For introductory courses in IT Security. A strong business focus through a solid technical presentation of security tools. Corporate Computer Security provides a strong business focus along with a solid technical understanding of security tools. This text gives students the IT security skills they need for the workplace. This edition is more business focused and contains additional hands-on projects, coverage of wireless and data security, and case studies. This program will provide a better teaching and learning experiencefor you and your students. Heres how: Encourage Students to Apply Concepts: Each chapter now contains new hands-on projects that use contemporary software. Business Environment Focus: This edition includes more of a focus on the business applications of the concepts. Emphasis has been placed on securing corporate information systems, rather than just hosts in general. Keep Your Course Current and Relevant: New examples, exercises, and research findings appear throughout the text. The full text downloaded to your computer With eBooks you can: search for key concepts, words and phrases make highlights and notes as you study share your notes with friends eBooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps. Upon purchase, you'll gain instant access to this eBook. Time limit TheeBooks products do not have an expiry date. You will continue to access yourdigitalebookproducts whilst you have yourBookshelf installed.
BRIEF CONTENTS Preface xviii About the Authors xxiv Chapter 1 The Threat Environment 1 1.1 Introduction 1 1.2 Employee and Ex-employee Threats 9 1.3 Malware 17 1.4 Hackers and Attacks 30 1.5 The Criminal Era 40 1.6 Competitor Threats 50 1.7 Cyberwar and Cyberterror 53 1.8 Conclusion 55 Chapter 2 Planning and Policy 59 2.1 Introduction 60 2.2 Compliance Laws and Regulations 69 2.3 Organization 76 2.4 Risk Analysis 85 2.5 Technical Security Architecture 94 2.6 Policy-Driven Implementation 99 2.7 Governance Frameworks 117 2.8 Conclusion 123 Chapter 3 Cryptography 127 3.1 What is Cryptography? 128 3.2 Symmetric Key Encryption Ciphers 139 3.3 Cryptographic System Standards 145 3.4 The Negotiation Stage 147 3.5 Initial Authentication Stage 149 3.6 The Keying Stage 152 3.7 Message-By-Message Authentication 157 3.8 Quantum Security 169 3.9 Cryptographic Systems 170 3.10 SSL/TLS 173 3.11 IPsec 179 3.12 Conclusion 185 Chapter 4 Secure Networks 191 4.1 Introduction 191 4.2 DoS Attacks 195 4.3 ARP Poisoning 207 4.4 Access Control for Networks 214 4.5 Ethernet Security 216 4.6 Wireless Security 220 4.7 Conclusion 240 Chapter 5 Access Control 245 5.1 Introduction 246 5.2 Physical Access and Security 250 5.3 Passwords 260 5.4 Access Cards and Tokens 268 5.5 Biometric Authentication 273 5.6 Cryptographic Authentication 287 5.7 Authorization 290 5.8 Auditing 292 5.9 Central Authentication Servers 294 5.10 Directory Servers 296 5.11 Full Identity Management 301 5.12 Conclusion 307 Chapter 6 Firewalls 313 6.1 Introduction 314 6.2 Static Packet Filtering 321 6.3 Stateful Packet Inspection 323 6.4 Network Address Translation 335 6.5 Application Proxy Firewalls and Content Filtering 337 6.6 Intrusion Detection Systems and Intrusion Prevention Systems 345 6.7 Antivirus Filtering and Unified Threat Management 349 6.8 Firewall Architectures 354 6.9 Firewall Management 357 6.10 Firewall Filtering Problems 367 6.11 Conclusion 369 Chapter 7 Host Hardening 375 7.1 Introduction 375 7.2 Important Server Operating Systems 385 7.3 Vulnerabilities and Patches 392 7.4 Managing Users and Groups 401 7.5 Managing Permissions 404 7.6 Creating Strong Passwords 408 7.7 Testing for Vulnerabilities 416 7.8 Conclusion 429 Chapter 8 Application Security 433 8.1 Application Security And Hardening 433 8.2 WWW and E-Commerce Security 446 8.3 Web Browser Attacks 454 8.4 E-Mail Security 463 8.5 Voice over IP Security 468 8.6 Other User Applications 477 8.7 Conclusion 480 Chapter 9 Data Protection 485 9.1 Introduction 485 9.2 Data Protection: Backup 487 9.3 Backup Media and Raid 495 9.4 Data Storage Policies 503 9.5 Database Security 511 9.6 Data Loss Prevention 523 9.7 Conclusion 537 Chapter 10 Incident and Disaster Response 541 10.1 Introduction 541 10.2 The Intrusion Response Process For Major Incidents 548 10.3 Intrusion Detection Systems 566 10.4 Business Continuity Planning 581 10.5 It Disaster Recovery 585 10.6 Conclusion 591 A.1 Introduction 595 A.2 A Sampling of Networks 596 A.3 Network Protocols and Vulnerabilities 604 A.4 Core Layers in Layered Standards Architectures 605 A.5 Standards Architectures 606 A.6 Single-Network Standards 608 A.7 Internetworking Standards 610 A.8 The Internet Protocol 611 A.9 The Transmission Control Protocol 616 A.10 The User Datagram Protocol 625 A.11 TCP/IP Supervisory Standards 626 A.12 Application Standards 632 A.13 Conclusion 634 Glossary 637 index 655
Accessing your eBook through Kortext
Once purchased, you can view your eBook through the Kortext app, available to download for Windows, Android and iOS devices. Once you have downloaded the app, your eBook will be available on your Kortext digital bookshelf and can even be downloaded to view offline anytime, anywhere, helping you learn without limits.
In addition, you'll have access to Kortext's smart study tools including highlighting, notetaking, copy and paste, and easy reference export.
To download the Kortext app, head to your device's app store or visit https://app.kortext.com to sign up and read through your browser.
NB: eBook is only available for a single-user licence (i.e. not for multiple / networked users).
