BRIEF CONTENTSPreface xviii About the Authors xxiv Chapter 1 The Threat Environment 1 1.1 Introduction 1 1.2 Employee and Ex-employee Threats 9 1.3 Malware 17 1.4 Hackers and Attacks 30 1.5 The Criminal Era 40 1.6 Competitor Threats 50 1.7 Cyberwar and Cyberterror 53 1.8 Conclusion 55 Chapter 2 Planning and Policy 59 2.1 Introduction 60 2.2 Compliance Laws and Regulations 69 2.3 Organization 76 2.4 Risk Analysis 85 2.5 Technical Security Architecture 94 2.6 Policy-Driven Implementation 99 2.7 Governance Frameworks 117 2.8 Conclusion 123 Chapter 3 Cryptography 127 3.1 What is Cryptography? 128 3.2 Symmetric Key Encryption Ciphers 139 3.3 Cryptographic System Standards 145 3.4 The Negotiation Stage 147 3.5 Initial Authentication Stage 149 3.6 The Keying Stage 152 3.7 Message-By-Message Authentication 157 3.8 Quantum Security 169 3.9 Cryptographic Systems 170 3.10 SSL/TLS 173 3.11 IPsec 179 3.12 Conclusion 185 Chapter 4 Secure Networks 191 4.1 Introduction 191 4.2 DoS Attacks 195 4.3 ARP Poisoning 207 4.4 Access Control for Networks 214 4.5 Ethernet Security 216 4.6 Wireless Security 220 4.7 Conclusion 240 Chapter 5 Access Control 245 5.1 Introduction 246 5.2 Physical Access and Security 250 5.3 Passwords 260 5.4 Access Cards and Tokens 268 5.5 Biometric Authentication 273 5.6 Cryptographic Authentication 287 5.7 Authorization 290 5.8 Auditing 292 5.9 Central Authentication Servers 294 5.10 Directory Servers 296 5.11 Full Identity Management 301 5.12 Conclusion 307 Chapter 6 Firewalls 313 6.1 Introduction 314 6.2 Static Packet Filtering 321 6.3 Stateful Packet Inspection 323 6.4 Network Address Translation 335 6.5 Application Proxy Firewalls and Content Filtering 337 6.6 Intrusion Detection Systems and Intrusion Prevention Systems 345 6.7 Antivirus Filtering and Unified Threat Management 349 6.8 Firewall Architectures 354 6.9 Firewall Management 357 6.10 Firewall Filtering Problems 367 6.11 Conclusion 369 Chapter 7 Host Hardening 375 7.1 Introduction 375 7.2 Important Server Operating Systems 385 7.3 Vulnerabilities and Patches 392 7.4 Managing Users and Groups 401 7.5 Managing Permissions 404 7.6 Creating Strong Passwords 408 7.7 Testing for Vulnerabilities 416 7.8 Conclusion 429 Chapter 8 Application Security 433 8.1 Application Security And Hardening 433 8.2 WWW and E-Commerce Security 446 8.3 Web Browser Attacks 454 8.4 E-Mail Security 463 8.5 Voice over IP Security 468 8.6 Other User Applications 477 8.7 Conclusion 480 Chapter 9 Data Protection 485 9.1 Introduction 485 9.2 Data Protection: Backup 487 9.3 Backup Media and Raid 495 9.4 Data Storage Policies 503 9.5 Database Security 511 9.6 Data Loss Prevention 523 9.7 Conclusion 537 Chapter 10 Incident and Disaster Response 541 10.1 Introduction 541 10.2 The Intrusion Response Process For Major Incidents 548 10.3 Intrusion Detection Systems 566 10.4 Business Continuity Planning 581 10.5 It Disaster Recovery 585 10.6 Conclusion 591 A.1 Introduction 595 A.2 A Sampling of Networks 596 A.3 Network Protocols and Vulnerabilities 604 A.4 Core Layers in Layered Standards Architectures 605 A.5 Standards Architectures 606 A.6 Single-Network Standards 608 A.7 Internetworking Standards 610 A.8 The Internet Protocol 611 A.9 The Transmission Control Protocol 616 A.10 The User Datagram Protocol 625 A.11 TCP/IP Supervisory Standards 626 A.12 Application Standards 632 A.13 Conclusion 634 Glossary 637 index 655

Business Environment Focus Offer more context: Increased Business Focus. This edition includes more of a focus on the business applications of the concepts. Emphasis has been placed on securing corporate information systems, rather than just hosts in general. The concepts, principles, and terminology have remained the same, but the implications of each topic are more focused on the business environment. Encourage Student’s to Apply Concepts Encourage application: Hands-On Projects. Each chapter now contains new hands-on projects that use contemporary software. Each project relates directly to the chapter material. Students take a screenshot to show they have completed the project.Show how it all connects: Comprehensive Framework. Serving as a roadmap for students, this text’s comprehensive security framework ties all of the chapters together. This framework works to help increase retention of the material by illustrating how topic areas relate to each other.See the concepts in action: Case Studies and Focus Articles. Each chapter includes applied case studies or focus articles. Ranging in topics, these cases/articles cover:High-profile security incidentsTechnical security topicsProfiles of industry