Network and System Security.

Format:

Book

Author/Creator:

Vacca, John R.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks -- Security measures.

Physical Description:

1 online resource (429 pages)

Edition:

2nd ed.

Place of Publication:

San Diego : Elsevier Science & Technology Books, 2013.

Contents:

Front Cover

Network and System Security

Copyright Page

Contents

Acknowledgements

About the Editor

Contributors

Introduction

Organization of this Book

1. Detecting System Intrusions

1. Introduction

2. Monitoring Key Files in the System

Files Integrity

3. Security Objectives

There Is Something Very Wrong Here

Additional Accounts on the System

Timestamps

Hidden Files and Directories

4. 0day Attacks

Attack Vectors

Vulnerability Window

Discovery

Protection

Ethics

5. Good Known State

Monitoring Running Processes in the System

Files with Weird Names

6. Rootkits

Kernel-Level Rootkits

Userland Rootkits

Rootkit Detection

7. Low Hanging Fruit

8. Antivirus Software

9. Homegrown Intrusion Detection

10. Full-Packet Capture Devices

Deployment

Centralized

Decentralized

Capacity

Features: Filtered versus Full-Packet Capture

Encrypted versus Unencrypted Storage

Sustained Capture Speed versus Peak Capture Speed

Permanent versus Overwritable Storage

Data Security

11. Out-of-Band Attack Vectors

12. Security Awareness Training

13. Data Correlation

14. SIEM

15. Other Weird Stuff on the System

16. Detection

17. Network-Based Detection of System Intrusions (DSIs)

18. Summary

Chapter Review Questions/Exercises

True/False

Multiple Choice

Exercise

Problem

Hands-On Projects

Project

Case Projects

Optional Team Case Project

References

2. Preventing System Intrusions

1. So, What is an Intrusion?

2. Sobering Numbers

3. Know Your Enemy: Hackers versus Crackers

4. Motives

5. The Crackers' Tools of the Trade

Our "Unsecured" Wireless World

6. Bots

7. Symptoms of Intrusions

8. What Can You Do?

Know Today's Network Needs.

Network Security Best Practices

9. Security Policies

10. Risk Analysis

Vulnerability Testing

Audits

Recovery

11. Tools of Your Trade

Intrusion Detection Systems (IDSs)

Firewalls

Intrusion Prevention Systems

Application Firewalls

Access Control Systems

Unified Threat Management

12. Controlling User Access

Authentication, Authorization, and Accounting

What the User Knows

What the User Has

Tokens

Time Synchronous

Event Synchronous

Challenge-Response

The User is Authenticated, but is She/He Authorized?

Accounting

Keeping Current

13. Intrusion Prevention Capabilities

14. Summary

3. Guarding Against Network Intrusions

1. Traditional Reconnaissance and Attacks

2. Malicious Software

Lures and "Pull" Attacks

3. Defense in Depth

4. Preventive Measures

Access Control

Vulnerability Testing and Patching

Closing Ports

Antivirus and Antispyware Tools

Spam Filtering

Honeypots

Network Access Control

5. Intrusion Monitoring and Detection

Host-Based Monitoring

Traffic Monitoring

Signature-Based Detection

Behavior Anomalies

6. Reactive Measures

Quarantine

Traceback

7. Network-Based Intrusion Protection

8. Summary

4. Securing Cloud Computing Systems

1. Cloud Computing Essentials: Examining the Cloud Layers

Analyzing Cloud Options in Depth

Public

Private

Virtual Private

Hybrid.

Establishing Cloud Security Fundamentals

Policy and Organizational Risks

Lock-in

Loss of Governance

Compliance Challenges

Loss of Business Reputation Due to Co-tenant Activities

Cloud Service Termination or Failure

Cloud Provider Acquisition

Supply Chain Failure

Technical Risks

Resource Exhaustion

Resource Segregation Failure

Abuse of High Privilege Roles

Management Interface Compromise

Intercepting Data in Transit, Data Leakage

Insecure Deletion of Data

Distributed Denial of Dervice (DDoS)

Economic Denial of Service (EDoS)

Encryption and Key Management (Loss of Encryption Keys)

