| Description |
xxvii, 361 pages : illustrations, charts ; 24 cm |
| Series |
Expert's voice in information security |
|
Expert's voice in information security.
|
| Contents |
Contents note continued: Auditing of Firewall -- Chapter Summary -- ch. 11 Intrusion Detection and Prevention Systems -- Introduction -- Why Use IDS? -- Types of IDS -- How Does Detection Work? -- Signature-Based Detection -- Anomaly-Based Detection -- IDS/IPS System Architecture and Framework -- Appliance (Sensors) -- Signature Update Server -- IDS/IPS in Context -- Chapter Summary -- ch. 12 Virtual Private Networks -- Introduction -- Advantages of VPN -- VPN Types -- Remote Access (Host-to-Site) VPN -- Site-to-Site (Intranet and Extranet) VPN -- VPN and Firewall -- VPN Protocols -- Tunneling -- Data Authentication and Data Integrity -- Anti-Replay Services -- Data Encryption -- Layer Two Tunneling Protocol (L2TPv3) -- Generic Routing Encapsulation (GRE) -- Internet Protocol Security (IPSec) -- MPLS (Multi-Protocol Label Switching) -- MPLS VPN -- MPLS VPN Security -- Important IETF Standards and RFCs for VPN Implementation -- A Few Final Thoughts about VPN -- Chapter Summary -- |
|
Contents note continued: Certificate Authority (CA) -- Digital Certificate -- Hash Function Cryptography -- Popular Hashes -- Digital Signatures -- Summary of Cryptography Standard Algorithms -- Disk / Drive Encryption -- Attacks on Cryptography -- Chapter Summary -- pt. IV Network Security -- ch. 9 Understanding Networks and Network Security -- Introduction -- Networking Fundamentals -- Computer Communication -- Network and its Components -- Network Protocols -- Network Vulnerabilities and Threats -- Vulnerabilities -- Threats -- Attacks -- Chapter Summary -- ch. 10 Firewalls -- Introduction -- How Do You Protect a Network? -- Firewall -- Basic Functions of Firewall -- Packet Filtering -- Stateful Packet Filtering -- Network Address Translation (NAT) -- Application Level Gateways (Application Proxy) -- Firewall Deployment Architecture -- Option 1 Bastion Host -- Option 2 Staging Area or Demilitarized Zone (DMZ) -- Personal Firewall -- Firewall Best Practices -- |
|
Contents note continued: Data Management and Data Protection -- Insider Threats -- Security Issues on account of multiple levels -- Physical security issues related to Cloud Computing environment -- Cloud Applications Security -- Threats on account of Virtual Environment -- Encryption and Key Management -- Some Mechanisms to address the Security and Privacy Concerns in Cloud Computing Environment -- Understand the Cloud Computing environment and protect yourself -- Understand the Technical Competence and segregation of duties of the Cloud Provider -- Protection against Technical Vulnerabilities and Malicious Attacks -- Regular Hardening and Appropriate Configurations of the Cloud Computing Environment -- Data Protection -- Encryption -- Good Governance Mechanisms -- Compliance -- Logging and Auditing -- Patching / Updating -- Application Design and Development -- Physical Security -- Strong Access Controls -- Backups -- Third-Party Certifications / Auditing -- Chapter Summary -- |
|
Contents note continued: Footnotes -- Additional References -- Chapter 13 -- Footnotes -- References -- Chapter 14 -- Footnotes -- References -- Additional References -- Chapter 15 -- Footnotes -- Additional References -- Chapter 16 -- Footnotes |
|
Contents note continued: Implementation of Information Security -- Risk Assessment -- Planning and Architecture -- Gap Analysis -- Integration and Deployment -- Operations -- Monitoring -- Legal Compliance and Audit -- Crisis Management -- Principles of Information Security -- Chapter Summary -- ch. 4 Access Controls -- Introduction -- Confidentiality and Data Integrity -- Who Can Access the Data? -- What is an Access Control? -- Authentication and Authorization -- Authentication and Access Control Layers -- Access Control Strategies -- Implementing Access Controls -- Access Control Lists (ACLs) -- AAA Framework -- LDAP and Active Directory -- IDAM -- Chapter Summary -- ch. 5 Information Systems Management -- Introduction -- Risk -- Incident -- Disaster -- Disaster Recovery -- Business Continuity -- Risk Management -- Identification of Risk -- Risk Analysis -- Risk Responses -- Execution of the Risk Treatment Plans -- The Importance of Conducting a Periodic Risk Assessment -- |
