did-you-know? rent-now

Rent More, Save More! Use code: ECRENTAL

did-you-know? rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781555583385

IM Instant Messaging Security

by ;
  • ISBN13:

    9781555583385

  • ISBN10:

    1555583385

  • Format: Paperback
  • Copyright: 2005-06-15
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $88.95 Save up to $0.44
  • Buy New
    $88.51
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

    7-Day eTextbook Access 7-Day eTextbook Access

Summary

BRIEF DESCRIPTION OF CONTENT: There is a significant need for a comprehensive book addressing the operational and day-to-day security management requirements. IM, used in enterprise networks can easily be reconfigured and allow for potentially nonstop exposure; they require the level of security be scrutinized carefully. This includes inherent security flaws in various network architectures that result in additional risks to otherwise secure converged networks. A few books cover components of the architecture, design, theory, issues, challenges, and recommended policies for IM security, but none of them address IM issues in a manner that is useful for the day-to-day operations and management of enterprise networks. IM Security is intended to bridge this gap. UNIQUE FEATURE/RATIONALE There are no current books that cover components of the architecture, design, theory, issues, challenges, and recommended policies for IM security. No book we know of addresses IM security in a manner useful for day-to-day operations and management of IM-capable networks in todays corporate environment.

Table of Contents

List of Figures and Tables xiii
Acknowledgments xv
Foreword xvii
1 Introduction 1(30)
1.1 Purpose and Audience
1(1)
1.2 What to Expect from This Book
2(1)
1.3 What Is IM?
2(25)
1.3.1 IM and Its History
3(3)
1.3.2 IM 4 an Integrated Communications Platform
6(1)
1.3.3 Common IM Application Approaches
7(1)
1.3.4 Who Uses IM?
7(4)
1.3.5 What Are the Advantages of Using IM?
11(4)
1.3.6 What Are the Risks of Using IM?
15(12)
1.4 Summary
27(1)
1.5 Endnotes
27(4)
2 How Does IM Work? 31(22)
2.1 High-Level View of IM
31(9)
2.1.1 The Presence Service
32(6)
2.1.2 The Instant Messaging Service
38(2)
2.2 Basic IM Features
40(2)
2.3 Enterprise Instant Messaging Considerations
42(3)
2.3.1 Operating System
42(1)
2.3.2 Database
43(1)
2.3.3 Directory Services
43(1)
2.3.4 Interoperability
43(1)
2.3.5 Schema Change Requirements
43(1)
2.3.6 Standards Based for Third-Party Support
44(1)
2.3.7 Compliance Management
44(1)
2.3.8 Remote Access
44(1)
2.3.9 Cost Considerations
44(1)
2.4 An Enterprise EIM Nightmare Scenario
45(1)
2.5 An Overview of Mobile and Wireless Instant Messaging
46(3)
2.5.1 What Is Mobile Instant Messaging?
46(1)
2.5.2 What Is Wireless Instant Messaging?
47(1)
2.5.3 Short Message Service
47(1)
2.5.4 Wireless Application Protocol
47(1)
2.5.5 General Packet Radio Service
48(1)
2.5.6 The Future of WIM
48(1)
2.5.7 The Future of MIM
49(1)
2.6 Selecting and Securing a WIM Solution
49(2)
2.7 Summary
51(1)
2.8 Endnotes
52(1)
3 IM Standards and Protocols 53(28)
3.1 Extensible Messaging and Presence Protocol-RFC 2778
53(5)
3.1.1 Jabber and the IM Community
57(1)
3.2 Jabber Protocol and XMPP
58(7)
3.2.1 Architectural Design
59(6)
3.3 Instant Messaging/Presence Protocol-RFC 2779
65(1)
3.4 Session Initiation Protocol
66(9)
3.4.1 SIP Security
68(1)
3.4.2 Existing Security Features in the SIP Protocol
69(1)
3.4.3 Signaling Authentication Using HTTP Digest Authentication
69(1)
