Crothers tells the story of how, when teaching a security class, he searched the Web for queryhit.htm. This sample Web site search page comes installed with Microsoft's IIS. In earlier days, leaving this page unmodified gave anyone browsing the Web access not only to the contents of the Web site but to all the file contents of the server.
| ||||
Through 10 chapters, Internet Lockdown (which covers security for systems, networks, and applications as well as the Internet) walks the reader through the maze of security. Here are some highlights. Chapter 1 introduces general concepts about enterprise security. As Crothers says, wisely, "security is about enabling business," and "security is a process, not a product." After introducing basic ideas, he discusses ways to reduce risk, including a final step of purchasing insurance coverage against information theft, business interruption, and loss of reputation. Chapter 2 runs through an attack from a hacker's point of view (a longtime pro, Crothers doesn't like the negative connotations the term hackers has gained, but he's willing to put up with it). Chapter 3 discusses security policies and procedures. This chapter will surely reduce the time it takes companies to create or review an IT procedure manual and employee policies. The samples are boilerplate, so you can simply plug in your company's name. The right policies will save your company time, income, and business. Consider, for example, this excerpt of the suggested procedure for virus and worm incidents: "Do not power off or reboot systems that may be infected. There are some viruses that will destroy disk data if the system is power-cycled or rebooted. Also, rebooting a system could destroy needed information or evidence." Such practical, user-friendly, nonbureaucratic language is one of this book's strengths. Further sections warn the IT staff to quickly isolate the infected system from the company network and give a list of people to notify. Chapters 4-7 delve into security controls. One chapter each is devoted to system, network, application, and Internet level controls. Especially helpful are the sections on the often confusing topics of encryption, firewalls, and packet filtering. Chapter 6's explanation of how to combat buffer overflows was especially helpful. Chapter 7 discusses two important types of NIDS (Network Intrusion Detection Systems): signature-based and analysis-based. Signature-based systems such as snort work like antivirus programs by detecting the profiles of known attacks. As you might expect, the success of a signature system depends upon the quality of the signatures. In addition, this type of NIDS can never be 100-percent foolproof, as it is always slightly behind developments. Finally, signature systems can miss attacks when they are slowed down by clever hackers or when the system is overloaded. That's not to say signature-based systems are bad, Crothers writes, just that they're one prong of a two-prong protection scheme, which includes analysis-based systems such as Shadow. Chapter 10 provides a practical exam on topics covered. Four appendices list common ports, acronyms, tools covered in the chapters, and checklists. A few drawbacks
Two drawbacks in this book might be the lack of a CD and of a companion Web site. But clearly, Internet Lockdown is meant to be an introduction, not a bible with tools. For that kind of dense information, see the more comprehensive Hacking Exposed books or others of their type (I reviewed Hacking Exposed in March). In addition, the meat of the book concerns configuring UNIX and NT systems, though Linux is mentioned as well. You'll need another source to learn about advanced Windows 2000 and XP security tools and hacker exploits. Though Internet Lockdown: Internet Security Administrator's Handbook may be too general for some, it's a valuable and clear overview of the topic of security administration. Use it as a program guide for staff meetings and workshops; use the Chapter 10 test to pepper your meetings with "pop quizzes" that will keep your IT staff thinking about how to stay prepared for the inevitable security breach.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
