Internet site security (eBook, 2002) []
skip to content
Internet site security

Internet site security

Author: Erik S Schetina; Ken Green; Jacob Carlson
Publisher: Boston : Addison-Wesley, ©2002.
Edition/Format:   eBook : Document : EnglishView all editions and formats

A complete guide to designing, accessing, maintaining and securing trusted Internet sites.


(not yet rated) 0 with reviews - Be the first.

More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...


Additional Physical Format: Print version:
Schetina, Erik S., 1963-
Internet site security.
Boston : Addison-Wesley, ©2002
(DLC) 2001094222
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Erik S Schetina; Ken Green; Jacob Carlson
OCLC Number: 606789343
Reproduction Notes: Electronic reproduction. [Place of publication not identified] : HathiTrust Digital Library, 2010. MiAaHDL
Description: 1 online resource (xi, 417 pages) : illustrations
Details: Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
Contents: Introduction. 1. Core Concepts: Risks, Threats, and Vulnerabilities. First Steps.Defining Your Assets.Proprietary Information and Intellectual Property.Company Reputation or Image.Business Processes.Threats Agents.Insider Threats.Outsider Threats.Determining Risk.Summary.2. Developing a Trusted Internet Infrastructure. The Motivation for Security.What Constitutes Security?The Security Process.Assessment and Policy.IA Programs.Organizational Assessment.Policy Development.Operational Policies and Procedures Development.Technical Assessments.Asset Protection.Implementing the Security Policy.Protective Devices.Monitoring and Detection.Log File Review.Intrusion-Detection Systems.Data Fusion.Response and Recovery.Summary.3. Infrastructure Components: A 10,000-Foot View. Understanding and Connecting to the Internet.Internet Service Providers.What Does an ISP Provide?Security Implications of Choosing an ISP.Transporting Information.Addressing.Networks.Routing.Overview of TCP/IP.The Domain Name Service.Management of the Internet.The ICANN.Domain Name Registries.whois Databases.What Makes the Internet (In)Secure?Inherent Insecurity of the Technology.Implicit Trust.Lack of Authentication.Anonymity.Lack of Privacy.Lack of Centralized Security Management and Logging.Day-to-Day Security Is Hard!Why Is the Internet Attractive to Businesses?Application Services.Media and Data Delivery.Information Services.Financial Services.Products.Summary.4. Network and Application Protocols: TCP/IP. Introduction: The Importance of Knowing the Details.A Brief History of Networking and Protocols.The ARPANET.NSFnet.The Commercialization of the Internet.The OSI Model and Relevance to TCP/IP.Data-Link Layers: Moving Data Across a Single Link.Network Layers: Moving Data Across a Series of Links with IP.Routing Protocols.ICMP.The Domain Name System (DNS).Revisiting the Data Link Layer: Ethernet and IP.Configuring a Host to Work on an IP Network.Transport Layers: Moving Data Reliably with TCP (and Not So Reliably with UDP).Multiplexing with UDP.Adding Reliability with TCP.Controlling TCP Connections.Common Well-Known Ports.Common Application-Layer Protocols.Common Internet Applications.UNIX Remote Procedure Calls.SNMP.Microsoft Networking Protocols and TCP/IP.A Brief History of IBM and Microsoft Networks.NetBIOS Names.NetBIOS over TCP (NBT).SMB and File Sharing.The Network Neighborhood and the Browser Protocol.Microsoft Remote Procedure Calls.General Configuration Tips for Home Networks.Summary of Microsoft Networking Protocols.A Brief Overview of Other Networking Protocols.Summary.5. In-Depth with Protocols and Building Blocks. Secure Protocols.Implementing Secure Protocols.Network-Layer Implementations.Virtual Private Network Protocols and Encapsulation.IPSec.Point-to-Point Tunneling Protocol (PPTP).Layer 2 Forwarding.Layer 2 Tunneling Protocol (L2TP).Secure Socket Layer (SSL).Wired Equivalent Privacy (WEP).Secure Shell (SSH).SSH Authentication.SSH Server Authentication.Tunneling with SSH.Authentication Systems.Passwords.Challenge/Response Mechanisms.Biometric Mechanisms.Digital Certificates.Summary.6. Example Network Architectures and Case Studies. Bringing It All Together.The Enterprise Network.A Typical Enterprise Network.External Threats.Securing External Links.Internal Links and Threats.Small Office/Home Office (SOHO).Web Sites.Outsourced Web Hosting.Content Delivery Sites.E-Commerce Sites.Summary.7. Operating System and Server Software Issues. Windows NT and 2000 Security