Securing Client/Server Computer Networks

Publisher: McGraw-Hill, 1996, 589 pages

ISBN: 0-07-015841-X

Last modified: March 18, 2022, 10:26 a.m.

Synopsis

Expert advice on how to effectively protect your client/server computing operations.

Addressing one of the most troublesome problems facing business today, this essential guide delivers straightforward advice on how to secure all of your applications and networks in a a client/server environment. A top-notch team of contributors provides you with all of the crucial information you need to effectively plan and implement security measures across all platforms — from desktop to mainframe.

Using a wealth of helpful figure and illustrations, this authoritative work succeeds in making a technical subject surprisingly understandable. It not only documents the Open System Foundation's standards for security but even more important, explains what the standards really mean in practical terms you can easily comprehend.

Writing in his or her area of expertise, bona fide experts discuss key aspects of securing client/server networks such as:

Passwords
File security
Network topologies
File and directory structures
Authorized programs and authorized users
And much more

Coordinating Editor Peter T. Davis uses a sample client/server application throughout the book to demonstrate the range of control concerns you are likely to face in the course of doing business.

Don't let computer security breakdowns hamper your business. Take action now to prevent costly security breaches. This book tells you everything you need to know.

Part 1: The Concepts

Introducing Client/Server Computing

Power to the People
Client/Server Computing Myths
Client/server Building Blocks
Client/Server Characteristics
Consumable Services
File Service
Database Service
Transaction Service
Groupware Service
Object Service
Using the Network to Your Advantage
Reasons to Convert
Client/Server Building Blocks
The Client/Server Relationship
Establishing Communication
Middleware
New and Existing Products
The Middleware API
The Network Gateway
The SQL Translator
Host Server Software
The State of the Client/Server Infrastructure
Summary
Select Bibliography

Introducing Client/Server Standards and Applications

The Promise of Open Systems
The Open Future
Open and Distributed Systems
Defining Open Systems
The Role of Standards
Three Levels of Standardization
Middleware's Critical Role
Maintaining a Profile
The Standard-Setters
Impatience with the Process
Open Systems Choices
Independence from UNIX
What Is at the Basis of DCE and Atlas?
The LAN Factor
So… What is DCE?
DCE Up Close and Personal
Basic Services
Open Development
Manage the Process
The Benefits of Open Systems
Some Problems
Client/Server Applications
Productivity and Quality
Management Control
Mainframe-, PC-, or Network-Centric?
Why Were the Chapters Selected?
Summary

Introducing Client/Server Security Concepts

Are the Networks More Vulnerable?
What's the Problem?
Protect Yourself
Selective Security
NOS Security
Secure Client/Server Communication
Distributed Security Services
C2 Security on the Network?
Is C2+ Security Possible on the Network?
Single Sign-On Makes it Easier for the User
Password Security at the System Level
Password Security at the Application Level
These Things Can Help
A Protection Strategy
The $64,000 Question
Rate Your Risks
What You Can Do
Depends on People
Don't Overreact
Commonsense Protection
The Human Factor
The Ease-of-Use Factor
Involve Everybody
Summary
Select Bibliography
Additional Information Sources

Part 2: The Tools

Securing Rapid and Object-Oriented Development

Rapid Development
Security and Management Issues
Object-Oriented Development
Encapsulation
Inheritance
Polymorphism
Security and Management Issues
Select Bibliography

Part 3: The Client

Securing the Desktop

Client/Server Productivity and Security Trade-Off
General Physical, and Logical Security Domains — a Definition
General Risk
General Controls
Physical Risk
Physical Controls
Logical Risk
Logical Controls
Summary
Select Bibliography

