Author(s): Manish Agrawal, Alex Campoe, Eric Pierce
Publisher: Wiley
Year: 0
Language: English
Pages: 434
Cover......Page 1
Title Page......Page 3
Copyright......Page 4
Table of Contents......Page 5
List of Figures......Page 13
Preface......Page 19
Professional utility of information security knowledge......Page 21
Brief history......Page 25
Definition of information security......Page 31
Example case – Wikileaks, Cablegate, and free reign over classified networks......Page 34
Chapter review questions......Page 35
Hands-on activity – Software Inspector, Steganography......Page 36
Design case......Page 41
Introduction......Page 46
What is system administration?......Page 47
System administration and information security......Page 48
Common system administration tasks......Page 49
System administration utilities......Page 53
Example case – T. J. Maxx......Page 57
Chapter review questions......Page 59
Hands-on Activity – Linux system installation......Page 60
Critical thinking exercise – Google executives sentenced to prison over video......Page 68
Design case......Page 69
Operating system structure......Page 71
Files and directories......Page 73
Moving around the filesystem – pwd, cd......Page 74
Listing files and directories......Page 75
Shell expansions......Page 76
File management......Page 77
Viewing files......Page 79
Searching for files......Page 80
Access control and user management......Page 81
Access control lists......Page 84
File ownership......Page 85
Editing files......Page 86
Software installation and updates......Page 87
Account management......Page 92
Command-line user administration......Page 95
Example case – Northwest Florida State College......Page 97
Chapter review questions......Page 98
Hands-on activity – basic Linux system administration......Page 99
Design Case......Page 100
Components of the basic information security model......Page 102
Common vulnerabilities, threats, and controls......Page 110
Example case – ILOVEYOU virus......Page 119
Chapter review questions......Page 120
Hands-on activity – web server security......Page 121
Critical thinking exercise – the internet, "American values," and security......Page 122
Design case......Page 123
Assets overview......Page 124
Determining assets that are important to the organization......Page 125
Asset types......Page 129
Asset characterization......Page 134
IT asset life cycle and asset identification......Page 139
System profiling......Page 144
Asset ownership and operational responsibilities......Page 147
Summary......Page 150
Example case questions......Page 151
Critical thinking exercise – uses of a hacked PC......Page 152
Design case......Page 153
Introduction......Page 155
Threat models......Page 156
Threat agent......Page 157
Threat action......Page 169
Vulnerabilities......Page 182
Example case – Gozi......Page 187
Example case questions......Page 188
Hands-on activity – Vulnerability scanning......Page 189
Design case......Page 194
Introduction......Page 196
Encryption basics......Page 197
Encryption types overview......Page 201
Encryption types details......Page 207
Encryption in use......Page 214
Example case – Nation technologies......Page 217
Chapter review questions......Page 218
Hands-on activity – encryption......Page 219
Critical thinking exercise – encryption keys embed business models......Page 225
Design case......Page 226
Identity management......Page 227
Access management......Page 232
Authentication......Page 233
Single sign-on......Page 241
Federation......Page 248
Example case – Markus Hess......Page 257
Chapter review questions......Page 259
Hands-on activity – identity match and merge......Page 260
Critical thinking exercise – feudalism the security solution for the internet?......Page 264
Design case......Page 265
Password management......Page 267
Access control......Page 271
Firewalls......Page 272
Intrusion detection/prevention systems......Page 276
Patch management for operating systems and applications......Page 281
End-point protection......Page 284
Example case – AirTight networks......Page 286
Example case questions......Page 290
Hands-on activity – host-based IDS (OSSEC)......Page 291
Design case......Page 295
Introduction......Page 297
Output redirection......Page 299
Text manipulation......Page 300
Variables......Page 303
Conditionals......Page 307
User input......Page 310
Loops......Page 312
Putting it all together......Page 319
Example case – Max Butler......Page 321
Summary......Page 322
Hands-on activity – basic scripting......Page 323
Critical thinking exercise – script security......Page 324
Design case......Page 325
Incidents overview......Page 326
Incident handling......Page 327
The disaster......Page 347
Example case – on-campus piracy......Page 348
Chapter review questions......Page 350
Critical thinking exercise – destruction at the EDA......Page 351
Design case......Page 352
Log analysis......Page 353
Event criticality......Page 357
General log configuration and maintenance......Page 365
Live incident response......Page 367
Timelines......Page 370
Other forensics topics......Page 372
Example case – backup server compromise......Page 373
Chapter review questions......Page 375
Hands-on activity – server log analysis......Page 376
Design case......Page 378
Guiding principles......Page 380
Writing a policy......Page 387
Impact assessment and vetting......Page 391
Policy review......Page 393
Compliance......Page 394
Key policy issues......Page 397
Example case – HB Gary......Page 398
Chapter review questions......Page 399
Critical thinking exercise – Aaron Swartz......Page 400
Design case......Page 401
Introduction......Page 402
Risk management as a component of organizational management......Page 403
Risk-management framework......Page 404
The NIST 800-39 framework......Page 405
Risk assessment......Page 407
Other risk-management frameworks......Page 409
IT general controls for Sarbanes–Oxley compliance......Page 411
Compliance versus risk management......Page 418
Example case – online marketplace purchases......Page 419
Chapter review questions......Page 420
Hands-on activity – risk assessment using lsof......Page 421
Design case......Page 423
Appendix A — Password List for the Linux Virtual Machine......Page 424
Glossary......Page 425
Index......Page 433