3.4.4 S/MIME Usage within SIP
69(1)
3.4.5 Confidentiality of Media Data in SIP
70(1)
3.4.6 TLS Usage within SIP
70(1)
3.4.7 IPsec Usage within SIP
71(1)
3.4.8 Security Enhancements for SIP
71(1)
3.4.9 SIP Authenticated Identity Body
71(1)
3.4.10 SIP Authenticated Identity Management
71(1)
3.4.11 SIP Security Agreement
72(1)
3.4.12 SIP End-to-Middle, Middle-to-Middle, Middle-to-End Security
73(1)
3.4.13 SIP Security Issues
73(2)
3.5 SIP for IM and Presence Leveraging Extensions
75(1)
3.6 The Future of IM Standards
76(2)
3.7 Endnotes
78(3)
4 IM Malware 81(32)
4.1 Overview
81(5)
4.1.1 Instant Messaging Opens New Security Holes
83(2)
4.1.2 Legal Risk and Unregulated Instant Messaging
85(1)
4.2 The Use of IM as Malware
86(1)
4.3 What Is Malware?
87(8)
4.3.1 Viruses
88(1)
4.3.2 Worms
88(1)
4.3.3 Wabbits
88(1)
4.3.4 Trojan Horses
89(1)
4.3.5 Spyware
90(1)
4.3.6 Browser Hijackers
90(1)
4.3.7 Blended Threats
91(1)
4.3.8 Backdoors
91(2)
4.3.9 Exploits
93(1)
4.3.10 Rootkits
93(2)
4.4 How Is IM Used as Malware?
95(16)
4.4.1 As a Carrier
96(3)
4.4.2 As a Staging Center
99(1)
4.4.3 As aVehicle for General Hacking
100(4)
4.4.4 Asa Spy
104(3)
4.4.5 As a Zombie Machine
107(2)
4.4.6 As an Anonymizer
109(2)
4.5 Summary
111(1)
4.6 Endnotes
111(2)
5 IM Security for Enterprise and Home 113(52)
5.1 How Can IM Be Used Safely in Corporate Settings?
116(6)
5.1.1 Understanding IM and Corporate Firewalls
116(3)
5.1.2 Understanding IM File Transfers and Corporate Firewalls
119(1)
5.1.3 Blocking and Proxying Instant Messaging
120(2)
5.1.4 IM Detection Tools
122(1)
5.2 Legal Risk and Corporate Governance
122(2)
5.2.1 Legal Issues with Monitoring IM Traffic
124(1)
5.3 Corporate IM Security Best Practices
124(8)
5.3.1 Start from the Firewall
125(1)
5.3.2 Consider the Desktop
125(1)
5.3.3 Install Patches to IM Software ASAP
126(1)
5.3.4 Enforce Client-Side IM Settings
126(1)
5.3.5 IM Proxy Gateways
126(1)
5.3.6 VPNs
127(1)
5.3.7 Antivirus
128(1)
5.3.8 Set up Containment Wards
128(1)
5.3.9 Secure Information with Encryption
129(1)
5.3.10 IM System Rules, Policies, and Procedures
130(1)
5.3.11 Monitor to Ensure IM Client Policy Compliance
131(1)
5.4 Security Risks and Solutions for Specific Public IM Clients
132(26)
5.4.1 MSN Messenger
132(5)
5.4.2 Yahoo! Messenger
137(8)
5.4.3 America Online Instant Messaging
145(8)
5.4.4 ICQ
153(3)
5.4.5 Beware of IM Third-Party Clients and Services
156(2)
5.5 Home IM Security Best Practices
158(3)
5.6 Summary
161(1)
5.7 Endnotes
161(4)
6 IM Security Risk Management 165(30)
6.1 IM Is a Form of E-mail
165(1)
6.2 IM Security and the Law
166(3)
6.3 Cybersecurity and the Law
169(19)
6.3.1 The 1996 National Information Infrastructure Protection Act
170(1)
6.3.2 President's Executive Order on Critical Infrastructure Protection
170(1)
6.3.3 The USA Patriot Act of 2001
171(4)
6.3.4 The Homeland Security Act of 2002
175(13)
6.4 IM Must Be Managed as a Business Record
188(1)
6.5 IM Risk Management
189(2)
6.6 Summary
191(1)
6.7 Endnotes
191(4)
7 The Business Value of IM 195(12)
7.1 Ubiquitous Presence and Workflow
195(5)
7.2 It's All about Culture
200(2)
7.3 Overall ROI for IM
202(2)
7.4 The Choice Is Yours
204(1)
7.5 Endnotes
205(2)
8 The Future of 1M 207(12)
8.1 The Pervasive Network
209(2)
8.2 Peer-to-Peer Instant Messaging
211(1)
8.3 Peer-to-Application (the Human-Computer Interface)
211(1)
8.4 Machine-to-Machine (Application-to-Application)
212(2)
8.5 Jabber
214(1)
8.6 Security and Government Compliance
215(2)
8.7 The Business Impact
217(1)
8.8 Endnotes
218(1)
