The chapter begins with a discussion of virus scanners, which the author hopes you are convinced are needed for workstations and servers. Viruses are an ongoing problem, which is why the vendors of antivirus solutions are continuously updating their products. It is not unusual to see frequent updates of product software itself, and of the virus signature files the software uses. These signatures are what the antivirus product looks for in periodic scans and, if your configuration allow it, each time a file is created, downloaded, changed, or otherwise added to a protected computer.
The video below discusses how antivirus software typically works.
The text mentions a few "name brand" antivirus products. There are many more, and decision to buy or try one should be based on reviews from trusted sources.
The next section of the chapter discusses firewalls. The video below discusses several points you should understand from the chapter. The presenter seems to know what he is doing, so pay attention.
Our author has been trying to keep the chapters shorter by dealing with the most critical material. However, his discussion of stateful packet inspection lacks some necessary details. The key is that it does not allow packets from a source that does not have an established session with one of our network devices. (The exception is packets that establish such a session.)
Another aspect of firewalls is the ability to perform and monitor connections to services inside our network. The firewall can act as a gateway to the services our network provides. The firewall allows outside devices to negotiate connections with itself, then it makes connections between itself and the services the outside devices are requesting. This provides another layer of inspection of the traffic that would otherwise be flowing directly to our servers and their applications. The text tells us that this functionality is called by several names: application gateway, application proxy, proxy server, and application-level proxy.
Professor Messer discusses these features as well as the ones in the other videos. He also explains some of the firewall types in your text, and touches on Intruder Detection Systems (IDSs). Give him a chance. He's a good teacher.
The chapter continues with a discussion of IDS products, and includes a short lesson on using a free copy of Snort as an IDS. Snort is typically used in classes as an example of a packet sniffer, a program that can pick out packets of certain types. As the text explains, it can be used in several ways, the most interesting being as an IDS. It is a free product and some students have loved it in the past, so read through that section and look for a video on Snort.
Of the other topics in this section of the chapter, I like the discussion of intrusion deterrence the best. It is like the advice of Sun Tzu's The Art of War. In the beginning of chapter 3 there is an element of hope. Sun Tzu wrote that "the worst policy of all is to besiege walled cities". It is our goal, in mounting a defense, to present such a wall that the enemy will not waste its effort in an attack. This is the essence of deterrence.
A bit farther in the chapter, the author discusses authentication, and he lists a variety of historical protocols that have been used and replaced by other. The most viable one he brings up is Kerberos, which is used in Windows for login authentication. Here is a video about it that makes the lesson less difficult.
The text wanders around other subjects that seem to be odd choices. It discusses digital certificates at length, goes on about Public Key systems for a bit, brags about certificate authorities and the system of trust that makes them work.
The chapter ends with some discussion of Virtual Private Networks and WiFi security, neither of which are adequate to teach you much. I have to suspect this chapter was made more of copy and paste practice than by writing useful lessons.
The text should provide more detail about how the world uses the public key method: Public Key Infrastructure. Public Key Infrastructure is not the only cipher system used in business or government, but it is widely used by both, and by individuals to protect personal or sensitive information. There is a difference between PKI and public key cryptography.
encryption on a web site
works. I connect to a vendor's web site. I obtain the vendor's
public key by making the secure connection. My browser encrypts
my credit card data with the vendor's public key and sends the
ciphertext to the vendor. If the vendor's private key is secure,
the vendor is the only one who can decrypt the data sent through
the public key.
That's the way it is supposed to work in a perfect world. However, attackers have created a need for a security net around the process. In a way, PKI is the success story of businesses that have grown up around this technology. Components of public key infrastructure:
Chapter 10, Security Policies
Chapter 10 discusses policies, which are rules that are followed by people or by software. Objectives important to this lesson:
This chapter covers information security policies, which the text tells us are the heart of an effective security program. The text says that policies are inexpensive (they are just rules) but hard to implement, because they have no effect if people do not comply with them. So what makes a good policy?
The text lists some benefits that policies have for management:
That list of justifications looks more like a list of alibis. It's not our fault, your honor, we told everyone notto do what they did. Do they serve any constructive purposes? Well, they should. Let's consider some (the text finally got around to them) definitions:
The text has a long list of requirements for a policy to be effective:
The points above are sensible but arguable. Have you ever worked someplacewhere all the rules apply equally to all employees? If so, it must not have been a very large organization.
The text continues with a list of topics that should be addressed by issue-specific security policies:
The text makes a large distinction between policies created at three levels:
The text reminds us that in the creation phase of a policy, it should be approved by your management, human relations authorities, and appropriate legal staff before you consider distributing it and putting it in force. All staff should understand that a policy is a work rule and that it must be followed.
The discussion of Disaster Recovery policies in this chapter is well meant but misplaced. it belongs elsewhere.