Sold Out
Book Categories |
Introduction | 1 | |
1. | Executive Summary | 5 |
What Are the Threats? | 7 | |
The Increased Vulnerability of E-commerce Sites | 8 | |
Countermeasures | 10 | |
The Importance of Policies and Strategies | 11 | |
Conclusion | 12 | |
2. | Internal Threats | 15 |
The Extent of the Internal Threat | 15 | |
Who Is Responsible? | 17 | |
Addressing the Threat | 18 | |
Implementing Strong Authentication Methods | 18 | |
Reusable Passwords Are Insufficient | 18 | |
Options for Strong Authentication | 20 | |
Access Control | 23 | |
Commercial Access Control Products | 24 | |
Internal Firewalls | 25 | |
Human Resource Strategies | 26 | |
Educating Employees to Deter Social Engineering Attempts | 26 | |
Monitoring Employee Internet Use | 29 | |
Developing a Strong Security Policy | 33 | |
Enforcing the Policy | 36 | |
3. | External Threats | 39 |
Common Attack Patterns | 39 | |
Attack Tools | 40 | |
Reconnaissance | 42 | |
Password Attacks | 43 | |
After the Hacker Has Entered | 44 | |
Denial-of-Service Attacks | 44 | |
Distributed Denial-of-Service Attacks | 46 | |
Smurf Attacks | 48 | |
The Teardrop Attack | 50 | |
Teardrop2 | 50 | |
Land Attacks | 51 | |
User Datagram Protocol Floods | 51 | |
E-mail Bombs | 51 | |
Java and ActiveX Security Threats | 52 | |
Viruses | 53 | |
The Love Bug | 55 | |
Melissa | 56 | |
Protecting the Enterprise from Zone Transfers | 56 | |
Determining Whether an Intrusion Has Occurred | 57 | |
Using Firewalls to Repel Outside Attacks | 57 | |
Security Scanners | 58 | |
Using Intrusion Detection Systems to Monitor for and Respond to Common Attacks | 59 | |
Combating Viruses | 61 | |
Software Is Not Sufficient | 63 | |
Managing Java and ActiveX Controls | 64 | |
4. | Securing Remote Access | 67 |
Security Threats Related to Remote Workers | 68 | |
Securing Home Offices | 70 | |
The Security Implications of Broadband Access to the Home | 71 | |
Strong Authentication Measures for Remote Users | 72 | |
Security for Mobile Workers | 72 | |
Virtual Private Networks for Remote Workers and Branch Offices | 72 | |
Cost Issues | 74 | |
Authentication Issues | 75 | |
Authorization Issues | 76 | |
Accounting Issues | 76 | |
Protecting Remote Users with Virtual Private Networks | 77 | |
Using Virtual Private Networks to Connect Remote Offices | 77 | |
Placing Virtual Private Networks Relative to Firewalls | 78 | |
Virtual Private Networks: Difficulties Continue | 79 | |
Conclusion | 81 | |
5. | Securing E-commerce | 83 |
Web Site Vandalism | 85 | |
Buffer Overflow | 87 | |
Exploting Common Gateway Interface Vulnerabilities and Other Application Layer Problems | 89 | |
Securing the Web Site | 90 | |
The Importance of Software Patches | 93 | |
Antihacker Tools | 93 | |
Antihacker Web Sites | 94 | |
Using Secure Sockets Layer to Protect Online Transactions | 95 | |
Secure Sockets Layer and Server Certificates | 96 | |
Solutions and Protocols | 96 | |
Internet Protocol Security | 97 | |
IPSec Modes of Operation | 98 | |
6. | Firewalls | 101 |
Packet Filters | 103 | |
Dynamic Packet Filters | 105 | |
Proxy Firewalls | 105 | |
What Firewalls Cannot Do | 108 | |
Firewall Features and Products | 109 | |
7. | Public Key Encryption | 111 |
The Market for Public Key Infrastructures | 112 | |
How Digital Certificates Operate | 114 | |
The Legality of Encryption | 116 | |
The Importance of Directory Services | 117 | |
PKI: Overall Problems and Potential Solutions | 119 | |
Keeping Private Keys Private | 119 | |
Digital Certificate Portability | 120 | |
Digital Signature Legality | 121 | |
Shared Workstations | 121 | |
Certificate Revocation | 121 | |
Interoperability | 122 | |
The Ultimate Goal of Public Key Infrastructure | 122 | |
Approaches to Implementing a Public Key Infrastructure | 124 | |
8. | Securing Extensible Markup Language | 127 |
Banking Initiatives and XML Security | 130 | |
Building Security into a Document Type Definition Real Estate Listing Markup Language | 131 | |
9. | Creating a Security Strategy | 133 |
Conducting Risk Analysis | 133 | |
Security Assessment Strategies | 136 | |
Penetration Testing | 136 | |
Security Assessment Software | 139 | |
Insurance | 139 | |
Staffing Issues | 141 | |
Certified Information Systems Security Professional Certification | 141 | |
Centralizing Security | 142 | |
Security as Part of E-business Application Development | 143 | |
The Importance of Security Policy and Auditing | 144 | |
The Need for Security Education | 145 | |
Incident Response | 146 | |
Designate a Point of Contact | 146 | |
The Importance of Preserving Evidence | 147 | |
Reporting Incidents | 147 | |
After the Incident | 149 | |
Conclusion | 149 | |
Figures | ||
Unauthorized Use of Computer Systems | ||
Internet User Confidence | ||
Types of Security Breaches | ||
Most Recently Reported Security Violation | ||
Security Breaches at E-commerce Web Sites versus Informational Sites | ||
Security Technologies in Use | ||
Technologies Installed and Evaluated | ||
The Increase in Internal Security Incidents | ||
Internet Connection as a Frequent Source of Attack | ||
The Anatomy of a Distributed Denial-of-Service Attack | ||
The Anatomy of a Smurf Attack | ||
Sources of Virus Infections | ||
Antivirus Measures Being Used | ||
Consequences of Mobile Code Exploits | ||
Remote Access and Virtual Private Networks | ||
A Remote Virtual Private Network | ||
A Site-to-Site Virtual Private Network | ||
A Virtual Private Network Gateway on the Side of the Firewall | ||
Attacks on Web Sites | ||
The Frequency of Web Attacks | ||
Types of Web Attacks | ||
Encapsulating Security Payload Tunnel Mode |
Login|Complaints|Blog|Games|Digital Media|Souls|Obituary|Contact Us|FAQ
CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!! X
You must be logged in to add to WishlistX
This item is in your Wish ListX
This item is in your CollectionAdvanced Security Strategies Protecting Today's E-Business Environment
X
This Item is in Your InventoryAdvanced Security Strategies Protecting Today's E-Business Environment
X
You must be logged in to review the productsX
X
X
Add Advanced Security Strategies Protecting Today's E-Business Environment, , Advanced Security Strategies Protecting Today's E-Business Environment to the inventory that you are selling on WonderClubX
X
Add Advanced Security Strategies Protecting Today's E-Business Environment, , Advanced Security Strategies Protecting Today's E-Business Environment to your collection on WonderClub |