Hands-On Information Security Lab Manual

3.82 avg rating
( 11 ratings by Goodreads )
 
9780619216313: Hands-On Information Security Lab Manual

The Hands-On Information Security Lab Manual, Second Edition allows students to apply the basics of their introductory security knowledge in a hands-on environment with detailed exercises using Windows 2000, XP and Linux. This non-certification based lab manual includes coverage of scanning, OS vulnerability analysis and resolution firewalls, security maintenance, forensics, and more. A full version of the software needed to complete these projects is included on a CD with every text, so instructors can effortlessly set up and run labs to correspond with their classes. The Hands-On Information Security Lab Manual, Second Edition is a suitable resource for introductory, technical and managerial courses, and is the perfect accompaniment to Principles of Information Security, Second Edition and Management of Information Security.

"synopsis" may belong to another edition of this title.

About the Author:

Michael Whitman, Ph.D., CISM, CISSP, is a professor of information systems and security in the CSIS department at Kennesaw State University, where he also serves as director of the KSU Center for Information Security Education and coordinator for the Bachelor of Science in Information Security and Assurance program. Dr. Whitman is an active researcher in information security, fair and responsible use policies, ethical computing, and information systems research methods. He currently teaches graduate and undergraduate courses in information security and data communications and is an active member of the Computer Security Institute, the Information Systems Security Association, the Georgia Electronic Commerce Association's Information Security Working Group, the Association for Computing Machinery, and the Association for Information Systems. Dr. Whitman has published articles in the industry's top journals and co-authored a number of books in the field published by Course Technology.

Review:

