rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780763726775

Information Security Illuminated

by ;
  • ISBN13:

    9780763726775

  • ISBN10:

    076372677X

  • Format: Paperback
  • Copyright: 2004-12-23
  • Publisher: Jones & Bartlett Learning

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $262.94 Save up to $120.96
  • Rent Book $141.98
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

How To: Textbook Rental

Looking to rent a book? Rent Information Security Illuminated [ISBN: 9780763726775] for the semester, quarter, and short term or search our site for other textbooks by Solomon, Michael G.; Chapple, Mike. Renting a textbook can save you up to 90% from the cost of buying.

Summary

A comprehensive survey of the most current and critical information security practices, Information Security Illuminated is an excellent introduction to the fundamental concepts and applications for students and professionals alike. Key security concepts are discussed with clear, accessible language and reinforced by a large number of scenario-based exercises and practical review questions. Readers are then able to apply their knowledge through hands-on experience with computer security-related tools. Coverage begins with the basics of computer security (CIA and DAD triads, risk analysis, etc.), and moves quickly through to important, real-world topics such as access control methodologies, security principles and practices, business continuity planning and disaster recovery, firewalls, incident handling, and much more. In addition to providing the requisite material for a complete course in information security practices, the book can be used as a self-study guide for many of the basic security certifications.