Securing the Front-End

Structured Query Language
What is a Graphic User Interface?
GUI/OOUI Risks
The GUI's Extended Attributes
Workstation Risks
Network Connection Risks
Database Connection Risks
Database Front-End Risks — GUI
Front-End Application Security
Development Security
The Client/Server Application Development Methodology
Roll-Your-Own Applications
Enterprise-Wide Repository
Vendor Solution to the Rescue
Management Issues
Distribution and Management Security
Change Management
Summary
Related Security Products

Securing DB/2

Introduction to DB/2 and Client/Server Database Processing
Linking Databases Together with DRDA
Security Requirements in a DB/2 Client/Server System
Limiting SQL Access to Key Application Tables
Ensuring That Each Application Plan Accesses Only Required, Approved Objects
Segregating Access within DB/2 Tables with Database Views
Using Table Checks to Enforce Data Integrity and Business Data Rules
Protecting the DB/2 System Catalog
Managing and Controlling System-Wide and Database Specific Attributes
Securing Intersystem Database Communications
Recommended Journals/Publications

Part 4: The Middleware

Securing Client/Server TCP/IP

TCP/IP Essentials
Basic TCP/IP Vulnerabilities
The Emerging Internet Security Architecture
Establishing Client/Server Requirements
Gateway Friendly Transactions
Stateless Protocol
Application Level Address Data
Reliable Delivery
Data Integrity
Positive Acknowledgement
Duplicate Detection
Cryptographic Services
Nonrepudiation
Confidentiality
Design Trade-Offs
Summary
Select Bibliography
Security Products; Application Gateway Software
Security Products: Cryptographic Software

Securing APPC/APPN

What are CPI-C, APPC, and APPN?
A Sample Program
CPI-C, APPC, and APPN Security Options
USer ID Verification
Using the Option Sets
Access Control for Transaction Programs
Ability to Access an LU
Confidentiality
What's Coming
Where to Go for More Information
Select Bibliography
Related Security Products

Securing VTAM

Network Overview
VTAM Fundamentals
Securing VTAM
Identification and Authentication
Authorization
Availability
Audit
Summary
Select Bibliography

Securing NetView^™

Security Review Objectives
Overview of NetView
NetView Security and Control Features
NetView Security Definitions
NetView Operator Profiles
NetView Commands
NetView Logs
Other Products in the NetView Family
NetView/6000
NetView/OS2
Summary
Acronyms
Select Bibliography

Part 5: The Server

Securing NetWare 4.x

NetWare 4.x Overview
User Authentication
NetWare Directory Services (NDS)
Audit Trail Facilities
Windows-Based User and Administration Tools
Time Synchronization Servers
Identification and Authentication
NetWare Directory Services (NDS)
Directory and File System Security
Audit Trail Facilities
Security Review Utilities
Other Issues
Summary
Acronyms
Select Bibliography
Online Novell References

Securing OS/2 LAN Server

The Basics of LAN Server Security
How Is Identity Checked with LAN Server?
The User Perspective
OS/2 Client Logon
The UPM Logon Shell
Logon from MSZ-DOS and Windows Clients
Access Control Profiles
Which Profile Is Used?
Advanced Topics
Access Control Profile Inheritance
Summary

Securing UNIX

Security Policy and Its Role with UNIX Systems
UNIX Security Will Default If You Let It
Trust Assumptions and Risk
Risk Management and Threats for UNIX
The Responsibility for UNIX Security
Implementing a Security Policy to Support UNIX Security
The Role of Audit and Assessment in UNIX Security
Trusting UNIX
UNIX?
UNIX — An Operating System in Transition
Will the Real UNIX Please Stand Up?
Prevalent Derivatives
Known Security Problem Areas
New Directions in UNIX Security
UNIX Security Standards
Organizational Security Standards
Operating UNIX Securely
UNIX Security Problems
Native Behavior
Misapplication
Security Management
Security. System, and Network Management
UNIX Security Tools
The Role of Security Tools
Trusted UNIX
Real Trusted UNIX
Networks
Distributed Systems
Kerberos
Enterprise-Wide Solutions
Security for UNIX Applications
Summary
For Further Information…
Select Bibliography

