Network Security

Recognize, control, and minimize the new security risks created by networked computers.

As the center of information technology shifts to the desktop, mission-critical applications once tucked away in remote mainframes are making their way to local and enterprise networks. As a network specialist, LAN administrator, or MIS/DP manager, how do you meet the growing challenge of maintaining system security, reliability, and integrity?

This thoroughly updated version of baker's popular Computer Security Handbook takes you on a complete, conversational tour of problems and solutions surrounding LAN security. With the human factor always in mind. Baker provides a solid framework for risk management and powerful strategies to reduce vulnerability from unauthorized access and physical breakdown. He also shows how to:

• Identify the most serious threats to your network
• Secure a client/server database
• Tackle remote access problems
• Resolve e-mail security/privacy conflicts

Whether your background is in PCs or mainframes, you'll discover how to secure an environment that is by nature less secure than the host-based systems of the past — while ensuring that your network fully accomodates the needs of the information-using organization.

1. How Can You Lock an Open Door?
• A New Era for Computer Users
• Facing Frustrations
• Meeting the Threat From Inside
• What Networks Need Today
• Your Network's Needs
• Access and Performance
• Security Needs
• Increased Risks From Networks
• The Major Security Threats Today
• Gaining Some Perspectives
• The Threat of Toll Fraud
• Portable Computers and Their Contents
• Viruses and the Profit Motive
• Attention-Seeking Viruses
• Immunizing the Network
• Unhappy People
• The Junk Mail Caper
• Ounces of Prevention
• The Computer As a Burglary Tool
• A History of Computer Crime
• Criminals Polish Their Skills
• Hackers Get a Bad Name
• A Prank Gets Out of Control
• The Legion of Doom Organizes
• Law Enforcement Agencies Respond
• Law Enforcement Agencies Fumble Investigations
• Things Get Better
• A New Approach
2. Building a Security Plan
• Modern Security Management
• The Value of Old Skills
• Adding New Skills
• Steps Toward Network Security
• Recruiting Allies
• Making a Preliminary Assessment
• Selling Security to Management
• The Presentation
• The Project Team
• Elements of a Security Plan
• Assessing the Risk
• Selecting the Strategies
• The Legacy of Mainframe Security
• Knock, Knock, Who's There?
• Access Control
• Recording Access
• Cleaning the Erasers
• Secure Communication
• The Baseline Alternative
• Seeking the Base Baseline
• Building Your Own Baseline
• Building a Baseline
• Spotting the Scope
• Existing Controls
• Seeking Improvement
• What Others Are Doing
• Getting It Together
• Looking for Gaps in Coverage
• Reporting to Management
3. Security Is a People Problem
• Employees Get Involved
• Groupware gets It Together
• The Special Role of Notes
• From Workgroup to Workflow
• Helping Yourself
• The Problems With People
• The Threat from Inside
• Insiders Take Billions
• Crime of Opportunity
• Managing the People Problem
• Learning to Manage Change
• Setting an Example
• Maintaining Good Human Relations
• Keeping the Lines Open
• Dealing With Resistance to Change
• Training PC Users
• Why People Resist
• Dealing with the Reluctant
• Allow Sufficient Time
• Early Adopters: The Key
• Step By Step
• Charting Cultural Change
• Educating PC Users
• Matters of Ethics
• Fighting the Vengeful Ex-Employee
• Being Prepared
• Treating Workers with Respect
• Cutting Off Access
• Selling Security to Management
• A Sales Campaign
• The Degree of Risk
• Your Language
• Assigning Responsibility
• Analyzing the Risk
• Management's Support
4. Assessing Your RIsks
• The Many Faces of Intruders
• Inside or Outside
• Guarding Against the Novice
• Serving an Apprenticeship
• Just Visiting
• The Semi Pro
• The Professional
• Another Analysis
• Occupational Hazards
• Attitude Problems
• Who's Mad Over What?
• Types of Computer Crime
• Scavenging
• Leakage
• Piggybacking and Impersonation
• Wiretapping
• Data Diddling
• The Salami Technique
• The Superzap
• Asynchronous Attacks
• Simulation and Modeling
• The Trojan Horse
• Trapdoors
• Logic Bombs
• Where Are Your Weak Spots?
• Functional Weaknesses
• Vulnerable Locations
• Other Sources of Danger
• Preventing Accidents
• Coping with Natural Forces
• Simplifying Risk Analysis
5. Controlling Physical Access
• Kinds of Computer Security
• What the Right Protection Can Do
• New Challenges for Traditional Methods
• What Physical Security Can Do…
• …And What It Can't
