Introduction
How to Use the Security Series
Objective of this Paper Security Policy is your Security
Categorizing Threats: Interior and Exterior vs. Structured and Unstructured Just Because What's a Hacker? -- One Definition Camouflage Revenge Profit -- Monetary Profit -- Non-monetary Untrained staff
Education
HR Policy enforcement Social Engineering Acceptable Use URL blocking Content Filtering Network Technical Security Mechanisms
Encryption Principles Encryption and the Law
Encryption and Keys Symmetrical Cryptography and Key Distribution Asymmetrical Cryptography and Certificate Authorities
Authentication, Authorization, and Accounting RADIUS and TACACS PPP, IPCP, CHAP, and PAP
Three-factor authentication
Firewalls What's a Firewall? Stateful Inspection Logic Application Proxy Logic Semaphore
Intrusion Detection
Remote Access Security Dial-up VPN remote access IPSec
Steganography and Covert Channels Host Technical Security Mechanisms
Virus Protection Physical Security & Safety Security Products
Firewalls
Intrusion Detection Systems
URL Blocking
Malicious URL Blocking
Content Filters
Reporting Tools and Utilities
Audit or Vulnerability Scanning Utilities
Remote Access & VPN
Encryption
Virus Protection
Authentication, Authorization, and Accounting
Three-Factor Authentication
Education Security Procedures A Plan for Action
Define your Policy Identify Points of Entry (What? and Where?) Identify Threats (How? What? Who?, and Why?) Identify Procedures (How? Where? and When?) Identify Violation Response (How? and When?) Identify Products (What? and How?) Section Review
Implement the Policy Legal Approval Management Approval Publish the policy to your organization Implement Procedures Implement Products Test, test, and test once more Periodic policy auditing Review -- The care and feeding of your policy References and Resources
Books -- Generally Nonmathematical
Books -- Mathematical to Varying Degrees
Professional Organizations
Professional Certifications Manufacturer Third party
Internet Resources Terms & Definitions