89475-8 Security consultant Linda McCarthy shows: *How breaches occurred *What steps were taken to deal with them-and how well they worked *What steps could have been taken to prevent the crisis There's nothing academic about network security when it's late at night and some hacker is rummaging through your R&D files. If you don't want that 3 a.m. phone call, and you don't want your company's strategic plans in tomorrow's Wall Street Journal, now's the time to prevent it from happening to you. In this book, you'll watch as real network administrators track hacker intrusions. You'll see firsth and how companies struggle with security problems caused by poor training, lack of management support, hidden agendas, and careless intranet development. You'll find checklists of preventive security measures you can take right now-and lists of tools that can help. Above all, you'll find insight into the all-too-human security flaws that make corporate intranets an easy target for hackers." Linda McCarthy's book not only blends statistics with real life stories to good effect, but discusses and documents crucial items such as the importance of a security policy, the impact of organizational politics, and actual transcripts of break-ins. Read the book-it will help you understand security in the real world. And when all is said and done, that's saying a lot, isn't it?" --Dan Farmer, Security Researcher "In addition to accurate and scary war stories, this book is chock-full of practical advice that anyone can benefit from." --Marcus J. Ranum, CEO, Network Flight Recorder
Book Description
Editorial Reviews
From the Inside Flap
Introduction
The age of connectivity is definitely upon us. With information flowing freely in and from all directions and electronic commerce knocking down new doors, network security has come to include a lot more than just using a good firewall to connect to the Internet.
I've spent a lot of time auditing security on distributed networks. In many cases, I found that data could be easily modified, stolen, or destroyed without a trace that the incident ever occurred. The system administrators and other powers-that-were knew that the systems weren't configured for security. What they didn't know was just how high their level of risk was. Executive managers were equally unaware of the risks.
This book lets you learn from their mistakes. If you are an executive manager, manager, system administrator—or anyone responsible for Intranet security—you must take an active approach to security. Don't make the same mistakes these companies did. It could cost you your company.
About this Book
WHAT you are about to read is NOT a work of fiction. This is a collection of REAL security audits. Each chapter focuses on an audit that I actually conducted (in person!) for a real, live, functioning company. If I'd used the actual company names, you would probably recognize that you'd personally done business with some of them.
Of course, I didn't use the real names of the companies, employees, or other parties for obvious legal and ethical reasons. But I did use the real facts regarding risk and my audit approach in each case. Read closely, especially if you are an executive manager, line-level manager, system administrator, lawyer, or law enforcement professional. The risks described are risks that you NEED to understand.
As a side note, most of the audits I describe in this book were conducted on UNIX systems. Some people, including some security people who should know better, believe that UNIX is inherently more susceptible to security problems than newer platforms like Windows NT. Don't buy it. The truth is that UNIX security is much better understood because it has been pounded on for about 20 years. In newer operating systems, the holes haven't been fully discovered and exploited. Industry experts are now saying that NT configurations may be equally or more vulnerable.
In any case, the real risks are not only built-in to the operating systems. Serious risks lie in the way systems are installed, configured, supported, and managed. It is those factors that most determine the risk to your company.
In pointing out these risks, I'm hoping that the people responsible for data on networks start taking an active and serious approach to security.
How this Book Is Organized
Even though these audits are real, I begin each chapter with a fictional scenario written in first person. In my corporate work, I've found that a lot of people start to take security seriously only when something happens to their systems, their data, and their company—just one of many respects in which the “Me” decade never really ended. I personalize each scenario by placing you, the reader, into the story to transfer the message that this really could happen to your data and your company.
The bulk of each chapter describes the actual security risks that I uncovered during the audit. This section also explains how those risks came to be. You don't just wake up one morning to find that your network security has gone AWOL. Security breaches usually occur by omission or poor planning executed over long periods of time. These sections explain some ways that can happen.
The last section of each chapter, “Let's Not Go There...,” tells you how to avoid the problems in the first place. My hope is that you will read those sections carefully and take the guidelines to heart.
About Hackers
Throughout this book, I use the term “hacker” to mean someone who gains unauthorized access to systems and information. Some experts use the term “cracker” instead, noting that some programmers like to call themselves “hackers” when in fact they are really expert coders and not inclined to criminal activity. I decided to use “hacker” instead, because its use is widespread outside security circles and nearly anyone likely to pick up this book would know what I meant by it. I've also referred to “the hacker” as “he” in most cases. We all know that a hacker can be male or female, but it's annoying to read “he or she” over and over again.
Finally, this book is about hackers—not for them. If you are a wanna-be hacker, you will not learn how to break into systems from this book. You might as well put it back on the shelf now.
The age of connectivity is definitely upon us. With information flowing freely in and from all directions and electronic commerce knocking down new doors, network security has come to include a lot more than just using a good firewall to connect to the Internet.
I've spent a lot of time auditing security on distributed networks. In many cases, I found that data could be easily modified, stolen, or destroyed without a trace that the incident ever occurred. The system administrators and other powers-that-were knew that the systems weren't configured for security. What they didn't know was just how high their level of risk was. Executive managers were equally unaware of the risks.
This book lets you learn from their mistakes. If you are an executive manager, manager, system administrator—or anyone responsible for Intranet security—you must take an active approach to security. Don't make the same mistakes these companies did. It could cost you your company.
About this Book
WHAT you are about to read is NOT a work of fiction. This is a collection of REAL security audits. Each chapter focuses on an audit that I actually conducted (in person!) for a real, live, functioning company. If I'd used the actual company names, you would probably recognize that you'd personally done business with some of them.
