Introduction p. 2. Introduction to Information Security p. 1. Introduction

Transcription

1 Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components p. 6 Balancing Information Security and Access p. 6 Business Needs First p. 7 Protecting the Functionality of an Organization p. 7 Enabling the Safe Operation of Applications p. 8 Protecting Data That Organizations Collect and Use p. 8 Safeguarding Technology Assets in Organizations p. 8 Security Professionals and the Organization p. 8 Data Ownership p. 9 Threats p. 10 Human Error or Failure p. 11 Compromises to Intellectual Property p. 12 Espionage or Trespass p. 13 Information Extortion p. 16 Sabotage or Vandalism p. 16 Theft p. 17 Software Attacks p. 17 Forces of Nature p. 20 Deviations in Quality of Service p. 21 Hardware Failures or Errors p. 22 Software Failures or Errors p. 23 Obsolescence p. 23 Attacks p. 23 Malicious Code p. 23 "Hoaxes" p. 24 Back Doors p. 24 Password Crack p. 25 Brute Force p. 25 Dictionary p. 25 Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) p. 25 Spoofing p. 26 Man-in-the-Middle p. 27 Spam p. 28 Mail Bombing p. 28 Sniffers p. 28

2 Social Engineering p. 28 Buffer Overflow p. 30 Timing Attack p. 30 Chapter Summary p. 30 Review Questions p. 31 Exercises p. 32 Case Exercises p. 33 An Introduction to Networking p. 37 Introduction p. 38 Networking Fundamentals p. 38 Reasons to Network p. 39 Types of Networks p. 40 Network Standards p. 42 Internet Society (ISOC) p. 42 Internet Assigned Numbers Authority (IANA) p. 42 American National Standards Institute (ANSI) p. 43 International Telecommunication Union (ITU) p. 43 Institute of Electrical and Electronics Engineers (IEEE) p. 43 Telecommunications Industry Association (TIA) p. 43 International Organization for Standardization (ISO) p. 44 OSI Reference Model and Security p. 44 The Physical Layer p. 45 Data Link Layer p. 53 Network Layer p. 56 Transport Layer p. 59 Session Layer p. 64 Presentation Layer p. 64 Application Layer p. 64 The Internet and TCP/IP p. 66 The World Wide Web p. 66 TCP/IP p. 67 Chapter Summary p. 69 Review Questions p. 70 Exercises p. 71 Case Exercises p. 71 Security Policies, Standards, and Planning p. 73 Introduction p. 74 Information Security Policy, Standards, and Practices p. 75 Definitions p. 75 Enterprise Information Security Policy (EISP) p. 77 Issue-Specific Security Policy (ISSP) p. 78

3 System-Specific Policy (SysSP) p. 81 Policy Management p. 83 Frameworks and Industry Standards p. 85 The ISO Series p. 86 NIST Security Models p. 90 IETF Security Architecture p. 91 Benchmarking and Best Business Practices p. 91 Security Architecture p. 92 Security Education, Training, and Awareness Program p. 95 Security Education p. 96 Security Training p. 96 Security Awareness p. 97 Continuity Strategies p. 98 Business Impact Analysis p. 101 Incident Response Planning p. 104 Disaster Recovery Planning p. 104 Business Continuity Planning p. 105 Crisis Management p. 106 Chapter Summary p. 107 Review Questions p. 108 Exercises p. 109 Case Exercises p. 110 Finding Network Vulnerabilities p. 113 Introduction p. 114 Common Vulnerabilities p. 114 Defects in Software or Firmware p. 114 Weaknesses in Processes and Procedures p. 121 Scanning and Analysis Tools p. 121 Port Scanners p. 125 Firewall Analysis Tools p. 126 Operating System Detection Tools p. 127 Vulnerability Scanners p. 128 Packet Sniffers p. 133 Wireless Security Tools p. 134 Penetration Testing p. 135 Chapter Summary p. 138 Review Questions p. 138 Exercises p. 139 Case Exercises p. 139 Firewall Planning and Design p. 141 Introduction p. 142

4 Misconceptions About Firewalls p. 143 Firewalls Explained p. 143 An Analogy: Office Tower Security Guard p. 144 Firewall Security Features p. 145 Firewall User Protection p. 145 Firewall Network Perimeter Security p. 145 Firewall Components p. 146 Firewall Security Tasks p. 147 Types of Firewall Protection p. 152 Packet Filtering p. 152 PAT and NAT p. 159 Application Layer Gateways p. 160 Firewall Categories p. 162 Processing Mode p. 162 Firewall Generation p. 164 Firewall Structures p. 165 Firewall Architectures p. 174 Limitations of Firewalls p. 178 Chapter Summary p. 178 Review Questions p. 179 Exercises p. 180 Case Exercises p. 181 Packet Filtering p. 183 Introduction p. 184 Understanding Packets and Packet Filtering p. 184 Packet-Filtering Devices p. 184 Anatomy of a Packet p. 185 Packet-Filtering Rules p. 187 Packet-Filtering Methods p. 189 Stateless Packet Filtering p. 190 Stateful Packet Filtering p. 195 Filtering Based on Packet Content p. 197 Setting Specific Packet Filter Rules p. 197 Best Practices for Firewall Rules p. 197 Rules That Cover Multiple Variations p. 199 Rules for ICMP Packets p. 199 Rules That Enable Web Access p. 201 Rules That Enable DNS p. 202 Rules That Enable FTP p. 202 Rules That Enable p. 203 Chapter Summary p. 205

