Security Reference Guide

Security Reference Guide

Last updated Jan 1, 2004.

Welcome/Overview

Overview: What Is Information Security?
Common Body of Knowledge (CBK) Definitions

Access Control Systems and Methodology

InformIT Articles and Sample Chapters
Books and e-Books

Telecommunications and Network Security

InformIT Articles and Sample Chapters
Books and e-Books

Security Management Practices
Confidentiality, Integrity, Availability (CIA)

InformIT Articles and Sample Chapters
Online References

Applications and Systems Development Security

InformIT Articles and Sample Chapters
Books and e-Books
Online References

Cryptography/Cryptology

InformIT Articles and Sample Chapters
Books and e-Books

Security Architecture and Models

InformIT Articles and Sample Chapters
Books and e-Books
Online References

Operations Security

InformIT Articles and Sample Chapters
Books and e-Books

Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

InformIT Articles and Sample Chapters
Books and e-Books

Law, Investigations, and Ethics

InformIT Articles and Sample Chapters
Books and e-Books

Physical Security

InformIT Articles and Sample Chapters
Books and e-Books

Summary of CBK Definitions

A Functional Definition of Security

Risk Avoidance
Deterrence
Prevention
Detection
Recovery
Books and e-Books

Summary

Web Application Security

Unexpected Input

SQL Injection

The Threat
Examples
Protection and Prevention
InformIT Articles and Sample Chapters
Books and e-Books
Online Resources

Cross-Site Scripting (XSS) Attacks

The Threat
Examples
Protection and Prevention
Online Resources

Buffer Overflow Attacks

The Threat
Examples
Prevention

Administrator Error

Improper Configuration
Remote Management Flaws
Improper Maintenance

Account Control and Management

Account Control

The Threat
Example
Prevention

Account Information Management

The Threat
Example
Prevention

Summary

InformIT Articles and Sample Chapters
Online Resources
Books and e-Books

Operating System Security

Operating System Overview

OS Functions
OS Types
OS Tasks

OS Security Weaknesses

Windows Weaknesses
Linux Weaknesses

OS Security Pointers

Windows

Selecting the File System
Active Directory/Kerberos
General Installation Rules
Summary

Linux

Different Distributions
Partitions and Security
Network Services
Boot Loaders

Summary

InformIT Articles and Sample Chapters
Official Documentation

Network Security

Network Attacks

Physical Attacks
Social Engineering

The Virtual Probe
Lost Password
Social Spying
Dumpster Diving

Sniffing

How Does a Sniffer Work?
How Can I Defend My System Against Sniffers?
How To Detect a Sniffer

Spoofing and Session Hijacking
Denial-of-Service (DoS) Attacks

SYN Flooding
Smurf Attacks

References

Hardening Your System

Overview
Start with the Operating System

Install Offline
Lock Down the OS
Lock Down the Services
Establish a Baseline

Protection/Prevention Tools

Firewalls
Application Filters
System Policies and Training
Port Scanners
InformIT Articles and Sample Chapters
Books and e-Books
Online Resources

Wireless Security

Wired Equivalent Privacy (WEP)
MAC Filtering
Radiation Zone
Demilitarized Zone (DMZ)
Firewall
Virtual Private Network (VPN)
Remote Authentication Dial-In User Service (RADIUS)

Funk's Steel-Belted Radius

Central User Administration
Central Hardware Administration
Authentication Methods
Securing Your Wireless LAN
RADIUS Accounting
System Requirements

Temporal Key Integrity Protocol (TKIP)
Advanced Encryption Standard (AES)
Secure Sockets Layer (SSL)
Intrusion-Detection System (IDS)
Summary
InformIT Articles and Sample Chapters

Legal and Ethical Issues of Security

Legal Recourse

Criminal Charges
Civil Remedies
Legal Prosecution

Computer Crime Legislation

U.S. Federal Statutes
State Computer Crime Laws

Law Enforcement Agencies

Military Law Enforcement Agencies
U.S. Federal Law Enforcement
State and Local Law Enforcement
Royal Canadian Mounted Police (RCMP)

References