The CERT guide to system and network security practices:
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Buch |
| Sprache: | Undetermined |
| Veröffentlicht: |
Boston [u.a.]
Addison-Wesley
2001
|
| Schriftenreihe: | SEI Series in software engineering
|
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Beschreibung: | XXIV, 447 S. Ill. 24 cm |
| ISBN: | 020173723X |
Internformat
MARC
| LEADER | 00000nam a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV023694849 | ||
| 003 | DE-604 | ||
| 005 | 20030410000000.0 | ||
| 007 | t | ||
| 008 | 030310s2001 xxua||| |||| 00||| und d | ||
| 020 | |a 020173723X |c pbk. : EUR 44.90 |9 0-201-73723-X | ||
| 035 | |a (OCoLC)248415767 | ||
| 035 | |a (DE-599)BVBBV023694849 | ||
| 040 | |a DE-604 |b ger | ||
| 041 | |a und | ||
| 044 | |a xxu |c US | ||
| 049 | |a DE-522 | ||
| 050 | 0 | |a QA76.9.A25A454 2001 | |
| 082 | 0 | |a 005.8 21 | |
| 100 | 1 | |a Allen, Julia H. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a The CERT guide to system and network security practices |c Julia H. Allen |
| 264 | 1 | |a Boston [u.a.] |b Addison-Wesley |c 2001 | |
| 300 | |a XXIV, 447 S. |b Ill. |c 24 cm | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 490 | 0 | |a SEI Series in software engineering | |
| 600 | 1 | 4 | |a Computer security |
| 600 | 1 | 4 | |a Computer networks··xSecurity measures |
| 650 | 0 | 7 | |a Computersicherheit |0 (DE-588)4274324-2 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Datensicherung |0 (DE-588)4011144-1 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Computersicherheit |0 (DE-588)4274324-2 |D s |
| 689 | 0 | |5 DE-604 | |
| 689 | 1 | 0 | |a Datensicherung |0 (DE-588)4011144-1 |D s |
| 689 | 1 | |5 DE-604 | |
| 856 | 4 | 2 | |m HBZ Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017195413&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-017195413 | ||
Datensatz im Suchindex
| _version_ | 1804138720578764800 |
|---|---|
| adam_text | Titel: The CERT guide to system and network security practices
Autor: Allen, Julia
Jahr: 2001
Contents
Preface xix
Acknowledgments xxiii
Chapter 1 The CERT® Guide to System and
Network Security Practices 1
The Problem — In the Large 1
The Problem — As Viewed by Administrators 4
How to Use This Book 5
How This Books Is Organized 7
Harden/Secure 7
Prepare 9
Detect 11
Respond 12
Improve 12
Chapter Structure 12
Key Definitions 13
Sources for This Book 14
Other Sources of Information 15
Summary 18
V
vi
CONTENTS
Parti Securing Computers 19
Chapter 2 Securing Network Servers and User Workstations 21
2.1 Overview 22
2.1.1 The Need for Secure Network Servers 23
2.1.2 The Need for Secure User Workstations 25
2.1.3 An Approach to Securing Servers and Workstations 26
2.2 Address Security Issues in Your Computer Deployment Plan (NS, UW) 28
2.2.1 Identify the Purpose of Each Computer 28
2.2.2 Identify Network Services That Will Be Provided 29
2.2.3 Identify Network Service Software to Be Installed 29
2.2.4 Identify Users 29
2.2.5 Determine User Privileges 30
2.2.6 Plan Authentication 30
2.2.7 Determine Access Enforcement Measures 31
2.2.8 Develop Intrusion Detection Strategies 31
2.2.9 Document Backup and Recovery Procedures 31
2.2.10 Determine How Network Services Will Be Maintained or Restored After Various
Kinds of Faults 32
2.2.11 Develop and Follow a Documented Procedure for Installing
an Operating System 32
2.2.12 Determine How the Computer Will Be Connected to Your Network 34
2.2.13 Identify the Security Concerns Related to Day-to-Day Administration 34
2.2.14 Protect Information Contained on Hardware That Is No Longer in Use 35
2.2.15 Keep Your Computer Deployment Plan Current 35
2.2.16 Policy Considerations 35
2.3 Address Security Requirements When Selecting Servers (NS) 36
