dual-Homed Host Firewall Architecture
• Screened-Host Architecture
• Screened-Subnet Architecture
• Which Architecture Will Work for You?
• Configuring Your Firewall
• Firewall Rules
• Firewall Add-ons
• A Good Start
8. Intrusion Detection
• What Are Intrusion-Detection Systems?
• Categories of Intrusion Analysis
• Signature Analysis
• Statistical-Intrusion Analysis
• Integrity Analysis
• Characteristics of a Good Intrusion Detection System
• Errors
• False Positives
• False Negatives
• Subversion
• Categories of Intrusion Detection
• Application Intrusion Detection
• Host Intrusion Detection
• Network Intrusion Detection
• Integrated Intrusion Detection
• Separating the Truth from the Hype
• Network Architecture with Intrusion Detection
• Managed Services
• Problems with Intrusion Detection
• Technologies Under Development
• Benefits of Intrusion-Resistant Solutions
• Early Product Development
9. Remote Access
• Remote-Access Users
• Telecommuting and Traveling Employees
• Network Administrators
• Partners and Suppliers
• Remote-Access Requirements
• Security
• Cost
• Scalability
• Quality of Service
• Ease of Deployment, Management, and Use
• User Authentication
• Remote Access Issues
• Remote Access Policies
• Remote Access Technologies
• Dial-Up
• Secure Shell
• Remote Management
• Terminal Services
• Virtual Private Networks
• Deploying and Supporting Remote Access
• End-User Security
4. Applications, Servers, and Hosts
10. Host Security
• Implementing Host Security
• Understanding System Functions
• Operating System (OS) Hardening
• Windows NT/2000
• Solaris
• Linux
• Security-Monitoring Programs
• Host-Intrusion Detection
• System Integrity Checkers
• Host-Resident (Personal) Firewalls
• System Auditing
• Nmap
• DumpSec
• COPS
• Backup and Recovery Procedures
11. Server Security
• Hardening Versus Server Security
• Firewalls
• Windows NT/2000
• Solaris
• Linux
• Web Servers
• IIS
• Apache
• E-Mail Servers
• Sendmail
• MS Exchange
• Databases
• Default Accounts and Sample Databases
• Control Distribution of Database Names and Locations
• Use Auditing Effectively
• Isolate Your Production Database
• DNS Servers
• Domain Controllers
• Appliances
• E-Mail Security
• A Secure Trojan Is a Trojan
• Interoperability
• Alternative Solution
• Policy Management
• Policy Control
12. Client Security
• Locking Down Systems
• Physical Security
• Access Controls and Authentication Applications
• Tracking Systems
• Protecting Against Viruses
• Protecting Against Malware
• Microsoft Applications
• Security Patches
• Active Content Security
• Personal Firewalls
• Instant Messaging
13. Application Development
• Identifying Threats
• Spoofing Identity
• Tampering with Data
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Privilege
• Web Application Security
• Known Web Application Vulnerabilities and Misconfigurations
• Hidden Fields
• Backdoor and Debug Options
• Cross-Site Scripting
• Parameter Tampering
• Cookie Poisoning
• Input Manipulation
• Buffer Overflow
• Format-String Attacks
• Direct-Access Browsing
• Prevention
• Defining Trust Areas
• Include Everything
• Superuser
• HTTP GET/POST
• JSP/ASP
• Code Comments
• Error Messages
• Technology Tools and Solutions
5. Review, Response, and Maintenance
14. Security Maintenance and Monitoring
• Security Is an Ongoing Process
• Patches
• Managing the Patchwork Mess
• Patch Resources
• Distribution and Installation
• Monitor Mailing Lists
• Review Logs
• Periodically Review Configurations
• Managed Security Services
• What Are Managed Security Services?
• Why Organizations Are Turning to MSS
• Is MSS the Answer for You?
• Choosing an MSS Vendor
15. Vulnerability Testing
• How Does the Assessment Work?
• When Are Vulnerability Assessments Needed?
• Why Assess Vulnerability?
