INTRODUCTION TO PART III

PREVENTION: TECHNICAL DEFENSES

The threats and vulnerabilities described in Part II can be met in part by effective use of technical countermeasures.

The chapter titles and topics in this part include:

• 23. Protecting the Information Infrastructure. Facilities security and emergency management
• 24. Operating System Security. Fundamentals of operating-systems security, including security kernels, privilege levels, access control lists, and memory partitions
• 25. Local Area Networks. Security for local area networks, including principles and platform-specific tools
• 26. Gateway Security Devices. Effective recommendations for implementing firewalls and proxy servers
• 27. Intrusion Detection and Intrusion Prevention Devices. Critical elements of security management for measuring attack frequencies outside and inside the perimeter and for reducing successful penetrations
• 28. Identification and Authentication. What one knows, what one has, what one is, and what one does
• 29. Biometric Authentication. Special focus on who one is and what one does as markers of identity
• 30. E-Commerce and Web Server Safeguards. Technological and legal measures underlying secure e-commerce and a systematic approach to developing and implementing security services
• 31. Web Monitoring and Content Filtering. Tools for security management within the perimeter
• 32. Virtual Private Networks and Secure Remote Access. Encrypted channels (virtual private networks) for secure communication, and approaches for safe remote access
• 33. 802.11 Wireless LAN Security. Protecting increasingly pervasive wireless networks
• 34. Securing VoIP. Security measures for Voice over IP telephony
• 35. Securing P2P, IM, SMS, and Collaboration Tools. Securing collaboration tools such as peer-to-peer networks, instant messaging, text messaging services, and other mechanisms to reduce physical travel, and to facititate communications
• 36. Securing Stored Data. Managing encryption and efficient storage of stored data
• 37. PKI and Certificate Authorities. Concepts, terminology, and applications of the Public Key Infrastructure for asymmetric encryption
• 38. Writing Secure Code. Guidelines for writing robust program code that includes few bugs, and that can successfully resist deliberate attacks
• 39. Software Development and Quality Assurance. Using quality assurance and testing to underpin security in the development phase of programs
• 40. Managing Software Patches and Vulnerabilities. Rational deployment of software patches
• 41. Antivirus Technology. Methods for fighting malicious code
• 42. Protecting Digital Rights: Technical Approaches. Methods for safeguarding intellectual property such as programs, music, and video that must by its nature be shared to be useful