Front Cover -- Cybersecurity Operations Handbook -- Copyright Page -- Contents -- List of Figures -- List of Tables -- Foreword -- Preface -- Acknowledgments -- Disclaimer -- Chapter 1. Why Worry about Security? I -- 1.1 Threats to personal privacy -- 1.2 Fraud and theft -- 1.3 Employee sabotage -- 1.4 Infrastructure attacks -- 1.5 Malicious hackers -- 1.6 Malicious code -- 1.7 Industrial espionage -- 1.8 The 1996 National Information Infrastructure Protection Act -- 1.9 President's executive order on critical infrastructure protection -- 1.10 The USA Patriot Act of 2001 -- 1.11 The Homeland Security Act of 2002 -- 1.12 Chapter summary -- 1.13 Endnotes -- Chapter 2. Network Security Management Basics -- 2.1 Foundations of information assurance -- 2.2 Defense-in-depth strategy -- 2.3 Overview of RFC 2196 (Site Security Handbook) -- 2.4 The Common Criteria model -- 2.5 Privacy standards and regulations -- 2.6 Password management -- 2.7 Incident handling -- 2.8 Information warfare and information operations -- 2.9 Web security overview -- 2.10 Chapter summary -- 2.11 Endnotes -- Chapter 3. Security Foundations -- 3.1 Access control -- 3.2 Purpose of access control -- 3.3 Access control entities -- 3.4 Fundamental concepts of access control -- 3.5 Access control criteria -- 3.6 Access control models -- 3.7 Uses of access control -- 3.8 Access control administration models -- 3.9 Access control mechanisms -- 3.10 Physical and environmental security controls -- 3.11 Applications development security -- 3.12 Standardization of application security features -- 3.13 Techniques to enforce application security -- 3.14 Security architecture -- 3.15 Security and the law -- 3.16 Investigations -- 3.17 Ethics -- 3.18 Operations security -- 3.19 Host-based intrusion detection -- 3.20 Network-based detection efforts -- 3.21 Chapter summary -- 3.22 Endnotes.

Chapter 4. Firewalls and Perimeters -- 4.1 Firewall environments -- 4.2 Perimeter concepts -- 4.3 How intruders break -- 4.4 What is a firewall? -- 4.5 Static packet filtering -- 4.6 Edge, or boundary, routers and packet filters -- 4.7 Stateful filtering and inspection -- 4.8 Proxy servers -- 4.9 Circuit gateways -- 4.10 Application gateway -- 4.11 Chapter summary -- 4.12 Endnotes -- Chapter 5. VPNs and Remote Access -- 5.1 Historical evolution of the VPN -- 5.2 VPN basics -- 5.3 Why is a VPN needed? -- 5.4 VPN security essentials -- 5.5 VPN tunneling and protocols -- 5.6 Business benefits of VPNs -- 5.7 A case study -- 5.8 Chapter summary -- 5.9 Endnotes -- Chapter 6. Intrusion Detection in Depth -- 6.1 Basic intrusion detection concepts -- 6.2 Types of IDSs -- 6.3 IDS detectable attack types -- 6.4 Understanding TCP/IP for intrusion detection -- 6.5 Tcpdump overview -- 6.6 Case study-Kevin Mitnik -- 6.7 Chapter summary -- 6.8 Endnotes -- Chapter 7. Securing Communications -- 7.1 Cryptography -- 7.2 Cryptographic techniques -- 7.3 Cryptographic keys -- 7.4 Cryptographic hash functions -- 7.5 Digital signatures -- 7.6 Secret-key cryptography -- 7.7 Public-key cryptography -- 7.8 OpenPGP -- 7.9 Cryptanalysis and cryptographic attack techniques -- 7.10 Steganography -- 7.11 Chapter summary -- 7.12 Endnotes -- Chapter 8. Keys, Signatures, Certificates, and PKI -- 8.1 Key cryptography -- 8.2 Digital signatures -- 8.3 Certificates -- 8.4 Public-key infrastructure -- 8.5 Chapter summary -- 8.6 Endnotes -- Chapter 9. Hacker Exploits -- 9.1 Hacking defined -- 9.2 Script kiddies versus hackers -- 9.3 Hacking groups and clubs -- 9.4 Cyberactivism -- 9.5 Language -- 9.6 Social engineering -- 9.7 Reconnaissance -- 9.8 IDS evasion -- 9.9 General hacker exploits -- 9.10 Tracking hackers -- 9.11 Case study: insider Trojan horse attack -- 9.12 Chapter summary.

