Practical Internet Security

Read more

As organizations today are linking their systems across enterprise-wide networks and VPNs as well as increasing their exposure to customers, competitors, browsers and hackers on the Internet, it becomes increasingly imperative for Web professionals to be trained in techniques for effectively protecting their sites from internal and external threats. Each connection magnifies the vulnerability to attack. With the increased connectivity to the Internet and the wide availability of automated cracking tools, organizations can no longer simply rely on operating system security to protect their valuable corporate data. Furthermore, the exploding use of Web technologies for corporate intranets and Internet sites has escalated security risks to corporate data and information systems.
Practical Internet Security reveals how the Internet is paving the way for secure communications within organizations and on the public Internet. This book provides the fundamental knowledge needed to analyze risks to a system and to implement a security policy that protects information assets from potential intrusion, damage, or theft. It provides dozens of real-life scenarios and examples, as well as hands-on instruction in securing Web communications and sites. You will learn the common vulnerabilities of Web sites; as well as, how to carry out secure communications across unsecured networks. All system administrators and IT security managers will find this book an essential practical resource.
 

List of contents

to Internet Security.- Internet Technologies.- Basic Security Issues.- Establishing Your Organization's Security.- Real Threats That Impact Security.- A Security Policy: The Foundation of Your Protection.- Developing Your Security Policy.- Steps to Take Now.- Responding to Attacks.- Securing the Web Client.- Threats and Vulnerabilities.- Protecting Your Web Browser.- Network Interconnections: A Majorpoint of Vulnerability.- Basic Operating System and TCP/IP Concepts.- Early System Security Improvements.- Deterring Masqueraders and Ensuring Authenticity.- Impersonating Users.- How Masqueraders Infiltrate a System.- Holding Your Defensive Line.- Preventing Eavesdropping to Protect Your Privacy.- Unauthorized Listening and Looking.- Countering or not Countering the Eavesdropper: That's the Question?.- Thwarting Counterfeiters and Forgery to Retain Integrity.- The Forger's Arsenal.- Shielding your Assets.- Avoiding Disruption of Service to Maintain Availability.- Denial-of-Service Attacks.- Constructing Your Bastions.- The Importance of Firewalls.- Configuring Operating System and Network Security.- Operating Systems that Pose Security Risks.- Network Security.- Enhancing Web Server Security.- Controlling Access.- Extended Web Site Security Functionality.- Securing Web Communications with SSL VPNS.- Issuing and Managing Certificates.- Why Digital Certificates are Used.- Certificate Authorities.- Trusting SSL CAs in Servers and Browsers.- Firewalls and Firewall Topologies.- Protecting Servers and Clients with Firewalls.- Choosing the Right Firewall.- Firewall Topologies.- Selecting Firewall Security Topology Policy.- Security Management Solutions and Future Directions.- Identifying and Responding to Security Violations.- Real-Time Monitoring and Auditing.- LimitingDamage.- Keeping Up to Date on New Threats.- Emerging Technologies.- Summary, Conclusions and Recommendations.

Summary

As organizations today are linking their systems across enterprise-wide networks and VPNs as well as increasing their exposure to customers, competitors, browsers and hackers on the Internet, it becomes increasingly imperative for Web professionals to be trained in techniques for effectively protecting their sites from internal and external threats. Each connection magnifies the vulnerability to attack. With the increased connectivity to the Internet and the wide availability of automated cracking tools, organizations can no longer simply rely on operating system security to protect their valuable corporate data. Furthermore, the exploding use of Web technologies for corporate intranets and Internet sites has escalated security risks to corporate data and information systems.

Practical Internet Security reveals how the Internet is paving the way for secure communications within organizations and on the public Internet. This book provides the fundamental knowledge needed to analyze risks to a system and to implement a security policy that protects information assets from potential intrusion, damage, or theft. It provides dozens of real-life scenarios and examples, as well as hands-on instruction in securing Web communications and sites. You will learn the common vulnerabilities of Web sites; as well as, how to carry out secure communications across unsecured networks. All system administrators and IT security managers will find this book an essential practical resource.