The Internet Security Guidebook

From Planning to Deployment


  • Juanita Ellis, Consultant, Los Angeles, CA, USA
  • Tim Speed, Lotus Consulting, Dallas, Texas, U.S.A.

The Internet Security Guidebook provides a complete analysis of an enterprise's Internet security. Strategies, steps, and procedures for conducting business securely on the Internet are discussed and reviewed. Very few organizations take the needed precautions to protect their Internet enterprise. Protection is not simply a firewall or technology; it is a strategy that encompasses risk, trust, business goals, security processes, and technology. The holistic approach offered in this book evaluates security needs in relation to business goals and the current attacks on the global Internet. The goal of The Internet Security Guidebook is to protect the business-computing environment by keeping our online enterprises functioning correctly and securely.Unlike other books available, this book contains a complete guide to Internet security that is accessible to both novices and computer professionals. The specific steps discussed and illustrated show the reader how to implement security from the individual process to the complete corporate enterprise. The reader will also learn about resources that can help such as the Computer Emergency Response Team (CERT), the Federal Bureau of Investigation (FBI), and even their own software vendors.
View full description


Computer information technologists, Web administrators, network managers, e-commerce managers.


Book information

  • Published: January 2001
  • ISBN: 978-0-12-237471-5


"A practical guide with well presented explanations of both the technical and human sides of a particular aspect of computer security."
--Book News, No. 7, 2001

"...a significant contribution to the body of literature in the field of information security..."
--Information Security Bulletin, June 2001

Table of Contents

ForewordPrefaceAcknowledgementsCopyright Notices and StatementsIntroduction Who Is Knocking at the Door?Chapter 1 Let's Do Business1.1 Security Components1.2 Do You Have a Process?1.3 The Cost of SecurityChapter 2 Security Review2.1 Review the Business2.2 What Is a Trusted Network?2.3 Initial Risk Analysis2.4 The Policy2.5 Implementation and FeedbackChapter 3 Cryptography3.1 History3.2 Key Types3.3 RSA-Public and Private Key3.4 PKI and Business SolutionsChapter 4 Secure Networks4.1 TCP/IP and OSI4.2 Port of Call (Let's Go on a Cruise)4.3 Denial-of-Service Attacks4.4 Virtual Private Networks4.5 Secure Sockets Layer (SSL)Chapter 5 Protecting Your Intranetfrom the Extranet and Internet5.1 So Many Choices! I'll Get One of Each!5.2 Firewall Product Functional Summaries5.3 Firewall Buyer's Assessment Form5.4 Firewall Vendors: Picking theProducts That Are Right for YouChapter 6 Authentication6.1 The Basics6.2 Authentication6.3 Authorisation6.4 Smart CardsChapter 7 E-Commerce-Public Key Infrastructure (PKI)7.1 PKI and You7.2 X.5097.3 Certificate Authority7.4 Certification Practice Statement7.5 Certificate Revocation List7.6 Key Recovery7.7 Lightweight Directory Access Protocol (LDAP)7.8 Public Key Cryptography Standards7.9 Public Key Infrastructure (X.509) StandardsChapter 8 Messaging Security8.1 Safe Communication-Messaging8.2 Getting Killed with Junk Mail8.3 Keep It RunningChapter 9 What Are We Doing Here?9.1 Risk Analysis9.2 Where Are the Threats?9.3 Technology Security Review9.4 Control Directory and Environmental Risk Table9.5 Competitive AssetChapter 10 Let's Make the Plans10.1 Security Plans, Policies, Procedures10.2 The Corporate Security Policy Document10.3 Physical Security Policy10.4 Network Security Policy10.5 Acceptable Use PolicyChapter 11 We Have BeenHacked! Oh, the Humanity!11.1 Incident HandlingChapter 12 The Total Package Specific Steps12.1 Putting It All Together12.2 The Plan12.3 Sample Plan to Roll Out PKIAppendix 1 Security ToolsA1.1 ToolsA1.2 Other Tool URLs