SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
If you’re a security or network professional, you already know the “do’s and don’ts”: run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants . . . but it isn’t working. You’re at greater risk than ever, and even the world’s most security-focused organizations are being victimized by massive attacks.
In Thinking Security, author Steven M. Bellovin provides a new way to think about security. As one of the world’s most respected security experts, Bellovin helps you gain new clarity about what you’re doing and why you’re doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You’ll learn how to move beyond last year’s checklists at a time when technology is changing so rapidly.
You’ll also understand how to design security architectures that don’t just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you’ll learn how to decide when to invest in a new security product and when not to.
Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security.
Perfect security is impossible. Nevertheless, it’s possible to build and operate security systems far more effectively. Thinking Security will help you do just that.
Thinking Security: Firewalls and Intrusion Detection Systems
Preface xi
Part I: Defining the Problem 1
Chapter 1: Introduction 3
1.1 Changes 3
1.2 Adapting to Change 5
1.3 Security Analysis 9
1.4 A Few Words on Terminology 12
Chapter 2: Thinking About Security 15
2.1 The Security Mindset 15
2.2 Know Your Goals 17
2.3 Security as a Systems Problem 21
2.4 Thinking Like the Enemy 25
Chapter 3: Threat Models 31
3.1 Who’s Your Enemy? 31
3.2 Classes of Attackers 34
3.3 Advanced Persistent Threats 36
3.4 What’s at Risk? 40
3.5 The Legacy Problem 42
Part II: Technologies 43
Chapter 4: Antivirus Software 45
4.1 Characteristics 45
4.2 The Care and Feeding of Antivirus Software 51
4.3 Is Antivirus Always Needed? 53
4.4 Analysis 57
Chapter 5: Firewalls and Intrusion Detection Systems 61
5.1 What Firewalls Don’t Do 61
5.2 A Theory of Firewalls 63
5.3 Intrusion Detection Systems 69
5.4 Intrusion Prevention Systems 71
5.5 Extrusion Detection 72
5.6 Analysis 76
Chapter 6: Cryptography and VPNs 81
6.1 Cryptography, the Wonder Drug 81
6.2 Key Distribution 84
6.3 Transport Encryption 85
6.4 Object Encryption 89
6.5 VPNs 92
6.6 Protocol, Algorithm, and Key Size Recommendations 97
6.7 Analysis 104
Chapter 7: Passwords and Authentication 107
7.1 Authentication Principles 107
7.2 Passwords 108
7.3 Storing Passwords: Users 115
7.4 Password Compromise 120
7.5 Forgotten Passwords 121
7.6 Biometrics 124
7.7 One-Time Passwords 128
7.8 Cryptographic Authentication 132
7.9 Tokens and Mobile Phones 134
7.10 Single-Sign-On and Federated Authentication 137
7.11 Storing Passwords: Servers 139
7.12 Analysis 143
Chapter 8: PKI: Public Key Infrastructures 149
8.1 What’s a Certificate? 149
8.2 PKI: Whom Do You Trust? 151
8.3 PKI versus PKI 155
8.4 Certificate Expiration and Revocation 160
8.5 Analysis 166
Chapter 9: Wireless Access 169
9.1 Wireless Insecurity Myths 169
9.2 Living Connected 175
9.3 Living