Network Security Bible Dr. Eric Cole, Dr. Ronald Krutz, and James W. Conley WILEY



Similar documents
EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Fundamentals of Network Security - Theory and Practice-

Networking: EC Council Network Security Administrator NSA

Security + Certification (ITSY 1076) Syllabus

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

BUY ONLINE FROM:

Network Access Security. Lesson 10

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Certified Ethical Hacker Exam Version Comparison. Version Comparison

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Ethical Hacking Course Layout

Eleventh Hour Security+

Description: Objective: Attending students will learn:

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Detailed Description about course module wise:

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

What is Web Security? Motivation

form approved June/2006 revised Page 1 of 7

Linux Network Security

Network Security Fundamentals

Contents Introduction xxvi Chapter 1: Understanding the Threats: Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

NETWORK SECURITY (W/LAB) Course Syllabus

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CYBERTRON NETWORK SOLUTIONS

Build Your Own Security Lab

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

CompTIA Security+ (Exam SY0-410)

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

ICANWK406A Install, configure and test network security

INFORMATION SECURITY TRAINING CATALOG (2015)

How To Pass A Credit Course At Florida State College At Jacksonville

Network Security Administrator

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

The following chart provides the breakdown of exam as to the weight of each section of the exam.

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Developing Network Security Strategies

Network Security and Firewall 1

An expert s tips for cracking tough CISSP exam

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Securing Cisco Network Devices (SND)


Medical Networks and Operating Systems

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Weighted Total Mark. Weighted Exam Mark

CS5008: Internet Computing

Cornerstones of Security

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Chapter 4: Networking and the Internet

Systems and Principles Unit Syllabus

The Information Security Problem

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

SCP - Strategic Infrastructure Security

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Diploma in Information Security Control, Audit and Management (CISSP Certification)

Topics in Network Security

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Chapter 17. Transport-Level Security

CMPT 471 Networking II

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Firewalls, Tunnels, and Network Intrusion Detection

Security Technology: Firewalls and VPNs

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Introduction to Cyber Security / Information Security

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Assessing Network Security

INFORMATION SECURITY TRAINING

Introduction p. 2. Introduction to Information Security p. 1. Introduction

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Information Technology Career Cluster Advanced Cybersecurity Course Number:

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

CEH Version8 Course Outline

Network Security: A Practical Approach. Jan L. Harrington

information security and its Describe what drives the need for information security.

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Advanced Higher Computing. Computer Networks. Homework Sheets

Chapter 9 Firewalls and Intrusion Prevention Systems

Transcription:

WILEY Wiley Publishing, Inc. Network Security Bible Dr. Eric Cole, Dr. Ronald Krutz, and James W. Conley

Contents Acknowledgments Introduction Part I: Security Principles and Practices Chapter 1: Information System Security Principles 3 Key Principles of Network Security 3 Confidentiality '.'.['. 4 Integrity 4 Availability 4 Other important terms 4 Formal Processes c The systems engineering process '.'.'.'. 5 The Information Assurance Technical Framework 6 The Information Systems Security Engineering process 11 The Systems Development Life Cycle.'!! 21 Information systems security and the SDLC '.'.'.'.'.'. 22 Risk Management 31 Definitions 32 Risk management and the SDLC [ ' ' [ 33 Summary 42 Chapter 2: Information System Security Management 43 Security Policies 43 Senior management policy statement [ [[ 44 Standards, guidelines, procedures, and baselines 45 Security Awareness 46 Training [ 46 Measuring awareness [ 47 Managing the Technical Effort 48 Program manager 48 Program management plan '!! 48 Systems engineering management plan 48 Configuration Management 56 Primary functions of configuration management [ [ [ 56 Definitions and procedures 57

XI j Contents Business Continuity and Disaster Recovery Planning 59 Business continuity planning 60 Disaster recovery planning 64 Physical Security 67 Controls 68 Environmental issues 72 Fire suppression 73 Object reuse and data remanence 74 Legal and Liability Issues 75 Types of computer crime 75 Electronic monitoring 76 Liability 76 Summary 77 Chapter 3: Access Control Considerations 79 Control Models 79 Discretionary access control 79 Mandatory access control 80 Non-discretionary access control 81 Types of Access Control Implementations 81 Preventive/Administrative 81 Preventive/Technical 82 Preventive/Physical 82 Detective/Administrative 82 Detective/Technical 83 Detective/Physical 83 Centralized/Decentralized access controls 84 Identification and Authentication 84 Passwords 85 Biometrics 85 Single Sign-On 86 Databases 90 Relational databases 90 Other database types 92 Remote Access 93 RADIUS 93 TACACS and TACACS+ 93 Password Authentication Protocol 94 Challenge Handshake Authentication Protocol 94 Callback 95 Summary 95

