Skip to main content
main-content

Über dieses Buch

The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts.

It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base.

Security is a constantly growing concern that everyone must deal with. Whether it’s an average computer user or a highly skilled computer user, they are always confronted with different security risks. These risks range in danger and should always be dealt with accordingly. Unfortunately, not everyone is aware of the dangers or how to prevent them and this is where most of the issues arise in information technology (IT). When computer users do not take security into account many issues can arise from that like system compromises or loss of data and information. This is an obvious issue that is present with all computer users.

This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist. It will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face.

Unsere Produktempfehlungen

Premium-Abo der Gesellschaft für Informatik

Sie erhalten uneingeschränkten Vollzugriff auf alle acht Fachgebiete von Springer Professional und damit auf über 45.000 Fachbücher und ca. 300 Fachzeitschriften.

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 69.000 Bücher
  • über 500 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Umwelt
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Testen Sie jetzt 30 Tage kostenlos.

Basis-Abo der Gesellschaft für Informatik

Sie erhalten uneingeschränkten Vollzugriff auf die Inhalte der Fachgebiete Business IT + Informatik und Management + Führung und damit auf über 30.000 Fachbücher und ca. 130 Fachzeitschriften.

Weitere Produktempfehlungen anzeigen

Inhaltsverzeichnis

Frontmatter

Introduction

Frontmatter

Open Access

Chapter 1. Introduction to Security

Abstract
Scenario 1: A post on http://threatpost.com , Threatpost, the Kaspersky Lab Security News Service, dated August 5th, 2013 with the title “BREACH Compression Attack Steals HTTPS Secrets in Under 30 Seconds” by Michael Mimoso, states1:
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 2. History of Computer Security

Abstract
The first events in the history of exploiting security date back to the days of telephony. Telephone signals were sent via copper cables. Telephone lines could be tapped and conversations could be heard. In the early days of telephone systems, telephone operators intentionally misdirected calls and eavesdropped on conversations. In the 1970s, a set of people known as phreakers exploited the weakness of digital switching telephone systems for fun. Phreakers discovered the signal frequency at which the numbers are dialed and tried to match the frequency by blowing a whistle and fooling the electronic switching system to make calls for free. Among these phreakers, John Draper found that he could make long-distance calls for free by building an electronic box that could whistle different frequencies
Umesh Hodeghatta Rao, Umesha Nayak

Key Principles and Practices

Frontmatter

Open Access

Chapter 3. Key Concepts and Principles

Abstract
Every organization or enterprise exists to achieve its objectives, both business objectives and social objectives. Its existence or continued existence is of no use unless it is able to achieve its objectives. For the continued existence of any organization, information security has become a non-negotiable necessity. However, the acceptability for information security is very low in an organization because of its arbitrary implementation. Information security will be appreciated by everybody if the same structure is implemented, keeping in mind an organization’s business objectives and business requirements. Furthermore, information technology has to enable information security which, in turn, will protect its business, customers, partners, and systems, such as its people, infrastructure (including its networks), and applications. This in turn means that all the strategies of the organization – business strategies, IT strategies, and information security strategies – have to complement each other and are to be balanced.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 4. Access Controls

Abstract
In general terms, providing security means “freedom from risk and danger”. In the context of information security, it is securing information against:
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 5. Information Systems Management

Abstract
Today’s world is complex. Organizational environment is becoming increasingly complicated with the integration of various technologies to provide better business delivery. While one’s need of effective and efficient delivery is fulfilled through the means of new technologies, such as internet, video, audio, business presentations, and business meetings, interplaying with each other, the other need requires more focus and strengthening, that is, information security. Businesses have to protect the confidentiality, and the integrity of business information while making their systems available for continued business. A few minutes of down time of an e-commerce business site can lead to a significant amount of missed business or switching over of the business to a competitive supplier. A breach of confidentiality or integrity can lead to reputation loss, huge penalties, or significant revenue loss. To ensure information security, we need to act proactively.
Umesh Hodeghatta Rao, Umesha Nayak

Application Security

Frontmatter

Open Access

Chapter 6. Application and Web Security

Abstract
As we have explored in earlier chapters, security applies to all the components of the systems including physical infrastructure like building, electricity, cables, and son on; hardware; network; software; tools / utilities; human beings including resources internal to the organization and contractors / suppliers who may be working from within the organization or outside the organization. Any part of the entire chain of components can be ignored from security perspective only at the peril of an organization.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 7. Malicious Software and Anti-Virus Software

Abstract
The intent of “Malicious Software,” as the name suggests, is to create harm or damage to systems or to people or to both. As science can be used for both good and bad purposes, software can also be used for both good and bad purposes. Some person or groups use software or exploit software loopholes inappropriately, for fun or to highlight their technical skills. Many others do it for financial gains, for taking revenge, or to create fear in others. Of late, these are misused for political or religious gains or for terrorism. Even many of the countries are spying on each other. Militaries of many countries have a Cyber Warfare division.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 8. Cryptography