Securing OpenVMS Systems

Scope of This Chapter
Data Protection Mechanisms
Information Access and Protection
OpenVMS Security Issues
Password Controls
Data Volume Protection
Directory Protection
File Protection
Network Setup

Securing Microsoft Windows NT

A Tour of Windows NT Security
Security Policy and Its Role for NT Systems
NT Security Will Default If You Let It
Trust Assumptions and Risk
Windows NT Security
OpenVMS
Digital UNIX
Windows NT and Windows 95
A Note about Security Features
OpenVMS, Digital UNIX, Windows NT, and Windows 95
Open Systems
Feature Creep
A General Comparison
File Systems
Security Feature Comparison
The Reference Monitor Model
Protected Subsystems
Extendibility
Security Policy Implementation
Identification, Authentication, Authorization, and Access Control
Windows 95 Drops Out
Identification and Authentication
NT SIDs
Authorization Databases
Intrusion Detection
Authorization and Access Control
Object Protection
Access Control Lists
Access Control Entities
Privileges
Networks and Network Security
A Note about Network Domains
Networking Capabilities
Network Protocol Support
Using Distributed Security
Distributed Applications Support
Audit
NT
Conclusion
Select Bibliography
NT Books with Security Information in Them
The Larger Body of OpenVMS, Digital UNIX, and NT Information
OpenVMS, Digital UNIX and NT User Groups
OpenVMS, Digital UNIX, and NT Conferences
OpenVMS, Digital UNIX, and NT Internet Resources
Attribution

Securing MVS

MVS Operating Methodology
MVS Hardware Controls
Software Controls
MVS Control Areas
MVS Vulnerability Concerns
Other Executable Datasets
Summary
Select Bibliography

Using RACF to Control MVS-Based Servers

Identifying the User
Defining User and Group Profiles
Protecting Information Resources
Privileged Authorities on RACF
RACF Mandatory Access Control
Client/Server Connections with MVS Subsystems
Controlling VTAM — Connecting the Subsystems
Managing Data with IMS
Managing Access with CICS
Managing Relational Data with DB2
Subsystem Controls with RACF
Controlling APPC
Controlling How Sessions Bind to the Server
Using RACF Secured Signon Function
Summary

Securing Oracle

What Is an ORACLE Database Management System?
Database Initialization
Database Administration
Application Security
Application IDs
Distributed Database Security
Database Backup and Recovery
Database Auditing
Summary

Securing Client/Server Transaction Processing

What Is the Next Challenge for Client/Server Computing?
What Is a TP Monitor?
An Overview of CICS
CICS and Security
What Does a Transaction Processing monitor Offer the UNIX World?
What Does a UNIX TRansaction Processing Monitor Offer Database Users?
Summary

Securing Lotus Notes

Defining Groupware
The Benefits of Groupware
Groupware, Databases, and TP Monitors
Defining Lotus Notes
Change Management
Information Security
Worker Efficiency
Notes Openness
The Multimedia Document Database
Notes Database Replication
The Mechanics of Replication
Handling Frequent Document Updates
Scheduling Regular Replication
Monitoring Database Replication
Handling Concurrent Updates
Building Notes Applications
Using Notes Electronic Mail
The Notes Mail Server
Access Privileges
Protecting Access to Databases
User IDs and Passwords
Changing User Names
Switching to a Different User ID
Keeping the User ID Secure
Setting Your Password
Password Controls
Examining Your User ID Certificates
Sending and Receiving Certificates
User Logoff
Encrypting Documents
Dial-Up Security
The Lotus Notes Programming Interface
Summary
Select Bibliography

Securing Client/Server Computer Networks

Synopsis

Table of Contents

Reviews

Securing Client/Server Computer Networks

Reviewed by Roland Buresund

OK ***** (5 out of 10)

Opinion

Comments

New Comment