Synopses & Reviews
Hardly a week goes by without a report of some hacker, disgruntled employee, or techno-thief breaking into a computer system--vandalizing Web sites, stealing confidential data, compromising trade secrets, or worse. Much more than merely troublesome or inconvenient, these unauthorized incursions often spell disaster for businesses.
THE COMPLETE GUIDE TO INTERNET SECURITY offers a behind-the-scenes guided tour through the field of information security for IT professionals, systems analysts, CIOs, programmers, and anyone intent on making their computer system more secure. Practical and easy to understand, this indispensable guide covers:
x Inherent vulnerabilities of Internet protocol-attached networks
x Weaknesses of e-commerce sites
x Attacks from within the company
x Common hacker tools
x Costly consequences of security breaches
x Physical and logical system security, including firewalls, routers, proxies, access controls, intrusion detection, and policy-based networking
x Commercial security software
x Cryptography, and more.
About the Author
Mark S. Merkow (Tempe, AZ) is a system security officer in the electronic commerce security design department at a global financial services company. James Breithaupt (Phoenix, AZ) is a project manager for one of America's premier brokerage firms.
Table of Contents
Part I: Understanding Security Principles and Threats
1. Building a Foundation for Information Security
2. The Fundamental Elements of Security
3. Vulnerabilities to Internet-attached Networks
4. E-Commerce System Vulnerabilities and Other Threats from Within
5. Peeking Inside a HackerÕs Toolbox
Part II: Preparing to Launch an Effective Defense
6. Security Assurance Concepts
7. Security Technologies
Part III: Building Upon the Layers of Security
8. Physical Security
9. Logical Security
10. Application-layer Security
Part IV: Inside Cryptography for E-Commerce Security
11. An Introduction to Cryptography
12. Transport Layer Cryptography
13. Understanding Digital Signature and Public Key Infrastructures
14. Key Management Principles
15. Application-layer Cryptography
16. Access Controls with Cryptography
Part V: Wrap-up
17. Security Is a Never-ending Challenge
18. The Future of Security
Appendix A: Sample Security Policy
Appendix B: Bookmarks to Additional Security Internet Sites
Appendix C: Trade and Industry Groups That Specialize in Infosec
Appendix D: Suggested Reading List (books and print publications)
Appendix E: Glossary of Security Terms