A General Network Security 219(22)
A.1 Threats to Personal Privacy
220(1)
A.2 Fraud and Theft
220(1)
A.3 Internet Fraud
221(2)
A.4 Employee Sabotage
223(1)
A.5 Infrastructure Attacks
224(1)
A.6 Malicious Hackers
224(1)
A.7 Malicious Coders
225(1)
A.8 Industrial Espionage
225(3)
A.9 Social Engineering
228(9)
A.9.1 Educate Staff and Security Personnel
229(2)
A.9.2 Crafting Corporate Social Engineering Policy
231(1)
A.9.3 Prevention
232(1)
A.9.4 Audits
232(1)
A.9.5 Privacy Standards and Regulations
232(1)
A.9.6 NAIC Model Act
233(1)
A.9.7 Gramm-Leach-Bliley Act
234(1)
A.9.8 HIPAA
235(2)
A.10 Summary
237(1)
A.11 Endnotes
238(3)
B Managing Access 241(24)
B.1 Access Control
241(16)
B.1.1 Purpose of Access Control
241(1)
B.1.2 Access Control Entities
242(1)
B.1.3 Fundamental Concepts of Access Control
242(2)
B.1.4 Access Control Criteria
244(1)
B.1.5 Access Control Models
244(5)
B.1.6 Uses of Access Control
249(1)
B.1.7 Access Control Administration Models
249(2)
B.1.8 Access Control Mechanisms
251(1)
B.1.9 Internal Access Controls
251(5)
B.1.10 Techniques Used to Bypass Access Controls
256(1)
B.2 Password Management
257(6)
B.2.1 SmartCards
258(1)
B.2.2 Biometric Systems
258(1)
B.2.3 Characteristics of Good Passwords
258(1)
B.2.4 Password Cracking
259(1)
B.2.5 Windows NT LOphtCrack (LC4)
260(1)
B.2.6 Password Cracking for Self-Defense
260(1)
B.2.7 UNIX Crack
261(1)
B.2.8 John the Ripper
262(1)
B.2.9 Password Attack Countermeasures
263(1)
B.3 Physical Access
263(1)
B.4 Summary
263(1)
B.5 Endnotes
264(1)
C Security Management Issues 265(34)
C.1 Organizational Security Management
266(3)
C.1.1 Perceptions of Security
266(1)
C.1.2 Placement of a Security Group in the Organization
266(1)
C.1.3 Security Organizational Structure
267(1)
C.1.4 Convincing Management of the Need
268(1)
C.1.5 Legal Responsibilities for Data Protection
268(1)
C.1.6 DHS Office of Private Sector Liaison
269(1)
C.2 Security Management Areas of Responsibility
269(9)
C.2.1 Awareness Programs
270(1)
C.2.2 Risk Analysis
271(1)
C.2.3 Incident Handling
272(1)
C.2.4 Alerts and Advisories
273(1)
C.2.5 Warning Banners
274(1)
C.2.6 Employee Termination Procedures
274(1)
C.2.7 Training
275(1)
C.2.8 Personnel Security
275(1)
C.2.9 Internet Use
276(1)
C.2.10 E-mail
276(1)
C.2.11 Sensitive Information
276(1)
C.2.12 System Security
277(1)
C.2.13 Physical Security
277(1)
C.3 Security Policies
278(1)
C.4 Basic Approach to Policy Development
278(5)
C.4.1 Identify What Needs Protection and Why
279(1)
C.4.2 Determine Likelihood of Threats
279(1)
C.4.3 Implement Protective Measures
280(1)
C.4.4 What Makes a Good Security Policy?
281(2)
C.4.5 Review and Assess Regularly
283(1)
C.5 Security Personnel
283(12)
C.5.1 Coping with Insider Threats
283(2)
C.5.2 How to Identify Competent Security Professionals
285(1)
C.5.3 How to Train and Certify Security Professionals
286(3)
C.5.4 Security-Related Job Descriptions
289(6)
C.6 Management of Security Professionals
295(3)
C.6.1 Organizational Infrastructure
295(1)
C.6.2 Reporting Relationships
296(1)
C.6.3 Working Relationships
297(1)
C.6.4 Accountability
297(1)
C.7 Summary
298(1)
C.8 Endnotes
298(1)
D IM Policy Essentials 299(12)
D.1 ABC Inc. Information Security Acceptable Use Policy
300(6)
D.2 ABC Inc. E-mail/IM Use Policy
306(2)
D.3 ABC Inc. E-mail/IM Retention Policy
308(3)
E Glossary, References, and Policy Issues 311(38)
E.1 IM Specific Glossary
311(5)
E.2 General Security Glossary
316(26)
E.3 References
342(7)
Index 349

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program