Internet Site Security - Couverture souple

In this book you'll learn all the fundamental techniques and technologies needed to develop a secure connection to the Internet. Before selecting a firewall, VPN, or intrusion detection system, you must define exactly what your information assets are, who needs to get to them, and what the external and internal threats to those assets are. Internet Site Security walks you through the process of assessing your Internet environment and developing the procedural and technical policies required to protect your critical information and network resources.

After helping you develop an information security program, this book details the technologies required to implement network and server security measures. You will learn about the real-world details (and "gotchas") of firewalls, virtual private networks, authentication, and intrusion detection. You'll then put the pieces together using several architectures suitable for the enterprise and for small business networks. Finally, the book examines the common mistakes that custom Internet application developers often make and provides solutions that all software developers should know to ensure that their code can weather the harsh environment of the Internet.

In Internet Site Security you will

• Learn how to develop a complete strategy for deploying a secure Internet site
• Examine typical Internet site architectures and security considerations using real-world examples
• Learn strategies for justifying a security budget to management
• Understand how to secure Windows NT®/2K and Unix® operating systems
• Develop secure Internet applications
• Create secure Internet site architectures that integrate firewalls, intrusion detection,
• networking components, and policy
• Build an Incident Response Plan and learn how to conduct forensic investigations

Erik Schetina, CISSP, is the CTO for TrustWave Corporation (http://www.trustwave.com). He spent 14 years with the U.S. Department of Defense (DoD) developing information security systems and public key cryptosystems. He has worked with national and international firms to develop managed security and intrusion detection systems. He is a member of the Information Security Consortium and a Certified Information Systems Security Professional (CISSP).

Ken Green is a senior security engineer for TrustWave Corporation where he works extensively on intrusion detection systems, firewalls, and virtual private network initiatives. A former technical director and senior electronic engineer for the DoD, Ken is a recognized expert in the areas of telecommunications and data network analysis and protocols, including TCP/IP, IPsec, VPNs, Microsoft Networking, ATM, SONET/SDH, Frame Relay, and SS7.

Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team. In his copious free time he likes breaking things and writing code.