Security in distributed computing : did you lock the door?

An end-to-end guide to safeguarding a company's information assets.KEY TOPICS:Identifies key issues in computer security, and the technologies that can help organizations respond. Presents guidance on developing a distributed systems architecture and methodology that is inherently more secure. Shows how to secure distributed transaction processing systems. Covers the human and organizational aspects of security. Discusses security issues that affect PCs, workstations and mainframes, with especially detailed coverage of UNIX security issues.MARKET:Anyone responsible for architecting, building, managing or auditing distributed computing applications, including software developers, project managers, system and network administrators, and security officers.

Foreword. Preface. Acknowledgments. Introduction. I. UNDERSTANDING THE PROBLEM. 1. "Computing Security" A Business Issue. Business Drivers. Business Issues. Summary. 2. Distributed Security Challenges. Stories. Security Issues. The Top Ten List. Conclusions. II. FOUNDATIONS. 3. Computing Security Basics. What is Security? Trust-What Is It? Trust-Why Do We Need It? Summary. 4. Security Architecture. Foundation. Trust. Control. Summary. 5. Foundations. Principles. Security Policy Framework. Security Criteria. Summary. 6. Security Policy. Security Policy Framework. Example of a Policy. The Process of Creating Policies. Summary. III. TECHNOLOGIES. 7. The Network. A Tale of Two Networks. Systems Network Architecture. Introducing TCP/IP. SNA versus TCP/IP Security. Conclusions. 8. Network Operating Systems. About Network Operating Systems? Issues Surrounding NOS Implementations. Conclusions. 9. Client/Server and Middleware. Client/Server. Middleware. Enabling Technology. Distributed Objects. Things to Watch Out For. Summary. 10. UNIX Security. Why has UNIX Such a Bad Reputation for Security? UNIX Security. Typical Abuses. Conclusions. 11. More UNIX Security. UNIX Network Services. A Burglar's Tools. Conclusions. 12. UNIX Solutions. Control Monitors. Conclusions. 13. Windows NT Security. Security Controls. Networking. Conclusions. 14. The Internet. What is the Internet? Internet Firewall. Conclusions. 15. Cryptography. Private Key Encryption. Public Key Encryption. Encryption Issues. Digital Signature. Summary. 16. The DCE Environment. What is DCE? Concerns about DCE. Conclusions. 17. DCE Security Concepts. DCE Authentication. Authorization. Is DCE Bulletproof? Conclusions. 18. Distributed Database. What is a RDBMS? Different Models to Enable Applications. Issues Surrounding RDBMS. What is a Data Warehouse? Conclusions. 19. On-Line Transaction Processing. What Is a Transaction? Components of a Transaction Processing System. The Top Five List. Summary. IV. SOLVING THE PROBLEM. 20. Secure Applications. Concepts. System Development Life Cycle. Summary. 21. Implementation Examples. Electronic Mail. Lotus Notes. What's Next. Summary. 22. Security Management. System Management. Network Management. Conclusions. 23. Developing a Security Strategy. A Security Strategy. The Security Strategy Roadmap. Conclusions. 24. Auditing. What Is an Audit? What Role Should Audit Play? Sample Criteria for a UNIX Audit. The Basics of Computer Auditing. Expanding the Focus. Other Types of Audits. Conclusions. 25. The Future. Appendix A. Strong Authentication. Appendix B. Smart Cards. Appendix C. Personal Computer Security. Viruses. Personal Computer Access Controls. How Far Should Security Be Extended? Conclusions. Appendix D. Remote Access. Glossary. References. Index.