Computer and Information Security Handbook [NOOK Book]

Overview

Presents information on how to analyze risks to your networks and the steps needed to select and deploy the appropriate countermeasures to reduce your exposure to physical and network threats. Also imparts the skills and knowledge needed to identify and counter some fundamental security risks and requirements, including Internet security threats and measures (audit trails IP sniffing/spoofing etc.) and how to implement security policies and procedures. In addition, this book covers security and network design ...
See more details below
Computer and Information Security Handbook

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$127.95
BN.com price

Overview

Presents information on how to analyze risks to your networks and the steps needed to select and deploy the appropriate countermeasures to reduce your exposure to physical and network threats. Also imparts the skills and knowledge needed to identify and counter some fundamental security risks and requirements, including Internet security threats and measures (audit trails IP sniffing/spoofing etc.) and how to implement security policies and procedures. In addition, this book covers security and network design with respect to particular vulnerabilities and threats. It also covers risk assessment and mitigation and auditing and testing of security systems as well as application standards and technologies required to build secure VPNs, configure client software and server operating systems, IPsec-enabled routers, firewalls and SSL clients. This comprehensive book will provide essential knowledge and skills needed to select, design and deploy a public key infrastructure (PKI) to secure existing and future applications.

* Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise
* Comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints
* Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions
Read More Show Less

Editorial Reviews

From the Publisher
"This is the 2nd edition of the classic reference on system security but encompasses many new topics that have become relevant since the 1st edition…In this huge volume (1171 pages and online content) the numerous chapters cover almost every conceivable aspect of information and system security."—Reference & Research Book News, October 2013 "The handbook is well organized and homogeneous, despite contributions by various authors. The new section on practical security is a welcome addition…this handbook will continue to be a very useful resource for professionals and students. I strongly recommend it for individuals as well as libraries."—ComputingReviews.com, September 12, 2013
Read More Show Less

Product Details

  • ISBN-13: 9780080921945
  • Publisher: Elsevier Science
  • Publication date: 5/4/2009
  • Series: Morgan Kaufmann Series in Computer Security
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 928
  • Sales rank: 1,266,552
  • File size: 13 MB
  • Note: This product may take a few minutes to download.

Meet the Author

John Vacca is an information technology consultant, professional writer, editor, reviewer and internationally-known, best-selling author based in Pomeroy, Ohio. Since 1982, John has authored 72 books, including:

Identity Theft (Cybersafety) (Publisher: Chelsea House Pub (April 1, 2012 ); System Forensics, Investigation, And Response (Publisher: Jones & Bartlett Learning (September 24, 2010); Managing Information Security (Publisher: Syngress (an imprint of Elsevier Inc.) (March 29, 2010)); Network and Systems Security (Publisher: Syngress (an imprint of Elsevier Inc.) (March 29, 2010)); Computer and Information Security Handbook (Publisher: Morgan Kaufmann (an imprint of Elsevier Inc.) (June 2, 2009)); Biometric Technologies and Verification Systems (Publisher: Elsevier Science & Technology Books (March 16, 2007)); Practical Internet Security (Hardcover): (Publisher: Springer (October 18, 2006)); Optical Networking Best Practices Handbook (Hardcover): (Publisher: Wiley-Interscience (November 28, 2006)); Computer Forensics: Computer Crime Scene Investigation (With CD-ROM), 2nd Edition (Publisher: Charles River Media (May 26, 2005)

John Vacca has also written more than 600 articles in the areas of advanced storage, computer security and aerospace technology (copies of articles and books are available upon request). John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his retirement from NASA in 1995. In addition, John is also an independent online book reviewer. Finally, John was one of the security consultants for the MGM movie titled: "AntiTrust," which was released on January 12, 2001.

Read More Show Less

Read an Excerpt

Computer and Information Security Handbook


Morgan Kaufmann Publishers

Copyright © 2009 Elsevier Inc.
All right reserved.

ISBN: 978-0-08-092194-5


Chapter One

Building a Secure Organization

John Mallery BKD, LLP

It seems logical that any business, whether a commercial enterprise or a not-for-profit business, would understand that building a secure organization is important to long-term success. When a business implements and maintains a strong security posture, it can take advantage of numerous benefits. An organization that can demonstrate an infrastructure protected by robust security mechanisms can potentially see a reduction in insurance premiums being paid. A secure organization can use its security program as a marketing tool, demonstrating to clients that it values their business so much that it takes a very aggressive stance on protecting their information. But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches.

As of September 2008, according to the National Conference of State Legislatures, 44 states, the District of Columbia, and Puerto Rico had enacted legislation requiring notification of security breaches involving personal information. Security breaches can cost an organization significantly through a tarnished reputation, lost business, and legal fees. And numerous regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley Act, require businesses to maintain the security of information. Despite the benefits of maintaining a secure organization and the potentially devastating consequences of not doing so, many organizations have poor security mechanisms, implementations, policies, and culture.

1. OBSTACLES TO SECURITY

In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.

Security Is Inconvenient

Security, by its very nature, is inconvenient, and the more robust the security mechanisms, the more inconvenient the process becomes. Employees in an organization have a job to do; they want to get to work right away. Most security mechanisms, from passwords to multifactor authentication, are seen as roadblocks to productivity. One of the current trends in security is to add whole disk encryption to laptop computers. Although this is a highly recommended security process, it adds a second login step before a computer user can actually start working. Even if the step adds only one minute to the login process, over the course of a year this adds up to four hours of lost productivity. Some would argue that this lost productivity is balanced by the added level of security. But across a large organization, this lost productivity could prove significant.

To gain a full appreciation of the frustration caused by security measures, we have only to watch the Transportation Security Administration (TSA) security lines at any airport. Simply watch the frustration build as a particular item is run through the scanner for a third time while a passenger is running late to board his flight. Security implementations are based on a sliding scale; one end of the scale is total security and total inconvenience, the other is total insecurity and complete ease of use. When we implement any security mechanism, it should be placed on the scale where the level of security and ease of use match the acceptable level of risk for the organization.

Computers Are Powerful and Complex

Home computers have become storehouses of personal materials. Our computers now contain wedding videos, scanned family photos, music libraries, movie collections, and financial and medical records. Because computers contain such familiar objects, we have forgotten that computers are very powerful and complex devices. It wasn't that long ago that computers as powerful as our desktop and laptop computers would have filled one or more very large rooms. In addition, today's computers present a "user-friendly" face to the world. Most people are unfamiliar with the way computers truly function and what goes on "behind the scenes." Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals. For example, many individuals still believe that a Windows login password protects data on a computer. On the contrary-someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.

Computer Users Are Unsophisticated

Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they "know everything about computers." These "power users" have moved beyond application basics, but many still do not understand even basic security concepts. Many users will indiscriminately install software and visit questionable Web sites despite the fact that these actions could violate company policies. The "bad guys"—people who want to steal information from or wreak havoc on computers systems—have also identified that the average user is a weak link in the security chain. As companies began investing more money in perimeter defenses, attackers look to the path of least resistance. They send malware as attachments to email, asking recipients to open the attachment. Despite being told not to open attachments from unknown senders or simply not to open attachments at all, employees consistently violate this policy, wreaking havoc on their networks. The "I Love You Virus" spread very rapidly in this manner. More recently, phishing scams have been very effective in convincing individuals to provide their personal online banking and credit-card information. Why would an attacker struggle to break through an organization's defenses when end users are more than willing to provide the keys to bank accounts? Addressing the threat caused by untrained and unwary end users is a significant part of any security program.

Computers Created Without a Thought to Security

During the development of personal computers (PCs), no thought was put into security. Early PCs were very simple affairs that had limited computing power and no keyboards and were programmed by flipping a series of switches. They were developed almost as curiosities. Even as they became more advanced and complex, all effort was focused on developing greater sophistication and capabilities; no one thought they would have security issues. We only have to look at some of the early computers, such as the Berkeley Enterprises Geniac, the Heathkit EC-1, or the MITS Altair 8800, to understand why security was not an issue back then. The development of computers was focused on what they could do, not how they could be attacked.

As computers began to be interconnected, the driving force was providing the ability to share information, certainly not to protect it. Initially the Internet was designed for military applications, but eventually it migrated to colleges and universities, the principal tenet of which is the sharing of knowledge.

Current Trend Is to Share, Not Protect

Even now, despite the stories of compromised data, people still want to share their data with everyone. And Web-based applications are making this easier to do than simply attaching a file to an email. Social networking sites such as SixApart provide the ability to share material: "Send messages, files, links, and events to your friends. Create a network of friends and share stuff. It's free and easy ..." In addition, many online data storage sites such as DropSend and FilesAnywhere provide the ability to share files. Although currently in the beta state of development, Swivel provides the ability to upload data sets for analysis and comparison. These sites can allow proprietary data to leave an organization by bypassing security mechanisms.

Data Accessible from Anywhere

As though employees' desire to share data is not enough of a threat to proprietary information, many business professionals want access to data from anywhere they work, on a variety of devices. To be productive, employees now request access to data and contact information on their laptops, desktops, home computers, and mobile devices. Therefore, IT departments must now provide the ability to sync data with numerous devices. And if the IT department can't or won't provide this capability, employees now have the power to take matters into their own hands.

(Continues...)



Excerpted from Computer and Information Security Handbook Copyright © 2009 by Elsevier Inc. . Excerpted by permission of Morgan Kaufmann Publishers. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents


PART I: OVERVIEW OF SYSTEM AND NETWORK SECURITY: A COMPREHENSIVE INTRODUCTION Chapter 1: Building a Secure Organization Chapter 2: A Cryptography Primer Chapter 3: Verifying User and Host Identity Chapter 4: Preventing System Intrusions Chapter 5: Guarding Against Network Intrusions Chapter 6: Ensuring Network Confidentiality Chapter 7: UNIX and Linux Security Chapter 8: Internet Security Chapter 9: Intranet Security Chapter 10: Local Area Network (LAN) Security Chapter 11: Wireless Network Security Chapter 12: RFID Security

PART II: MANAGING INFORMATION SECURITY
Chapter 13: Security Essentials for IT Managers: Protecting Mission-Critical Systems Chapter 14: Security Management Systems Chapter 15: IT Security Management Chapter 16: ID Management Chapter 17: Intrusion Detection and Prevention Systems Chapter 18: Computer Forensics Chapter 19: Firewalls Chapter 20: Penetration Testing Chapter 21: Vulnerability Assessment

PART III: ENCRYPTION TECHNOLOGY
Chapter 22: Data Encryption
Chapter 23: Satellite Encryption
Chapter 24: Public Key Infrastructure
Chapter 25: Instant Messaging Security

PART IV: PRIVACY AND ACCESS MANAGEMENT
Chapter 26: Net Privacy
Chapter 27: Virtual Private Networks
Chapter 28: Identity Theft
Chapter 29: Access Management
Chapter 30: IPSec Versus SSL VPNs For Secure Remote Access Chapter 31: VoIP Security

PART V: STORAGE SECURITY
Chapter 32: SAN Security
Chapter 33: Disaster Recovery
Chapter 34: Risk Management

PART VI: PHYSICAL SECURITY
Chapter 35: Physical Security Essentials Chapter 36: Facilities Security Management Chapter 37: Biometerics Chapter 38: Homeland Security Chapter 39: Information Warfare

Read More Show Less

Customer Reviews

Average Rating 4
( 3 )
Rating Distribution

5 Star

(1)

4 Star

(1)

3 Star

(1)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 3 Customer Reviews
  • Posted November 15, 2009

    more from this reviewer

    Research - CD

    I found the book good for research while working on my PhD. However, it would be useful to include a CD version along with the book.

    Was this review helpful? Yes  No   Report this review
  • Posted July 11, 2009

    The Essential Guide on Computer Security

    This reference text pulls together experts on computer security, privacy and informance assurance. These experts come from both leading universities as well industry leading companies like EMC, Cisco and Intel.
    These experts provide in depth coverage of computer security theory and practical applications including recent advancements. This text is essential for students or professionals in the computer security field.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 4, 2010

    No text was provided for this review.

Sort by: Showing all of 3 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)