... in-
cluded the German Green Book in 19 89, the Canadian Criteria in 19 90, the Information
Technology Security Evaluation Criteria (ITSEC) in 19 91, and the Federal Criteria in 19 92.
Each of these efforts ... encrypted form. In the 19 50s, it was learned that access to messages could
be achieved by looking at the electronic signals coming over phone lines (see Figure 1- 2).
Figure 1-...
... this part of the procedure is to identify the organiza
-
tion’s objectives before an incident occurs.
Event Identification
The identification of an incident is perhaps the most difficult part ... Beginner’s Guide
Chapter 5: Policy
71
NOTE:
It is never a good idea to retaliate. This may be an illegal act and is not recommended in
any situation.
Authority
An important part of the IRP is...
... useful. However, we may not necessarily have
knowledge of a directed or specific threat against some part of the organization.
If we assume a generic threat (somebody probably has the access, knowledge, ... or replace systems
■
Cost of experts to assist
▲
Employee overtime
As you can see from just this partial list, the costs of a successful penetration can be
large. Some of these costs wil...
... (ports 21 and 22) Allows employee to transfer files
Telnet (port 23) and SSH (port 22) Allows employees to create interactive
sessions on remote systems
POP-3 (port 11 0) and IMAP (port 14 3) Allows ... password). If some content on the site is restricted or
13 4
Network Security: A Beginner’s Guide
CHAPTER
9
Internet Architecture
13 3
Copyright 20 01 The McGraw-Hill Companies, Inc. Cli...
... two sites. The two
Chapter 10 : Virtual Private Networks
17 3
Figure 10 -4.
Site-to-site VPN across the Internet
CHAPTER
10
Virtual Private
Networks
16 7
Copyright 20 01 The McGraw-Hill Companies, ... each is distinct from the others and separated by the encryption.
Chapter 10 : Virtual Private Networks
16 9
Figure 10 -1.
VPNs handle multiple protocols
simpler but administrators mu...
... the past but that may now be performed cheaper. A
18 2
Network Security: A Beginner’s Guide
CHAPTER
11
E-Commerce
Security Needs
18 1
Copyright 20 01 The McGraw-Hill Companies, Inc. Click Here for ... account when e-commerce is discussed. That is availability. No longer is the
Chapter 11 : E-Commerce Security Needs
18 3
18 4
Network Security: A Beginner’s Guide
Web site just for infor...
... Chapter 11 : E-Commerce Security Needs
18 9
CLIENT-SIDE SECURITY
Client-side security deals with the security from the customer’s desktop system to the
e-commerce server. This part of the system ... customer’s computer and
browser software and the communications link to the server (see Figure 11 -1) .
Within this part of the system, we have several issues:
▼
The protection of informati...
... analysis continues for some period of time after the information gathering is com
-
plete. During this part of the task, the team will attempt to assimilate all of the informa
-
346
Network Security: ... gathered and to rank the risks to the organization. Measuring the risk is
often the most difficult part of this task as the cost of a successful exploitation of a vulner
-
ability may be...
... door.
Chapter 1: What Is Information Security?
13
CHAPTER
2
Types of Attacks
15
Copyright 20 01 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
This page intentionally left blank.
Chapter 1: ... on a conversation that they are not a part of, that is eavesdrop
-
ping. To gain unauthorized access to information, an attacker must position himself at a
16
Network Security:...