Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
Next >
The InfoSec Handbook - Umesh Hodeghatta Rao

Part I IntroductionChapter 1 Introduction to SecurityWhat is Security?Why is Security Important?What if You Do Not Care About Security?The Evolution of the Computer and Information SecurityInformation Security TodayApplicable Standards and CertificationsThe Role of a Security ProgramChapter 2 History of Computer SecurityIntroductionCommunicationWorld Wars and Their Influence on the Field of SecurityCypher Machine: EnigmaChapter SummaryPart II Key Principles and PracticesChapter 3 Key Concepts and PrinciplesIntroductionSecurity ThreatsExternal and Internal ThreatsInformation Security Frameworks and Information Security ArchitectureInformation Security Management Systems Framework Provided by ISO/IEC 27001:2013NIST Special Publication 800-39 complemented by 800-53SABSA®Pillars of SecurityPeopleOrganization of Information SecurityThe Need for IndependenceSpecific Roles and ResponsibilitiesAuthority for Information SecurityPolicies, Procedures, and ProcessesTechnologyInformation Security ConceptsCIA TriadParkerian HexadImplementation of Information SecurityRisk AssessmentPlanning and ArchitectureGap AnalysisIntegration and DeploymentOperationsMonitoringLegal Compliance and AuditCrisis ManagementPrinciples of Information SecurityChapter SummaryChapter 4 Access ControlsIntroductionConfidentiality and Data IntegrityWho Can Access the Data?What is an Access Control?Authentication and AuthorizationAuthentication and Access Control LayersAccess Control StrategiesImplementing Access ControlsAccess Control Lists (ACLs)AAA FrameworkLDAP and Active DirectoryIDAMChapter SummaryChapter 5 Information Systems ManagementIntroductionRiskIncidentDisasterDisaster RecoveryBusiness ContinuityRisk ManagementIdentification of RiskRisk AnalysisRisk ResponsesExecution of the Risk Treatment PlansThe Importance of Conducting a Periodic Risk AssessmentIncident ResponseIncident Response Policy, Plan, and ProcessesDisaster Recovery and Business ContinuityHow to Approach Business Continuity PlanChapter SummaryPart III Application SecurityChapter 6 Application and Web SecurityIntroductionSoftware ApplicationsCompleteness of the InputsCorrectness of the InputsCompleteness of ProcessingCorrectness of ProcessingCompleteness of the UpdatesCorrectness of the UpdatesPreservation of the Integrity of the Data in StoragePreservation of the Integrity of the Data while in TransmissionImportance of an Effective Application Design and Development Life CycleImportant Guidelines for Secure Design and DevelopmentWeb Browsers, Web Servers, and Web ApplicationsVulnerabilities in Web BrowsersInappropriate ConfigurationUnnecessary or Untrusted Add-onsMalware or Executables run on the Web BrowserNo Patching up or Carrying out the Security UpdatesHow to Overcome the Vulnerabilities of Web BrowsersVulnerabilities of Web ServersDefault Users and Default Permissions are not changedSample files and scripts are not removedDefault Configuration is Not ChangedFile and Directory Permissions are not Set ProperlySecurity Loop-Holes or Defects in the Web Server Software or Underlying Operating SystemHow to Overcome the Web Server VulnerabilitiesWeb ApplicationsChapter SummaryChapter 7 Malicious Software and Anti-Virus SoftwareIntroductionMalware SoftwareIntroduction to MalwareCovert channelsTypes of Malware in DetailSpywareAdwareTrojansVirusesWormsBackdoorsBotnetsA Closer Look at SpywareTrojans and BackdoorsRootkitsViruses and WormsBotnetsBrief History of Viruses, Worms, and TrojansThe Current SituationAnti-Virus SoftwareNeed for Anti-Virus SoftwareTop 5 Commercially Available Anti-Virus SoftwareSymantec Norton Anti-Virus SoftwareMcAfee Anti-VirusKaspersky Anti-VirusAVG Anti-Virus SoftwareA Few Words of CautionChapter SummaryChapter 8 CryptographyIntroductionCryptographic AlgorithmsSymmetric Key CryptographyKey DistributionAsymmetric Key CryptographyPublic Key CryptographyRSA AlgorithmAdvantages of Public Key CryptographyApplications of PKCPublic Key Infrastructure (PKI)Certificate Authority (CA)Digital CertificateHash Function CryptographyPopular HashesDigital SignaturesSummary of Cryptography Standard AlgorithmsDisk / Drive EncryptionAttacks on CryptographyChapter SummaryPart IV Network SecurityChapter 9 Understanding Networks and Network SecurityIntroductionNetworking FundamentalsComputer CommunicationNetwork and its ComponentsNetwork ProtocolsOSI (Open Systems Interconnection) Reference ModelTCP/IP ModelNetwork Vulnerabilities and ThreatsVulnerabilitiesThreatsAttacksChapter SummaryChapter 10 FirewallsIntroductionHow Do You Protect a Network?FirewallBasic Functions of FirewallPacket FilteringStateful Packet FilteringNetwork Address Translation (NAT)Application Level Gateways (Application Proxy)Firewall Deployment ArchitectureOption 1: Bastion HostOption 2: Staging Area or Demilitarized Zone (DMZ)Multiple