Process of Network Security, The
Addison Wesley (Verlag)
978-0-201-43317-3 (ISBN)
- Keine Verlagsinformationen verfügbar
- Artikel merken
This wide-ranging, up-to-date, conversational guide to network security focuses on the most important success factors: process and mindset. Security expert Thomas Wadlow shows exactly what it means to "be" a successful network security manager within a large business organization. Learn how to define what an organization's security goals ought to be -- and how to implement an effective security policy quickly, without endless committee meetings or company politics. Understand who may be attacking you, and how to "think pathologically" about your network, putting yourself in the shoes of your attacker. Evaluate which information resources are most worth protecting; learn how to build an effective security team; and discover how to build security systems that protect the enterprise as a whole, not just individual devices. Learn how to fortify your network components and design; monitor and audit your network; even quantify the value of security. The book also presents five exceptionally detailed chapters on how to respond effectively to an attack -- from forensics and log analysis to damage control. For every manager and executive concerned with network security, including sysadmins, netadmins, security managers, CIOs, CFOs, and CEOs.
Thomas A. Wadlow is co-founder, Chief Technology Officer, and Vice-President of Engineering and Security for Pilot Network Services, Inc., a company specializing in Internet security. He has also worked as a networking and systems professional for Lawrence Livermore Laboratory, Schlumberger's Palo Alto Research Center, Xerox's Palo Alto Research Center, ParcPlace Systems, and Sun Microsystems Laboratories. 0201433176AB04062001
Preface.
Acknowledgments.
1. Understanding Security.
What Are We Protecting?
Thinking Like a Defender.
The Reader of This Book.
The Organization We Are Protecting.
The Process of Security.
How Do You Know That the Process Is Working?
Trend Analysis.
2. Writing a Security Policy.
Pitfalls.
Staging a Coup
Contents of the Policy
3. Who Is Attacking You?
The Nature of the Beast.
Security as an Evolutionary Strategy.
4. Security Design Process.
Thinking About Security.
Principles of Security.
The Shape of Your Defenses.
The Shape of Your Security Organization.
5. Building a Security Team.
Employee Characteristics.
Job Functions in a Security Team.
Training and Cross-Training.
Interviewing Security Candidates.
Background Checks.
Hiring.
Firing.
6. Fortifying Network Components.
What Is a Network Component?
Component Types.
Selecting Components.
Component Categories.
Fortifying Components.
System Fortification.
7. Personnel Security.
Management Issues.
Hiring Process.
Trouble with Employees.
Firing Process.
Resignation Process.
Contractors.
8. Physical Security.
What Are the Threats?
Physical Security Basics.
Going Overboard.
Backups.
Denial of Service.
Electrical Power.
Telephones.
Access Control Logging and Log Analysis.
9. Monitoring Your Network.
The Shape of the Logging System.
What to Log.
Logging Mechanisms.
Time.
Sensors.
Logging System Design.
Log Management.
Log Analysis.
10. Auditing Your Network.
Why Should You Audit Your Network?
Types of Audit.
What Should the Audit Measure?
Who Should Do the Audit?
Expectations.
11. Quantifying the Value of Security.
Perception of Value.
Process of Explaining Security Issues.
Measurements.
12. Preparing for an Attack.
Getting Started.
War Games.
Post-Mortem Analysis.
Developing a Response Plan.
Personnel.
Safety Equipment.
Survival Pack Contents.
Choosing Hiding Places.
Set Your Own Ground Rules.
13. Handling an Attack.
Exciting, but Not Fun.
Thinking Pathologically.
About Attacks.
What You Can Do.
What You Should Not Do.
Response Team.
Priorities During an Attack.
14. Forensics.
Getting Started.
The Art of Investigation.
The Clean Room.
Analyzing the Contaminated File System.
Analysis Tools.
What to Look For.
15. Log Analysis.
Integrity Checks.
Log Analysis.
The Hunt.
Developing Theories.
Legalities.
16. Damage Control.
Priorities.
Advance Preparation.
Post-Mortem Analysis.
Appendix A: Glossary. 0201433176T04062001
Erscheint lt. Verlag | 16.3.2000 |
---|---|
Verlagsort | Harlow |
Sprache | englisch |
Maße | 235 x 186 mm |
Gewicht | 435 g |
Themenwelt | Mathematik / Informatik ► Informatik ► Netzwerke |
Informatik ► Theorie / Studium ► Kryptologie | |
Informatik ► Weitere Themen ► Hardware | |
ISBN-10 | 0-201-43317-6 / 0201433176 |
ISBN-13 | 978-0-201-43317-3 / 9780201433173 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich