Intranet Security - Stories from the Trenches

( 1 )

Overview

Security consultant Linda McCarthy shows how breaches occurred, what steps were taken to deal with them - and how well they worked, what steps could have been taken to prevent the crisis. In this book, you'll watch as real network administrators track hacker intrusions. You'll see firsthand how companies struggle with security problems caused by poor training, lack of management support, hidden agendas, and careless intranet development. You'll find checklists of preventive security measures you can take right ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (16) from $1.99   
  • New (4) from $5.66   
  • Used (12) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$5.66
Seller since 2015

Feedback rating:

(117)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Most orders ship same day!

Ships from: Lansing, KS

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$22.00
Seller since 2009

Feedback rating:

(39)

Condition: New
1998 Trade paperback New. No dust jacket as issued. New Trade paperback (US). Glued binding. 288 p. Audience: General/trade.

Ships from: Branson, MO

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$34.50
Seller since 2015

Feedback rating:

(366)

Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$50.00
Seller since 2015

Feedback rating:

(241)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

Security consultant Linda McCarthy shows how breaches occurred, what steps were taken to deal with them - and how well they worked, what steps could have been taken to prevent the crisis. In this book, you'll watch as real network administrators track hacker intrusions. You'll see firsthand how companies struggle with security problems caused by poor training, lack of management support, hidden agendas, and careless intranet development. You'll find checklists of preventive security measures you can take right now - and lists of tools that can help. Above all, you'll find insight into the all-too-human security flaws that make corporate intranets an easy target for hackers.
Read More Show Less

Product Details

  • ISBN-13: 9780138947590
  • Publisher: Prentice Hall Professional Technical Reference
  • Publication date: 9/15/1997
  • Pages: 288
  • Product dimensions: 7.01 (w) x 9.21 (h) x 0.79 (d)

Read an Excerpt

PREFACE: Introduction

The age of connectivity is definitely upon us. With information flowing freely in and from all directions and electronic commerce knocking down new doors, network security has come to include a lot more than just using a good firewall to connect to the Internet.

I've spent a lot of time auditing security on distributed networks. In many cases, I found that data could be easily modified, stolen, or destroyed without a trace that the incident ever occurred. The system administrators and other powers-that-were knew that the systems weren't configured for security. What they didn't know was just how high their level of risk was. Executive managers were equally unaware of the risks.

This book lets you learn from their mistakes. If you are an executive manager, manager, system administrator—or anyone responsible for Intranet security—you must take an active approach to security. Don't make the same mistakes these companies did. It could cost you your company.

About this Book

WHAT you are about to read is NOT a work of fiction. This is a collection of REAL security audits. Each chapter focuses on an audit that I actually conducted (in person!) for a real, live, functioning company. If I'd used the actual company names, you would probably recognize that you'd personally done business with some of them.

Of course, I didn't use the real names of the companies, employees, or other parties for obvious legal and ethical reasons. But I did use the real facts regarding risk and my audit approach in each case. Read closely, especially if you are an executive manager, line-level manager, system administrator,lawyer, or law enforcement professional. The risks described are risks that you NEED to understand.
As a side note, most of the audits I describe in this book were conducted on UNIX systems. Some people, including some security people who should know better, believe that UNIX is inherently more susceptible to security problems than newer platforms like Windows NT. Don't buy it. The truth is that UNIX security is much better understood because it has been pounded on for about 20 years. In newer operating systems, the holes haven't been fully discovered and exploited. Industry experts are now saying that NT configurations may be equally or more vulnerable.
In any case, the real risks are not only built-in to the operating systems. Serious risks lie in the way systems are installed, configured, supported, and managed. It is those factors that most determine the risk to your company.
In pointing out these risks, I'm hoping that the people responsible for data on networks start taking an active and serious approach to security.

How this Book Is Organized
Even though these audits are real, I begin each chapter with a fictional scenario written in first person. In my corporate work, I've found that a lot of people start to take security seriously only when something happens to their systems, their data, and their company—just one of many respects in which the "Me" decade never really ended. I personalize each scenario by placing you, the reader, into the story to transfer the message that this really could happen to your data and your company.
The bulk of each chapter describes the actual security risks that I uncovered during the audit. This section also explains how those risks came to be. You don't just wake up one morning to find that your network security has gone AWOL. Security breaches usually occur by omission or poor planning executed over long periods of time. These sections explain some ways that can happen.
The last section of each chapter, "Let's Not Go There...," tells you how to avoid the problems in the first place. My hope is that you will read those sections carefully and take the guidelines to heart.
About Hackers
Throughout this book, I use the term "hacker" to mean someone who gains unauthorized access to systems and information. Some experts use the term "cracker" instead, noting that some programmers like to call themselves "hackers" when in fact they are really expert coders and not inclined to criminal activity. I decided to use "hacker" instead, because its use is widespread outside security circles and nearly anyone likely to pick up this book would know what I meant by it. I've also referred to "the hacker" as "he" in most cases. We all know that a hacker can be male or female, but it's annoying to read "he or she" over and over again.
Finally, this book is about hackers—not for them. If you are a wanna-be hacker, you will not learn how to break into systems from this book. You might as well put it back on the shelf now.