Of course, I didn't use the real names of the companies, employees, or other parties for obvious legal and ethical reasons. But I did use the real facts regarding risk and my audit approach in each case. Read closely, especially if you are an executive manager, line-level manager, system administrator, lawyer, or law enforcement professional. The risks described are risks that you NEED to understand.
As a side note, most of the audits I describe in this book were conducted on UNIX systems. Some people, including some security people who should know better, believe that UNIX is inherently more susceptible to security problems than newer platforms like Windows NT. Don't buy it. The truth is that UNIX security is much better understood because it has been pounded on for about 20 years. In newer operating systems, the holes haven't been fully discovered and exploited. Industry experts are now saying that NT configurations may be equally or more vulnerable.
In any case, the real risks are not only built-in to the operating systems. Serious risks lie in the way systems are installed, configured, supported, and managed. It is those factors that most determine the risk to your company.
In pointing out these risks, I'm hoping that the people responsible for data on networks start taking an active and serious approach to security.
How this Book Is Organized
Even though these audits are real, I begin each chapter with a fictional scenario written in first person. In my corporate work, I've found that a lot of people start to take security seriously only when something happens to their systems, their data, and their company—just one of many respects in which the “Me” decade never really ended. I personalize each scenario by placing you, the reader, into the story to transfer the message that this really could happen to your data and your company.
The bulk of each chapter describes the actual security risks that I uncovered during the audit. This section also explains how those risks came to be. You don't just wake up one morning to find that your network security has gone AWOL. Security breaches usually occur by omission or poor planning executed over long periods of time. These sections explain some ways that can happen.
The last section of each chapter, “Let's Not Go There...,” tells you how to avoid the problems in the first place. My hope is that you will read those sections carefully and take the guidelines to heart.
About Hackers
Throughout this book, I use the term “hacker” to mean someone who gains unauthorized access to systems and information. Some experts use the term “cracker” instead, noting that some programmers like to call themselves “hackers” when in fact they are really expert coders and not inclined to criminal activity. I decided to use “hacker” instead, because its use is widespread outside security circles and nearly anyone likely to pick up this book would know what I meant by it. I've also referred to “the hacker” as “he” in most cases. We all know that a hacker can be male or female, but it's annoying to read “he or she” over and over again.
Finally, this book is about hackers—not for them. If you are a wanna-be hacker, you will not learn how to break into systems from this book. You might as well put it back on the shelf now.
From the Back Cover
Security consultant Linda McCarthy shows:
- How breaches occurred
- What steps were taken to deal with them-and how well they worked
- What steps could have been taken to prevent the crisis
There's nothing academic about network security when it's late at night and some hacker is rummaging through your R&D files. If you don't want that 3 a.m. phone call, and you don't want your company's strategic plans in tomorrow's Wall Street Journal, now's the time to prevent it from happening to you.
In this book, you'll watch as real network administrators track hacker intrusions. You'll see firsth and how companies struggle with security problems caused by poor training, lack of management support, hidden agendas, and careless intranet development. You'll find checklists of preventive security measures you can take right now-and lists of tools that can help. Above all, you'll find insight into the all-too-human security flaws that make corporate intranets an easy target for hackers.
"Linda McCarthy's book not only blends statistics with real life stories to good effect, but discusses and documents crucial items such as the importance of a security policy, the impact of organizational politics, and actual transcripts of break-ins. Read the book-it will help you understand security in the real world. And when all is said and done, that's saying a lot, isn't it?" --Dan Farmer, Security Researcher
"In addition to accurate and scary war stories, this book is chock-full of practical advice that anyone can benefit from." --Marcus J. Ranum, CEO, Network Flight Recorder
Product Details
Would you like to update product info or give feedback on images?
|
More About the Author
Discover books, learn about writers, read author blogs, and more.
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
2 of 2 people found the following review helpful:
3.0 out of 5 stars
Not what you expect,
This review is from: Intranet Security - Stories from the Trenches (Sun Microsystems Press) (Paperback)
This book does not show you how to secure your Intranet. Basically it tells you to have policies and procedures and to hire a security expert to audit your site. It's an easy read and has lots of interesting stories. May be an eye oppener to some people in management that have never tought about security, but if you like technical stuff this book is not for you. It makes you more security conscious, doesn't teach you anything about how to secure anything.
1 of 1 people found the following review helpful:
4.0 out of 5 stars
Good for beginners and execs, NOT for technical info,
By A Customer
This review is from: Intranet Security - Stories from the Trenches (Sun Microsystems Press) (Paperback)
Don't look here AT ALL if you want technical knowledge, but I'd recommend it for a plain English introduction to security. Well written book, I thought, mainly b/c it matches my philosophy that security is more about people and (implemented) policies than about techie details. Of course, the techie details are absolutely essential (and way more fun for me), but security isn't improved for any period of time unless the organization is committed to security. That becomes obvious the first time you try social engineering. The author gives plenty of real world examples to support this holistic view.
1 of 1 people found the following review helpful:
5.0 out of 5 stars
i liked it so much i bought fifty copies!,
By A Customer
This review is from: Intranet Security - Stories from the Trenches (Sun Microsystems Press) (Paperback)
The book is terrific. I like the mix of case studies and technical content. I really wanted to know the names of the actual companies mentioned in the book.I liked is to much that I bought fifty copies to pass out to friends and customers, then my company hired the author to do a series of seminars.
Share your thoughts with other customers: Create your own review
|
|
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
Listmania!
So You'd Like to...
Look for Similar Items by Category
- Books > Computers & Technology > Business & Culture > Hacking
- Books > Computers & Technology > Business & Culture > Privacy
- Books > Computers & Technology > Certification > CompTIA
- Books > Computers & Technology > Networking > Intranets & Extranets
- Books > Computers & Technology > Networking > Network Security
- Books > Computers & Technology > Security & Encryption