Table of Contents

Chapter 1 Introducing Computer and Network Security 1(24)
1.1 Computer Security Basics
2(5)
1.1.1 CIA Triad
2(3)
1.1.2 DAD Triad
5(2)
1.2 Introducing Networks
7(1)
1.3 Threats to Society
7(3)
1.3.1 Hackers
8(1)
1.3.2 Malicious Code Objectives
9(1)
1.3.3 The Malicious Insider
9(1)
1.4 Risk Analysis
10(5)
1.4.1 Identifying and Valuing Assets
10(1)
1.4.2 Identifying and Assessing Risks
11(2)
1.4.3 Managing Risks
13(2)
1.5 Considering Security Tradeoffs
15(1)
1.6 Policy and Education
16(1)
1.7 Chapter Summary
16(1)
1.8 Key Terms
16(2)
1.9 Challenge Questions
18(4)
1.10 Challenge Exercises
22(1)
1.11 Challenge Scenarios
23(2)
Chapter 2 Access Control Methodologies 25(30)
2.1 Basics of Access Control
25(3)
2.1.1 Subjects and Objects
26(1)
2.1.2 Least Privilege
26(1)
2.1.3 Controls
27(1)
2.2 Access Control Techniques
28(3)
2.2.1 Access Control Designs
28(3)
2.3 Access Control Administration
31(1)
2.3.1 Centralized Access Control
31(1)
2.3.2 Decentralized Access Control
32(1)
2.4 Accountability
32(1)
2.5 Access Control Models
33(4)
2.5.1 State Machine Model
33(4)
2.6 Identification and Authentication Methods
37(4)
2.6.1 Single Sign-On
39(1)
2.6.2 Kerberos
40(1)
2.7 File and Data Ownership
41(1)
2.7.1 Data Owner
41(1)
2.7.2 Data Custodian
42(1)
2.7.3 Data User
42(1)
2.8 Related Methods of Attacks
42(2)
2.8.1 Brute Force Attack
42(1)
2.8.2 Dictionary Attack
43(1)
2.8.3 Spoofing Attack
44(1)
2.9 Chapter Summary
44(1)
2.10 Key Terms
45(3)
2.11 Challenge Questions
48(4)
2.12 Challenge Exercises
52(1)
2.13 Challenge Scenarios
53(2)
Chapter 3 General Security Principles and Practices 55(28)
3.1 Common Security Principles
56(5)
3.1.1 Separation of Privileges
57(1)
3.1.2 Least Privilege
58(1)
3.1.3 Defense in Depth
59(1)
3.1.4 Security through Obscurity
59(2)
3.2 Security Policies
61(8)
3.2.1 Types of Security Policies
62(4)
3.2.2 Implementing Policy
66(3)
3.3 Security Administration Tools
69(1)
3.3.1 Security Checklists
69(1)
3.3.2 Security Matrices
70(1)
3.4 Physical Security
70(3)
3.4.1 Perimeter Protection/Access Controls
71(1)
3.4.2 Electronic Emanations
72(1)
3.4.3 Fire Protection
72(1)
3.5 Personal Security
73(1)
3.6 Chapter Summary
74(1)
3.7 Key Terms
75(1)
3.8 Challenge Questions
76(3)
3.9 Challenge Exercises
79(1)
3.10 Challenge Scenarios
80(3)
Chapter 4 The Business of Security 83(26)
4.1 Building a Business Case
84(1)
4.2 Business Continuity Planning
85(3)
4.2.1 Vulnerability Assessment
86(1)
4.2.2 Implementing Controls
87(1)
4.2.3 Maintaining the Plan
88(1)
4.3 Disaster Recovery Planning
88(7)
4.3.1 Selecting the Team
89(1)
4.3.2 Building the Plan
89(2)
4.3.3 Training and Testing
91(3)
4.3.4 Implementing the Plan
94(1)
4.3.5 Maintaining the Plan
95(1)
4.4 Data Classification
95(3)
4.4.1 Security Clearances
95(1)
4.4.2 Need to Know
96(1)
4.4.3 Classification Systems
96(2)
4.5 Security Ethics
98(1)
4.5.1 Monitoring
99(1)
4.6 Computer Security Law
99(2)
4.6.1 Electronic Communications Privacy Act (ECPA)
99(1)
4.6.2 USA Patriot Act
99(1)
4.6.3 Children's Online Privacy Protection Act (COPPA)
100(1)
4.6.4 Health Insurance Portability and Accountability Act (HIPPA)
100(1)
4.6.5 Gramm-Leach-Bliley Act
100(1)
4.6.6 European Union Directive on Data Privacy
100(1)
4.7 Chapter Summary
101(1)
4.8 Key Terms
101(1)
4.9 Challenge Questions
102(4)
4.10 Challenge Exercise
106(1)
4.11 Challenge Scenarios
106(3)
Chapter 5 Cryptographic Technologies 109(26)
5.1 Goals of Cryptography
110(2)
5.1.1 Confidentiality
110(1)
5.1.2 Integrity
110(1)
5.1.3 Nonrepudiation
111(1)
5.1.4 Authentication
111(1)
5.2 Cryptographic Algorithms
112(8)
5.2.1 Symmetric Algorithms
113(4)
5.2.2 Asymmetric Algorithms
117(2)
5.2.3 Symmetric Versus Asymmetric Cryptosystems
119(1)
5.3 Digital Signatures
120(2)
5.3.1 Signature Creation
120(2)
5.3.2 Signature Verification
122(1)
5.4 Digital Certificates
122(2)
5.4.1 Certification Authorities
123(1)
5.4.2 Certificate Generation
123(1)
5.4.3 Certificate Verification
124(1)
5.5 Chapter Summary
124(1)
5.6 Key Terms
125(1)
5.7 Challenge Questions
126(4)
5.8 Challenge Exercises
130(3)
5.9 Challenge Scenario
133(2)
Chapter 6 Securing TCP/IP 135(30)
