Inside Internet Security: What Hackers Don't Want You To Know
Jeff Crume
- 出版商: Addison Wesley
- 出版日期: 2000-09-08
- 售價: $2,130
- 貴賓價: 9.5 折 $2,024
- 語言: 英文
- 頁數: 288
- 裝訂: Paperback
- ISBN: 2016751614
- ISBN-13: 9780201675160
-
相關分類:
資訊安全、駭客 Hack
已絕版
買這商品的人也買了...
-
$490$417 -
$420$328 -
$450$360 -
$490$382 -
$450$351 -
$680$578 -
$2,330$2,214 -
$620$558 -
$780$616 -
$600$474 -
$550$435 -
$450$383 -
$580$458 -
$620$558 -
$650$553 -
$550$468 -
$760$600 -
$580$458 -
$280$221 -
$600$474 -
$290$229 -
$490$387 -
$860$731 -
$480$374 -
$580$458
商品描述
Description
Understand the real issues of Internet security -- without getting lost in the complexity!
- 16 key vulnerabilities hackers don't want you to recognize -- and what to do about them!
- Building computer security policies that really work -- and avoiding policies that are guaranteed to fail.
- A broad-based multi-platform approach, with special insider's insights into IBM-centered environments.
Jeff Crume is a Consulting IT/Security Specialist with IBM's Tivoli Systems organization in Raleigh, NC. He has worked as a programmer, product designer, technical support specialist, and systems engineer during his 16 years with the company. During that time, he helped lead development for the initial release of IBM's NetView network management software, and was awarded a U.S. patent for his work on message forwarding and loop detection.
Computer Security/Cryptography.
Table Of Contents
Preface.Introduction.
Magic or just a trick?
Striking the right balance.
'Hacker' disclaimer.
I. SIZING UP THE SITUATION SECURITY CONCEPTS.
1. Bringing down the Net. Talking the talk.
Insecure from the start.
Insecure from the start.
2. Is it safe?
Rising from the ashes.
You can't have it all.
The hacker's obstacle course.
The lesson of Lord Lovell - or - Too much of a good thing?
But what's all this going to cost?
News from the front.
You can't have it all.
The hacker's obstacle course.
The lesson of Lord Lovell - or - Too much of a good thing?
But what's all this going to cost?
News from the front.
3. What is a hacker?
Homogenized hackers?
Portrait of a hacker.
The joy of hacking.
What do they want?
The real payback.
An eye for an eye.
Cyberterrorism.
Hacking for fun and profit.
Prime-time hacking.
You've got the money and they've got the time.
Portrait of a hacker.
The joy of hacking.
What do they want?
The real payback.
An eye for an eye.
Cyberterrorism.
Hacking for fun and profit.
Prime-time hacking.
You've got the money and they've got the time.
4. Analyzing the risks (and counting the costs).
Risk Analysis or post mortem.
Acceptable risk.
Sizing up the situation.
Cumulative insecurity.
A meteorite-proof car?
Cost-effective countermeasures.
Evaluating countermeasures.
Acceptable risk.
Sizing up the situation.
Cumulative insecurity.
A meteorite-proof car?
Cost-effective countermeasures.
Evaluating countermeasures.
5. The role of policy.
How to mess up a security policy without even trying.
KISS that policy goodbye.
Policy that teaches.
Getting it right.
KISS that policy goodbye.
Policy that teaches.
Getting it right.
6. Putting all the pieces together.
II. THE HACKER'S EDGE: INTERNET SECURITY VULNERABILITIES.
7. What you don't know can hurt you. Gotcha!
8. Hackers don't want you to know that ... firewalls are just the beginning.
What is a firewall?
Under the hood.
What a firewall can do.
Drawing the battle lines.
What a firewall should not do ... .
Firewalls and policy.
Holes in the firewall filter.
Traditional firewall options.
Firewalls, firewalls, everywhere ... .
Keeping the firewall in its place.
Under the hood.
What a firewall can do.
Drawing the battle lines.
What a firewall should not do ... .
Firewalls and policy.
Holes in the firewall filter.
Traditional firewall options.
Firewalls, firewalls, everywhere ... .
Keeping the firewall in its place.
9. Hackers don't want you to know that ... not all the bad guys are 'out there'.
Model employee or spy?
Good firewalls make good neighbours.
Managing the revolving door.
Good firewalls make good neighbours.
Managing the revolving door.
10. Hackers don't want you to know that ... humans are the weakest link.
Hacker or con man?
It's a dirty job but somebody's going to do it.
I know who you are and what you did.
Plugging the leaks.
The spirit of the law.
It's a dirty job but somebody's going to do it.
I know who you are and what you did.
Plugging the leaks.
The spirit of the law.
11. Hackers don't want you to know that ... passwords aren't secure.
The problem with passwords.
Insecurity administrators?
Password guessing.
Password nabbing.
Password cracking.
Throwing the book at them.
Doing it the hard way.
Exceptions to the (password) rules.
Following the rules.
Sign me on.
Are you really you?
The burden of proof.
Insecurity administrators?
Password guessing.
Password nabbing.
Password cracking.
Throwing the book at them.
Doing it the hard way.
Exceptions to the (password) rules.
Following the rules.
Sign me on.
Are you really you?
The burden of proof.
12 Hackers don't want you to know that ... they can see you but you can't see them.
What's that smell?