2.3.1 Identify Functionality and Performance Requirements 37
2.3.2 Review Server Product Features 38
2.3.3 Estimate the Differences in Operating Costs of
Competing Products 38
2.3.4 Policy Considerations 39
2.4 Keep Operating Systems and Applications Software
Up-to-Date (NS, UW) 39
2.4.1 Evaluate and Install Updates 40
2.4.2 Deploy New Computers with Up-to-Date Software 41
CONTENTS
vii
2.4.3 Create New Integrity-Checking Information 42
2.4.4 Policy Considerations 42
2.5 Stick to Essentials on the Server Host Machine (NS) 42
2.5.1 Determine Functions 43
2.5.2 Select the More Secure Alternative 45
2.5.3 Install Only the Minimal Set of Services and Applications 45
2.5.4 Create and Record Cryptographic Checksums 46
2.5.5 Policy Considerations 46
2.6 Stick to Essentials on the Workstation Host System (UW) 46
2.6.1 Determine Functions 47
2.6.2 Install Only Essential Software 48
2.6.3 Create and Record Cryptographic Checksums 48
2.6.4 Policy Considerations 48
2.7 Configure Network Service Clients to Enhance Security (UW) 48
2.7.1 Identify Behaviors That May Lead to Security Problems 49
2.7.2 Maintain Awareness of Vendors Updates 50
2.7.3 Configure the Client to Maintain Security 50
2.7.4 Policy Considerations 50
2.8 Configure Computers for User Authentication (NS, UW) 51
2.8.1 Configure Hardware-Based Access Controls 51
2.8.2 Handle Accounts and Groups 51
2.8.3 Check Your Password Policy and Ensure That Users Follow It 52
2.8.4 Require Reauthentication After Idle Periods 53
2.8.5 Configure to Deny Login After a Small Number of Failed Attempts 54
2.8.6 Install and Configure Other Authentication Mechanisms 54
2.8.7 Policy Considerations 55
2.9 Configure Operating Systems with Appropriate Object, Device,
and File Access Controls (NS,UW) 56
2.9.1 Identify the Protection Needed 56
2.9.2 Configure Access Controls 57
2.9.3 Install and Configure File Encryption Capabilities for Sensitive Data 58
2.9.4 Policy Considerations 58
2.10 Configure Computers for File Backups (NS, UW) 59
2.10.1 Develop a File Backup and Restoration Plan 59
2.10.2 Install and Configure File Backup Tools 61
2.10.3 Test the Ability to Recover from Backups 61
2.10.4 Policy Considerations 62
viii
CONTENTS
2.11 Use a Tested Model Configuration and a Secure Replication
Procedure (UW) 62
2.11.1 Create and Test the Model Configuration 62
2.11.2 Replicate the Configuration on Other Workstations 63
2.11.3 Make Configuration Changes on a Case-by-Case Basis 63
2.11.4 Create and Record Cryptographic Checksums 63
2.12 Protect Computers from Viruses and Similar
Programmed Threats (NS, UW) 64
2.12.1 Develop a Programmed Threats Protection Plan 65
2.12.2 Install and Execute Anti-Virus Tools 65
2.12.3 Train Users 65
2.12.4 Update Detection Tools 66
2.12.5 Policy Considerations 66
2.13 Configure Computers for Secure Remote Administration (NS,UW) 67
2.13.1 Ensure That Administration Commands Originate from
Only Authenticated Administrators and Hosts 67
2.13.2 Ensure That All Administration Tasks Operate at the Minimum Necessary
Privilege Level 68
2.13.3 Ensure That Confidential Information Cannot Be Intercepted, Read,
or Changed by Intruders 68
2.13.4 Use a Movable Storage Medium to Transfer Information 68
2.13.5 Use a Secure Method for Inspecting All Log Files 69
2.13.6 Create and Record Cryptographic Checksums 69
2.13.7 Policy Considerations 69
2.14 Allow Only Appropriate Physical Access to Computers (NS, UW) 70
2.14.1 Prevent Installation of Unauthorized Hardware 70
2.14.2 Deploy the Computer in a Secure Facility 71
2.14.3 Policy Considerations 71
2.15 Develop and Roll Out an Acceptable Use Policy for Workstations (UW) 72
2.15.1 Elements of an Acceptable Use Policy 72
2.15.2 Train Users 73
2.15.3 Provide Explicit Reminders at Each Login 73