Concepts.Authentication, Access Tokens, and Security Identifiers.Object Access Control Lists.Remote Procedure Calls (RPC) and the Component Object Model (COM).Security Mechanisms for RPC/COM.Hardening Windows.Tightening Windows User Rights.Auditing Security Events.Linux Security Concepts.Overview of the Linux Kernel.Overview of Linux User Space.Linux File System Permissions.Linux Authentication Mechanisms.How PAM Works.The Structure of /etc/pam.conf.PAM Examples.UNIX Network Services and How to Secure Them.Remote Access/File Transfers.Graphical User Interfaces.RPC.NFS.Application Software Security.Starting with a Secure OS.Web Server Security.Mail Server Security.Name Server Security.FTP Security.Summary.8. Attack Scenarios. Denial-of-Service Attacks.One Shot, One Kill DoS Attacks.System Resource-Exhaustion DoS Attacks.Network Abuse.Amplification Attacks.Fragmentation Attacks.Distributed Denial-of-Service Attacks.System-Penetration Techniques.Reconnaissance.Gathering Network Information.Network Probes and Detection-Evasion Techniques.Network Sweeps.Network Routing Information.Gathering Information About Individual Systems.Vulnerability Determination and Choosing Targets.Compromising a System../0wnit.Password Guessing.Using Targeted Viruses and Trojans.Extending the Reach.Sniffing the Wire.Exploiting Trust Relationships.Summary.9. Protecting Your Infrastructure. What Is a Firewall Supposed to Do?Firewall Functions.Firewall Ancillary Functions.The Basic Firewall Types.Packet-Filtering Firewall.Stateful-Inspection Firewall.Application Proxy Firewalls.Hybrid.Air Gap.Secondary Firewall Features.Address Translation.Antispoofing.Utilization with VLANs.VPN Capabilities.Management Capabilities.Authentication.High Availability.Firewall Platforms.Third-Party Integration.DoS Prevention Features.Performance.Implementation Issues and Tips.Firewall Architecture.Intrusion Detection.Translation Issues.Complex Rule Sets.Logging, Monitoring, and Auditing.Firewall Vulnerabilities.Covert Channels.Firewall Bugs.Summary.10. Watching the Wire: Intrusion-Detection Systems. What Is IDS?How Internet Sites Utilize IDS.The Different Types of IDS.IDS Capabilities.TCP/IP Tests.NetBIOS over TCP/IP (NBT).Other Networking Protocols.Ethernet and Other Data-LinkLayer Headers.Application-Layer Protocols.Application Data.File Integrity.Log Processing.Counter-IDS Techniques.Volume, Volume, Volume.IP Fragmentation and TCP Segmenting.Evasion via Application-Layer Encoding.Other IDS Avoidance Techniques.DoSOing an IDS.Practical IDS Implementation Issues.Switched Networks.Encryption.Tuning Your IDS Sensors.IDS Management.Security Responsibility.Staffing.Privacy Issues.Incident Response and Recovery.Severity of IDS Events.Automated Response.Tier 1 Response.Responding to Real Incidents.Hacking Back: Just Say No!Do It Yourself or Outsource?Summary.11. Incident Response and Forensics. What Constitutes Incident Response?Preparing for an Incident.Maintaining Log Files.Maintaining User Accounts.Timestamping.Creating Banners.Creating Checksums.Real-Time Incident Response.Response Policy.Response Procedures.Organizational Roles and Responsibilities.Training.Remediation.What Constitutes an Electronic Crime?Admissibility of Digital Evidence.Chain of Custody and Documentation.Importance of Licensed Software.Investigator Credentials.Liability and Right to Privacy Issues.Investigation Techniques.Securing the Crime Scene.Shutting Down Equipment.Copying Hard Drives and Floppies.Searching Hard Drives.Conducting a System Audit.Tracking the Intruder.Case Studies.Web Site Hack.The Unstable IT Employee.Employee Misuse of Company Resources.A Few Words on Anonymous Postings.Working with Law Enforcement.Summary.References.12. Developing Secure Internet Applications. Common Sources of Programming Mistakes.Metacharacters.Danger of Metacharacters.Working Safely with Metacharacters.Exploiting Executable Code.Buffer Overruns.An Example: String Functions in C.How Buffer Overflows Are Utilized by Hackers.Format String Bugs.A Final Word on Executable Code Exploits.Application-Level Security.Cookies.Source IP Addresses.Effective Session Management.Replay Attacks and Session Security.Credential Checks Within the Application.Example: Access Control for a Trouble-Ticketing System.Coding Standards and Code Reviews.Summary.Index. 0672323060T03282002
Responsibility: Erik Schetina, Ken Green, Jacob Carlson.


User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...


Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.