First came Melissa. Then the I Love You virus. Then Code Red and Nimda. The cumulative effects of these successfully orchestrated attacks are taking their toll on the Internet economy. At a minimum, users are frustrated and their confidence is shaken. On the other end of the scale, these attacks can be devastating from a financial standpoint. It is easy to see that providing enterprise security is a critical and potentially overwhelming task, but managers have no excuse for not being prepared. The technologies of the Internet remain a significant drawing card to the business community. So what is the IT manager to do? The challenge is in devising an enterprise security strategy that will defend against all forms of attack. This book is precisely the guide that managers need. Enterprise Security allows the manager to analyze their infrastructure, spot potential weaknesses, and build a formidable defense. Written for professionals charged with defending enterprises, whether large or small, this book provides state-of-the-art guidelines and key advice for making sure that your organization's enterprise is well guarded.
Table of Contents
I. THE FORGING OF A NEW ECONOMY. 1. What is E-Business?
The E-Business Sweepstakes.
Caesars of E-Business: An Embattled Business Culture.
The Lure of Overnight Successes.
Crossing the Digital Chasm.
The Sobering Reality.
E-Business: The Shaping and Dynamics of a New Economy.
The E-Business Supply Chain.
Related E-Business Trends.
Summary.2. What Is E-Security?
E-Security at Your Service.
Demands on Traditional IT Security: A Changing of the Guard.
Principles of E-Security.
Risk Management in the New Economy.
How E-Security Enables E-Business.
The E-Security Dilemma: Open Access versus Asset Protection.3. The Malicious Opponents of E-Business.
The Lure of Hacking.
Hackers versus Crackers.
Why Hackers Love to Target Microsoft.
Meeting the Hacker Threat.
National Infrastructure Protection Center.
Central Intelligence Agency.
Other White Hats.
II. PROTECTING INFORMATION ASSETS IN AN OPEN SOCIETY. 4. A New Theater of Battle.
From the Demilitarized Zone and the Perimeter to Guerilla Warfare.
The Triumph of Intranets, Extranets, and Virtual Private Networks.
The Vanishing World of Controlled, or Closed, Access.
The Impact of Open Access.
The Correlation between Open Access and Asset Protection.
The Role of Authentication and Privacy in the New Economy.
Summary.5. Reempowering Information Technology in the New Arms Race.
The Failings of the Old Paradigm.
Infiltration of Rogue Applets.
Human Error and Omission.
Ongoing Change in the Enterprise Network.
Deploying and Maintaining Complex Layer Client/Server Software.
Shortage of Human Capital.
Rigidity of Enterprise Security Policy.
Tools for Rearming the IT Manager.
Guidelines for E-Security.
Enterprise Security Policy.
III. WAGING WAR FOR CONTROL OF CYBERSPACE. 6. Attacks by Syntax: Hacker and Cracker Tools.
Inherent Shortcomings of TCP/IP.
Standard “Ports” of Call.
TCP/IP Implementation Weaknesses.
Distributed Denial-of-Service Attacks and Tools.
Tribe Flood Network.
Tribe Flood Network 2000.
ICMP Directed Broadcast, or Smurf Bandwidth Attack.
Backdoor Programs and Trojan Horses.
Backdoor Program Functions.
Examples of Backdoor Programs.
Summary.7. Attacks by Automated Command Sequences.
The Next Generation of E-Mail Attacks.
The Bubble Boy Virus.
Attacks through Remote Procedure Call Services.
Summary and Recommendations.8. Countermeasures and Attack Prevention.
Surviving an Attack.
Formulate an Emergency Response Plan and an Incident Response Team.
Obtain Outside Assistance.
Contact Law Enforcement Authorities.
Use Intrusion Detection System Software.
Countering an Attack.
Disconnect Compromised Host/System from Your Network.
Copy an Image of the Compromised System(s).
Analyze the Intrusion.
Recognizing What the Intruder Leaves Behind.9. Denial-of-Service Attacks.
Effects of DoS and DDoS Attacks.
General Computing Resources.
Handling a SYN Flood DDoS Attack.
Handling a Bandwidth DDoS Attack.