professionalsSecurity certificationsNew types of attacksArticles by industry leaders Keep Your Course Current and Relevant Bring lectures to life : Embedded Video PowerPoint Presentations. A supplemental set of 125+ PowerPoint slides contain embedded videos linked to content hosted on YouTube. These videos include IT security–related current news stories, technical demonstrations, conference presentations, commentary by industry leaders, historical background, and demonstrations of new security products.NEW! Opening Case—The opening case in Chapter 1 covers a series of data breaches that resulted in one of the largest known data losses to date. The case looks at the sequence of events surrounding the three data breaches at Sony Corp. It then examines how the attackers were able to steal the data, possible motives behind the attacks, arrests and punishment of the attackers, and the impacts on Sony Corp. This case acts as an illustration of the real-world threat environment corporations face today.NEW! Business Case Studies—This edition has tried to have more of a business focus by adding in a real-world case study at the end of each chapter. The case studies are designed to show how the material presented in the chapter could have a direct impact on an actual corporation. After each case study there are key findings from prominent annual industry reports related to the case and chapter material. Case studies, combined with key findings from relevant industry reports, should provide ample material for classroom discussion. Open-ended case questions are included to help guide case discussions. They also offer students the opportunity to apply, analyze, and synthesize the material presented in the chapter.NEW! Hands-on Projects—Each chapter has new, or updated, hands-on projects that use contemporary security software. Each project relates directly to the chapter material. Students are directed to take a screenshot to show they have completed the project. Projects are designed such that each student will have a unique screenshot after completing each project. Any sharing or duplication of project deliverables will be obvious.NEW! Updated News Articles —Each chapter contains expanded and updated IT security news articles. Over 80

Opening Case–The opening case in Chapter 1 covers a series of data breaches that resulted in one of the largest known data losses to date. The case looks at the sequence of events surrounding the three data breaches at Sony Corp. It then examines how the attackers were able to steal the data, possible motives behind the attacks, arrests and punishment of the attackers, and the impacts on Sony Corp. This case acts as an illustration of the real-world threat environment corporations face today.Business Case Studies–This edition has tried to have more of a business focus by adding in a real-world case study at the end of each chapter. The case studies are designed to show how the material presented in the chapter could have a direct impact on an actual corporation. After each case study there are key findings from prominent annual industry reports related to the case and chapter material. Case studies, combined with key findings from relevant industry reports, should provide ample material for classroom discussion. Open-ended case questions are included to help guide case discussions. They also offer students the opportunity to apply, analyze, and synthesize the material presented in the chapter.New Hands-on Projects–Each chapter has new, or updated, hands-on projects that use contemporary security software. Each project relates directly to the chapter material. Students are directed to take a screenshot to show they have completed the project. Projects are designed such that each student will have a unique screenshot after completing each project. Any sharing or duplication of project deliverables will be obvious.Updated News Articles –Each chapter contains expanded and updated IT security news articles. Over 80 percent of the news articles in this book reference stories that have occurred since the prior edition was published.Expanded material on Certifications–Reviewers of the prior edition asked for more material related to IT security certifications. We live in a world that relies on credentials as a means of conveying legitimacy, skill, and possibly experience. In this respect, the security field is no different. To this end, we have updated and expanded the certification focus article in Chapter 10. It is likely that students pursuing a career in the IT security industry will seek some type of certification.