An Information Security Handbook
- List Price: $109.00
- Binding: Paperback
- Publisher: Springer Verlag
- Publish date: 05/01/2001
Description:
1. Introduction.- 1.1 Why a Book about Information Security'.- 1.2 Some Conventions.- 1.3 Risks.- 1.4 Information Sensitivity.- 1.5 Information Importance.- 1.6 Countermeasures.- 1.7 Information Warfare.- 1.8 Management.- 1.9 Summary.- 2. Technology and Security.- 2.1 Privilege and Machine Modes.- 2.2 System Configuration.- 2.3 Physical Aspects of Discs and Tapes.- 2.3.1 Hard Discs.- 2.3.2 CD-ROMs.- 2.3.3 Floppy Discs.- 2.3.4 Magnetic Tapes.- 2.4 Files and Access Control.- 2.4.1 File Access Controls.- 2.5 RAID Storage.- 2.6 Summary.- 3. Physical Security.- 3.1 The Security Domains.- 3.1.1 The Global Security Environment.- 3.1.2 The Local Security Environment.- 3.1.3 The Electronic Security Environment.- 3.2 Security Aspects of Layout.- 3.3 Summary.- 4. Personnel Security.- 4.1 Assessing Personnel Trustworthiness.- 4.2 Example and Leadership.- 4.3 Awareness.- 4.4 IT Staff.- 4.5 New Recruits and Leavers.- 4.6 General.- 4.6 Summary.- 5. Communications Security.- 5.1 Encryption and Cryptanalysis.- 5.1.1 Crypto Administration.- 5.1.2 Encryption Weaknesses.- 5.2 Authentication Dialogues.- 5.2.1 Crypto Signatures.- 5.2.2 Summary.- 5.3 The Kerberos Authentication Dialogue.- 5.4 Hacking.- 5.5 Unix and the TCP/IP Family of Protocols.- 5.6 Firewalls and Gateways.- 5.6.1 One Way Filters and Related Systems.- 5.6.1.1 Communications Software Security Problems.- 5.6.1.2 Summary.- 6. Unix Security.- 6.1 The Security Problems of Unix.- 6.2 Unix File Permissions.- 6.3 Executing as the Superuser.- 6.4 Password Security.- 6.4.1 Selecting Passwords.- 6.4.2 Password Policies.- 6.4.3 Checking Password Security.- 6.4.4 Password Ageing.- 6.4.5 Guest Accounts.- 6.4.6 Accounts Without Passwords.- 6.4.7 Group Accounts and Groups.- 6.5 Improving Unix Network Security.- 6.5.1 Trusted Hosts.- 6.5.2 The rxxx Utilities.- 6.5.3 The finger Utility.- 6.5.4 The telnet Utility.- 6.5.5 The ftp Utility.- 6.5.6 The tftp Utility.- 6.5.7 The http Utility.- 6.5.8 The nf s Utility.- 6.5.9 E-mail.- 6.5.10 The X Windows System.- 6.5.11 Windows NT.- 7. Internet Security.- 7.1 External Hazards.- 7.2 ISP Services.- 7.3 After an Attack.- 7.4 Summary.- 8. Radiation Security.- 8.1 Equipment Layout.- 8.2 Maintenance.- 8.3 Summary.- 9. Procedural Security.- 9.1 System Integrity.- 9.2 Magnetic Media.- 9.3 Denial of System Benefits to a Competitor.- 9.4 Disposal of Documents.- 9.4.1 Paper Documents.- 9.4.2 Magnetic Documents.- 9.5 Weeding and Downgrading.- 9.6 When It Starts to Go Wrong.- 9.7 Summary.- 10. Software Security.- 10.1 Secure Computer Systems.- 10.2 Software Evaluation.- 10.3 Software Security Models.- 10.4 Other Software Security Issues.- 11. Some Notes on Static Analysis.- 11.1 Introduction.- 11.1.1 Static Analysis.- 11.1.2 A Simple Example.- 11.2 Control Flow Analysis.- 11.3 Data Flow Analysis.- 11.4 Information Flow Analysis.- 11.5 Semantic Analysis.- 11.6 The Use of Static Analysis.- 11.7 Summary.- 12. Computer Viruses.- 12.1 Introduction.- 12.2 Viruses.- 12.2.1 Mechanisms.- 12.2.2 WORD Viruses.- 12.3 Virus Examples.- 12.3.1 The "Brain" virus.- 12.3.2 The "Lehigh" Virus.- 12.3.3 The "Jerusalem" Virus.- 12.3.4 The "CHRISTMA EXEC".- 12.3.5 The "Love Letter" Worm.- 12.3.6 The "Nimda" Worm.