Contents Part II: Operating Systems and Applications Chapter 4: Windows Security 99 Windows Security at the Heart of the Defense 101 Who would target me? 101 Be afraid 102 Microsoft recommendations 103 Out-of-the-Box Operating System Hardening 105 Prior to system hardening 105 The general process of system hardening 105 Windows 2003 new installation example 107 Specifics of system hardening 110 Securing the typical Windows business workstation 114 Securing the typical Windows gaming system 114 Installing Applications 115 Antivirus protection 116 Personal firewalls 118 Secure Shell 118 Secure FTP 119 Pretty Good Privacy 119 Putting the Workstation on the Network 120 Test the hardened workstation 120 Physical security 120 Architecture 120 Firewall 121 Intrusion detection systems 122 Operating Windows Safely 122 Separate risky behavior 122 Physical security issues 124 Configuration issues 125 Configuration control 127 Operating issues 130 Upgrades and Patches 138 Keep current with Microsoft upgrades and patches 138 Keep current with application upgrades and patches 139 Keep current with antivirus signatures 139 Use the most modern Windows version 140 Maintain and Test the Security 140 Scan for vulnerabilities 141 Test questionable applications 141 Be sensitive to the performance of the system 141 Replace old Windows systems 142 Periodically re-evaluate and rebuild 142 Monitoring 143 Logging and auditing 144

XIV Contents Clean up the system 144 Prepare for the eventual attack 145 Attacks Against the Windows Workstation 145 Viruses 145 Worms 146 Trojan horses 147 Spyware and ad support 148 Spyware and "Big Brother" 149 Physical attacks 149 TEMPEST attacks 150 Backdoors 150 Denial-of-service attacks 151 File extensions 151 Packet sniffing 152 Hijacking and session replay 152 Social engineering 152 Summary 153 Chapter 5: UNIX and Linux Security 155 The Focus of UNIX/Linux Security 155 UNIX as a target 155 UNIX/Linux as a poor target 157 Open source issues 158 Physical Security 160 Limiting access 161 Detecting hardware changes 162 Disk partitioning 163 Prepare for the eventual attack 164 Controlling the Configuration 166 Installed packages 166 Kernel configurations 167 Operating UNIX Safely 174 Controlling processes 174 Controlling users 187 Encryption and certificates 194 Hardening UNIX 196 Configuration items 196 TCP wrapper 198 Checking strong passwords 198 Packet filtering with iptables 199 Summary 200 Chapter 6: Web Browser and Client Security 201 Web Browser and Client Risk 201 Privacy versus security 202 Web browser convenience 202

Contents Web browser productivity and popularity 202 Web browser evolution 203 Web browser risks Issues working against the attacker 204 205 How a Web Browser Works 205 HTTP, the browser protocol 205 Cookies 208 Maintaining state 210 Caching 212 Secure Socket Layer 212 Web Browser Attacks Hijacking attack 216 216 Replay attack 217 Browser parasites 218 Operating Safely 219 Keeping current with patches 220 Avoiding viruses 220 Using secure sites 220 Securing the network environment 222 Using a secure proxy 223 Avoid using private data 223 General recommendations 224 Web Browser Configurations Cookies 225 225 Plugins 226 Netscape-specific issues Internet Explorer-specific issues 230 231 Summary 236 Chapter 7: Web Security 237 What Is HTTP? How Does HTTP Work? 237 239 HTTP implementation 242 Persistent connections 244 The client/server model 248 Put Get 249 250 BurstableTCP HTML 250 251 Server Content 252 CGI scripts PHP pages 252 253 Client Content 254 JavaScript 254 Java 255 ActiveX 257

XVI Contents State 260 What is state? 260 How does it relate to HTTP? 260 What applications need state? 260 Tracking state 261 Cookies 261 Web bugs 264 URL tracking 265 Hidden frames 265 Hidden fields 266 Attacking Web Servers 266 Account harvesting 266 SQL injection 267 E-commerce Design 269 Physical location 269 Summary 271 Chapter 8: E-mail Security 273 The E-mail Risk 273 Data vulnerabilities 273 Simple e-mail versus collaboration 274 Spam 285 Maintaining e-mail confidentiality 288 Maintaining e-mail integrity 289 E-mail availability issues 290 The E-mail Protocols 290 SMTP 290 POP 294 IMAP 295 E-mail Authentication 296 Plain login 296 Login authentication 297 APOP 297 NTLM/SPA 298 +OK logged onpop before SMTP 299 Kerberos and GSSAPI 299 Operating Safely When Using E-mail 300 Be paranoid 300 Mail client configurations 301 Application versions 302 Architectural considerations 302 SSH tunnel 303 PGPandGPG 307 Summary 308