Read More Show Less

Table of Contents

Foreword
Acknowledgments
About the Author
Introduction
Ch. 1 Visitors in the Night 3
Ch. 2 The Bogus Box 25
Ch. 3 Executive Nightmare 45
Ch. 4 Controlling Access 65
Ch. 5 What You Don't Know 85
Ch. 6 Risking the Corporation 103
Ch. 7 Not My Job 121
Ch. 8 For Art's Sake 139
Ch. 9 Outsourcing the Store 155
Ch. 10 What They See Can Hurt You 171
Ch. 11 A Hacker's Walk Through the Network 179
Appendix A People and Products to Know 217
Acronyms 243
Glossary 245
Index 253
Read More Show Less

Preface

The age of connectivity is definitely upon us. With information flowing freely in and from all directions and electronic commerce knocking down new doors, network security has come to include a lot more than just using a good firewall to connect to the Internet.

I've spent a lot of time auditing security on distributed networks. In many cases, I found that data could be easily modified, stolen, or destroyed without a trace that the incident ever occurred. The system administrators and other powers-that-were knew that the systems weren't configured for security. What they didn't know was just how high their level of risk was. Executive managers were equally unaware of the risks.

This book lets you learn from their mistakes. If you are an executive manager, manager, system administrator--or anyone responsible for Intranet security--you must take an active approach to security. Don't make the same mistakes these companies did. It could cost you your company.

About this Book

WHAT you are about to read is NOT a work of fiction. This is a collection of REAL security audits. Each chapter focuses on an audit that I actually conducted (in person!) for a real, live, functioning company. If I'd used the actual company names, you would probably recognize that you'd personally done business with some of them.

Of course, I didn't use the real names of the companies, employees, or other parties for obvious legal and ethical reasons. But I did use the real facts regarding risk and my audit approach in each case. Read closely, especially if you are an executive manager, line-level manager, system administrator, lawyer, or law enforcement professional. The risks described are risks that you NEED to understand.
As a side note, most of the audits I describe in this book were conducted on UNIX systems. Some people, including some security people who should know better, believe that UNIX is inherently more susceptible to security problems than newer platforms like Windows NT. Don't buy it. The truth is that UNIX security is much better understood because it has been pounded on for about 20 years. In newer operating systems, the holes haven't been fully discovered and exploited. Industry experts are now saying that NT configurations may be equally or more vulnerable.
In any case, the real risks are not only built-in to the operating systems. Serious risks lie in the way systems are installed, configured, supported, and managed. It is those factors that most determine the risk to your company.
In pointing out these risks, I'm hoping that the people responsible for data on networks start taking an active and serious approach to security.

How this Book Is Organized
Even though these audits are real, I begin each chapter with a fictional scenario written in first person. In my corporate work, I've found that a lot of people start to take security seriously only when something happens to their systems, their data, and their company--just one of many respects in which the "Me" decade never really ended. I personalize each scenario by placing you, the reader, into the story to transfer the message that this really could happen to your data and your company.
The bulk of each chapter describes the actual security risks that I uncovered during the audit. This section also explains how those risks came to be. You don't just wake up one morning to find that your network security has gone AWOL. Security breaches usually occur by omission or poor planning executed over long periods of time. These sections explain some ways that can happen.
The last section of each chapter, "Let's Not Go There...," tells you how to avoid the problems in the first place. My hope is that you will read those sections carefully and take the guidelines to heart.
About Hackers
Throughout this book, I use the term "hacker" to mean someone who gains unauthorized access to systems and information. Some experts use the term "cracker" instead, noting that some programmers like to call themselves "hackers" when in fact they are really expert coders and not inclined to criminal activity. I decided to use "hacker" instead, because its use is widespread outside security circles and nearly anyone likely to pick up this book would know what I meant by it. I've also referred to "the hacker" as "he" in most cases. We all know that a hacker can be male or female, but it's annoying to read "he or she" over and over again.
Finally, this book is about hackers--not for them. If you are a wanna-be hacker, you will not learn how to break into systems from this book. You might as well put it back on the shelf now.
Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted January 20, 2000

    Don't think it only happens to other companies!

    If you don't know the security policy for your company and you have a PC then you will need to read this book. The stories in this book will apply to you. This is a must read book not only for Intranet security but for network security as well. Great Book!!!

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)