Front Cover -- Computer and Information Security Handbook -- Copyright Page -- Dedication -- Contents -- Foreword -- Preface -- Organization of this Book -- Part 1: Overview of System and Network Security: A Comprehensive Introduction -- Part 2: Managing Information Security -- Part 3: Cyber, Network, and Systems Forensics Security and Assurance -- Part 4: Encryption Technology -- Part 5: Privacy and Access Management -- Part 6: Storage Security -- Part 7: Physical Security -- Part 8: Practical Security -- Part 9: Advanced Security -- Supplemental Materials -- Acknowledgments -- About the Editor -- Contributors -- I. Overview of System and Network Security: A Comprehensive Introduction -- 1 Building a Secure Organization -- 1. Obstacles to Security -- Security Is Inconvenient -- 2. Computers are Powerful and Complex -- Computer Users Are Unsophisticated -- Computers Created Without a Thought to Security -- 3. Current Trend is to Share, Not Protect -- Data Accessible from Anywhere -- 4. Security isn't about Hardware and Software -- The Bad Guys Are Very Sophisticated -- Management Sees Security as a Drain on the Bottom Line -- 5. Ten Steps to Building a Secure Organization -- Evaluate the Risks and Threats -- Threats Based on the Infrastructure Model -- Threats Based on the Business Itself -- Threats Based on Industry -- Global Threats -- Beware of Common Misconceptions -- Provide Security Training for IT Staff-Now and Forever -- Think "Outside the Box" -- DOXing -- Train Employees: Develop a Culture of Security -- Identify and Utilize Built-in Security Features of the Operating System and Applications -- Monitor Systems -- Hire a Third Party to Audit Security -- Don't Forget the Basics -- Change Default Account Passwords -- Use Robust Passwords -- Close Unnecessary Ports -- Patch, Patch, Patch.

Use Administrator Accounts for Administrative Tasks -- Restrict Physical Access -- Don't Forget Paper! -- 6. Preparing for the Building of Security Control Assessments -- 7. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 2 A Cryptography Primer -- 1 What is Cryptography? What is Encryption? -- How Is Cryptography Done? -- 2 Famous Cryptographic Devices -- The Lorenz Cipher -- Enigma -- 3 Ciphers -- The Substitution Cipher -- The Shift Cipher -- The Polyalphabetic Cipher -- The Kasiski/Kerckhoff Method -- 4 Modern Cryptography -- The Vernam Cipher (Stream Cipher) -- The One-Time Pad -- Cracking Ciphers -- The XOR Cipher and Logical Operands -- Block Ciphers -- 5 The Computer Age -- Data Encryption Standard -- Theory of Operation -- Implementation -- Rivest, Shamir, and Adleman (RSA) -- Advanced Encryption Standard (AES or Rijndael) -- Overview -- The Basics of AES -- 6 How AES Works -- Bytes -- Math -- In the Beginning -- Rounds -- 7 Selecting Cryptography: the Process -- 8 Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 3 Detecting System Intrusions -- 1. Introduction -- 2. Monitoring Key Files in the System -- Files Integrity -- 3. Security Objectives -- There Is Something Very Wrong Here -- Additional Accounts on the System -- Timestamps -- Hidden Files and Directories -- 4. 0day Attacks -- Attack Vectors -- Vulnerability Window -- Discovery -- Protection -- Ethics -- 5. Good Known State -- Monitoring Running Processes in the System -- Files with Weird Names -- 6. Rootkits -- Kernel-Level Rootkits -- Userland Rootkits.

Rootkit Detection -- 7. Low Hanging Fruit -- 8. Antivirus Software -- 9. Homegrown Intrusion Detection -- 10. Full-Packet Capture Devices -- Deployment -- Centralized -- Decentralized -- Capacity -- Features: Filtered versus Full-Packet Capture -- Encrypted versus Unencrypted Storage -- Sustained Capture Speed versus Peak Capture Speed -- Permanent versus Overwritable Storage -- Data Security -- 11. Out-of-Band Attack Vectors -- 12. Security Awareness Training -- 13. Data Correlation -- 14. SIEM -- 15. Other Weird Stuff on the System -- 16. Detection -- 17. Network-Based Detection of System Intrusions (DSIs) -- 18. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- References -- 4 Preventing System Intrusions -- 1. So, What is an Intrusion? -- 2. Sobering Numbers -- 3. Know Your Enemy: Hackers versus Crackers -- 4. Motives -- 5. The Crackers' Tools of the Trade -- Our "Unsecured" Wireless World -- 6. Bots -- 7. Symptoms of Intrusions -- 8. What Can You Do? -- Know Today's Network Needs -- Network Security Best Practices -- 9. Security Policies -- 10. Risk Analysis -- Vulnerability Testing -- Audits -- Recovery -- 11. Tools of Your Trade -- Intrusion Detection Systems (IDSs) -- Firewalls -- Intrusion Prevention Systems -- Application Firewalls -- Access Control Systems -- Unified Threat Management -- 12. Controlling User Access -- Authentication, Authorization, and Accounting -- What the User Knows -- What the User Has -- Tokens -- Time Synchronous -- Event Synchronous -- Challenge-Response -- The User is Authenticated, but is She/He Authorized? -- Accounting -- Keeping Current -- 13. Intrusion Prevention Capabilities -- 14. Summary -- Chapter Review Questions/Exercises -- True/False.

Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 5 Guarding Against Network Intrusions -- 1 Traditional Reconnaissance and Attacks -- 2 Malicious Software -- Lures and "Pull" Attacks -- 3 Defense in Depth -- 4 Preventive Measures -- Access Control -- Vulnerability Testing and Patching -- Closing Ports -- Firewalls -- Antivirus and Antispyware Tools -- Spam Filtering -- Honeypots -- Network Access Control -- 5 Intrusion Monitoring and Detection -- Host-Based Monitoring -- Traffic Monitoring -- Signature-Based Detection -- Behavior Anomalies -- Intrusion Prevention Systems -- 6 Reactive Measures -- Quarantine -- Traceback -- 7 Network-Based Intrusion Protection -- 8 Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 6 Securing Cloud Computing Systems -- 1 Cloud Computing Essentials: Examining the Cloud Layers -- Analyzing Cloud Options in Depth -- Public -- Private -- Virtual Private -- Hybrid -- Establishing Cloud Security Fundamentals -- Policy and Organizational Risks -- Lock-in -- Loss of Governance -- Compliance Challenges -- Loss of Business Reputation Due to Co-tenant Activities -- Cloud Service Termination or Failure -- Cloud Provider Acquisition -- Supply Chain Failure -- Technical Risks -- Resource Exhaustion -- Resource Segregation Failure -- Abuse of High Privilege Roles -- Management Interface Compromise -- Intercepting Data in Transit, Data Leakage -- Insecure Deletion of Data -- Distributed Denial of Dervice (DDoS) -- Economic Denial of Service (EDoS) -- Encryption and Key Management (Loss of Encryption Keys) -- Undertaking Malicious Probes or Scans -- Compromise of the Service Engine.

Customer Requirements and Cloud Environment Conflicts -- Legal Risks -- Subpoena and e-discovery -- Varying Jurisdiction -- Data Protection -- Licensing -- General Risks -- Network Failures -- Privilege Escalation -- Social Engineering -- Loss or Compromise of Operational and Security Logs or Audit Trails -- Backup Loss -- Unauthorized Physical Access and Theft of Equipment -- Natural Disasters -- Other Cloud Security Concepts -- Incident Response (IR), Notification and Remediation -- Virtualization -- External Accreditations -- Determining When Security Goals Require a Private Cloud -- 2 Software as a Service (SaaS): Managing Risks in the Cloud -- Centralizing Information with SaaS to Increase Data Security -- Implementing and Managing User Authentication and Authorization -- Permission and Password Protection -- Negotiating Security Requirements with Vendors -- Identifying Needed Security Measures -- Establishing a Service Level Agreement -- Ensuring SLAs Meet Organizational Security Requirements -- 3 Platform as a Service (PaaS): Securing the Platform -- Restricting Network Access Through Security Groups -- Configuring Platform-Specific User Access Control -- Integrating with Cloud Authentication and Authorization Systems -- Compartmentalizing Access to Protect Data Confidentiality -- Securing Data in Motion and Data at Rest -- Identifying Your Security Perimeter -- Techniques for Recovering Critical Data -- Basic Backup and Restore -- Pilot Light -- Warm Standby -- Multisite -- 4 Infrastructure as a Service (IaaS) -- Locking Down Cloud Servers -- Virtualization Software Security -- Customer Guest Operating System (OS) or Virtual Instance Security -- Ensuring the Cloud is Configured According to Best Practices -- Policy -- Risk Management -- Configuration Management and Change Control -- Auditing -- Vulnerability Scanning -- Segregation of Duties.

Security Monitoring.