6.1 Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP)
136(12)
6.1.1 TCP/IP Protocols
136(6)
6.1.2 Open Systems Interconnection Model
142(6)
6.2 Anatomy of a Packet
148(4)
6.2.1 Packet Header
149(3)
6.2.2 Packet Payload
152(1)
6.3 Internet Protocol Security (IPSec)
152(2)
6.3.1 Protocols
153(1)
6.3.2 Encryption Modes
154(1)
6.4 Web Security
154(2)
6.4.1 Secure Sockets Layer (SSL)
155(1)
6.4.2 Secure-HTTP (HTTP-S)
155(1)
6.5 Chapter Summary
156(1)
6.6 Key Terms
157(1)
6.7 Challenge Questions
158(4)
6.8 Challenge Exercises
162(2)
6.9 Challenge Scenario
164(1)
Chapter 7 Handling Security Incidents 165(26)
7.1 Attack Terms and Concepts
166(3)
7.1.1 Types of Attacks
166(3)
7.2 Understanding Security Incidents
169(1)
7.3 Handling Security Incidents
169(2)
7.3.1 Types of Incidents
170(1)
7.4 Incident Management Methods and Tools
171(2)
7.5 Maintaining Incident Preparedness
173(1)
7.6 Using Standard Incident Handling Procedures
174(1)
7.7 Postmortem: Learn from Experience
175(1)
7.8 About Malicious Code
176(1)
7.8.1 Viruses
176(1)
7.8.2 Worms
176(1)
7.8.3 Logic Bombs
177(1)
7.8.4 Trojan Horses
177(1)
7.8.5 Active Content Issues
177(1)
7.9 Common Types of Attacks
177(36)
7.9.1 Back Doors
177(1)
7.9.2 Brute Force
178(1)
7.9.3 Buffer Overflows
178(1)
7.9.4 Denial of Service
179(1)
7.9.5 Man-in-the-Middle
179(1)
7.9.6 Social Engineering
179(1)
7.9.7 System Bugs
179(1)
7.10 Unauthorized Access to Sensitive Information
180(1)
7.11 Chapter Summary
180(2)
7.12 Key Terms
182(1)
7.13 Challenge Questions
183(4)
7.14 Challenge Exercises
187(2)
7.15 Challenge Scenarios
189(2)
Chapter 8 Firewall Security 191(24)
8.1 Perimeter Security Devices
192(5)
8.1.1 Routers
193(2)
8.1.2 Proxies
195(2)
8.1.3 Firewalls
197(1)
8.2 Types of Firewalls
197(3)
8.2.1 Hardware Versus Software Firewalls
198(1)
8.2.2 Packet Filtering
198(1)
8.2.3 Stateful Inspection
199(1)
8.3 Firewall Topologies
200(4)
8.3.1 Bastion Host
201(1)
8.3.2 Screened Subnet
202(1)
8.3.3 Dual Firewalls
203(1)
8.4 Firewall Rulebases
204(2)
8.4.1 Special Rules
205(1)
8.5 Chapter Summary
206(1)
8.6 Key Terms
206(1)
8.7 Challenge Questions
207(4)
8.8 Challenge Exercises
211(2)
8.9 Challenge Scenario
213(2)
Chapter 9 Operating System Security 215(32)
9.1 Operating System Security Terms and Concepts
216(1)
9.2 Organizing System Security
217(2)
9.3 Built-in Security Subsystems and Mechanisms
219(1)
9.4 System Security Principles and Practices
220(1)
9.5 Windows Security Design
221(2)
9.6 UNIX and Linux Security Design
223(3)
9.7 System Backups
226(1)
9.8 Typical System Security Threats
227(2)
9.8.1 Bugs
227(1)
9.8.2 Back Doors
228(1)
9.8.3 Impersonation of Identity Threat
228(1)
9.9 Keystroke Logging
229(1)
9.10 Well Known Windows Risks
230(2)
9.11 Well Known UNIX Risks
232(2)
9.12 System Forensics: Scanning and Footprinting
234(1)
9.13 The Security Auditor's Role
234(1)
9.14 Assessing Security Risks
235(1)
9.15 Chapter Summary
236(1)
9.16 Key Terms
237(1)
9.17 Challenge Questions
238(4)
9.18 Challenge Exercises
242(2)
9.19 Challenge Scenarios
244(3)
Chapter 10 Securing Operating Systems 247(28)
10.1 Security Maintenance Practices and Principles
248(1)
10.2 Maintaining the Operating System: Patches, Fixes, and Revisions
249(1)
10.3 Antivirus Software
250(1)
10.4 Applying a Post-Install Security Checklist
251(9)
10.4.1 Windows Checklist Elements
252(8)
10.5 Understanding File System Security Issues
260(2)
10.5.1 Securing NT File System (NTFS)
260(1)
10.5.2 Windows Share Security
261(1)
10.5.3 Securing UNIX File Systems
262(1)
10.6 Understanding User Accounts and Passwords
262(2)
10.6.1 Windows Account Security Mechanisms
263(1)
10.6.2 UNIX Account Security Mechanisms
264(1)
10.7 Checksums Catch Unauthorized Changes
264(1)
10.8 Using System Logging Utilities
265(1)
10.9 Chapter Summary
266(1)
10.10 Key Terms
266(2)
10.11 Challenge Questions
268(3)
10.12 Challenge Exercises
271(2)
10.13 Challenge Scenario
273(2)
Chapter 11 Security Audit Principles and Practices 275(28)
11.1 Configuring Logging
276(7)
11.1.1 Determining What Should Be Logged
276(2)
11.1.2 Determining How Long Logs Must Be Maintained
278(1)
11.1.3 Configuring Alerts
279(1)
11.1.4 Windows Logging
280(2)