Chapter 3 Securing Public Web Servers 79
3.1 Overview 80
3.1.1 The Need for Secure Public Web Servers 81
3.1.2 An Approach for Securing Public Web Servers 82
CONTENTS
ix
3.2 Isolate the Web Server 83
3.2.1 Place the Server on an Isolated Subnet 83
3.2.2 Use Firewall Technology to Restrict Traffic 83
3.2.3 Place Server Hosts Providing Supporting Services
on Another Isolated Subnet 85
3.2.4 Disable Source Routing and IP Forwarding 86
3.2.5 Alternative Architecture Approaches 88
3.2.6 Policy Considerations 88
3.3 Configure the Web Server with Appropriate Object, Device,
and File Access Controls 89
3.3.1 Establish New User and Group Identities 90
3.3.2 Identify the Protection Needed 90
3.3.3 Mitigate the Effects of DoS Attacks 91
3.3.4 Protect Sensitive and Restricted Information 92
3.3.5 Configure Web Server Software Access Controls 92
3.3.6 Disable the Serving of Web Server File Directory Listings 93
3.3.7 Policy Considerations 93
3.4 Identify and Enable Web-Server-Specific Logging Mechanisms 94
3.4.1 Identify the Information to Be Logged 94
3.4.2 Determine If Additional Logging Mechanisms Are Needed 96
3.4.3 Enable Logging 96
3.4.4 Select and Configure Log Analysis Tools 97
3.5 Consider Security Implications for Programs, Scripts, and Plug-ins 97
3.5.1 Perform Cost/Benefit Trade-offs 98
3.5.2 Select from Trustworthy Sources 99
3.5.3 Understand All of the Functionality of an External Program 99
3.5.4 Review Publicly Available Information to Identify Vulnerabilities 100
3.5.5 Policy Considerations 100
3.6 Configure the Web Server to Minimize the Functionality of Programs,
Scripts, and Plug-ins 100
3.6.1 Verify That the Acquired Copy of an External Program Is Authentic 101
3.6.2 Use an Isolated Test Machine 101
3.6.3 Limit Your Exposure to Vulnerabilities 101
3.6.4 Mitigate the Risk of Distributing Malicious Code 102
3.6.5 Disable or Restrict the Use of Server Side Include Functionality 103
3.6.6 Disable the Execution of External Programs Present in
Your Web Server Configuration 103
X
CONTENTS
3.6.7 Restrict Access to External Programs 103
3.6.8 Ensure That Only Authorized Users Can Access External Programs 104
3.6.9 Execute External Programs Under Unique Individual User and Group IDs 104
3.6.10 Restrict the Access of External Programs to Only Essential Files 104
3.6.11 Create Integrity-Checking Information for All External Programs 105
3.6.12 Policy Considerations 105
3.7 Configure the Web Server to Use Authentication
and Encryption Technologies 105
3.7.1 Determine Access Requirements for Sensitive or Restricted Information 106
3.7.2 Establish Trust Between Clients (Users) and Web Servers 107
3.7.3 Understand the Limitations of Address-Based Authentication 107
3.7.4 Understand Authentication and Encryption Technologies 107
3.7.5 Support the Use of SSL 111
3.7.6 Policy Considerations 113
3.7.7 Other Cryptographic Approaches 113
3.8 Maintain the Authoritative Copy of Your Web Site Content
on a Secure Host 114
3.8.1 Restrict User Access 114
3.8.2 Implement and Enforce Access Controls 114
3.8.3 Enforce the Use of Strong User Authentication 115
3.8.4 Accept Authenticated and Encrypted Connections 115
3.8.5 Establish Manual Procedures for Transferring Web Content 115
3.8.6 Policy Considerations 116
3.8.7 Additional Information 116
Chapter 4 Deploying Firewalls 121
4.1 Overview 122
4.1.1 The Need for Firewalls 122
4.1.2 An Approach to Deploying Firewalls 123
4.2 Design the Firewall System 124
4.2.1 Document the Environment 127
4.2.2 Select Firewall Functions 127
4.2.3 Select the Firewall Topology 132
4.2.4 Perform Architectural Trade-off Analysis 136
4.2.5 Protect Your Firewall System from Unauthorized Access 138
4.2.6 Policy Considerations 138
CONTENTS
4.3 Acquire Firewall Hardware and Software 139
