BN.com Gift Guide

The Internet Security Guidebook: From Planning to Deployment / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 97%)
Other sellers (Paperback)
  • All (6) from $1.99   
  • New (2) from $73.40   
  • Used (4) from $1.99   

Overview

The Internet Security Guidebook provides a complete analysis of an enterprise's Internet security. Strategies, steps, and procedures for conducting business securely on the Internet are discussed and reviewed. Very few organizations take the needed precautions to protect their Internet enterprise. Protection is not simply a firewall or technology; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach offered in this book evaluates security needs in relation to business goals and the current attacks on the global Internet. The goal of The Internet Security Guidebook is to protect the business-computing environment by keeping our online enterprises functioning correctly and securely.

Unlike other books available, this book contains a complete guide to Internet security that is accessible to both novices and computer professionals. The specific steps discussed and illustrated show the reader how to implement security from the individual process to the complete corporate enterprise. The reader will also learn about resources that can help such as the Computer Emergency Response Team (CERT), the Federal Bureau of Investigation (FBI), and even their own software vendors.

Audience: Computer information technologists, Web administrators, network managers, e-commerce managers.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
In one extraordinarily readable book, both executives and IT professionals can get a complete briefing on today's best practices for Internet security -- from planning through deployment, and beyond. More than that: They get the tools they need to take action.

Juanita Ellis and Timothy Speed show how to maximize security without transforming your Internet presence into a fortress no customer or partner dares broach. They cover the technologies and tools -- making cryptography, public-key infrastructure, and the rest a whole lot easier to understand than the usual treatments.

There's a full chapter on choosing the right firewall -- including a detailed set of evaluation guidelines, a six-page Assessment Form, and a list of vendors to start from.

That's the best thing about this book: hands-on materials you can use to start defining and implementing your own solutions. A Technology Security Review form for assessing the security risks associated with any technology or service within the organization. Corporate security and acceptable use policy outlines. A sample plan for rolling out PKI. Formulas for quantifying risks vs. the costs of addressing them.

Internet Security Guidebook: you'll find it exceptionally realistic, surprisingly friendly, and thoroughly usable. (Bill Camarda)

Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

From the Publisher
"A practical guide with well presented explanations of both the technical and human sides of a particular aspect of computer security."
—Book News, No. 7, 2001

"...a significant contribution to the body of literature in the field of information security..."
—Information Security Bulletin, June 2001

Book News
A practical guide with well presented explanations of both the technical and human sides of a particular aspect of computer security.
Read More Show Less

Product Details

  • ISBN-13: 9780122374715
  • Publisher: Elsevier Science
  • Publication date: 2/5/2001
  • Series: Korper and Ellis E-Commerce Books Series
  • Edition number: 1
  • Pages: 320
  • Product dimensions: 0.72 (w) x 7.50 (h) x 9.25 (d)

Meet the Author

Juanita Ellis has been at the forefront in working with corporations in the areas of convergence, computer Security and e-business. Some of these companies include Sony, JCPenney, SWBell, Boeing, Xerox, Bell Atlantic, MCI, Citibank and Toyota.

Currently, she works with companies in helping deploy voice and data networks, converged solutions, VPN security and call center applications. In addition, she was a technical manager at Lotus/IBM for the southern, mid-Atlantic, and eastern regions of the United States. As a technical manager, she was responsible for designing and architecting enterprise-wide applications that integrated with enterprise resource planning systems, Internet technologies, and relational and transaction-based systems. She is currently an independent consultant.

Timothy Speed is an infrastructure and security architect for Lotus Professional Services (LPS), an IBM company. Tim has been involved in Internet and messaging security for the last 8 years. He has assisted with the Domino infrastructure at the Nagano Olympics and the Lotus Notes systems for the Sydney Olympics. Certifications include MCSE, VCA (VeriSign Certified Administrator), Lotus Domino CLP Principal Administrator, and Lotus Domino CLP Principal Developer.

He and Juanita Ellis are the co-authors of books on Internet security and e-business.

Read More Show Less

Read an Excerpt

Chapter 1: Let's Do Business

An International Data Corporation (IDC) survey of 300 commercial U.S. companies with revenues over $100 million showed that information technology executives feel that although the Internet will fuel e-commerce growth, its increased use will endanger the internal security of their companies. Commented Chris Christiansen, program director with IDC's Internet Security service, "The increased use of the Internet is clearly seen as both heaven and hell-heaven because electronic commerce can boost revenues and lower costs, hell because it opens up networks and servers to external and, more significantly, internal attacks. IT executives are dealing with these challenges and opportunities by radically increasing spending on firewalls, encryption, antivirus, intrusion detection, single sign-on, public key infrastructure/certificate authority, and other security management software." Of the information technology executives that IDC surveyed, 50 percent believe that the number of security incidents in their companies will grow by 20 percent every year. These information technology executives have confidence in their current security systems, however, and are even more optimistic about the abilities of future security technologies to protect their enterprises. The IDC breaks down the overall Internet security software market into several categories, including the following.
  • Firewalls
  • Encryption software
  • Antiviral software
  • Authorization, authentication, and administration software

Firewalls, used to govern access and in the enforcement of security restrictions, will experience the fastest growth. It is expected that global revenues in the firewall market will grow by 40 percent each year through 2002. By 2002, antiviral software will be the largest market with revenues close to $3 billion. Data gathered from the survey conducted by IDC shows the high costs enterprises face due to loss of productivity and downtime as a result of virus attacks. In a one-year period, the average site in the IDC survey suffered 81 virus infection incidents. Viruses affect 12.3 percent of all users, incurring over one hour of downtime while the problem is repaired. Administrators spend an average of 79 minutes eradicating each viral infection. This loss of productivity and downtime adds up to big bucks. Antiviral software has been found to be a very cost-effective weapon against viral attacks.

