Advanced security strategies : protecting today's E-business environment

Businesses are increasingly implementing security countermeasures like firewalls, public key encryption and virtual private networks (VPNs) to defend against internal and external threats in today's e-business environment. "Advanced Security Strategies" examines current security issues, enabling managers to protect the enterprise from all directions by using proven techniques to sharpen vigilance, allocating resources strategically, and acquiring state-of-the-art technological solutions. These techniques should enable businesses to move confidently forward with Internet initiatives. Conventional wisdom attributes approximately 80% of attacks to internal sources and only 20% to external sources. In addition, the fallout from internal security incidents can be more severe because employees usually have information that can cause much damage if misused. External attacks are increasing, however. Available attack tools reduce the skill level needed to mount attacks, thereby increasing their number. Because attacks are frequently more random than targeted, the odds of escaping attack simply through obscurity are decreasing. "Advanced Security Strategies" scrutinizes common attack methods and details how to stop them using crucial countermeasures such as firewalls, security scanners, intrusion detection systems (IDSs) and anti-virus software. As organizations grow and merge, functions are increasingly being distributed across many local area networks (LANs). In addition, an increasing number of employees now work away from the corporate office, and external partners and customers are accessing internal systems via extranets and Web sites. This remote access presents hackers with new ways to enter the corporate network. "Advanced Security Strategies" analyzes effective measures that protect against this remote threat. For example, home office computers should comply with the same security standards as machines in the company offices, and remote workers should be subject to more stringent authentication measures, such as tokens, digital certificates, or biometrics. In addition, VPNs provide secure access for single users and between networks. Although proprietary file formats may become obsolete as extensible mark-up language (XML) implementation increases, their obscurity offers some inherent data protection. XML, however, is a plain-text file format that contains sensitive business data and thus requires security in transit. "Advanced Security Strategies" explains how this security can be achieved by sending XML files via secure sockets layer (SSL) or a VPN.

• Part 1 Internal Threats: Implementing Strong Authentication Methods
• Commercial Access Control Products
• Human Resources (HR) Strategies
• Monitoring Employee Internet Use
• Developing and Enforcing a Strong Security Policy. Part 2 External Threats: Reconnaissance
• Password Attacks
• After the Hacker Has Entered
• Denial-of-Service (DoS) Attacks
• Java/ActiveX Security Threats
• Combatting Viruses
• Protecting the Enterprise from Zone Transfers
• Determining If an Intrusion Has Occurred
• Security Scanners
• Intrusion Detection Systems (IDSs)
• Managing Java and ActiveX Controls. Part 3 Securing Remote Access: Securing Home Offices
• Strong Authentication Measures for Remote Users
• Security for Mobile Workers
• Protecting Remote Users with Virtual Private Networks (VPNs). Part 4 Securing E-Commerce: Securing the Web Site
• The Importance of Software Patches
• Antihacker Tools
• Secure Socket Layer (SSL)
• SSL and Server Certificates
• Internet Protocol Security (IPSec). Part 5 Firewalls and Public Key Encryption: Packet Filters and Dynamic Packet Filters
• Proxy Firewalls
• Firewall Features and Products
• Digital Certificates. Part 6 Creating a Security Strategy: Conducting Risk Analysis
• Security Assessment Strategies
• Penetration Testing
• Securing Extensible Markup Language (XML)
• Insurance
• Staffing Issues and Security Education
• Centralizing
• Security as Part of E-Business Application Development
• The Importance of Security Policy and Auditing
• Incident Response.