4.3.1 Determine Required Hardware Components 139
4.3.2 Determine Required Software Components 140
4.3.3 Determine Required Testing Components 141
4.3.4 Acquire All Components 141
4.4 Acquire Firewall Training, Documentation, and Support 142
4.4.1 Determine Your Training Requirements 142
4.4.2 Determine Your Support Requirements 143
4.5 Install Firewall Hardware and Software 144
4.5.1 Install a Minimum Acceptable Operating System Environment
4.5.2 Install All Applicable Patches 146
4.5.3 Restrict User and Host Access 146
4.5.4 Disable Packet Forwarding 147
4.5.5 Back Up Your System 147
4.5.6 Policy Considerations 147
4.6 Configure IP Routing 148
4.6.1 Obtain IP Addresses 148
4.6.2 Establish Routing Configuration 148
4.6.3 Policy Considerations 149
4.6.4 Considerations in Formulating IP Routing Configuration
and Packet Filtering Rules 149
4.7 Configure Firewall Packet Filtering 150
4.7.1 Design the Packet Filtering Rules 150
4.7.2 Document the Packet Filtering Rules 154
4.7.3 Install Packet Filtering Rules 155
4.7.4 Policy Considerations 155
4.8 Configure Firewall Logging and Alert Mechanisms 157
4.8.1 Design the Logging Environment 158
4.8.2 Select Logging Options for Packet Filter Rules 158
4.8.3 Design the Alert Mechanism Configuration 159
4.8.4 Acquire or Develop Supporting Tools 160
4.8.5 Policy Considerations 160
4.9 Test the Firewall System 160
4.9.1 Create a Test Plan 161
4.9.2 Acquire Testing Tools 163
4.9.3 Test the Firewall Functions in Your Test Environment 164
CONTENTS
XII
4.9.4 Test the Firewall Functions in Your Production Environment 166
4.9.5 Select and Test Features Related to Log Files 169
4.9.6 Test the Firewall System 170
4.9.7 Scan for Vulnerabilities 170
4.9.8 Design Initial Regression-Testing Suite 170
4.9.9 Prepare System for Production Use 170
4.9.10 Prepare to Perform Ongoing Monitoring 171
4.9.11 Policy Considerations 171
4.10 Install the Firewall System 171
4.10.1 Install New Connectivity 172
4.10.2 Install Replacement Connectivity 172
4.10.3 Policy Considerations 172
4.11 Phase the Firewall System into Operation 173
4.11.1 Prepare for Transition to the Replacement Firewall System 173
4.11.2 NotifyUsers 174
4.11.3 Enable Private Traffic Through the New Firewall System 174
4.11.4 Policy Considerations 178
Part II Intrusion Detection and Response 183
Chapter 5 Setting Up Intrusion Detection and
Response Preparation 185
5.1 Overview 186
5.1.1 The Need for Intrusion Detection and Response Preparation 186
5.1.2 An Approach for Detect and Response Preparation 187
5.2 Establish Policies and Procedures 188
5.2.1 Address Intrusion Detection and Response in
Your Security Policies 189
5.2.2 Document Procedures That Implement Your
Intrusion Detection Policies 192
5.2.3 Document Procedures That Implement Your
Intrusion Response Policies 194
5.2.4 Document Roles and Responsibilities 195
5.2.5 Conduct a Legal Review 195
5.2.6 Train Users 196
5.2.7 Keep Your Policies, Procedures, and Training Current 197
CONTENTS
xiii
5.3 Identify Characterization and Other Data for Detecting Signs
of Suspicious Behavior 198
5.3.1 Determine What Data Is Most Useful to Collect 200
5.3.2 Identify the Data to Be Collected 200
5.3.3 Identify the Data to Be Captured Using Logging Mechanisms 204
5.3.4 Identify the Data to Be Captured Using Additional Data
Collection Mechanisms 205
5.3.5 Determine Which Events Should Produce an Alert 206
5.3.6 Recognize That Data Collection and Characterization Are Iterative Processes 206
5.3.7 Document and Verify Your Characterization Trust Assumptions 207
5.3.8 Characterize Typical Network Traffic and Performance 207
5.3.9 Characterize Expected System Behavior and Performance 207
5.3.10 Characterize Expected Process and User Behavior 208
