White-hat security arsenal : tackling the threats

"Avi Rubin does a great job of explaining the motivations behind many security solutions, as well as providing practical information about how you can solve real-world problems. White-Hat Security Arsenal is an invaluable resource--a judicious mix of practical information and the theory behind it." --Marcus J. Ranum, CTO, NFR Security, Inc. "White-Hat Security Arsenal ups the ante for the good guys in the arms race against computer-based crime. Like a barrage of cruise missiles, Avi's excellent book attains air superiority by leveraging smarts and advanced GPS technology to zero in on critical targets. Intended to educate and inform information security professionals with a no-nonsense, hold-the-hype approach to security, this book is a critical weapon for modern information warriors. If you wear a white hat and are on the good guys' team, buy this book. Don't go into battle without it!" --Gary McGraw, Ph.D., CTO, Cigital How do I allow secure remote access to my site? How do I protect data on my laptop in case it's stolen? How should I configure my firewall? Will I regret using my credit card online? How will the bad guys attack? If these are some of the questions that keep you awake at night, you need to read this book. As a computer security expert at AT&T Labs, author Avi Rubin regularly meets with IT staffs from all types of companies. When asked to recommend resource material to his customers, Rubin realized that there just wasn't a book on the market that would give them concise, direct answers to all their security questions. So he wrote one. Using a problem-oriented approach, Rubin walks you through everything from protecting against network threats to using credit cards on the Web. Each chapter begins with a problem statement, continues with a description of the threat, explains the technologies involved, and then offers solutions. Chapters conclude with one or more case studies. You'll find easy-to-understand information that will help you Identify the risks Put attacks in perspective Store information securely Perform reliable and secure backups Transfer information securely across hostile networks Understand Public Key Infrastructure (PKI) and its limitations Protect against network threats Set up firewalls Deal with denial of service attacks Understand online commerce and privacy Whether you are an IT professional, a system administrator, an academic, or simply a regular Internet user, White-Hat Security Arsenal is full of information you can't afford to miss. 0201711141B05222001

Foreword. Preface. I: IS THERE REALLY A THREAT? 1. Shrouded in Secrecy. 2. Computer Security Risks. What Is at Risk. Data, Time, and Money. Confidentiality. Privacy. Resource Availability. Why Risks Exist. Buggy Code. The User. Poor Administration. Exploiting Risks. Moving On. 3. The Morris Worm Meets the Love Bug: Computer Viruses and Worms. Terminology. A Touch of History. The Morris Worm. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Melissa. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. CIH Chernobyl. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Happy. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Worm.ExploreZip. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Bubbleboy. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Babylonia. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. The Love Bug. When It Hit and What It Did. How and Why It Worked. The Consequences. How We Recovered. Lessons Learned. Summary. II: STORING DATA SECURELY. 4. Local Storage. Physical Security. Cryptographic Security. What Can Be Achieved with Cryptography. Cryptography Is Not Enough. Basic Encryption and Data Integrity. Protecting Data with Passwords. Graphical Passwords. Cryptographic File Systems. Case Studies. CFS. PGPDisk. EFS in Windows 2000. Further Reading. 5. Remote Storage. Remote Storage. NFS Security. Adding Security. User Authentication. Strengthening Passwords. Access Control Lists and Capabilities. AFS. Case Study. Pathnames. Further Reading. 6. Secure Backup. Secure Backups. Physical Security. Backup over a Network. Key Granularity. Backup Products. @backup. BitSTOR. Secure Backup Systems. BackJack. Datalock. NetMass SystemSafe. Saf-T-Net. Safeguard Interactive. Veritas Telebackup. Deleting Backups. Case Study. The Client Software. Incremental Backups. Further Reading. III: SECURE DATA TRANSFER. 7. Setting up a Long-Term Association. What Is Identity? Identity in Cyberspace. Exchanging Public Keys in Person. Certification Authorities. Public Key Certificates. Certificate Hierarchies. Long-Term Relationships within an Organization. Global Trust Register. Revocation. Long-Term Relationships in the Wild. Managing Private Keys. Symmetric Keys. Case Study. Summary. Further Reading. 8. Deriving Session Keys. Long-Term Keys Are Not Enough. What Are Session Keys? Key Exposure. Perfect Forward Secrecy. Security Associations. Picking a Random Key. Session Keys from Symmetric Long-Term Keys. Kerberos. Another Approach. Session Keys from Long-Term Public Keys. Diffie-Hellman Key Exchange. Session Keys in SSL. Protocol Design and Analysis. Case Study. Clogging Attacks. ISAKMP Exchanges. Key Refreshment. Primes in OAKLEY. Further Reading. 9. Communicating Securely After Key Setup. Protecting Information. Encryption. Authentication. Which Layer Is Best for Security? Encapsulation. The Link Layer. The Network Layer. The Transport Layer. The Application Layer. Replay Prevention. Case Study. ESP. AH. Further Reading. IV: PROTECTING AGAINST NETWORK THREATS. 10. Protecting a Network Perimeter. Insiders and Outsiders. Network Perimeter. Benefits of Firewalls. Types of Firewalls. Packet Filters. Application-Level Gateways. Using the Firewall. Configuring Rules. Web Server Placement. Exit Control. Remote Access8. Logging in Directly. Dial-up Access. VPN Access. Web-Only Access. Case Study. Further Reading. 11. Defending against Attacks. Bad Guys. Mapping. Attacks. Denial of Service. Defense. Defending against Mapping. Monitoring the Traffic. Intrusion Detection. Defense against DDOS. Other Tools. Case Study. Further Reading. V: COMMERCE AND PRIVACY. 12. Protecting E-Commerce Transactions. Credit Cards on the Web. The SSL Protocol. Protocol Overview. Configuring a Browser. Configuring a Server. Security. Performance. Caching. Case Study. How Passport Works. Risks of Passport. Further Reading. 13. Protecting Privacy. Online Privacy. What Is at Risk? E-Mail Privacy. Protecting E-Mail with Cryptography. Anonymous E-Mail. How Is Personal Privacy Compromised? Direct Methods. Indirect Methods. Defense Mechanisms and Countermeasures. Protecting Data on Your Machine. Protecting Credit Card Information. Safeguarding Your Browsing History. Hiding Your Surfing. Posting Anonymously to the Web. Case Study. Summary. Further Reading. Glossary. Bibliography. Index. 0201711141T01 001.