The information technology executives in the IDC survey reported that two main obstacles impede the development of Internet security: high costs and lack of integration. If these issues can be resolved, then great gains can be realized in the security technology market according to Christiansen.

1.1 Security Components

Internet security is not simply a set of tools, documents, or software. It is a holistic attitude to protecting your business-a state of mind. This is the security formula for an Internet business environment. SE =(Pz+T) * C

SE (Secure Environment) = [Pz (Policy and Procedures) + T (Tools) * C (Commitment).

Each item is very important: Policy and procedures drive the security of the environment; Tools help implement the security requirements; and Commitment is required to make it all work. As the formula shows, if an organization creates the best policy in the world and then buys the best tools available but has zero commitment, the business environment security will fail-guaranteed.

Commitment

Therefore, let's start with the most important factor-commitment. The organization needs to integrate security into every facet of the business. We call this the "top down and bottom up approach." First, you need management to drive the importance of security. Security starts at the top of the organization and moves down to the individual contributor. It is not just an added on burden that must be reviewed annually as part of the budget process, but it is an integral part of every process and subsystem. Security is implemented from the bottom of the organization up to the CxOs (any chief officer of the organization: CEO, CIO, CFO). The biggest mistake an Internet-facing enterprise can make is considering Internet security an "evil necessity." Internet security should be looked at as a competitive asset. How your business functions says a lot about the quality of your company, including its security. It is important that your customers feel comfortable and secure doing business on your site. Corporations demonstrate their commitment to security by the amount of dollars they spend. The survey conducted by IDC found that the worldwide Internet security software market grew from $1.2 billion in 1996 sales to an estimated $3.1 billion in 1998. This figure had increased to over $4 billion in 1999, and it is forecast to grow to $7.4 billion by 2002.

In February 2000, following the DDoS attacks on several Internet sites, ICSA.net announced the formation of the Alliance for Internet Security. Established in 1989 as an independent corporation to promote the improvement and deployment of security technology, ICSA.net is the security industry's unifying source for vital standards and information. Through publication of its monthly In formation Security magazine, which reaches thousands of industry professionals, ICSA.net is the worldwide leader in security assurance services for Internet-connected companies.

With the formation of the Alliance for Internet Security, ICSA.net released guidelines to assist companies in identifying and solving potential security problems.

The Alliance for Internet Security included as its founding members Cable One, Cable & Wireless, Digex (a Web and application hosting provider), Global Center, Global Crossing, GTE Internetworking, Level 3 Communications, Road Runner, and Sprint.

The chair of the Alliance, Peter Tippett, stated, "The members of the Alliance are coming forward to be part of the solution and demonstrate their commitment to do the right thing on behalf of all of the Internet. DDoS attacks are a "public health" problem...

Read More Show Less

Table of Contents

Foreword
Preface
Acknowledgements
Copyright Notices and Statements
Introduction Who Is Knocking at the Door?
Chapter 1 Let's Do Business
1.1 Security Components
1.2 Do You Have a Process?
1.3 The Cost of Security
Chapter 2 Security Review
2.1 Review the Business
2.2 What Is a Trusted Network?
2.3 Initial Risk Analysis
2.4 The Policy
2.5 Implementation and Feedback
Chapter 3 Cryptography
3.1 History
3.2 Key Types
3.3 RSA-Public and Private Key
3.4 PKI and Business Solutions
Chapter 4 Secure Networks
4.1 TCP/IP and OSI
4.2 Port of Call (Let's Go on a Cruise)
4.3 Denial-of-Service Attacks
4.4 Virtual Private Networks
4.5 Secure Sockets Layer (SSL)
Chapter 5 Protecting Your Intranet from the Extranet and Internet
5.1 So Many Choices! I'll Get One of Each!
5.2 Firewall Product Functional Summaries
5.3 Firewall Buyer's Assessment Form
5.4 Firewall Vendors: Picking the
Products That Are Right for You
Chapter 6 Authentication
6.1 The Basics
6.2 Authentication
6.3 Authorisation
6.4 Smart Cards
Chapter 7 E-Commerce-
Public Key Infrastructure (PKI)
7.1 PKI and You
7.2 X.509
7.3 Certificate Authority
7.4 Certification Practice Statement
7.5 Certificate Revocation List
7.6 Key Recovery
7.7 Lightweight Directory Access Protocol (LDAP)
7.8 Public Key Cryptography Standards
7.9 Public Key Infrastructure (X.509) Standards
Chapter 8 Messaging Security
8.1 Safe Communication-Messaging
8.2 Getting Killed with Junk Mail
8.3 Keep It Running
Chapter 9 What Are We Doing Here?
9.1 Risk Analysis
9.2 Where Are the Threats?
9.3 Technology Security Review
9.4 Control Directory and Environmental Risk Table
9.5 Competitive Asset
Chapter 10 Let's Make the Plans
10.1 Security Plans, Policies, Procedures
10.2 The Corporate Security Policy Document
10.3 Physical Security Policy
10.4 Network Security Policy
10.5 Acceptable Use Policy
Chapter 11 We Have Been
Hacked! Oh, the Humanity!
11.1 Incident Handling
Chapter 12 The Total Package Specific Steps
12.1 Putting It All Together
12.2 The Plan
12.3 Sample Plan to Roll Out PKI
Appendix 1 Security Tools
A1.1 Tools
A1.2 Other Tool URLs

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)