5.3.11 Characterize Expected File and Directory Information 208
5.3.12 Generate an Inventory of Your System Hardware 210
5.3.13 Protect Your Asset Information and Keep It Up-to-Date 211
5.3.14 Policy Considerations 211
5.3.15 Additional Information 211
5.4 Manage Logging and Other Data Collection Mechanisms 216
5.4.1 Enable Logging 217
5.4.2 Protect Logs 217
5.4.3 Document Your Management Plan for Log Files 219
5.4.4 Protect Data Collection Mechanisms and Their Outputs 220
5.4.5 Consider Special Procedures to Preserve Evidence 221
5.4.6 Policy Considerations 221
5.5 Select, Install, and Understand Tools for Response 221
5.5.1 Build Archives of Boot Disks and Distribution Media 222
5.5.2 Build an Archive of Security-Related Patches 222
5.5.3 Identify and Install Tools That Support Reinstallation 223
5.5.4 Ensure Adequate Backup Procedures 223
5.5.5 Build an Archive of Test Results 224
5.5.6 Build and Maintain Sources and Methods for Contact Information 224
5.5.7 Set Up Secure Communication Mechanisms 225
5.5.8 Build a Resource Kit 226
5.5.9 Ensure That Test Systems and Networks Are Properly Configured
and Available 226
5.5.10 Policy Considerations 227
CONTENTS
XIV
Chapter 6 Detecting Signs of Intrusion 231
6.1 Overview 232
6.1.1 The Need for Detecting Signs of Intrusion 232
6.1.2 An Approach for Detecting Signs of Intrusion 233
6.2 Ensure That the Software Used to Examine Systems
Has Not Been Compromised 234
6.2.1 Policy Considerations 237
6.2.2 Additional Information 237
6.3 Monitor and Inspect Network Activities 237
6.3.1 Notify Users 238
6.3.2 Review Network Alerts 239
6.3.3 Review Network Error Reports 239
6.3.4 Review Network Performance 240
6.3.5 Review Network Traffic 241
6.3.6 Policy Considerations 242
6.3.7 Additional Information 243
6.4 Monitor and Inspect System Activities 243
6.4.1 Notify Users 244
6.4.2 Review System Alerts 244
6.4.3 Review System Error Reports 245
6.4.4 Review System Performance Statistics 245
6.4.5 Monitor Process Activity and Behavior 246
6.4.6 Monitor User Behavior 247
6.4.7 Monitor for the Presence of Network Sniffers 248
6.4.8 Run Network Mapping and Scanning Tools 250
6.4.9 Run Vulnerability Scanning Tools on All Systems 250
6.4.10 Policy Considerations 250
6.4.11 Additional Information 251
6.5 Inspect Files and Directories for Unexpected Changes 251
6.5.1 Verify Integrity 252
6.5.2 Identify Unexpected Changes and Their Implications 253
6.5.3 Policy Considerations 254
6.5.4 Additional Information 254
6.6 Investigate Unauthorized Hardware Attached to the Network 254
6.6.1 Audit All Systems and Peripherals Attached to the Network Infrastructure 255
6.6.2 Probe for Unauthorized Modems 255
CONTENTS
XV
6.6.3 Probe All Internal Network Segments to Identify Unauthorized Hardware 256
6.6.4 Look for Unexpected Routes Between the Organization s Network
and External Networks 256
6.6.5 Policy Considerations 256
6.7 Look for Signs of Unauthorized Access to Physical Resources 257
6.7.1 Check All Physical Means of Entrance or Exit 257
6.7.2 Check Physical Resources for Signs of Tampering 258
6.7.3 Perform a Physical Audit of All Movable Media 258
6.7.4 Report All Signs of Unauthorized Physical Access 258
6.7.5 Policy Considerations 258
6.8 Review Reports of Suspicious System and Network Behavior and Events 258
6.8.1 Perform Triage upon Receipt of a Report 259
6.8.2 Evaluate, Correlate, and Prioritize Each Report 260
6.8.3 Investigate Each Report or Set of Related Reports 260
6.8.4 Policy Considerations 261
6.9 Take Appropriate Actions 261
6.9.1 Document Any Unusual Behavior or Activity That You Discover 262
6.9.2 Investigate Each Documented Anomaly 262
6.9.3 Recognize the Iterative Nature of Analysis and Investigation 263
6.9.4 Initiate Your Intrusion Response Procedures 263