Contents Chapter 9: Domain Name System 309 Purpose of DNS Forward lookups 310 315 Reverse lookups 316 Alternative Approaches to Name Resolution 318 Security Issues with DNS 319 Misconfigurations Zone transfers 321 322 Predictable query IDs 325 Recursion and iterative queries 325 DNS Attacks Simple DNS attack 326 327 Cache poisoning 327 Designing DNS 329 Split DNS Split-split DNS 329 329 Master Slave DNS 331 Detailed DNS Architecture 331 Summary 332 Chapter 10: Server Security 333 General Server Risks 333 Security by Design 334 Maintain a security mindset Establishing a secure development environment 335 340 Secure development practices 344 Test, test, test 351 Operating Servers Safely Controlling the server configuration 354 354 Controlling users and access 356 Passwords Monitoring, auditing, and logging 357 357 Server Applications 358 Data sharing 358 Peer to peer 362 Instant messaging and chat 363 Summary 364 Part III: Network Security Fundamentals Chapter 11: Network Protocols 367 Protocols 367 The Open Systems Interconnect Model 368

XVIII Contents The OSI Layers The Application layer 369 369 The Presentation layer 370 The Session Layer 370 The Transport layer 371 The Network layer 372 The Data Link layer The Physical layer 373 374 The TCP/IP Model TCP/IP Model Layers 375 377 Network Address Translation 379 Summary 379 Chapter 12: Wireless Security 381 Electromagnetic Spectrum 381 The Cellular Phone Network 383 Placing a Cellular Telephone Call 385 Wireless Transmission Systems 386 Time Division Multiple Access 386 Frequency Division Multiple Access 386 Code Division Multiple Access 387 Wireless transmission system types 388 Pervasive Wireless Data Network Technologies 393 Spread spectrum 393 Spread spectrum basics IEEE Wireless LAN Specifications 393 397 The PHY layer The MAC layer 398 398 IEEE802.il Wireless Security WEP 400 400 WEP security upgrades 802.111 402 408 Bluetooth 413 Wireless Application Protocol Summary 414 416 Chapter 13: Network Architecture Fundamentals 417 Network Segments 418 Public networks 418 Semi-private networks 418 Private networks 419 Perimeter Defense 419 Network Address Translation 420 Basic Architecture Issues 422 Subnetting, Switching, and VLANs 424 Address Resolution Protocol and Media Access Control Addresses... 426

Contents Dynamic Host Configuration Protocol and Addressing Control 428 Firewalls 429 Packet filtering firewalls 430 Stateful packet filtering 432 Proxy firewalls 433 Disadvantages of firewalls 434 Intrusion Detection Systems 435 Types of intrusion detection systems 436 Methods and modes of intrusion detection 439 Responses to Intrusion Detection 442 Common Attacks 442 Summary 444 Part IV: Communications Chapter 14: Secret Communication 447 General Terms Historic Cryptography 448 449 Substitution ciphers 449 Ciphers that shaped history 455 The Four Cryptographic Primitives 455 Random number generation Cast Introduction 456 460 Symmetric Encryption 460 Stream ciphers Block ciphers 462 463 Sharing keys 465 Asymmetric Encryption (Two-Key Encryption) Using a Certificate Authority 467 468 Using a web of trust 469 Digital signatures 470 Hash functions 471 Keyed hash functions Putting These Primitives Together to Achieve CIA 473 473 The Difference Between Algorithm and Implementation 475 Proprietary Versus Open Source Algorithms 476 Summary 477 Chapter 15: Covert Communication 479 Where Hidden Data Hides 479 Where Did It Come From? 481 Where Is It Going? 482 Overview of Steganography 482 Why do we need steganography? 483 Pros of steganography 484

