Implementing Internet Security

Written by a team of recognized experts, Implementing Internet Security provides a complete overview of Internet and network security and explains the means by which security is implemented in a variety of computing environments. With Implementing Internet Security, you'll be better prepared to estimate your own security requirements!

Implementing Internet Security — Your all-in-one guide to Internet and network security/loopholes!

• Master all aspects of Internet security
• Explore the inconsistencies, weaknesses, and breaches in existing computer security implementations
• Learn how to defend against security breaches and react proactively to their possibilities
• Examine the new field of secure transactions and legal considerations — in detail
• Get understandable definitions instead of meaningless technical jargon

1. Definitions of Security
• The Times, and Security Requirements, Change
• What Is Security, Anyway?
• Implementing Security
• Layering Security
• Some Approaches
2. Applicable Standards and Principles
• Department of Defense C2 Principles
• Security Policy
• Accountability
• Assurance
• Design Documentation
• Putting C2 in Context with Your Requirements
• Using the Red Book to Interpret C2 for Networks
• Security Policy
• Accountability
• Assurance
• Documentation
• The Generally Accepted System Security Principles (GSSP)
• The Role of Standards
3. Authentication and Authorization
• Access Control
• The Authentication Dilemma
• Monitoring and Control
• Access Control Subsystem and Secure Single Sign-On
4. Local Workstation and Networking Holes
• Prevention
• Protect the root Account
• Secure Terminals
• User Account and Password Management
• Limit Access Lifetime
• Choose Secure Passwords
• Crack Your own Passwords
• Implement Shadow Passwords
• Implement Password Aging
• Server Filters
• TCP Wrapper
• xinetd
• Network Applications and Services
• Trusted Hosts
• sendmail
• finger
• Tape Backup and restore
• File Transfer Protocol (FTP)
• tftpd
• The X Window System
• NFS
• Detection
• Observe System Files
• Monitor User Login Habits
• Detection Tools
• Cure
• Change the Account Shell
• Disable Local FTP Access
• Change the Account Password
• Expire the Account
• Disable or Restrict Trusted Host Access
• Change File Ownership and protections
• Remove Files Owned by the Account
5. Firewalls
• Firewall Components
• Screening Routers
• Identifying Zones of Risk
• Screening Routers and Firewalls in Relation to the OSI Model
• Packet Filtering
• Packet Filtering and Network Policy
• A Simple Model for Packet Filtering
• Packet Filter Operations
• Designing a Packet Filter
• Packet Filter Rules and Full Associations
• Dual-Homed Host
• Compromising the Security of a Dual-Homed Firewall
• Services on a Dual-Homed Firewall
• Bastion Host
• Simplest Deployment of a Bastion host
• Screened Host Gateway
• Application Level Gateway
6. Secure Transactions: PGP and Kerberos
• Pretty Good Privacy
• Public Key
• Private Key
• Digital Signatures
• Compression
• Message Encryption
• Radix-64 Conversion
• The Order of Operations in PGP
• Public Key Management
• PGP Versions
• Where To Get PGP
• Kerberos
• The Kerberos Protocol
• Kerberos Realms and Multiple Kerberi
• Version 4 and Version 5
• Performance Issues
• Kerberos Now
7. Audit Trails
• Audit Trails under Unix
• Common Unix Logs
• Process Accounting
• Useful Utilities in Auditing
• Other Reporting Tools Available Online
• Audit Trails under Windows NT
• Using the Event Viewer
• Logging the ftp Server Service
• Logging httpd Transactions
• Logging by Other TCP/IP Applications under NT
• Audit Trails under DOS
• PC/DACS
• Watchdog
• LOCK
• Using System Logs to Discover Intruders
• Common Break-In Indications
• Potential Problems
8. Legal Considerations
• Electronic Rights: Copyrights Online
• An Overview of Copyright Law
• The National Infrastructure Task Force — Proposed Changes to the Copyright Act
• Copyrights on the Internet
• Freedom of Expression
• The First Amendment and Its Protection
• Defamation
• Privacy
• Federal State Law
• The Electronic Communications Privacy Act
• The Computer Fraud and Abuse Act
• State Computer Crime Law
• Trademark Law and the Internet
9. Internet Commerce
• Internet Commerce Isn't New
• Credit Cards
• Modern Internet Commerce
• Internet Commerce: What's the Big Deal?
• Management Issues
• Threats from Employees and Criminal Hackers
• VAN and Internet Commerce
• How Real Is Internet Commerce?
• How Does Internet Commerce Relate to Existing Financial Systems?
• How Financial Systems Are Affected by Online Capabilities
• Internet Commerce Companies and Organizations
• CommerceNet
• CyberCash, Inc.
• DigiCash
• First Virtual Holdings, Inc.
• Internet Shopping Network
• Netscape Communications Corporation
• Open Markets
• Proprietary Systems
• Digital Cash
• The Importance of Digital Cash Anonymity
• How Digital Cash Is Generated
• The Internet: The First Nation in Cyberspace
• Digital Checks
• Blind Signatures — An Added Measure of Privacy
• Digital Signatures
• Sales, Marketing, and IS
• Keeping an Eye on Implementation
• The Role of the Network Manager
10. Improving the Security of Your Site by Breaking Into It
• Overview
• Gaining Information
• Trust
• Protecting the system
• Conclusions
• Appendix A
• Appendix B
• Appendix C
• Appendix D
• Bibliography
• Suggested reading

1. RFC Index List
2. RFC 1244 — The Site Security Handbook
• Contributing Authors
1. Introduction
1. Introduction
2. Audience
3. Definitions
4. Related Work
5. Scope
6. Why Do We Need Security Policies and Procedures?
7. Basic Approach
8. Organization of this Document
2. Establishing Official Site Policy on Computer Security
1. Brief Overview
2. Risk Assessment
3. Policy Issues
4. What Happens When the Policy is Violated
5. Locking In or Out
6. Interpreting the Policy
7. Publicizing the Policy
3. Establishing Procedures to Prevent Security Problems
1. Security Policy Defines What Needs to be Protected
2. Identifying Possible Problems
3. Choose Controls to protect Assets in a Cost-Effective Way
4. Use Multiple Strategies to Protect Assets
5. Physical Security
6. Procedures to Recognize Unauthorized Activity
7. Define Actions to Take When Unauthorized Activity is Suspected
8. Communicating Security Policy
9. Resources to Prevent Security Breaches
4. Types of Security Procedures
1. System Security Audits
2. Account Management Procedures
3. Password Management Procedures
4. Configuration Management Procedures
5. Incident Handling
1. Overview
2. Evaluation
3. Possible Types of Notification
4. Response
5. Legal/Investigative
6. Documentation Logs
6. Establishing Post-Incident Procedures
1. Overview
2. Removing Vulnerabilities
3. Capturing Lessons Learned
4. Upgrading Policies and Procedures
7. References
8. Annotated Bibliography
1. Computer Law
2. Computer Security
3. Ethics
4. The Internet Worm
5. National Computer Security Center (NCSC)
6. Security Checklists
7. Additional Publications
9. Acknowledgments
10. Security Considerations
11. Authors' Addresses

Hmm, maybe I should start writing books? You seem to be able to get paid for anything.

Summary: worthless crap.