6.9.5 Update the Configuration of Alert Mechanisms 263
6.9.6 Update All Characterization Information 263
6.9.7 Update Logging and Data Collection Mechanism Configurations 264
6.9.8 Dispose of Every Reported Event 264
6.9.9 Policy Considerations 264
Chapter 7 Responding to Intrusions 269
7.1 Overview 270
7.1.1 The Need to Respond to Intrusions 270
7.1.2 An Approach for Responding to Intrusions 271
7.2 Analyze All Available Information 273
7.2.1 Capture and Record System Information 274
7.2.2 Back Up the Compromised Systems 274
7.2.3 Isolate the Compromised Systems 275
7.2.4 Search on Other Systems for Signs of Intrusion 275
7.2.5 Examine Logs 275
xvi
CONTENTS
7.2.6 Identify the Attacks Used to Gain Access 276
7.2.7 Identify What an Intruder Did 277
7.2.8 Policy Considerations 278
7.3 Communicate with Relevant Parties 278
7.3.1 Follow Your Information Dissemination Procedures 279
7.3.2 Use Secure Communication Channels 280
7.3.3 Inform Other Affected Sites 280
7.3.4 Maintain Contact Information 281
7.3.5 Policy Considerations 281
7.4 Collect and Protect Information 282
s 7.4.1 Collect All Information 283
7.4.2 Collect and Preserve Evidence 283
7.4.3 Preserve the Chain of Custody of Evidence 284
7.4.4 Contact Law Enforcement 284
7.4.5 Policy Considerations 285
7.5 Contain an Intrusion 285
• ,¦ 7.5.1 Temporarily Shut Down the System 286
7.5.2 Disconnect the Compromised System from the Network 287
7.5.3 Disable Access, Services, and Accounts 287
7.5.4 Monitor System and Network Activities 288
7.5.5 Verify That Redundant Systems and Data Have Not Been Compromised 288
7.5.6 Policy Considerations 288
7.6 Eliminate All Means of Intruder Access 289
7.6.1 Change Passwords 290
7.6.2 Reinstall Compromised Systems 290
7.6.3 Remove Any Means for Intruder Access 290
7.6.4 Restore Executable Programs and Binary Files
from Original Distribution Media 291
7.6.5 Review System Configurations 291
7.6.6 Correct System and Network Vulnerabilities 292
7.6.7 Improve Protection Mechanisms 292
7.6.8 Improve Detection Mechanisms 292
7.6.9 Policy Considerations 293
7.7 Return Systems to Normal Operation 293
7.7.1 Determine the Requirements and Time Frame 294
7.7.2 Restore User Data 294
CONTENTS
7.7.3 Reestablish the Availability of Services and Systems 295
7.7.4 Watch for Signs of the Intruder s Return 295
7.7.5 Policy Considerations 296
7.8 Implement Lessons Learned 296
7.8.1 Complete Communication Steps 297
7.8.2 Hold a Postmortem Review Meeting 297
7.8.3 Revise Security Documents 298
7.8.4 Additional Steps 298
Appendix A Security Implementations 303
Appendix B Practice-Level Policy Considerations 397
Bibliography 423
Abbreviations 431
Index 435
|
| any_adam_object | 1 |
| author | Allen, Julia H. |
| author_facet | Allen, Julia H. |
| author_role | aut |
| author_sort | Allen, Julia H. |
| author_variant | j h a jh jha |
| building | Verbundindex |
| bvnumber | BV023694849 |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25A454 2001 |
| callnumber-search | QA76.9.A25A454 2001 |
| callnumber-sort | QA 276.9 A25 A454 42001 |
| callnumber-subject | QA - Mathematics |
| ctrlnum | (OCoLC)248415767 (DE-599)BVBBV023694849 |
| dewey-full | 005.821 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 21 |
| dewey-search | 005.8 21 |