Guarding against Being an Accomplice Network.
Guarding against Becoming an Intermediary Network.
Guarding against Being a Victim.
Handling a UDP Flood Bomb.
Using an IDS.
Recovering from a DDoS Attack.10. Creating a Functional Model for E-Security.
Developing a Blueprint for E-Security.
Understanding Business Objectives.
Honing in on Your IT Security Policy.
Making Good on IT Security's Best Practices.
The IT Security Functional Model.
Deploying Effective E-Security Architecture: Hardening the Network's Infrastructure.
Hardening Your Router.
Hardening Your Operating Systems.
Summary.11. Building a Security Architecture.
Firewall Architecture Deployment, Controls, and Administration.
Types of Firewalls.
Encryption Options for Administrators.
Securing Remote-Administration Pipes for Administrators.
Remote-Access Architecture/Solutions for Users.
Vulnerability Assessment Architecture/Solutions.
Network-Based Assessment Architecture.
Host Vulnerability Assessment.
Intrusion Detection Architecture.
Network-Based IDS Architecture.
Host-Based IDS Solutions.
IV. ACTIVE DEFENSE MECHANISMS AND RISK MANAGEMENT. 12. Vulnerability Management.
Types of Vulnerabilities.
Managing IT Systems Vulnerabilities.
Conducting Vulnerability Analysis.
Network-Based Vulnerability Analysis.
Host-Based Vulnerability Analysis.13. Risk Management.
The Role of Assessment in Risk Management.
The Process of Risk Management.
Defining the System Boundaries.
Summary.Appendix A: SANs/fbi Top 20 Internet Security Vulnerabilities. Appendix B: Sample CERT/Coordination Center Incident Response Form. Appendix C: Windows 2000 Security/Hardening Plan. Appendix D: Denial-of-Service Attacks. Glossary. Bibliography. Index. 020171972XT08282002
E-Business is on the rise, but so are the likelihood and severity of computer attacks. Melissa, the Love Bug, Nimda, and Reezak all caught the e-Business community off guard, costing billions of dollars in lost productivity and damage. Maintaining enterprise security is now, without question, a crucial aspect of doing business in today's Internet-based economy.
Enterprise Security: The Manager's Defense Guide is a comprehensive, state-of-the-art handbook for harnessing e-Business security. It examines the most recent attack strategies and offers specific techniques for combating attempts at data infiltration, destruction, and denial-of-service attacks. Understanding that security must be incorporated within multiple levels of e-Business technology and practice, the author presents measures for securing your system platform, applications, operating environment, processes, and communication links. He explains how the traditional security technologies of firewalls and virtual private networks (VPNs) can be integrated with risk management, vulnerability assessment, intrusion detection, and content management for a comprehensive security plan.
You will find in-depth coverage of such topics as:
- The goals and sophisticated tools of today's hackers
- The advantages and shortcomings of firewalls and VPNs
- Incorporating security into application development
- TCP/IP attacks, including SYN Flood and Land attacks
- Distributed denial-of-service (DDoS) attacks
- ICMP directed broadcast and Smurf bandwidth attacks
- The Bubble Boy virus
- Adding TCP Wrappers and security in layers
- Guidelines for vulnerability assessment and risk management
Several informative appendixes enumerate the top twenty enterprise vulnerabilities, provide an incident response form, discuss how to harden the often targeted Windows 2000 operating system, and examine denial-of-service attacks in depth.
Featuring the latest in attack technology and defenses, this book is an invaluable resource for IT managers and professionals who must remain a step ahead of the enemy in the ongoing security arms race.
David Leon Clark has over twenty years of experience in information technology systems and solutions and is currently the program manager responsible for the Information Assurance practice of Acton Burnell, Inc. of Alexandria, Virginia. Mr. Clark provides advice, support, and life cycle security consulting to federal and commercial clients. He designed the core curriculum for the Information Security Management (ISM) course of study, a graduate level program for the University of Virginia's School of Continuing and Professional Studies. A professional writer on high-tech topics, he is the author of IT Manager's Guide to Virtual Private Networks, along with numerous technology white papers and marketing literature.