XX Contents Cons of steganography 485 Comparison to other technologies 485 History of Steganography 488 Using steganography in the fight for the Roman Empire 488 Steganography during war 489 Core Areas of Network Security and Their Relation to Steganography... 490 Confidentiality Integrity 490 491 Availability Additional goals of steganography 491 491 Principles of Steganography 492 Steganography Compared to Cryptography 493 Protecting your ring example Putting all of the pieces together 493 494 Types of Steganography 495 Original classification scheme New classification scheme 496 497 Color tables Products That Implement Steganography 501 503 S-Tools Hide and Seek 503 506 Jsteg 508 EZ-Stego 511 Image Hide 512 Digital Picture Envelope Camouflage 514 516 Gif Shuffle 517 Spam Mimic Steganography Versus Digital Watermarking 519 520 What is digital watermarking? 521 Why do we need digital watermarking? 521 Properties of digital watermarking 521 Types of Digital Watermarking 522 Invisible watermarking 522 Visible watermarking 523 Goals of Digital Watermarking 523 Digital Watermarking and Stego 524 Uses of digital watermarking 524 Removing digital watermarks Summary 526 526 Chapter 16: Applications of Secure/Covert Communication 529 E-mail 530 POP/IMAP protocols 530 Pretty Good Privacy 531 Kerberos 532 Authentication Servers 534

Contents Working Model 535 Public Key Infrastructure [ 537 Public and private keys \ [ 538 Key management 54O Web of trust 541 Virtual Private Networks [ 5 41 Design issues 543 IPSec-based VPN 544 IPsec header modes... 545 PPTP/PPP-based VPNs.....'. 547 Secure Shell 54g Secure Sockets Layer/Transport Layer Security [ [ '_ ' ' 549 SSL Handshake Summary Chapter 17: Intrusion Detection and Response 557 Malicious Code 557 Viruses 557 Review of Common Attacks [ 559 Denial-of-service/Distributed denial-of-service attacks '559 Back door Spoofing ' ' " ' Man-in-the-middle 5gj Re P la y '. '.'. ' '. '.'. '. '.'.'.'.'.'. '.'.'.'.'.'. 561 TCP/Hijacking 561 Fragmentation attacks '.'.'.'.' 562 Weak keys cg2 Mathematical attacks '.'.'.'.' 563 Social engineering gg3 Port scanning '.'.'.' 564 Dumpster diving 5g4 Birthday attacks ][[ 5g 4 Password guessing [ [ ' gg5 Software exploitation... 565 Inappropriate system use 5gg Eavesdropping 5gg War driving 5g7 TCP sequence number attacks [ 5g7 War dialing/demon dialing attacks [ 5g7 Intrusion Detection Mechanisms '.'.'.'.' 567 Antivirus approaches '.'.'.'' 567 Intrusion detection and response 5gg IDS issues 571

B XXII Contents Honeypots 573 Purposes 573 Honeypot categories 574 When to use a honeypot When not to use a honeypot 575 575 Current solutions 576 Honeynet Project Incident Handling 577 577 CERT/CC practices 578 Internet Engineering Task Force guidance 583 Layered security and IDS 584 Computer Security and Incident Response Teams 585 Security Incident Notification Process 587 Automated notice and recovery mechanisms 588 Summary 589 Chapter 18: Security Assessments, Testing, and Evaluation 591 Information Assurance Approaches and Methodologies 591 The Systems Security Engineering Capability Maturity Model... 592 NSA Infosec Assessment Methodology 594 Operationally Critical Threat, Asset, and Vulnerability Evaluation 595 Federal Information Technology Security Assessment Framework 595 Certification and Accreditation 596 The National Information Assurance Certification and Accreditation Process 596 Four phases of NIACAP 597 DoD Information Technology Security Certification and Accreditation Process 598 The four phases of DITSCAP 599 Federal Information Processing Standard 102 600 OMB Circular A-130 601 The National Institute of Standards and Technology Assessment Guidelines 602 SP 800-14 603 SP 800-27 604 SP 800-30 604 SP 800-64 606 Penetration Testing 607 Internal penetration test External penetration test 608 609 Full knowledge test 609 Partial knowledge test 609 Zero knowledge test 609

Contents XXI Closed-box test 610 Open-box test Auditing and Monitoring 610 610 Auditing Monitoring 610 611 Summary 612 Chapter 19: Putting Everything Together 613 Critical Problems Facing Organizations 613 How do I convince management security is a problem and that they should spend money on it? 613 How do I keep up with the increased number of attacks? 615 How do you make employees part of the solution and not part of the problem? 615 How do you analyze all of the log data? How do I keep up with all of the different systems across 616 my enterprise and make sure they are all secure? 617 How do I know if I am a target of corporate espionage or some other threat? 617 Top 10 common mistakes 618 General Tips for Protecting a Site Defense in depth 620 620 Principle of least privilege 621 Know what is running on your system Prevention is ideal but detection is a must 621 622 Apply and test patches 623 Regular checks of systems 623 Summary 623 Index 625

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information