|
Contents note continued: Incident Response -- Incident Response Policy, Plan, and Processes -- Incident Response Teams -- Ensuring Effectiveness of Incident Response -- Disaster Recovery and Business Continuity -- How to Approach Business Continuity Plan -- Chapter Summary -- pt. III Application Security -- ch. 6 Application and Web Security -- Introduction -- Software Applications -- Completeness of the Inputs -- Correctness of the Inputs -- Completeness of Processing -- Correctness of Processing -- Completeness of the Updates -- Correctness of the Updates -- Preservation of the Integrity of the Data in Storage -- Preservation of the Integrity of the Data while in Transmission -- Importance of an Effective Application Design and Development Life Cycle -- Important Guidelines for Secure Design and Development -- Web Browsers, Web Servers, and Web Applications -- Vulnerabilities in Web Browsers -- Vulnerabilities of Web Servers -- Web Applications -- Chapter Summary -- |
|
Contents note continued: Social Engineering: Attacks Caused by Human Beings -- Social Engineering: Attacks Caused by Computers or Other Automated Means -- Social Engineering: Methods that are Used for Attacks -- Social Engineering: Other Important Attack Methods -- Social Engineering: How to Reduce the Possibility of Falling Prey to Attacks -- Chapter Summary -- ch. 16 Current Trends in Information Security -- Wireless Security -- Bluetooth Technology and Security -- Mobile Security -- Chapter Summary -- Bibliography -- Chapter 1 -- Footnotes -- References -- Chapter 2 -- Footnotes -- Additional References -- Chapter 3 -- Footnotes -- Chapter 4 -- Footnotes -- Chapter 5 -- Footnotes -- Chapter 6 -- Footnotes -- Additional References -- Chapter 7 -- Footnotes -- Chapter 8 -- Footnotes -- Additional References -- Chapter 9 -- Footnotes -- Additional References -- Chapter 10 -- Footnotes -- Additional References -- Chapter 11 -- Footnotes -- Additional References -- Chapter 12 -- |
|
Contents note continued: ch. 13 Data Backups and Cloud Computing -- Introduction -- Need for Data Backups -- Types of Backups -- Category 1 Based on current data on the system and the data on the backups -- Category 2 Based on what goes into the backup -- Category 3 Based on storage of backups -- Category 4 Based on the extent of the automation of the backups -- RAID Levels -- Other Important Fault Tolerance Mechanisms -- Role of Storage Area Networks (SAN) in providing Backups and Disaster Recovery -- Cloud Infrastructure in Backup Strategy -- Database Backups -- Backup Strategy -- Restoration Strategy -- Important Security Considerations -- Some Inherent Issues with Backups and Restoration -- Best Practices Related to Backups and Restoration -- Introduction to Cloud Computing -- What is Cloud Computing? -- Fundamentals of Cloud Computing -- Cloud Service Models -- Important Benefits of Cloud Computing -- |
|
Contents note continued: ch. 7 Malicious Software and Anti-Virus Software -- Introduction -- Malware Software -- Introduction to Malware -- Types of Malware in Detail -- Spyware -- Adware -- Trojans -- Viruses -- Worms -- Backdoors -- Botnets -- A Closer Look at Spyware -- Trojans and Backdoors -- Rootkits -- Viruses and Worms -- Botnets -- Brief History of Viruses, Worms, and Trojans -- The Current Situation -- Anti-Virus Software -- Need for Anti-Virus Software -- Top 5 Commercially Available Anti-Virus Software -- Symantec Norton Anti-Virus Software -- McAfee Anti-Virus -- Kaspersky Anti-Virus -- Bitdefender Anti-Virus -- AVG Anti-Virus Software -- A Few Words of Caution -- Chapter Summary -- ch. 8 Cryptography -- Introduction -- Cryptographic Algorithms -- Symmetric Key Cryptography -- Key Distribution -- Asymmetric Key Cryptography -- Public Key Cryptography -- RSA Algorithm -- Advantages of Public Key Cryptography -- Applications of PKC -- Public Key Infrastructure (PKI) -- |
|