1. Information Security Technical Functions. This chapter provides an overview of the technical functions typically performed by an Information Security professional, and relates those functions to the text's laboratory exercises through the use of flows. These flows illustrate the combination of individual laboratory exercise components as phased tasked in the accomplishment of the function. 2. Information Security Technical Exercise Theory. In this section the theory and overview of each laboratory exercise is presented. Where possible, additional details that facilitate understanding how the laboratory exercise works and is used is included. Footprinting. Scanning And Enumeration. OS Processes And Services. Vulnerability Identification And Research. Vulnerability Validation. System Remediation And Hardening,. Web Browser Security. File Systems Overview And Familiarization. Data Management. Data Backup And Recovery. Access Controls. Host Intrusion Detection Systems. Log Security Issues. Anti-Forensics. Software Firewalls. Hardware Firewalls and WAPs. Network Intrusion Detection Systems. Network Traffic Analysis. Virtual Private Networks And Remote Access. Digital Certificates. Password Circumvention and Management. Malware: Anti-Virus and BOT Defense. Digital Forensics u Data Acquisition. Digital Forensics - Data Analysis. 3. Windows - Based Information Security Exercises. Chapter 3 contains the detailed exercises associated with Windows-based computers. Specifically this chapter contains exercises focused on Microsoft Windows XP and Vista. Some exercises are also focused on Server OSs like Microsoft Server 2003 where applicable. Footprinting. Scanning And Enumeration. OS Processes And Services. Vulnerability Identification And Research. Vulnerability Validation. System Remediation And Hardening,. Web Browser Security. File Systems Overview And Familiarization. New. Data Management. Data Backup And Recovery. Access Controls. Host Intrusion Detection Systems. Log Security Issues. Anti-Forensics. Software Firewalls. Hardware Firewalls and WAPs. Network Intrusion Detection Systems. Network Traffic Analysis. Virtual Private Networks And Remote Access. Digital Certificates. Password Circumvention and Management. Malware: Anti-Virus and BOT Defense. Digital Forensics u Data Acquisition. Digital Forensics - Data Analysis. Chapter 4 LINUX - Based Information Security Exercises. Chapter 4 contains the detailed exercises associated with LINUX-based computers. Specifically this chapter contains exercises focused on SUSE 9.0 Workstation. Some exercises are also focused on SUSE 9.0 Server where applicable. Footprinting. Scanning And Enumeration. OS Processes And Services. Vulnerability Identification And Research. Vulnerability Validation. System Remediation And Hardening,. Web Browser Security. File Systems Overview And Familiarization. New. Data Management. Data Backup And Recovery. Access Controls. Host Intrusion Detection Systems. Log Security Issues. Anti-Forensics. Software Firewalls. Hardware Firewalls and WAPs. Network Intrusion Detection Systems. Network Traffic Analysis. Virtual Private Networks And Remote Access. Digital Certificates. Password Circumvention and Management. Malware: Anti-Virus and BOT Defense. Digital Forensics u Data Acquisition. Digital Forensics - Data Analysis. 5. Domain 3: Business Continuity and Disaster Recovery Planning. The differences between BDP and DRP and how they work together. Scoping a BCP/DRP project. Business Impact Assessment (BIA). Risk analysis. Maximum Tolerable Downtime (MTD). Recovery Point Objective (RPO). Recovery Time Objective (RTO). Ranking critical business processes. Developing the business continuity and disaster recovery plan. Emergency response. Damage assessment and salvage. Notification. Personnel safety. Communications. Public utilities and infrastructure. Logistics and supplies. Fire and water protection. Business resumption planning. Restoration and recovery. Training. Plan maintenance. DRP and BCP testing Study questions, exercises, project(s). 6. Domain 4: Cryptography. Applications and uses of cryptography. Methods of encryption. Substitution. Permutation. One time pads. Types of encryption. Block ciphers. Stream ciphers. Types of encryption keys. Shared secrets. Public key cryptography. Initialization vectors (IVs). Cryptographic systems. Key management. Message digests and hashing. Digital signatures. Non-repudiation. Cryptanalysis (attacks on cryptographic algorithms). Applications of cryptography. Network security (SSL, VPN, SET, and so on). E-mail security (S/MIME, PGP, and so on). Public key infrastructure (PKI). Alternatives (watermarking, steganography). Study questions, exercises, project(s). 7. Domain 5: Information Security and Risk Management. Goals, mission, and objectives of an organization, and how security supports them. Risk management. Security strategies. Security concepts. The CIA Triad: Confidentiality, Integrity, and Availability. Defense in depth. Single points of failure. Privacy. Security management. Security governance. Security policy. Guidelines. Standards. Procedures. Security roles and responsibilities. Security education, training, and awareness. Reporting security issues to management. Service level agreements. Secure outsourcing. Identity management. Data classification and protection. Certification and accreditation. Security operations. Security assessments. Personnel security. Professional ethics. Study questions, exercises, project(s). 8. Domain 6: Legal, Regulations, Compliance and Investigations. Computer crime laws and regulations. U.S. laws. European laws. Investigations. Determining whether a crime has been committed. Forensic techniques and procedures. Gathering evidence. Preserving evidence. Chain of evidence. Ethical issues. Codes of conduct. RFC 1087 and investigations. Applying the (ISC) code of ethics. Study questions, exercises, project(s). 9. Domain 7: Operations Security. Security operations concepts. Need to know. Least privilege. Separation of duties. Monitoring of special privileges. Job rotation. Record retention. Backups. Anti-virus and anti-malware. Remote access. Employing resource protection. Incident management. Violations and breaches. Malware attacks (viruses, worms, spyware, phishing, and so on). Reporting to law enforcement. High availability architectures. Fault tolerance. Clusters. Failover. Denial of service. Vulnerability management. Patch management. Administrative management and control. Change management. Configuration management. Study questions, exercises, project(s). 10. Domain 8: Physical (Environmental) Security. Site physical security. Site access controls. Key cards, Biometrics, Mantraps, Guards. Dogs, Fences, Surveillance. Zones of security. Loading and unloading areas. Access logs. Visible notices. Exterior lighting. Secure siting. Nearby threats. Flooding. Chemicals. Social unrest. Building marking. Protection of equipment. Theft protection. Damage protection. Earthquake bracing, and so on. Check in / check out. Cabling security. Environment security. Heating and air conditioning. Humidity. Electric power. Line conditioning. Uninterruptible power supplies. Electric generators. Study questions, exercises, project(s). 11. Domain 9: Security Architecture and Design. Security Models. Biba. Bell LaPadula. Access Matrix. Take-Grant. Clark-Wilson. Multi-level security. Mandatory access control (MAC). Discretionary access control (DAC). Security threats. Covert channels. State attacks (TOCTTOU). Emanations. Maintenance hooks, back doors, privileged programs. Countermeasures. Assurance, trust, and confidence. Trusted Computing Base (TCB). Reference monitor. Kernel. Information systems evaluation models. Common Criteria. TCSEC. ITSEC. Computer architecture. Central processor. Single and multi processor designs. Bus. Memory. Secondary storage. Study questions, exercises, project(s). 12. Domain 10: Telecommunications and Network Security. Telecommunications technologies. X.25, Frame Relay, ATM, T-1/E-1, SONET, and so on. Wireless. EVDO, 1XRTT, CDMA, GSM/GPRS, Wimax, and so on. Network technologies. Ethernet, Token ring, Bisync, RS-232, RS-449. Wireless. WiFi, Bluetooth. Network protocols. TCP/IP, IPX/SPX, ATM, and so on. Routing protocols (RIP, IGRP, OSPF, and so on). Remote access / tunneling protocols. VPN, SSL, IPSec, L2TP, PPTP, PPP, SLIP, and so on. Network authentication protocols. RADIUS, DIAMETER, CHAP, EAP, and so on. Network based threats and vulnerabilities. Attacks (DoS, DDoS, Teardrop, Smurf, PoD, worms, spam, many more). Vulnerabilities (open services, unpatched system, poor configurations, and so on). Network countermeasures. Intrusion detection systems (IDS). Intrusion prevention systems (IPS). Firewalls. Private addressing / NAT. Gateways. Access control lists. Study questions, exercises, project(s). 13. Preparing for the Exam. Understanding certification requirements. Assessing your work experience. Finding an exam near you. Registering for the exam. Starting an exam study program. Preparing for exam day. Book travel and lodging. Confirming transportation. Know the route. Parking. What to bring. 14. After Earning the Certification. Annual maintenance fees. Earning CPEs. Conferences and seminars. Training. Teaching. Writing. Volunteer opportunities. Speaking, proctoring, articles, writing exam questions. Networking with other CISSPs. Mailing lists. Forums. Web sites. 15. Glossary. Index.