Abstract
It is easy for someone to read data if it is in a plain text, but confidential and sensitive messages in plain text can be easily compromised. Spies use secret codes to communicate with their secret agents. Julius Caesar never trusted his messengers carrying message to his generals. He used to code his message by replacing every A with a D, every B with E, and so on, so only those who knew how to decode this “shift 3” rule could decode the message.
Umesh Hodeghatta Rao, Umesha Nayak

Network Security

Frontmatter

Open Access

Chapter 9. Understanding Networks and Network Security

Abstract
Before we discuss network vulnerabilities and threats, we should understand why such threats exist. In order to understand this, we need to know the basics of computer communication and networking. In this chapter, we will be discussing the basics of computer networking, Open System Interconnection (OSI), and Transport Control Protocol/Internet Protocol (TCP/IP) models, and types of networking vulnerabilities that exist and then will explore on the relevant vulnerabilities and threats.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 10. Firewalls

Abstract
The Internet plays an important role in our daily life. Today, everyone is “connected” to everyone else almost at any given instant as we are connected to the Internet most of the time and interacting with others through e-mails or instant messengers like Skype or are using some applications on the web. With the innovation of high-speed computing devices, large-scale deployment of wireless networks, Web 3.0, Cloud computing, and social networks, “always connected” is a reality. The Internet continues to grow exponentially. Most of the businesses are connected on and through the Internet. E-commerce, e-business, and other Internet-related businesses are growing at a faster rate than ever before. According to an estimate by one of the leaders in network systems and services, the number of globally connected devices, which was around 8 billion in 2013, is expected to reach 25 billion by 2015, outnumbering the people by twice as much. And the number of devices that are going to be connected to the Internet is estimated to go as high as 50 billion by the year 2020. 1 According to the latest statistics, more than 75% of the world’s population will be connected to the Internet by 2020. The Internet is bringing together people, processes, and data to make network connections more relevant to today’s world. Demand for network-based applications and services are exponentially growing.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 11. Intrusion Detection and Prevention Systems

Abstract
Intrusion in lay terms is unwanted or unauthorized interference and as it is unwanted or unauthorized, it is normally and mostly with bad intentions. The intention of the intrusion is to collect information related to the organization such as the structure of the internal networks or software systems like operating systems, tools / utilities, or software applications used by the organization and then initiate connections to the internal network and carry out attacks. Intrusions are normally carried out by people outside the organization. Sometimes, intrusions can be caused by internal authorized persons carrying out these attacks by misusing their authorization or by internal authorized persons who go beyond their area of authorization and such attacks also need to be protected against.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 12. Virtual Private Networks

Abstract
Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of the organizations have branches spread across different geographies of the world. Wherever you are located, all these branches need to be connected with their headquarters data center for information. With the changing culture and environment, the demand of the sales force to be able to connect to the headquarters data center from either their homes or hotels, employees who are working from home connecting to headquarters data center is increasing and seamless connectivity to the main data center has become a necessity. Hence, there is one demand that the companies are asking from their network team: a network that is fast, safe and secure, and trustworthy that helps in communicating with all their offices wherever they are located.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 13. Data Backups and Cloud Computing

Abstract
Data Backups and Cloud Computing can be treated as two separate subjects in one context and can be considered as complementary in another context. Data backups have been common since the inception of computers. Cloud computing, on the other hand, is a relatively recent phenomenon. The cloud infrastructure helps with effective data backups and low-cost disaster recovery option. Data backups help in ensuring restoration of data in case of data loss, data corruption, and data integrity issues.
Umesh Hodeghatta Rao, Umesha Nayak

Physical Security

Frontmatter

Open Access

Chapter 14. Physical Security and Biometrics

Abstract
Physical security refers to the measures taken to protect the physical environment and infrastructure that is housing the information system resources, including hardware, software, and other networking devices against physical threats such as theft, fire, water, floods, and so on.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 15. Social Engineering

Abstract
Social Engineering attacks are increasing in our well-connected world. One of the main reasons for the attacks is the availability of personal information on the Internet. For example, social media websites such as Facebook are used by attackers to collect information about people, which in turn can be used in their attacks, or can be used to initiate attacks. Through Google search / other Internet searches, through social media searches like on Facebook, and Linked In you can find significant information about the target people or target companies. Many of the images posted on the social media, like family photos, and photos of the company picnic can reveal lots of information which otherwise may not be available to the outside world. Using the information collected about the individuals, further information can be collected from their relatives and friends. The bits and pieces of the information collected from all such means can become substantial information about people and companies, which can be effectively used by attackers to initiate the attacks. Unlike in other attacks, the targets here are not primarily computers but human beings.
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Chapter 16. Current Trends in Information Security

Abstract
There are several trends in information security that are gaining in relevance. Three of these trends are:
Umesh Hodeghatta Rao, Umesha Nayak

Open Access

Bibliography. Bibliography

Abstract
■■■
Umesh Hodeghatta Rao, Umesha Nayak

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise