Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Transcription

1 Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor, LinuxJournal Dir. Of Value-Subtracted Svcs., Wiremonkeys.org Michael Howard Principle Security Program Manager, Microsoft Corporation International Edition contributions by Amp Kumar Bhattacharjee RCC Institute of Information Technology Soumen Mukherjee RCC Institute of Information Technology

2 Contents Online Resources 13 Notation 14 About the Authors 15 Preface 17 Chapter 0 Reader's and Instructor's Guide Outline of This Book A Roadmap for Readers and Instructors Support for CISSP Certification Internet and Web Resources Standards 29 Chapter 1 Overview Computer Security Concepts Threats, Attacks, and Assets Security Functional Requirements A Security Architecture for Open Systems Computer Security Trends Computer Security Strategy Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 58 PART ONE: COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES 60 Chapter 2 Cryptographic Tools Confidentiality with Symmetric Encryption Message Authentication and Hash Functions Public-Key Encryption Digital Signatures and Key Management Random and Pseudorandom Numbers Practical Application: Encryption of Stored Data Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 89 Chapter 3 User Authentication Means of Authentication Password-Based Authentication Token-Based Authentication Biometric Authentication Remote User Authentication Security Issues for User Authentication Practical Application: An Iris Biometric System 119

3 3.8 Case Study: Security Problems for ATM Systems Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 125 Chapter 4 Access Control Access Control Principles Subjects, Objects, and Access Rights Discretionary Access Control Example: UNIX File Access Control Role-Based Access Control Case Study: RBAC System for a Bank Recommended Reading and Web Site Key Terms, Review Questions, and Problems 155 Chapter 5 Database Security The Need for Database Security Database Management Systems Relational Databases Database Access Control Inference Statistical Databases Database Encryption Cloud Security Recommended Reading and Web Site Key Terms, Review Questions, and Problems 195 Chapter 6 Malicious Software Types of Malicious Software (Malware) Propagation Infected Content Viruses Pi-opagation Vulnerability Exploit Worms Propagation Social Engineering SPAM , Trojans Payload System Corruption Payload Attack Agent Zombie, Bots Payload Information Theft Keyloggers, Phishing, Spyware Payload Stealfhing Backdoors, Rootkits Countermeasures Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 238 Chapter 7 Denial-of-Service Attacks Denial-of-Service Attacks Flooding Attacks Distributed Denial-of-Service Attacks Application-Based Bandwidth Attacks Reflector and Amplifier Attacks Defenses Against Denial-of-Service Attacks Responding to a Denial-of-Service Attack Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 267

4 Chapter 8 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Intrusion Detection Network-Based Intrusion Detection Distributed Adaptive Intrusion Detection Intrusion Detection Exchange Format Honeypots Example System: Snort Recommended Reading and "Web Sites Key Terms, Review Questions, and Problems 304 Chapter 9 Firewalls and Intrusion Prevention Systems The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Location and Configurations Intrusion Prevention Systems Example: Unified Threat Management Products Recommended Reading and Web Site Key Terms, Review Questions, and Problems 333 PART TWO: SOFTWARE SECURITY AND TRUSTED SYSTEMS 338 Chapter 10 Buffer Overflow Stack Overflows Defending Against Buffer Overflows Other Forms ofoverflow Attacks Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 375 Chapter 11 Software Security Software Security Issues Handling Program Input Writing Safe Program Code Interacting with the Operating System and Other Programs Handling Program Output Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 414 Chapter 12 Operating System Security Introduction to Operating System Security System Security Planning Operating Systems Hardening Application Security Security Maintenance Linux/Unix Security 428

5 12.7 Windows Security Virtualization Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 439 Chapter 13 Trusted Computing and Multilevel Security The Bell-LaPadula Model for Computer Security Other Formal Models for Computer Security The Concept of Trusted Systems Application of Multilevel Security Trusted Computing and the Trusted Platform Module 469 Evaluation Common Criteria for Information Technology Security 13.7 Assurance and Evaluation Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 485 PART THREE: MANAGEMENT ISSUES 488 Chapter 14 IT Security Management and Risk Assessment IT Security Management Organizational Context and Security Policy Security Risk Assessment Detailed Security Risk Analysis Case Study: Silver Star Mines Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 516 Chapter 15 IT Security Controls, Plans, and Procedures IT Security Management Implementation Security Controls or Safeguards IT Security Plan Implementation of Controls Implementation Follow-up Case Study: Silver Star Mines Recommended Reading Key Terms, Review Questions, and Problems 536 Chapter 16 Physical and Infrastructure Security Overview Physical Security Threats Physical Security Prevention and Mitigation Measures Recovery from Physical Security Breaches Example: A Corporate Physical Security Policy Integration of Physical and Logical Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 559 Chapter 17 Human Resources Security Security Awareness, Training, and Education Employment Practices and Policies 568

6 17.3 and Internet Use Policies Computer Security Incident Response Teams Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 580 Chapter 18 Security Auditing Security Auditing Architecture The Security Audit Trail Implementing the Logging Function Audit Trail Analysis Example: An Integrated Approach Recommended Reading and Web Site Key Terms, Review Questions, and Problems 613 Chapter 19 Legal and Ethical Aspects Cybercrime and Computer Crime Intellectual Property Privacy Ethical Issues Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 642 PART FOUR CRYPTOGRAPHIC ALGORITHMS 645 Chapter 20 Symmetric Encryption and Message Confidentiality Symmetric Encryption Principles Data Encryption Standard Advanced Encryption Standard Stream Ciphers and RC Cipher Block Modes of Operation Location of Symmetric Encryption Devices Key Distribution Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 672 Chapter 21 Public-Key Cryptography and Message Authentication Secure Hash Functions HMAC The RSA Public-Key Encryption Algorithm DifEe-Hellman and Other Asymmetric Algorithms Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 698 PART FIVE NETWORK SECURITY 702 Chapter 22 Internet Security Protocols and Standards Secure and S/MIME DomainKeys Identified Mail Secure Sockets Layer (SSL) and Transport Layer Security (TLS) HTTPS 714

7 22.5 IPv4 and IPv6 Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 722 Chapter 23 Internet Authentication Applications Kerberos X Public-Key Infrastructure Federated Identity Management Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 742 Chapter 24 Wireless Network Security Wireless Security Overview IEEE Wireless LAN Overview IEEE li Wireless LAN Security Recommended Reading and Web Sites Key Terms, Review Questions, and Problems 769 APPENDICES Appendix A Projects and Other Student Exercises for Teaching Computer Security 772 A.l Hacking Project 773 A.2 Laboratory Exercises 774 A.3 Research Projects 774 A.4 Programming Projects 775 A.5 Practical Security Assessments 775 A. 6 Firewall Projects 776 A.7 Case Studies 776 A. 8 Writing Assignments 776 A.9 Reading/Report Assignments 777 References 778 Index 796 Credits 809