Chapter 42. Security Overview

Chapter 42. Security Overview

42.1. Introduction to Security
42.1.1. What is Computer Security?
42.1.2. Security Controls
42.1.3. Conclusion
42.2. Vulnerability Assessment
42.2.1. Thinking Like the Enemy
42.2.2. Defining Assessment and Testing
42.2.3. Evaluating the Tools
42.3. Attackers and Vulnerabilities
42.3.1. A Quick History of Hackers
42.3.2. Threats to Network Security
42.3.3. Threats to Server Security
42.3.4. Threats to Workstation and Home PC Security
42.4. Common Exploits and Attacks
42.5. Security Updates
42.5.1. Updating Packages

Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, industries have been formed around the practice of network and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. Because most organizations are dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced.

Unfortunately, most organizations (as well as individual users) regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted postmortem — after an unauthorized intrusion has already occurred. Security experts agree that the right measures taken prior to connecting a site to an untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.