Inside Internet Security: What Hackers Don't Want You To Know

Jeff Crume

Inside Internet Security: What Hackers Don't Want You To Know
  • 出版商: Addison Wesley
  • 出版日期: 2000-09-08
  • 售價: $2,130
  • 貴賓價: 9.5$2,024
  • 語言: 英文
  • 頁數: 288
  • 裝訂: Paperback
  • ISBN: 2016751614
  • ISBN-13: 9780201675160
  • 相關分類: 資訊安全駭客 Hack

    • 已絕版

買這商品的人也買了...

商品描述


Description

Understand the real issues of Internet security -- without getting lost in the complexity!

  • 16 key vulnerabilities hackers don't want you to recognize -- and what to do about them!
  • Building computer security policies that really work -- and avoiding policies that are guaranteed to fail.
  • A broad-based multi-platform approach, with special insider's insights into IBM-centered environments.
Inside Internet Security is the practical, accessible, real-world security guide for everyone who designs or manages business-critical networks. IBM Tivoli Systems consultant Jeff Crume demonstrates how many hacker attacks are little more than "variations on a theme": tried-and-true, well-known attacks that only succeed because IT professionals choose to ignore their vulnerabilities. Crume shows how hackers think and work; how to assess your risk, how to build security policies that teach -- and how to avoid creating policies that are doomed to fail. He reviews the key network security risks hackers don't want you to know about: the limitations of firewalls, passwords and anti-virus software; security risks in downlevel software; dangerous default settings; obsolete cryptography; backdoors, and many more. Next, he presents a high-level guide to defending yourself, focused on the human and management issues that are at the heart of most information security failures. For all enterprise network administrators, designers, and managers.

Jeff Crume is a Consulting IT/Security Specialist with IBM's Tivoli Systems organization in Raleigh, NC. He has worked as a programmer, product designer, technical support specialist, and systems engineer during his 16 years with the company. During that time, he helped lead development for the initial release of IBM's NetView network management software, and was awarded a U.S. patent for his work on message forwarding and loop detection.

Back to Top


Appropriate Courses

Computer Security/Cryptography.

Back to Top


Table Of Contents

Preface.
Introduction.
Magic or just a trick?
Striking the right balance.
'Hacker' disclaimer.

I. SIZING UP THE SITUATION SECURITY CONCEPTS.

1. Bringing down the Net.
Talking the talk.
Insecure from the start.

2. Is it safe?
Rising from the ashes.
You can't have it all.
The hacker's obstacle course.
The lesson of Lord Lovell - or - Too much of a good thing?
But what's all this going to cost?
News from the front.

3. What is a hacker?
Homogenized hackers?
Portrait of a hacker.
The joy of hacking.
What do they want?
The real payback.
An eye for an eye.
Cyberterrorism.
Hacking for fun and profit.
Prime-time hacking.
You've got the money and they've got the time.

4. Analyzing the risks (and counting the costs).
Risk Analysis or post mortem.
Acceptable risk.
Sizing up the situation.
Cumulative insecurity.
A meteorite-proof car?
Cost-effective countermeasures.
Evaluating countermeasures.

5. The role of policy.
How to mess up a security policy without even trying.
KISS that policy goodbye.
Policy that teaches.
Getting it right.

6. Putting all the pieces together.

II. THE HACKER'S EDGE: INTERNET SECURITY VULNERABILITIES.

7. What you don't know can hurt you.
Gotcha!

8. Hackers don't want you to know that ... firewalls are just the beginning.
What is a firewall?
Under the hood.
What a firewall can do.
Drawing the battle lines.
What a firewall should not do ... .
Firewalls and policy.
Holes in the firewall filter.
Traditional firewall options.
Firewalls, firewalls, everywhere ... .
Keeping the firewall in its place.

9. Hackers don't want you to know that ... not all the bad guys are 'out there'.
Model employee or spy?
Good firewalls make good neighbours.
Managing the revolving door.

10. Hackers don't want you to know that ... humans are the weakest link.
Hacker or con man?
It's a dirty job but somebody's going to do it.
I know who you are and what you did.
Plugging the leaks.
The spirit of the law.

11. Hackers don't want you to know that ... passwords aren't secure.
The problem with passwords.
Insecurity administrators?
Password guessing.
Password nabbing.
Password cracking.
Throwing the book at them.
Doing it the hard way.
Exceptions to the (password) rules.
Following the rules.
Sign me on.
Are you really you?
The burden of proof.

12 Hackers don't want you to know that ... they can see you but you can't see them.
What's that smell?
Aroma or stench?
The 'silent attack'.
Sniffing for sniffers.
Hanging up on the party line.
Moving to a private line.
Choices, choices, choices ... .

13 Hackers don't want you to know that ... downlevel software is vulnerable.
It's d‚j... vu all over again.
Pardon me, but your buffer is overflowing.
You're breaking me up.
This doesn't belong here!
A cure that's worse than the disease?
Exterminating the bugs.
Spreading the word.

14. Hackers don't want you to know that ... defaults are dangerous.
'De'faults are your faults.
The security afterthought.
Minding the virtual store.

15. Hackers don't want you to know that ... it takes a thief to catch a thief.
Levelling the playing field.
Eating from the same trough.
Keeping up with the hackers.

16. Hackers don't want you to know that ... attacks are getting easier.
A deal with the devil?
Tools of the hacker trade.
Coming in through the back door.
Burning bridges.
'You've got mail ... bombs'.
I hope you can swim.
Lowering the bar.
The bottom line.

17. Hackers don't want you to know that ... virus protection is inadequate.
Merry Christmas and a Happy New Worm.
One good worm deserves another.
Pick your parasite.
Where do they come from?
How do they spread?
I'm not feeling so well ... .
Epidemic or hysteria?
Publish and perish.
The virus is in the mail.
Viruses in the pipes.
Killer viruses!
The sky is falling!!!
Crying 'wolf'.
In search of a cure.

18. Hackers don't want you to know that ... active content is more active than you think.
Active hacking.

19. Hackers don't want you to know that ... yesterday's strong crypto is today's weak crypto.
Cracking 101.
The mathematician's war.
Strong crypto?
How strong is strong?
The politics of cryptography.
Securing the information highway for e-business.

20. Hackers don't want you to know that ... the back door is open.
Lessons from the battlefront.
High-tech defences.
The door swings both ways.
Dialling for dollars.
Switching off.
Locking the back door.

21. Hackers don't want you to know that ... there's no such thing as a harmless attack.
E-graffiti.
But it's only ... .
We've only just begun ... to hack.
Winning by losing.
'Unimportant' systems.

22. Hackers don't want you to know that ... information is your best defence.
The hacker's prize.
Your best defence.
Information for the masses.
Calling in reinforcements.
Winning the war.

23. Hackers don't want you to know that ... the future of hacking is bright.
I see more IT in your future.
Upping the ante.
Naked on the Net.
Networks out of thin air.
Cryptic solutions.
Computers everywhere.
The NC's niche.
Conclusion.

Appendix A: Crypto tutorial.
A.1. The 'key' to understanding crypto.
A.2. Symmetric cryptography.
A.3. Asymmetric cryptography.
A.4. The best of both worlds.
A.5. Getting 'carded' in cyberspace.
A.6. Digital ink?

Appendix B. VPN tutorial.
B.1. Inside the VPN tunnel.
B.2. VPN defined.
B.3. Virtual privacy or virtually private?
B.4. Standards, standards everywhere ... .
B.5. Opening the IPSec envelope.
B.6. Are you really you?
B.7. Just between you and me.
B.8. Who has the key?
B.9. The envelope, please ... .
B.10. And if that weren't enough ... .
B.11. The light at the end of the tunnel.

Glossary.
Bibliography.
Index.



Back to Top

類似商品