"About this title" may belong to another edition of this title.

Top Search Results from the AbeBooks Marketplace

1.

Michael E. Whitman; Herbert J. Mattord; Dave Shackleford
Published by Cengage Learning (2005)
ISBN 10: 061921631X ISBN 13: 9780619216313
New Paperback Quantity Available: 1
Seller:
Irish Booksellers
(Rumford, ME, U.S.A.)
Rating
[?]

Book Description Cengage Learning, 2005. Paperback. Book Condition: New. book. Bookseller Inventory # M061921631X

More Information About This Seller | Ask Bookseller a Question

Buy New
US$ 24.64
Convert Currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, Rates & Speeds

2.

Whitman, Michael E.; Mattord, Herbert J.; Shackleford, Dave
Published by Cengage Learning
ISBN 10: 061921631X ISBN 13: 9780619216313
New PAPERBACK Quantity Available: 1
Seller:
BOOKER C
(Kalamazoo, MI, U.S.A.)
Rating
[?]

Book Description Cengage Learning. PAPERBACK. Book Condition: New. 061921631X New softcover book. Includes sealed CD-ROM. 2nd Edition. DAILY SHIPPING!. Bookseller Inventory # 102016-262X

More Information About This Seller | Ask Bookseller a Question

Buy New
US$ 30.95
Convert Currency

Add to Basket

Shipping: US$ 4.95
Within U.S.A.
Destination, Rates & Speeds