9.13 Endnotes -- Chapter 10. Incident Handling Basics -- 10.1 Why incident response is necessary -- 10.2 What purpose does incident response serve? -- 10.3 Common terms -- 10.4 Organizational planning for incident handling -- 10.5 Creating a computer security incident response team -- 10.6 Organizational roles -- 10.7 Procedures for responding to incidents -- 10.8 Types of incidents -- 10.9 Stages of incident response -- 10.10 Incident prevention and detection -- 10.11 Response to various attack types -- I0.12 Incident reporting procedures -- I0.13 Incident response support organizations -- I0.14 Legal considerations -- 10.15 Chapter summary -- 10.16 Endnotes -- Chapter 11. Forensics, Investigation, and Response -- 11.1 What is cyberforensics? -- 11.2 Computer forensics and the law -- 11.3 Cybercrime examples -- 11.4 What is forensic evidence? -- 11.5 Forensics casework -- 11.6 Preserving the integrity of the crime scene -- 11.7 Investigative incident-response actions -- 11.8 Forensics analysis investigative actions -- 11.9 Computer forensic tools -- 11. 10 Special feature: NTI President Michael R.Anderson on forensics -- 11.11 Chapter summary -- 11.12 Endnotes -- Chapter 12. Security Diligence -- 12.1 Security testing -- 12.2 Testing concepts and applications -- 12.3 Independent diagnostic tests -- 12.4 Key factors -- 12.5 Open Source Security Testing Methodology Manual -- 12.6 Outsourced systems -- 12.7 Monitoring and updating -- 12.8 Hardening systems -- 12.9 System patches -- 12.10 Chapter summary -- 12.11 Endnotes -- Chapter 13. Business-Continuity Planning -- 13.1 Building the business-continuity plan -- 13.2 IT and communications -- 13.3 Planning for emergency procedures -- 13.4 Planning the business recovery phase -- 13.5 Chapter summary -- 13.6 Endnotes -- Chapter 14. Auditing Fundamentals.

14.1 The auditor's role in developing security policies -- 14.2 Auditing standards and groups -- 14.3 Audit oversight committee -- 14.4 Auditing and assessment strategies -- 14.5 Prerequisites for developing an audit strategy -- 14.6 Basic auditing methods and tools -- 14.7 General information systems audit process -- 14.8 Perimeter audits -- 14.9 Using Nmap -- 14.10 Mapping the network with Nmap -- 14.11 Analyzing Nmap scan results -- 14.12 Penetration testing using Nessus -- 14.13 Chapter summary -- 14.14 Endnotes -- Chapter 15. Security-Management Issues -- 15.1 Organizational security management -- 15.2 Security management areas of responsibility -- 15.3 Security policies -- 15.4 Basic approach to policy development -- 15.5 Security personnel -- 15.6 Management of security professionals -- 15.7 Chapter summary -- 15.8 Endnotes -- Chapter 16. Outsourcing and Security -- 16.1 Security issues with outsourcing -- 16.2 The nondisclosure agreement -- 16.3 The statement of work -- 16.4 The professional services agreement -- 16.5 Myths about outsourcing security -- 16.6 Chapter summary -- 16.7 Endnotes -- Chapter 17. Security Service Level Agreements -- 17.1 Developing a service-level agreement -- 17.2 Components of an SLA -- 17.3 Adding security to the SLA equation -- 17.4 Sample SLAs -- 17.5 Chapter summary -- 17.6 Endnotes -- Chapter 18. Future Trends in Security -- 18.1 Threats in cyberspace -- 18.2 The growing market for security -- 18.3 Policy and centralized management -- 18.4 Blended attacks -- 18.5 The future of wireless -- 18.6 Chapter summary -- 18.7 Endnotes -- Chapter 19. Sample Policy Documents -- 19.1 Generic policy template -- 19.2 Acceptable encryption policy -- 19.3 Acceptable-use policy -- 19.4 Analog-Line-Usage Policy -- 19.5 Antivirus guidelines policy -- 19.6 Application service provider policy.

19.7 Application service provider standards -- 19.8 Acquisition assessment policy -- 19.9 Audit policy -- 19.10 Autoforwarded e-mail policy -- 19.11 Database credentials policy -- 19.12 Dial-in access policy -- 19.13 Demilitarized zone lab-security policy -- 19.14 Extranet policy -- 19.15 Information-sensitivity and marking policy -- 19.16 Internal lab security policy -- 19.17 Internet DMZ equipment policy -- 19.18 Lab antivirus policy -- 19.19 Password policy -- 19.20 Remote access policy -- 19.21 Risk-assessment policy -- 19.22 Router-security policy -- 19.23 Server-security policy -- 19.24 Virtual-private-networking policy -- 19.25 Wireless communications policy -- 19.26 Endnotes -- Glossary of Security Terms -- A Audit Program for Networks -- B Network Architectures and Security -- B.1 Transmission Control Protocol/Internet Protocol -- B.2 Systems Network Architecture -- B.3 Digital network architecture and DECnet -- C Useful URLs -- C.1 Links related to information warfare -- C.2 Links related to computer crime and hacking -- C.3 Links related to general networking and security -- C.4 Links related to security focused businesses -- C.5 Links related to online reference material -- D Non-Disclosure Agreement -- E Professional Services Agreement -- F Physical Security Guidelines -- F.1 General guidelines -- F.2 Perimeter barrier standards -- F.3 Endnotes -- G NRIC Preventative Best Practices for Cybersecurity -- G.1 Cyber Security Focus Group -- G.2 General drivers of BPs -- G.3 Cybersecurity Best Practices Structure -- G.4 FGIB cybersecurity proposals -- G.5 Endnotes -- H NRIC Cybersecurity Recovery Best Practices -- H.1 Survey of current practices -- H.2 Creation of new practices -- H.3 NRIC recovery best practices Appendix X -- H.4 NRIC recovery best practices appendix Y -- H.5 NRIC recovery best practices appendix Z.

I NRIC Physical Security Best Practices.