| dewey-sort | 15.8 221 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01507nam a2200409zc 4500</leader><controlfield tag="001">BV023694849</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20030410000000.0</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">030310s2001 xxua||| |||| 00||| und d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">020173723X</subfield><subfield code="c">pbk. : EUR 44.90</subfield><subfield code="9">0-201-73723-X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)248415767</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023694849</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">und</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-522</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25A454 2001</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8 21</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Allen, Julia H.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The CERT guide to system and network security practices</subfield><subfield code="c">Julia H. Allen</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boston [u.a.]</subfield><subfield code="b">Addison-Wesley</subfield><subfield code="c">2001</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIV, 447 S.</subfield><subfield code="b">Ill.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">SEI Series in software engineering</subfield></datafield><datafield tag="600" ind1="1" ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="600" ind1="1" ind2="4"><subfield code="a">Computer networks··xSecurity measures</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="689" ind1="1" ind2="0"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017195413&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-017195413</subfield></datafield></record></collection> |
| id | DE-604.BV023694849 |
| illustrated | Illustrated |
| indexdate | 2024-07-09T21:32:41Z |
| institution | BVB |
| isbn | 020173723X |
| language | Undetermined |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-017195413 |
| oclc_num | 248415767 |
| open_access_boolean | |
| owner | DE-522 |
| owner_facet | DE-522 |
| physical | XXIV, 447 S. Ill. 24 cm |
| publishDate | 2001 |
| publishDateSearch | 2001 |
| publishDateSort | 2001 |
| publisher | Addison-Wesley |
| record_format | marc |
| series2 | SEI Series in software engineering |
| spelling | Allen, Julia H. Verfasser aut The CERT guide to system and network security practices Julia H. Allen Boston [u.a.] Addison-Wesley 2001 XXIV, 447 S. Ill. 24 cm txt rdacontent n rdamedia nc rdacarrier SEI Series in software engineering Computer security Computer networks··xSecurity measures Computersicherheit (DE-588)4274324-2 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf Computersicherheit (DE-588)4274324-2 s DE-604 Datensicherung (DE-588)4011144-1 s HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017195413&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Allen, Julia H. The CERT guide to system and network security practices Computer security Computer networks··xSecurity measures Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd |
| subject_GND | (DE-588)4274324-2 (DE-588)4011144-1 |
| title | The CERT guide to system and network security practices |
| title_auth | The CERT guide to system and network security practices |
| title_exact_search | The CERT guide to system and network security practices |
| title_full | The CERT guide to system and network security practices Julia H. Allen |
| title_fullStr | The CERT guide to system and network security practices Julia H. Allen |
| title_full_unstemmed | The CERT guide to system and network security practices Julia H. Allen |
| title_short | The CERT guide to system and network security practices |
| title_sort | the cert guide to system and network security practices |
| topic | Computer security Computer networks··xSecurity measures Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd |
| topic_facet | Computer security Computer networks··xSecurity measures Computersicherheit Datensicherung |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=017195413&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT allenjuliah thecertguidetosystemandnetworksecuritypractices |