11.1.5 UNIX Logging
282(1)
11.2 Analyzing Log Data
283(3)
11.2.1 Profiling Normal Behavior
283(1)
11.2.2 Detecting Anomalies
283(2)
11.2.3 Data Reduction
285(1)
11.3 Maintaining Secure Logs
286(1)
11.4 Conducting a Security Audit
287(5)
11.4.1 Audit Team
287(1)
11.4.2 Audit Tools
287(5)
11.4.3 Audit Results
292(1)
11.5 Chapter Summary
292(1)
11.6 Key Terms
293(1)
11.7 Challenge Questions
294(4)
11.8 Challenge Exercises
298(2)
11.9 Challenge Scenarios
300(3)
Chapter 12 Network and Server Attacks and Penetration 303(22)
12.1 Security Control
304(6)
12.1.1 Phases of Control
305(2)
12.1.2 Methods of Taking Control
307(3)
12.2 Recognizing Attacks
310(4)
12.2.1 Common Points of Attack
310(3)
12.2.2 Multifront Attacks
313(1)
12.3 Auditing to Recognize Attacks
314(3)
12.3.1 Malicious Code
314(1)
12.3.2 System Bugs and Vulnerabilities
315(1)
12.3.3 DoS Attacks
315(1)
12.3.4 Illicit Nodes
315(1)
12.3.5 Unwanted Control
316(1)
12.4 Chapter Summary
317(1)
12.5 Key Terms
318(1)
12.6 Challenge Questions
318(4)
12.7 Challenge Exercises
322(1)
12.8 Challenge Scenarios
323(2)
Chapter 13 Intrusion Detection Systems and Practices 325(28)
13.1 Intrusion Detection Terms and Concepts
326(2)
13.2 Dealing with Intruders
328(2)
13.3 Detecting Intruders
330(1)
13.4 Principles of Intrusion Detection Systems
331(8)
13.4.1 The IDS Taxonomy
333(1)
13.4.2 Using Rules and Setting Thresholds for Detection
334(5)
13.5 Network-Based Versus Host-Based IDS
339(2)
13.6 Choosing an Appropriate IDS
341(1)
13.7 Security Auditing with an IDS
342(1)
13.8 Chapter Summary
343(1)
13.9 Key Terms
343(2)
13.10 Challenge Questions
345(3)
13.11 Challenge Exercises
348(2)
13.12 Challenge Scenarios
350(3)
Chapter 14 System Security Scanning and Discovery 353(28)
14.1 Understanding Security Scanning
354(3)
14.1.1 Creating a List of Vulnerabilities
354(1)
14.1.2 Selecting a Security Scanner Tool
355(2)
14.2 Fingerprinting Utilities
357(1)
14.3 Network- and Server-Discovery Tools
358(2)
14.4 Fingerprinting IP Stacks
360(2)
14.4.1 Share Scans
361(1)
14.5 Telnet Inquiries
362(2)
14.6 SNMP Vulnerabilities
364(1)
14.7 TCP/IP Service Vulnerabilities
364(2)
14.8 Simple TCP/IP Services
366(2)
14.9 Understanding Social Engineering
368(2)
14.10 Obtaining Security-Related Information Fraudulently
370(1)
14.11 The Footprinting and Fingerprinting Drill (System Profiling)
371(2)
14.12 Chapter Summary
373(1)
14.13 Key Terms
374(1)
14.14 Challenge Questions
374(4)
14.15 Challenge Exercises
378(1)
14.16 Challenge Scenarios
379(2)
Appendix A Online Resources and Information 381(6)
A.1 General Security Resources
381(1)
A.2 Access Control Methodologies
382(1)
A.3 General Security Principles, Practices, and Policies
382(1)
A.4 Business Continuity Plans, Disaster Recovery Plans, Auditing, and Checklists
382(1)
A.5 Encryption, Identification, and Authentication Technologies
383(1)
A.6 Security Models
384(1)
A.7 TCP/IP, Firewall, and Operating System Security
384(1)
A.8 Attacks and Incident Management
385(1)
A.9 System Security Scanning and Discovery
386(1)
Appendix B Security Tools and Software 387(6)
B.1 Antivirus Software and Spam Filters
387(1)
B.1.1 Antivirus Software
387(1)
B.1.2 Spam Filters
388(1)
B.2 Biometrics
388(1)
B.3 Cryptography
388(1)
B.4 Firewalls
388(1)
B.4.1 Hardware
389(1)
B.4.2 Software
389(1)
B.5 Intrusion Detection Systems
389(1)
B.6 IP/Port Scanners
390(1)
B.7 OS Fingerprint Utilities
390(1)
B.8 Security Scanners
390(1)
B.9 Vulnerability Scanners
391(2)
Appendix C Securing Windows, Step-by-Step 393(20)
C.1 Step 1: Ensuring Physical Security
393(2)
C.1.1 Access to the Computer
394(1)
C.1.2 Computer Visibility
394(1)
C.1.3 Removable Storage Access
394(1)
C.2 Step 2: Changing the Administrator Password
395(1)
C.3 Step 3: Turning Off Simple File Sharing
396(2)
C.4 Step 4: Changing/Creating Group Policy
398(4)
C.5 Step 5: Disabling Unneeded or Unnecessary Services
402(4)
C.6 Step 6: Filtering TCP/IP Connections (Firewall)
406(3)
C.7 Step 7: Installing Antivirus Software
409(1)
C.8 Step 8: Updating the Operating System
410(1)
C.9 Summary
411(2)
Appendix D Glossary 413(20)
Index 433

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program