Contents note continued: pt. V Physical Security -- ch. 14 Physical Security and Biometrics -- Introduction -- Physical and Technical Controls -- ID Cards and Badges -- Photo ID cards -- Magnetic Access Cards -- Other Access Mechanisms -- Locks and Keys -- Electronic Monitoring and Surveillance Cameras -- Alarms and Alarm Systems -- Biometrics -- Some of the important biometric mechanisms -- How the biometric system works -- Enrollment -- Recognition -- Performance of the Biometrics System -- The test of a good biometric system -- Possible information security issues with the Biometric Systems -- Multimodal biometric system -- Advantages of Biometric systems -- Administrative Controls -- Fire Safety Factors -- Interception of Data -- Mobile and Portable Devices -- Visitor Control -- Chapter Summary -- ch. 15 Social Engineering -- Introduction -- Social Engineering Attacks: How They Exploit Human Nature -- Helping Nature -- Trusting Nature -- Obeying the Authority -- Fear -- |
|
Contents note continued: Upfront Capital Expenditure (CAPEX) versus Pay as you use Operational Expenditure (OPEX) -- Elasticity or Flexibility -- Reduced need for specialized resources and maintenance services -- On-Demand Self-Service Mode versus Well-Planned Time-Consuming Ramp Up -- Redundancy and Resilience versus Single Points of Failure -- Cost of traditional DRP and BCP versus the DRP & BCP through Cloud Environment -- Ease of use on the Cloud Environment -- Important Enablers of Cloud Computing -- Four Cloud Deployment Models -- Private Cloud -- Public Cloud -- Community Cloud -- Hybrid Cloud -- Main Security and Privacy Concerns of Cloud Computing -- Compliance -- Lack of Segregation of Duties -- Complexity of the Cloud Computing System -- Shared Multi-tenant Environment -- Internet and Internet Facing Applications -- Control of the Cloud Consumer on the Cloud Environment -- Types of Agreements related to Service Levels and Privacy with the Cloud Provider -- |
|
Machine generated contents note: pt. I Introduction -- ch. 1 Introduction to Security -- What is Security? -- Why is Security Important? -- What if You Do Not Care About Security? -- The Evolution of the Computer and Information Security -- Information Security Today -- Applicable Standards and Certifications -- The Role of a Security Program -- ch. 2 History of Computer Security -- Introduction -- Communication -- World Wars and Their Influence on the Field of Security -- Cypher Machine: Enigma -- Code Breakers -- Some Historical Figures of Importance: Hackers and Phreakers -- Kevin Mitnick -- Chapter Summary -- pt. II Key Principles and Practices -- ch. 3 Key Concepts and Principles -- Introduction -- Security Threats -- External and Internal Threats -- Information Security Frameworks and Information Security Architecture -- Pillars of Security -- People -- Policies, Procedures, and Processes -- Technology -- Information Security Concepts -- CIA Triad -- Parkerian Hexad -- |
| Summary |
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts. It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base. Security is a constantly growing concern that everyone must deal with. Whether it's an average computer user or a highly skilled computer user, they are always confronted with different security risks. These risks range in danger and should always be dealt with accordingly. Unfortunately, not everyone is aware of the dangers or how to prevent them and this is where most of the issues arise in information technology (IT). When computer users do not take security into account many issues can arise from that like system compromises or loss of data and information. This is an obvious issue that is present with all computer users. This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist. It will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face |
| Bibliography |
Includes bibliographical references and index |
| Subject |
Computer networks -- Security measures.
|
|
Computer security -- Handbooks, manuals, etc.
|
|
Computer security.
|
|
Data encryption (Computer science) -- Handbooks, manuals, etc.
|
| Genre/Form |
Handbooks and manuals.
|
| Author |
Nayak, Umesha, author
|
| LC no. |
2015451212 |
| ISBN |
1430263822 (paperback) |
|
9781430263821 (paperback) |