• Protecting Your Customers
• Protecting Your Company
• Protecting Your Company's Future
• Finding the Holes
• Performing Assessments
• In-House Versus Outsourced Assessments
• Outside Assessment
• Automated Assessments
• Manual Assessments
• Vulnerability Assessment: Understanding the Process
• Remote Network Scanning
• Local Network Scanning
• Data Interception
• Keystroke Copying
• Access to Networked Hosts
• Packet Sniffing
• IP Spoofing
• Password Cracking
• Crack
• CrackerJack
• L0phtCrack
• Other Crackers
• AMI Decode/BIOScrack
• Common Attacks
• Denial of Service
• Pentium Bug Exploit
• E-Mail Bombing
• Taking Control
• GetAdmin
• Sechole
16. Security Audits
• Audit Overview
• The Audit
• The Plan
• The Tools
• The Knowledge
• Types of Audits
• Analysis of an Audit
• Tell Me about Your Business
• What Are the Threats?
• How Do You Do Things?
• Surviving an Audit
• The Cost of an Audit
• Sample Audit Checklist
• Policies, Standards, and Procedures
• Security Administration
• Physical Security
• Network Security
• Network User Authentication
• Network Firewalls
• User Identification and Authentication
• System Integrity
• Monitoring and Audits
• Application Security
• Backup and Contingency Planning
• Workstation Security
17. Incident Response
• Understanding Incident Management
• The Importance of CSIR Teams
• Volunteer Approach
• Management-Supported Approach
• Justifying a Response Team
• The Influence of Insurance
• Cost of an Incident
• Assessing Your Needs
• Hardware
• Physical Security
• Contingency Plans
• Configuration Management
• Communications
• Network-Level Protocols
• Software
• Media Security
• Integrity
• Personnel Security
• Security Awareness Training
• Wide Area Connectivity
• Common Attacks
• Operating Systems Windows NT
• UNIX/Linux
• Web Servers
• Web Client Security
• E-Mail Servers
• Mail Client
• How to Use Your Assessment
• Building an Incident Response Plan of Attack
• Define Policies
• Establish the Incident-Response Plan
• When an Incident Occurs
• Assess the Situation
• Invoke the Incident Response Plan
• Document Everything
• The SANS Institute's Incident-Response Plan
• Phase 1: Preparation
• Phase 2: Identification
• Phase 3: Containment
• Phase 4: Eradication
• Phase 5: Recovery
• Phase 6: Follow-Up
• Analyzing an Attack
6. Putting It All Together
18. Integrating People, Process, and Technology
• Your Security Infrastructure
• How to Maintai a Successful Security Infrastructure
• Security Awareness Training
• Implementation
• Security ROI
• Security Infrastructure Components
• Interperability and Management
• Security Infrastructure Myths
• Myth: Our Firewall Product Protects Us from the Internet
• Myth: We Haven't Been Broken Into So Far, So We Must Be Doing a Good Job of Security
• Myth: Our Information Technology Products Provide Good Security
• Myth: The Information Technology Department Can Manage Security Issues
• Myth: Technology Products Solve the Security Problem
• Myth: Our Antivirus Scanner Protects Our Computers
• Myth: Our NIDS Server Will Detect Intrusions
• Myth: We Don't Do Anything That Makes Us a Target for Attack
19. Trends to Watch
• PDAs
• Peer-to-Peer Networks
• Wireless LAN Security
• Standards
• Security Issues
• Authentication Solutions
• Mobile Commerce
• Honeypots
• The Rewards Are Yours

• Appendix: Resources
• Antivirus
• Apache Web Server
• Authentication
• Automated Scanning Tools for Security Analysis
• Backup and Recovery
• Buffer Overflows
• Build/Buy Security Systems
• Computer Crime
• Cryptography and Encryption
• Databases
• Digital Certificates and E-Signatures
• DNS Security
• E-Mail Security
• Exchange Server
• File Encryption
• Firewalls
• Hiring Hackers
• Host Security
• Hubs abd Switches
• IIS Web Server
• Information Security Professionals
• Instant Messaging
• Intrusion Detection
• Log Analysis
• Malware
• Managed Service Providers
• Network Security
• Personal Firewalls
• Physical Security
• Policy Management
• Probability of Attack
• Public Key Infrastructure (PKI)
• Remote Access
• Remote Management
• Secure Shell (SSH)
• Secure Socket Layer (SSL)
• Security Audits
• Security Policies
• Sendmail
• Smart Cards
• System Auditing
• Technology Insurance
• Terminal Services
• Virtual Private Networks (VPNs)
• VLANs
• Vulnerability Scanners

I like the title and even more so, the subtitle (How to integrate People, Process, and Technology). There it ends. Afterwards, its just a run of the mill technical security book, that you can find a dime a dozen. Trash it.