FirewallPersonal FirewallFirewall Best PracticesAuditing of FirewallChapter SummaryChapter 11 Intrusion Detection and Prevention SystemsIntroductionWhy Use IDS?Types of IDSHow Does Detection Work?Signature-Based DetectionAnomaly-Based DetectionIDS/IPS System Architecture and FrameworkAppliance (Sensors)Signature Update ServerIDS/IPS in ContextChapter SummaryChapter 12 Virtual Private NetworksIntroductionAdvantages of VPNVPN TypesRemote Access (Host-to-Site) VPNHost-to-Host VPNSite-to-Site (Intranet and Extranet) VPNVPN and FirewallVPN ProtocolsTunnelingData Authentication and Data IntegrityAnti-Replay ServicesData EncryptionLayer Two Tunneling Protocol (L2TPv3)Internet Protocol Security (IPSec)MPLS (Multi-Protocol Label Switching)MPLS VPN SecurityImportant IETF Standards and RFCs for VPN ImplementationA Few Final Thoughts about VPNChapter SummaryChapter 13 Data Backups and Cloud ComputingIntroductionNeed for Data BackupsTypes of BackupsCategory 1: Based on current data on the system and the data on the backupsCategory 2: Based on what goes into the backupCategory 3: Based on storage of backupsCategory 4: Based on the extent of the automation of the backupsRAID LevelsOther Important Fault Tolerance MechanismsRole of Storage Area Networks (SAN) in providing Backups and Disaster RecoveryCloud Infrastructure in Backup StrategyDatabase BackupsBackup StrategyRestoration StrategyImportant Security ConsiderationsSome Inherent Issues with Backups and RestorationBest Practices Related to Backups and RestorationIntroduction to Cloud ComputingWhat is Cloud Computing?Fundamentals of Cloud ComputingCloud Service ModelsSoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)Important Benefits of Cloud ComputingUpfront Capital Expenditure (CAPEX) versus Pay as you use Operational Expenditure (OPEX)Elasticity or FlexibilityReduced need for specialized resources and maintenance servicesOn-Demand Self-Service Mode versus Well-Planned Time-Consuming Ramp UpRedundancy and Resilience versus Single Points of FailureCost of traditional DRP and BCP versus the DRP & BCP through Cloud EnvironmentEase of use on the Cloud EnvironmentImportant Enablers of Cloud ComputingFour Cloud Deployment ModelsPrivate CloudPublic CloudCommunity CloudHybrid CloudMain Security and Privacy Concerns of Cloud ComputingComplianceLack of Segregation of DutiesComplexity of the Cloud Computing System2Shared Multi-tenant Environment2Control of the Cloud Consumer on the Cloud Environment2Types of Agreements related to Service Levels and Privacy with the Cloud ProviderData Management and Data Protection2Insider ThreatsSecurity Issues on account of multiple levelsPhysical security issues related to Cloud Computing environmentCloud Applications SecurityThreats on account of Virtual Environment3Encryption and Key ManagementSome Mechanisms to address the Security and Privacy Concerns in Cloud Computing EnvironmentUnderstand the Cloud Computing environment and protect yourselfUnderstand the Technical Competence and segregation of duties of the Cloud ProviderProtection against Technical Vulnerabilities and Malicious AttacksRegular Hardening and Appropriate Configurations of the Cloud Computing EnvironmentData ProtectionEncryptionGood Governance MechanismsComplianceLogging and AuditingPatching / UpdatingApplication Design and DevelopmentPhysical SecurityStrong Access ControlsBackupsThird-Party Certifications / AuditingChapter SummaryPart V Physical SecurityChapter 14 Physical Security and BiometricsIntroductionPhysical and Technical ControlsID Cards and BadgesPhoto ID cardsMagnetic Access CardsOther Access MechanismsLocks and KeysElectronic Monitoring and Surveillance CamerasAlarms and Alarm SystemsBiometricsSome of the important biometric mechanismsHow the biometric system worksEnrollmentRecognitionPerformance of the Biometrics SystemThe test of a good biometric systemPossible information security issues with the Biometric SystemsMultimodal biometric systemAdvantages of Biometric systemsAdministrative ControlsFire Safety FactorsInterception of DataMobile and Portable DevicesVisitor ControlChapter SummaryChapter 15 Social EngineeringIntroductionSocial Engineering Attacks: How They Exploit Human NatureHelping NatureTrusting NatureObeying the AuthorityFearSocial Engineering: Attacks Caused by Human BeingsSocial Engineering: Attacks Caused by Computers or Other Automated MeansSocial Engineering: Methods that are Used for AttacksPretextingPhishingSpear PhishingVishingBaitingTailgatingE-mail AttachmentsSocial Engineering: Other Important Attack MethodsSocial Engineering: How to Reduce the Possibility of Falling Prey to AttacksChapter SummaryChapter 16 Current Trends in Information SecurityWireless SecurityBluetooth Technology and SecurityMobile SecurityChapter Summary
Found a mistake? Please highlight the word and press Shift + Enter  
Next >
Business & Finance
Computer Science
Language & Literature
Political science