- 12.4 Dealing with Viruses.- 12.4.1 Anti-Viral Software.- 12.4.2 Anti-Viral Precautions.- 12.4.3 Virus Decontamination.- 12.5 Java & Active-X.- 12.6 The "Millennium Bug".- 12.7 Summary.- 13. The UK Data Protection Acts.- 13.1 Definitions.- 13.2 The Data Protection Principles.- 13.2.1 The First Principle.- 13.2.2 The Second Principle.- 13.2.3 The Third Principle.- 13.2.4 The Fourth Principle.- 13.2.5 The Fifth Principle.- 13.2.6 The Sixth Principle.- 13.2.7 The Seventh Principle.- 13.2.8 The Eighth Principle.- 13.3 Summary.- 14. System Administration and Security.- 14.1 The Procurement of Secure Information Systems.- 14.1.1 The Requirement.- 14.1.2 The Outline Security Policy.- 14.1.3 Hardware Selection.- 14.1.4 Software Selection.- 14.1.5 Certified Software.- 14.1.6 Summary.- 14.2 System and Data Backups.- 14.3 Resource Tracking and Management.- 14.4 System Testing and Probing.- 14.5 Configuration Management.- 14.5.1 System Change Control.- 14.6 Database Maintenance.- 14.6.1 Database Monitoring and Culling.- 14.6.2 Legal Conformance.- 14.6.3 Database Integrity.- 14.7 User Account Management.- 14.8 Audit Trail Management.- 14.9 Summary.- 15. The Management of Security.- 15.1 The Security Management Problem.- 15.2 A Security Management Methodology.- 15.2.1 Knowledge of the Information System.- 15.2.2 Threat Assessment.- 15.2.3 Risk Estimation.- 15.2.4 Choice of Mechanisms.- 15.3 System Security Policies.- 15.4 Summary.- 16. Conclusions.- 16.1 A Definition of Information System Security.- 16.2 The Security Problems of an Information System.- 16.3 Tailpiece.- A. Unix Security Resources.- A.1 Configuration Checkers.- A.2 Network Activity Monitors.- A.3 Intrusion Checkers.- A.4 Change Detectors.- A.5 Password Checkers.- A.6 Firewall Packages.- A.7 Security Documentation.- A.8 Other Secure Software.- B. DoD Computer System Evaluation Criteria.- C. IT Security Evaluation Criteria (ITSEC).- D. An Example System Security Policy.- E. System Threats and Countermeasures.- E.1 Introduction.- E.2 Threats to the Level of Service.- E.2.1 Power Supplies.- E.2.2 Hardware Faults.- E.2.3 Software Crashes.- E.2.4 Operator Errors.- E.2.5 Computer Viruses.- E.2.6 Environmental Disasters.- E.3 Threats to the Information Base.- E.4 Threats Leading to Information Leakage.- E.5 Choice of Countermeasures.- E.6 Summary.- F. Example List of Security Countermeasures.- F.1 Access Control.- F.1.1 Communications.- F.1.2 Covert Channel Control.- F.1.3 Discretionary Access Control.- F.1.4 Mandatory Access Control.- F.1.5 Physical Access Control.- F.2 Accountability.- F.2.1 Transactions.- F.2.2 Configuration.- F.3 Accuracy.- F.3.1 Communications.- F.3.2 Storage.- F.4 Availability.- F.4.1 Communications.- F.4.2 Logical Denial.- F.4.3 Personnel.- F.4.4 Physical Denial.- F.4.5 Environmental Damage.- F.5 Data Exchange.- F.5.1 Communications Security.- F.5.2 Covert Channel.- F.5.3 Radiation Security.- F.5.4 Transmission Security.- F.5.5 Traffic Flow Security.- F.6 Authentication.- F.7 Audit.- F.8 Personnel.- G. Glossary of Information Security Terms.- H. References & Bibliography.
Expand description
Product notice
Returnable at the third party seller's discretion and may come without consumable supplements like access codes, CD's, or workbooks.
Seller | Condition | Comments | Price |
|
Midtown Scholar Bookstore
Very Good |
$12.31
|
Please Wait