Product Description
The author blends statistics with real stories about computer security. Discusses and documents importance of a security policy, the impact of organizational politics, and actual transcripts of break-ins. Includes checklists of preventive security measures. Paper.
From the Inside Flap
Introduction
The age of connectivity is definitely upon us. With information flowing freely in and from all directions and electronic commerce knocking down new doors, network security has come to include a lot more than just using a good firewall to connect to the Internet.
I've spent a lot of time auditing security on distributed networks. In many cases, I found that data could be easily modified, stolen, or destroyed without a trace that the incident ever occurred. The system administrators and other powers-that-were knew that the systems weren't configured for security. What they didn't know was just how high their level of risk was. Executive managers were equally unaware of the risks.
This book lets you learn from their mistakes. If you are an executive manager, manager, system administrator—or anyone responsible for Intranet security—you must take an active approach to security. Don't make the same mistakes these companies did. It could cost you your company.
About this Book
WHAT you are about to read is NOT a work of fiction. This is a collection of REAL security audits. Each chapter focuses on an audit that I actually conducted (in person!) for a real, live, functioning company. If I'd used the actual company names, you would probably recognize that you'd personally done business with some of them.
Of course, I didn't use the real names of the companies, employees, or other parties for obvious legal and ethical reasons. But I did use the real facts regarding risk and my audit approach in each case. Read closely, especially if you are an executive manager, line-level manager, system administrator, lawyer, or law enforcement professional. The risks described are risks that you NEED to understand.
As a side note, most of the audits I describe in this book were conducted on UNIX systems. Some people, including some security people who should know better, believe that UNIX is inherently more susceptible to security problems than newer platforms like Windows NT. Don't buy it. The truth is that UNIX security is much better understood because it has been pounded on for about 20 years. In newer operating systems, the holes haven't been fully discovered and exploited. Industry experts are now saying that NT configurations may be equally or more vulnerable.
In any case, the real risks are not only built-in to the operating systems. Serious risks lie in the way systems are installed, configured, supported, and managed. It is those factors that most determine the risk to your company.
In pointing out these risks, I'm hoping that the people responsible for data on networks start taking an active and serious approach to security.
How this Book Is Organized
Even though these audits are real, I begin each chapter with a fictional scenario written in first person. In my corporate work, I've found that a lot of people start to take security seriously only when something happens to their systems, their data, and their company—just one of many respects in which the “Me” decade never really ended. I personalize each scenario by placing you, the reader, into the story to transfer the message that this really could happen to your data and your company.
The bulk of each chapter describes the ac
This item is not eligible for Amazon Prime, but millions of other items are. Join Amazon Prime today. Already a member? Sign in.