Svenska

A New Business Environment

To be successful in today's global markets, organizations must develop and implement effective network security strategies. Security is becoming increasingly important as the worldwide online community grows and private organizations open their systems to business partners.

A Valuable Security Resource

CTR's newest report, Network Security: Developing and Implementing Effective Enterprise Strategies, examines and offers solutions for the security issues facing today's global businesses. The report addresses the legal and ethical issues that monetary transactions via the Internet present to both the organization and the individual.

Designing and implementing a security strategy requires management, research, and analysis. The report outlines how an organization should assess its security needs -- using penetration testing, in-house assessments, or drives and directories testing, for example -- and discusses the network assessment tools available.

Network Security: Developing and Implementing Effective Enterprise Strategies presents user issues that must be addressed when securing an enterprise network, including the following:

• How should Web privileges be assigned?
• How can controls be fairly and efficiently implemented?
• What steps should be taken if a major security breach occurs?

Available Security Tools and Technologies

As industry and business communications re-invent themselves to take advantage of the new business opportunities presented by the Internet and virtual private networks (VPNs), software and hardware products are evolving to meet these needs.

Network Security: Developing and Implementing Effective Enterprise Strategies highlights technology vendors at the forefront of today's security arena and outlines their product offerings, including sniffers and scanners, encryption suites, and log and audit toolkits.

The report also explains how to defend enterprise networks against the increasing number of internal and external security threats. The report introduces some of the types of attacks, such as Internet protocol (IP) spoofing, Trojan horse, and denial-of-service (DoS) attacks and suggests several effective prevention strategies.

Conclusions

By discussing how secure communication is linked with business needs, CTR's new Network Security: Developing and Implementing Effective Enterprise Strategies report provides decision-makers with the tools to implement network security strategies. These strategies will protect their organizations now and in the future.

Ultimately, network security is a business issue, and IT managers responsible for developing security solutions for their organizations must understand all facets of network security. The future of their business depends on it.

Executive Summary

• The Evolution and Structure of the Internet
• Building an Organizational Framework
• Identifying Security Concerns
• Determining Security Needs

The Internet and Communication Protocols

• Open Systems Interconnect (OSI)
• Upper-layer Protocols
• Transmission Control Protocol/Internet Protocol (TCP/IP)
• The Need for Tunneling and Encryption
• The Role of Public Key Cryptography
• IP Security
• Strategies for Securing Frame Relay (FR)
• Synchronous Optical Network (SONET)
• Asynchronous Transfer Mode (ATM) Networks
• Point-to-Point Tunneling
• Building Secure Wide Area Networks (WANs) through Virtual Private Networking

Determining Security Needs

• The Evolution of Security Assessments
• Assessing Needs In-house
• The Role of Management
• Continuous Detection of Network Vulnerabilities

Virtual Private Networks

• Tunneling Protocols
• End-to-End Connections
• Integrating with Existing Network Infrastructure
• Single Sign-On (SSO)
• Cost Considerations

Firewalls and Disaster Recovery Planning

• Types of Firewalls
• Testing Tools
• Firewall Limitations
• Choosing a Protection Suite
• The New Role of Firewalls

Platform Specifications

Macintosh
• Microsoft Windows NT Server
• Novell
• Unix

The Nature of the Attack

• Trends in Internet Crime
• DoS Attacks
• IP Spoofing
• Internal Attacks
• Viruses

Security Tools

• Scanners and Sniffers
• Encryption Suites
• Log and Audit Toolkits
• Penetration Testing
• Certification and Training

E-commerce and Privacy Issues

• Internet Commerce
• Online Privacy
• What Is at Stake?
• Secure Electronic Transactions (SETs)
• Security in Global Environments
• Legal Concerns

Designing a Security Model

• Finding a Way
• Choosing a Consultant
• The Bottom Line