Aroma or stench?
The 'silent attack'.
Sniffing for sniffers.
Hanging up on the party line.
Moving to a private line.
Choices, choices, choices ... .
Aroma or stench?
The 'silent attack'.
Sniffing for sniffers.
Hanging up on the party line.
Moving to a private line.
Choices, choices, choices ... .
13 Hackers don't want you to know that ... downlevel software is vulnerable.
It's dj... vu all over again.
Pardon me, but your buffer is overflowing.
You're breaking me up.
This doesn't belong here!
A cure that's worse than the disease?
Exterminating the bugs.
Spreading the word.
Pardon me, but your buffer is overflowing.
You're breaking me up.
This doesn't belong here!
A cure that's worse than the disease?
Exterminating the bugs.
Spreading the word.
14. Hackers don't want you to know that ... defaults are dangerous.
'De'faults are your faults.
The security afterthought.
Minding the virtual store.
The security afterthought.
Minding the virtual store.
15. Hackers don't want you to know that ... it takes a thief to catch a thief.
Levelling the playing field.
Eating from the same trough.
Keeping up with the hackers.
Eating from the same trough.
Keeping up with the hackers.
16. Hackers don't want you to know that ... attacks are getting easier.
A deal with the devil?
Tools of the hacker trade.
Coming in through the back door.
Burning bridges.
'You've got mail ... bombs'.
I hope you can swim.
Lowering the bar.
The bottom line.
Tools of the hacker trade.
Coming in through the back door.
Burning bridges.
'You've got mail ... bombs'.
I hope you can swim.
Lowering the bar.
The bottom line.
17. Hackers don't want you to know that ... virus protection is inadequate.
Merry Christmas and a Happy New Worm.
One good worm deserves another.
Pick your parasite.
Where do they come from?
How do they spread?
I'm not feeling so well ... .
Epidemic or hysteria?
Publish and perish.
The virus is in the mail.
Viruses in the pipes.
Killer viruses!
The sky is falling!!!
Crying 'wolf'.
In search of a cure.
One good worm deserves another.
Pick your parasite.
Where do they come from?
How do they spread?
I'm not feeling so well ... .
Epidemic or hysteria?
Publish and perish.
The virus is in the mail.
Viruses in the pipes.
Killer viruses!
The sky is falling!!!
Crying 'wolf'.
In search of a cure.
18. Hackers don't want you to know that ... active content is more active than you think.
Active hacking.
19. Hackers don't want you to know that ... yesterday's strong crypto is today's weak crypto.
Cracking 101.
The mathematician's war.
Strong crypto?
How strong is strong?
The politics of cryptography.
Securing the information highway for e-business.
The mathematician's war.
Strong crypto?
How strong is strong?
The politics of cryptography.
Securing the information highway for e-business.
20. Hackers don't want you to know that ... the back door is open.
Lessons from the battlefront.
High-tech defences.
The door swings both ways.
Dialling for dollars.
Switching off.
Locking the back door.
High-tech defences.
The door swings both ways.
Dialling for dollars.
Switching off.
Locking the back door.
21. Hackers don't want you to know that ... there's no such thing as a harmless attack.
E-graffiti.
But it's only ... .
We've only just begun ... to hack.
Winning by losing.
'Unimportant' systems.
But it's only ... .
We've only just begun ... to hack.
Winning by losing.
'Unimportant' systems.
22. Hackers don't want you to know that ... information is your best defence.
The hacker's prize.
Your best defence.
Information for the masses.
Calling in reinforcements.
Winning the war.
Your best defence.
Information for the masses.
Calling in reinforcements.
Winning the war.
23. Hackers don't want you to know that ... the future of hacking is bright.
I see more IT in your future.
Upping the ante.
Naked on the Net.
Networks out of thin air.
Cryptic solutions.
Computers everywhere.
The NC's niche.
Conclusion.
Upping the ante.
Naked on the Net.
Networks out of thin air.
Cryptic solutions.
Computers everywhere.
The NC's niche.
Conclusion.
Appendix A: Crypto tutorial.
A.1. The 'key' to understanding crypto.
A.2. Symmetric cryptography.
A.3. Asymmetric cryptography.
A.4. The best of both worlds.
A.5. Getting 'carded' in cyberspace.
A.6. Digital ink?
A.2. Symmetric cryptography.
A.3. Asymmetric cryptography.
A.4. The best of both worlds.
A.5. Getting 'carded' in cyberspace.
A.6. Digital ink?
Appendix B. VPN tutorial.
B.1. Inside the VPN tunnel.
B.2. VPN defined.
B.3. Virtual privacy or virtually private?
B.4. Standards, standards everywhere ... .
B.5. Opening the IPSec envelope.
B.6. Are you really you?
B.7. Just between you and me.
B.8. Who has the key?
B.9. The envelope, please ... .
B.10. And if that weren't enough ... .
B.11. The light at the end of the tunnel.
B.2. VPN defined.
B.3. Virtual privacy or virtually private?
B.4. Standards, standards everywhere ... .
B.5. Opening the IPSec envelope.
B.6. Are you really you?
B.7. Just between you and me.
B.8. Who has the key?
B.9. The envelope, please ... .
B.10. And if that weren't enough ... .
B.11. The light at the end of the tunnel.
Glossary.
Bibliography.
Index.