• Recognizing the Limits
• Types of Physical Security
• Major Security Methods
• Types of Identification Badges
• Biometric Techniques
• Addressing Site Security
• Site Security Checklist
• Conditions to Consider
• The Secure Floor Plan
• Badges and Identification Tokens
• Types of Identification Tokens
• Updating Systems
• Design Objectives
• Preparing Badges
• Resisting Decoding and Counterfeiting
• Verifying Personal Attributes
• Problems of Measurement
• Two Kinds of Variation
• Method of Operation
• Two Classes of Error
• Using Multiple Attributes
• Multiple Trials
• Allowing More Than Two Trials
• Examples of Personal Attributes
• Physical Security Techniques
6. Building Security Procedures
• The Role of Procedural Security
• Management and Supervisory Controls
• Do You Worry Enough?
• Setting Your Objectives
• Establishing a Need to Know
• Tailoring Your Access Controls
• Promoting Use Along with Protection
• Providing an Integrated Program
• Putting Security Where It's Needed
• The Keys to Security Procedures
• Good Procedures Made Better
• A Procedural Security Checklist
• Controls Built into the Organization
• Personnel Controls
• Programming Controls
• Operating Controls
• Staying in Control
• Security Training
• Procedures
• What Training Should Accomplish
• Many Ways to Go
• Using Existing Programs
• Developing Material
• Subjects to Cover
• A Choice of Format
• Procedural Backups for Physical Controls
• Restricted File Access
• Controlling the Controls
• Controlling the Use of Terminals
• Log-On Procedures
• Other Tactics
• What a Good program Requires
• Assumptions to Avoid
• Strong Points
• Cautions
• Procedural Security Techniques
7. Hardware and Software Security
• The Role of Technical Security
• A Matter of Definition
• Technical Security Goals
• Overcoming Obstacles
• Where to Use Technical Security
• Maintaining Separation
• Isolating Users
• Setting Levels of Sensitivity
• Leaving an Audit Trail
• Some Typical Applications
• Backing Up Passwords
• Restricting Remote Access
• A Security Shopper's Guide
• Standardized Rating System
• The Basic Requirements
• Systems Classified for Security
• Security By Default
• Considering Encryption
• A Long History
• Coming Back
• Uses of Encryption
• The Data Encryption Standard
• The Public Key
• Other Systems
• Things to Consider
• Qualities of a Good System
• Problems With Technical Security
• A Technical Security Checklist
• Strong Points
• Problems to Avoid
• Technical Security Techniques
8. The Perils of Passwords
• The Key Role of Passwords
• A Long History
• What's Wrong With Passwords
• The Not-So-Secret Password
• Wanting In
• Building a Limited Access Route
• The Basic Schemes
• Secure the Security Measure
• Administering a Password System
• How to Create Passwords
• Nothing's Perfect
• Putting Passwords to Use
• Effectiveness
• The Technology of Passwords
• Computer Generation
• Limited Lifetime
• Biodegradable Passwords
• Another One-Time System
• Physical Characteristics
• Information Content
• Handshaking Schemes
9. Securing the Desktop
• New Problems, Old Solutions
• Small Systems, Hidden Problems
• Direct Connections
• The Challenge of PC Security
• A Burglary Tool in the Office
• More Ways to Get In
• A Policy for PC Security
• Assign Responsibility
• Get Managers Involved
• In a Supporting Role
• Desktop Security Techniques
• Physical Security
• Procedural Methods
• Technical Methods
• Preventing Loss and Damages
• The Importance of Procedures
• How Data Get Lost
• Procedures to Protect Data
• Hardware Problems and Solutions
• Software Problems
• Hazardous Duty
• Signs of a Good Program
• PC Security Techniques
10. Securing the Local Area Network
• A Matter of Perspective
• The Challenges of Securing Networks
• For Every Problem, a Solution
• A Managerial Response
• The Importance of Education
• Technical Security for LANs
• The Netware Security System
• A Good Start, But…
• From Control to Management
• Netware Security and Viruses
• Revoking Modify Rights
• Supervisory Authority
• Network Security Basics
• Have a Plan and a Policy
• Resources for Network Assessments
• Basic Network Security
• Passwords
• Access Control
• Authorization Levels
• Securing Network Hardware
• Networked PCs and Workstations
• Network Servers
• Peril in Printers
• Tapping the Cables
• Is Encryption Justified?
• Other Points to Consider
• Tips for a Secure Network
• Going Wireless
• Three Types of Security
• Infrared Beams
• Microwave Transmission
• Spread Spectrum
• Network Security Techniques
11. Securing the Enterprise Network
• Building an Enterprise Security Plan
• Spreading the Word
• Centralized Security
• Setting Priorities
