Protecting computer networks and their client computers against willful (or accidental) attacks is a growing concern for organizations and their information technology managers. This book draws upon the author's years of experience in computer security to describe a set of over 200 "rules" designed to enhance the security of a computer network (and its data) and to allow quick detection of an attack and development of effective defensive responses to attacks. Both novice and experienced network administrators will find this book an essential part of their professional "tool kit." It is also essential reading for a corporate or organization manager who needs a solid understanding of the issues involved in computer security.Much literature is available on network and data security that describes security concepts, but offers so many different solutions to information security problems that it typically overwhelms both the novice and the experienced network administrator. This book presents a simple set of rules important in maintaining good information security. These rules or best practices are intended to be a recipe for setting up network and information security. This manual will take the mystery out of configuring an information security solution and provide a framework which the novice as well as experienced network administrator can follow and adapt to their network and data environment.
* Provides practical, "battle tested" rules and guidelines to protect computer networks against different forms of attack * Covers both network and client level attacks, including attacks via the internet and damage to the physical hardware of a network
Information technology managers, system administrators, network engineers, and others concerned with issues of network and computer security.
Table of Contents
Preface Ch. 1 Information Security Attacks And Vulnerabilities Ch. 2 Anatomy Of An Attack Ch. 3 Awareness And Management Commitment To Security Ch. 4 Security Policy Ch. 5 Infosec Network Architecture Design Ch. 6 Selecting Security Hardware And Software Ch. 7 Physical Security Ch. 8 Network Hardware Security Ch. 9 Network Operating System Security Ch. 10 PC Operating System Security Ch. 11 Internet Security Ch. 12 Application Security Ch. 13 Software Validation And Verification Ch. 14 Data Encryption Ch. 15 Configuration Management Ch. 16 Monitoring The Network Ch. 17 Maintenance And Troubleshooting Security Ch. 18 Training
George L. Stefanek, Ph.D., has over 18 years of experience as a systems administrator and manager of IS/IT departments. He has also consulted on information security issues for such clients as the U.S. Department of Defense.