Synopses & Reviews
This book will help the CEO, the CIO, information technology managers, and business persons with an interest in the architecture, design, and configuration of a secure computing environment.
This book discusses and reviews the strategies, steps, and procedures necessary to conduct business securely on the Internet.
The Internet Security Guidebook: From Planning to Deployment provides an analysis of an enterprise's complete Internet security. Very few organizations take the needed precautions to protect their Internet-facing enterprises. Protection for the Internet-facing enterprise is not just a firewall; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach, offered in this book, evaluates the security needs in relation to the business goals and the current attacks on our Internet. Specific steps that show the reader how to implement security from the individual process to the complete corporate enterprise are discussed and illustrated.
From the Foreword by William P. Crowell, President and CEO of Cylink Corporation and former Deputy Directory of the NSA:
This book is aimed at providing the reader, in plain English, an understanding of the business risks, the threats, the tools for dealing with the threats, and the processes needed to build more secure systems and continually improve them. The authors understand that the primary objective for the business users of security products is to build businesses that work and make money, not to build fortresses that no one can enter. They emphasize the practical and pragmatic approaches to securing e-business.
Review
"A practical guide with well presented explanations of both the technical and human sides of a particular aspect of computer security."
--Book News, No. 7, 2001
"...a significant contribution to the body of literature in the field of information security..."
--Information Security Bulletin, June 2001
Review
of literature in the field of information security..."
--Information Security Bulletin, June 2001
Synopsis
The Internet Security Guidebook provides a complete analysis of an enterprise's Internet security. Strategies, steps, and procedures for conducting business securely on the Internet are discussed and reviewed. Very few organizations take the needed precautions to protect their Internet enterprise. Protection is not simply a firewall or technology; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach offered in this book evaluates security needs in relation to business goals and the current attacks on the global Internet. The goal of
The Internet Security Guidebook is to protect the business-computing environment by keeping our online enterprises functioning correctly and securely.
Unlike other books available, this book contains a complete guide to Internet security that is accessible to both novices and computer professionals. The specific steps discussed and illustrated show the reader how to implement security from the individual process to the complete corporate enterprise. The reader will also learn about resources that can help such as the Computer Emergency Response Team (CERT), the Federal Bureau of Investigation (FBI), and even their own software vendors.
Synopsis
The Internet Security Guidebook provides a complete analysis of an enterprise's Internet security. Strategies, steps, and procedures for conducting business securely on the Internet are discussed and reviewed. Very few organizations take the needed precautions to protect their Internet enterprise. Protection is not simply a firewall or technology; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach offered in this book evaluates security needs in relation to business goals and the current attacks on the global Internet. The goal of
The Internet Security Guidebook is to protect the business-computing environment by keeping our online enterprises functioning correctly and securely.
Unlike other books available, this book contains a complete guide to Internet security that is accessible to both novices and computer professionals. The specific steps discussed and illustrated show the reader how to implement security from theindividual process to the complete corporate enterprise. The reader will also learn about resources that can help such as the Computer Emergency Response Team (CERT), the Federal Bureau of Investigation (FBI), and even their own software vendors.
Synopsis
iness users of security products is to build businesses that work and make money, not to build fortresses that no one can enter. They emphasize the practical and pragmatic approaches to securing e-business.
About the Author
Juanita Ellis has been at the forefront in working with corporations in the areas of convergence, computer Security and e-business. Some of these companies include Sony, JCPenney, SWBell, Boeing, Xerox, Bell Atlantic, MCI, Citibank and Toyota. Currently, she works with companies in helping deploy voice and data networks, converged solutions, VPN security and call center applications. In addition, she was a technical manager at Lotus/IBM for the southern, mid-Atlantic, and eastern regions of the United States. As a technical manager, she was responsible for designing and architecting enterprise-wide applications that integrated with enterprise resource planning systems, Internet technologies, and relational and transaction-based systems. She is currently an independent consultant.Timothy Speed is an infrastructure and security architect for Lotus Professional Services (LPS), an IBM company. Tim has been involved in Internet and messaging security for the last 8 years. He has assisted with the Domino infrastructure at the Nagano Olympics and the Lotus Notes systems for the Sydney Olympics. Certifications include MCSE, VCA (VeriSign Certified Administrator), Lotus Domino CLP Principal Administrator, and Lotus Domino CLP Principal Developer. He and Juanita Ellis are the co-authors of books on Internet security and e-business.
Lotus Consulting, Dallas, Texas, U.S.A.
Table of Contents
Foreword
Preface
Acknowledgements
Copyright Notices and Statements
Introduction Who Is Knocking at the Door?
Chapter 1 Let's Do Business
1.1 Security Components
1.2 Do You Have a Process?
1.3 The Cost of Security
Chapter 2 Security Review
2.1 Review the Business
2.2 What Is a Trusted Network?
2.3 Initial Risk Analysis
2.4 The Policy
2.5 Implementation and Feedback
Chapter 3 Cryptography
3.1 History
3.2 Key Types
3.3 RSA-Public and Private Key
3.4 PKI and Business Solutions
Chapter 4 Secure Networks
4.1 TCP/IP and OSI
4.2 Port of Call (Let's Go on a Cruise)
4.3 Denial-of-Service Attacks
4.4 Virtual Private Networks
4.5 Secure Sockets Layer (SSL)
Chapter 5 Protecting Your Intranet
from the Extranet and Internet
5.1 So Many Choices! I'll Get One of Each!
5.2 Firewall Product Functional Summaries
5.3 Firewall Buyer's Assessment Form
5.4 Firewall Vendors: Picking the
Products That Are Right for You
Chapter 6 Authentication
6.1 The Basics
6.2 Authentication
6.3 Authorisation
6.4 Smart Cards
Chapter 7 E-Commerce-
Public Key Infrastructure (PKI)
7.1 PKI and You
7.2 X.509
7.3 Certificate Authority
7.4 Certification Practice Statement
7.5 Certificate Revocation List
7.6 Key Recovery
7.7 Lightweight Directory Access Protocol (LDAP)
7.8 Public Key Cryptography Standards
7.9 Public Key Infrastructure (X.509) Standards
Chapter 8 Messaging Security
8.1 Safe Communication-Messaging
8.2 Getting Killed with Junk Mail
8.3 Keep It Running
Chapter 9 What Are We Doing Here?
9.1 Risk Analysis
9.2 Where Are the Threats?
9.3 Technology Security Review
9.4 Control Directory and Environmental Risk Table
9.5 Competitive Asset
Chapter 10 Let's Make the Plans
10.1 Security Plans, Policies, Procedures
10.2 The Corporate Security Policy Document
10.3 Physical Security Policy
10.4 Network Security Policy
10.5 Acceptable Use Policy
Chapter 11 We Have Been
Hacked! Oh, the Humanity!
11.1 Incident Handling
Chapter 12 The Total Package Specific Steps
12.1 Putting It All Together
12.2 The Plan
12.3 Sample Plan to Roll Out PKI
Appendix 1 Security Tools
A1.1 Tools
A1.2 Other Tool URLs