• Checking Up
• A Larger Role for Encryption
• Basic Backups
• Keeping It Simple
• Major Security Functions for Networks
• Identifying the User
• Recycling Objects
• Right the First Time
• Principles of Network Security
• The Role of Encryption
• Protecting Identity Verification
• Digital Signatures
• Range of Capabilities
• Levels of Access Controls
• Access Authorization Principles
• Composite Authorizations
• Access to the Authorization Mechanism
• Guarding the Gates
• Junkyard Dog
• Tickets and Keys
• The Travel Agent
• It Doesn't Do Everything
• Hardware Security for Networks
• Hubs Getting Smarter
• Securing Unix and Open Systems: What Can You Do?
• Securing the Telephone
• Direct-Dial Trouble
• What You Can Do
• Securing the Client-Server Database
• Principles of Database Security
• DBMS Security
• Database Privileges
• Object Privileges
• Granting privileges
• The View as a Security Device
• Managing Privileges
• Managing Resources
• Getting Together on Security
• Facing Frustration
• Drawing the Line
• Choosing Security Measures
12. Managing Enterprise Network
• Needs to Be Met
• Management Issues
• Managing Software Distribution
• Shooting Troubles
• Logging Errors
• Operator Control
• Managing Configurations
• SNMP: Simple Management?
• First Things First
• Feeling Insecure
• Networking and Security
• Protect Yourself
• Selective Security
• System Security
• The Human Factor
• The Ease-of-Use Factor
• Involve the Users
• Hackers and Viruses
• A Protection Strategy
• The First Question
• Rating Your Risks
• What You Can Do
• People: The Critical Factor
• Involving Employees
• Avoiding Overreactions
• Common-Sense Protection
13. The New Epidemic of Viruses
• Viruses: Programmed for Theft
• Cruisin' for a Bruisin'
• Launching the Attack
• Viruses Log In
• Making Their marks
• Boot Sector Attacks
• A History of Virus Infections
• Repeat Attacks
• A Year Later
• Friday the 13th, the Sequel
• More Infections
• The Michelangelo Fizzle
• How Viruses Spread
• Spreading Around
• Many Types of Infections
• Friendly Viruses?
• Which System?
• Where Viruses Attack
• The Life Cycle of a Virus
• Gaining Entry
• Spreading the Infection
• Becoming Active
• Does Immunization Work?
• The Best Way to Protect Yourself
• Regular Backup
• Isolating One Computer
• Electronic Bulletin Boards
• On the Home Front
• Other Steps
• Recovering From an Infection
• Dealing with Bad Disks
• Restoring the System
• Finding the Source
14. A Disaster Need Not Be Disastrous
• Dealing With Disaster
• LANs Have Special Needs
• The Plan Is: There Is No Plan
• Minor Disasters: Major Problems
• Network Security Resources
• Regular Backup
• Redundant Servers and Disks
• Power Backup and Conditioning
• Document the System
• Off-Site Resources
• Utility Software
• A Guide to Disaster Planning
• Approaches to Disaster Planning
• Assessing the Threats
• A Set Sequence of Events
• The Goals of the Plan
• What Makes a Good Plan?
• Preparing to Fail
• Other Qualities to Have
• The Planning Process
• Identify the Dangers
• Testing Your Plan
• Finding Backup Resources
• Cooperative Agreement
• Hot and Cold Sites
• Duplicate Facilities
• Testing the Disaster Plan
• The Charmed Third Try
• Disaster Simulations
• Evaluating the Results
• Points to Consider
15. Electronic Mail and Other Legal Problems
• E-Mail and Employee Privacy
• The Issue of Good Faith
• Uneasy Feelings
• Computerized Oversight
• Privacy and the Public
• Reforming Health Records
• Health Care and Privacy
• The Current State of the Law
• The 1986 Act in Detail
• Noncomputer Laws
• State Laws on Computer Crime
• Now, About Your Responsibilities
• What the Rules Require
• Secondary Effects
• Where You Could Be Held Liable
• More Problems Coming
• Existing Standards
• What Are Your Legal Requirements?
• Providing a Bailout
• What Kind of Care Is Due?
• In the Computer Field
• Professional Standard?
• Goods or Services?
• Talk It Over
• Your Responsibility for Accuracy
• The Law and Liability
• Learning from Mistakes
• Avoiding Liability
• How to Protect Privacy
• A Right to Privacy
• Long-Standing Issues
• Legal Limits on Data Collection
• The Mailing List Problem
• Controls Lacking
• Lost Forever
• Other Rights at Stake
• Regulating Computers
• What Can You Do?
• Prevention: The Best Policy
• Prevention Through Maintenance
• A Healthy Environment

1. Eighty-Two Control Tactics Analyzed
2. A Framework for Risk Management
3. Key Notarization for Network Security
4. Auditing Computer Security

One of the most practical books in the subject area I've ever read. Forget the title, you may utilise their stuff very far from the network area.