Undertaking Malicious Probes or Scans

Compromise of the Service Engine

Customer Requirements and Cloud Environment Conflicts

Legal Risks

Subpoena and e-discovery

Varying Jurisdiction

Data Protection

Licensing

General Risks

Network Failures

Privilege Escalation

Social Engineering

Loss or Compromise of Operational and Security Logs or Audit Trails

Backup Loss

Unauthorized Physical Access and Theft of Equipment

Natural Disasters

Other Cloud Security Concepts

Incident Response (IR), Notification and Remediation

Virtualization

External Accreditations

Determining When Security Goals Require a Private Cloud

2. Software as a Service (SaaS): Managing Risks in the Cloud

Centralizing Information with SaaS to Increase Data Security

Implementing and Managing User Authentication and Authorization

Permission and Password Protection

Negotiating Security Requirements with Vendors

Identifying Needed Security Measures

Establishing a Service Level Agreement

Ensuring SLAs Meet Organizational Security Requirements

3. Platform as a Service (PaaS): Securing the Platform

Restricting Network Access Through Security Groups.

Configuring Platform-Specific User Access Control

Integrating with Cloud Authentication and Authorization Systems

Compartmentalizing Access to Protect Data Confidentiality

Securing Data in Motion and Data at Rest

Identifying Your Security Perimeter

Techniques for Recovering Critical Data

Basic Backup and Restore

Pilot Light

Warm Standby

Multisite

4. Infrastructure as a Service (IaaS)

Locking Down Cloud Servers

Virtualization Software Security

Customer Guest Operating System (OS) or Virtual Instance Security

Ensuring the Cloud is Configured According to Best Practices

Policy

Risk Management

Configuration Management and Change Control

Auditing

Vulnerability Scanning

Segregation of Duties

Security Monitoring

Confirming Safeguards have been Implemented

Networking

Operating Systems

Applications

Scanning for and Patching Vulnerabilities

Controlling and Verifying Configuration Management

5. Leveraging Provider-Specific Security Options

Defining Security Groups to Control Access

Filtering Traffic by Port Number

Discovering and Benefiting from the Provider's Built-in Security

Protecting Archived Data

Confidentiality

Integrity

Availability

6. Achieving Security in a Private Cloud

Taking Full Responsibility for Security

Managing the Risks of Public Clouds

Identifying and Assigning Security Tasks in Each SPI Service Model: SaaS, PaaS, IaaS

Selecting the Appropriate Product

Comparing Product-Specific Security Features

Considering Organizational Implementation Requirements

Virtual Private Cloud (VPC)

Simulating a Private Cloud in a Public Environment

Google Secure Data Connector (SDC)

Amazon VPC

Industry-Standard, VPN-Encrypted Connections

The Hybrid Cloud Alternative

Connecting On-Premises Data with Cloud Applications.

Securely Bridging with VPC

Dynamically Expanding Capacity to Meet Business Surges

7. Meeting Compliance Requirements

Managing Cloud Governance

Retaining Responsibility for the Accuracy of the Data

Verifying Integrity in Stored and Transmitted Data

Demonstrating Due Care and Due Diligence

Supporting Electronic Discovery

Preserving a Chain of Evidence

Assuring Compliance with Government Certification and Accreditation Regulations

HIPAA

Sarbanes-Oxley

Data Protection Act

PCI DSS

Limiting the Geographic Location of Data

Following Standards for Auditing Information Systems

Negotiating Third-party Provider Audits

8. Preparing for Disaster Recovery

Implementing a Plan to Sustain Availability

Reliably Connecting to the Cloud across the Public Internet

Anticipating a Sudden Provider Change or Loss

Archiving SaaS Data Locally

Addressing Data Portability and Interoperability in Preparation for a Change in Cloud Providers

Exploiting the Cloud for Efficient Disaster Recovery Options

Achieving Cost-effective Recovery Time Objectives

Employing a Strategy of Redundancy to Better Resist DoS

9. Summary

5. Unix and Linux Security

1. Unix and Security

The Aims of System Security

Authentication

Authorization

2. Basic Unix Security Overview

Traditional Unix Systems

Kernel Space versus User Land

Semantics of User Space Security

Standard File and Device Access Semantics

Read, Write, Execute

Special Permissions

Set-ID Bit

Sticky Bit

Mandatory Locking

Permissions on Directories

Read and Write.

Execute.

Notes:

Description based on publisher supplied metadata and other sources.

Other Format:

Print version: Vacca, John R. Network and System Security

ISBN:

9780124166950

OCLC:

857277436