5 Review Questions p. 205 Exercises p. 206 Case Exercises p. 207 Working with Proxy Servers and Application-Level Firewalls p. 209 Introduction p. 210 Overview of Proxy Servers p. 210 How Proxy Servers Work p. 210 How Proxy Servers Differ from Packet Filters p. 212 Sample Proxy Server Configurations p. 212 Goals of Proxy Servers p. 214 Concealing Internal Clients p. 215 Blocking URLs p. 216 Blocking and Filtering Content p Proxy Protection p. 217 Improving Performance p. 217 Ensuring Security p. 218 Providing User Authentication p. 218 Redirecting URLs p. 219 Proxy Server Configuration Considerations p. 219 Providing for Scalability p. 219 Working with Client Configurations p. 219 Working with Service Configurations p. 221 Creating Filter Rules p. 221 Recognizing the Single Point of Failure p. 222 Recognizing Buffer Overflow Vulnerabilities p. 222 Choosing a Proxy Server p. 222 Transparent Proxies p. 222 Nontransparent Proxies p. 223 SOCKS-Based Proxies p. 223 Proxy Server-Based Firewalls Compared p. 224 T.REX Open-Source Firewall p. 225 Squid p. 225 WinGate p. 225 Symantec Enterprise Firewall p. 226 Microsoft Internet Security & Acceleration Server p. 226 Reverse Proxies p. 226 When a Proxy Service Isn't the Correct Choice p. 228 Chapter Summary p. 229 Review Questions p. 229 Exercises p. 230 Case Exercises p. 231

6 Firewall Configuration and Administration p. 233 Introduction p. 234 Establishing Firewall Rules and Restrictions p. 235 The Role of the Rules File p. 235 Restrictive Firewalls p. 235 Connectivity-Based Firewalls p. 236 Firewall Configuration Strategies p. 237 Scalability p. 237 Productivity p. 237 Dealing with IP Address Issues p. 238 Approaches That Add Functionality to Your Firewall p. 239 NAT/PAT p. 239 Encryption p. 239 Application Proxies p. 240 VPNs p. 240 Intrusion Detection and Prevention Systems p. 241 Enabling a Firewall to Meet New Needs p. 243 Verifying Resources Needed by the Firewall p. 244 Identifying New Risks p. 245 Adding Software Updates and Patches p. 245 Adding Hardware p. 246 Dealing with Complexity on the Network p. 247 Adhering to Proven Security Principles p. 248 Environmental Management p. 248 BIOS, Boot, and Screen Locks p. 248 Remote Management Interface p. 249 Why Remote Management Tools Are Important p. 249 Security Concerns p. 250 Basic Features of Remote Management Tools p. 250 Automating Security Checks p. 251 Configuring Advanced Firewall Functions p. 251 Data Caching p. 251 Hot Standby Redundancy p. 252 Load Balancing p. 253 Filtering Content p. 254 Chapter Summary p. 256 Review Questions p. 257 Exercises p. 257 Case Exercises p. 258 Encryption and Firewalls p. 259 Introduction p. 260

7 Firewalls and Encryption p. 260 The Cost of Encryption p. 262 Preserving Data Integrity p. 262 Maintaining Confidentiality p. 262 Authenticating Network Clients p. 263 Enabling Virtual Private Networks (VPNs) p. 263 Principles of Cryptography p. 263 Encryption Definitions p. 264 Cryptographic Notation p. 264 Encryption Operations p. 265 Using Cryptographic Controls p Security p. 277 Securing the Web p. 277 Securing Authentication p. 278 Attacks on Cryptosystems p. 280 Man-in-the-Middle Attack p. 281 Correlation Attacks p. 281 Dictionary Attacks p. 281 Timing Attacks p. 282 Defending from Attacks p. 282 Chapter Summary p. 283 Review Questions p. 283 Exercises p. 284 Case Exercises p. 285 Authenticating Users p. 287 Introduction p. 288 The Authentication Process in General p. 288 How Firewalls Implement the Authentication Process p. 289 Firewall Authentication Methods p. 290 User Authentication p. 291 Client Authentication p. 291 Session Authentication p. 292 Centralized Authentication p. 293 Kerberos p. 294 TACACS+ p. 295 Remote Authentication Dial-In User Service (RADIUS) p. 296 TACACS+ and RADIUS Compared p. 296 Password Security Issues p. 298 Passwords That Can Be Cracked p. 298 Password Vulnerabilities p. 298 Lax Security Habits p. 298

8 Password Security Tools p. 299 One-Time Password Software p. 299 The Shadow Password System p. 299 Other Authentication Systems p. 300 Single-Password Systems p. 300 One-Time Password Systems p. 300 Certificate-Based Authentication p X Wi-Fi Authentication p. 302 Chapter Summary p. 303 Review Questions p. 303 Exercises p. 304 Case Exercises p. 305 Setting Up a Virtual Private Network p. 307 Introduction p. 308 VPN Components and Operations p. 309 VPN Components p. 309 Essential Activities of VPNs p. 313 Benefits and Drawbacks of VPNs p. 314 VPNs Extend Network Boundaries p. 314 Types of VPNs p. 315 VPN Appliances p. 316 Software VPN Systems p. 317 VPN Combinations of Hardware and Software p. 318 Combination VPNs p. 318 VPN Setups p. 318 Mesh Configuration p. 318 Hub-and-Spoke Configuration p. 319 Hybrid Configuration p. 321 Configurations and Extranet and Intranet Access p. 321 Tunneling Protocols Used with VPNs p. 322 IPSec/IKE p. 322 PPTP p. 323 L2TP p. 324 PPP Over SSL/PPP Over SSH p. 324 Enabling Remote Access Connections Within VPNs p. 325 Configuring the Server p. 325 Configuring Clients p. 326 VPN Best Practices p. 327 The Need for a VPN Policy p. 327 Packet Filtering and VPNs p. 327 Auditing and Testing the VPN p. 330

9 Chapter Summary p. 33 Review Questions p. 334 Exercises p. 334 Case Exercises p. 335 Contingency Planning p. 337 Introduction p. 338 What Is Contingency Planning? p. 339 Components of Contingency Planning p. 341 Business Impact Analysis p. 342 Incident Response Plan p. 343 Disaster Recovery Plan p. 344 Business Continuity Plan p. 344 Incident Response: Preparation, Organization, and Prevention p. 345 Planning for the Response During the Incident p. 347 Planning for After the Incident p. 349 Planning for Before the Incident p. 349 Incident Classification and Detection p. 351 Classifying Incidents p. 352 Data Collection p. 354 Detecting Compromised Software p. 356 Challenges in Intrusion Detection p. 357 Incident Reaction p. 357 Selecting an IR Strategy p. 357 Notification p. 359 Documenting an Incident p. 360 Incident Containment Strategies p. 360 Interviewing Individuals Involved in the Incident p. 361 Recovering from Incidents p. 361 Identify and Resolve Vulnerabilities p. 362 Restore Data p. 363 Restore Services and Processes p. 363 Restore Confidence Across the Organization p. 363 IR Plan Maintenance p. 363 The After-Action Review p. 363 IR Plan Review and Maintenance p. 365 Training p. 365 Rehearsal p. 365 Data and Application Resumption p. 366 Disk-to-Disk-to-Tape p. 366 Backup Strategies p. 366 Tape Backup and Recovery p. 367

10 Redundancy-Based Backup and Recovery Using RAID p. 369 Database Backups p. 371 Application Backups p. 372 Real-Time Protection, Server Recovery, and Application Recovery p. 372 Service Agreements p. 377 Chapter Summary p. 378 Review Questions p. 379 Exercises p. 379 Case Exercises p. 380 Intrusion Detection and Prevention Systems p. 383 Introduction p. 384 Intrusion Detection and Prevention p. 384 IDPS Terminology p. 385 Why Use an IDPS? p. 387 Network-Based IDPS p. 390 Host-Based IDPS p. 394 IDPS Detection Methods p. 396 IDPS Response Behavior p. 398 Selecting IDPS Approaches and Products p. 401 Strengths and Limitations of IDPSs p. 406 Deployment and Implementation of an IDPS p. 407 Measuring the Effectiveness of IDPSs p. 415 Honey Pots, Honey Nets, and Padded Cell System p. 417 Trap and Trace Systems p. 419 Active Intrusion Prevention p. 420 Chapter Summary p. 420 Review Questions p. 421 Exercises p. 422 Case Exercises p. 422 Digital Forensics p. 425 Introduction p. 426 The Digital Forensic Team p. 426 The First Response Team p. 427 The Analysis Team p. 428 Digital Forensics Methodology p. 430 Affidavits and Search Warrants p. 430 Acquiring the Evidence p. 432 Identifying Sources p. 432 Authenticating Evidence p. 433 Collecting Evidence p. 434 Maintaining the Chain of Custody p. 447

11 Analyzing Evidence p. 449 Searching for Evidence p. 451 Reporting the Findings p. 453 Interacting with Law Enforcement p. 453 Anti-Forensics p. 455 Chapter Summary p. 456 Review Questions p. 456 Exercises p. 457 Case Exercise p. 457 Glossary p. 459 Index p. 473 Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.