O'Reilly logo

Auditor's Guide to IT Auditing, Second Edition by Richard E. Cascarino

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER TWENTY-EIGHT

Applied Information Technology Security

THIS CHAPTER looks at the application of Information Technology (IT) security including communications and network security. The principles of network security, client-server, Internet and web-based services, and firewall security systems are all detailed together with connectivity protection resources such as cryptography, digital signatures, digital certificates, and key management policies. IT security also encompasses the use of intrusion-detection systems and the proper implementation of mainframe security facilities.

COMMUNICATIONS AND NETWORK SECURITY

In considering how network security should be implemented, one of the most difficult areas to establish is exactly where the network starts and ends. For many organizations, this is where primary security is established with a “peripheral” defense. In the same manner as a peripheral defense over the physical building, network peripheral defenses work on the basis of having a limited number of entry points, each securely guarded. Unfortunately not all networks work in the same manner and most have considerably more entry points than a normal building. In addition, this form of defense suffers from the same deficiencies as a peripheral defense around a building in that, once inside the building, it is assumed that the intruder has a right to be there and, in many cases, no further security checks are done. Another parallel can be found between the security checkpoint ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required