How To Write A Book On Cyber Security



Similar documents
Cyber Security Standards, Practices and Industrial Applications:

This is a preview - click here to buy the full publication

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

TUSKEGEE CYBER SECURITY PATH FORWARD

Digital Pathways. Penetration Testing

A Comparison of Oil and Gas Segment Cyber Security Standards

The Value of Vulnerability Management*

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Privacy and Security in Healthcare

The Protection Mission a constant endeavor

Research Topics in the National Cyber Security Research Agenda

Information Security Incident Management Guidelines

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Information security due diligence

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

How To Protect Your Network From Attack From A Network Security Threat

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Feature. SCADA Cybersecurity Framework

The Business Case for Security Information Management

External Supplier Control Requirements

Defending Against Data Beaches: Internal Controls for Cybersecurity

Understanding SCADA System Security Vulnerabilities

Information Assurance and Security Technologies for Risk Assessment and Threat Management:

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

SCADA SYSTEMS AND SECURITY WHITEPAPER

Bellevue University Cybersecurity Programs & Courses

Preemptive security solutions for healthcare

Ecom Infotech. Page 1 of 6

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Cyber Essentials Scheme

Cisco SAFE: A Security Reference Architecture

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Help for the Developers of Control System Cyber Security Standards

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Effective Use of Assessments for Cyber Security Risk Mitigation

How To Manage Security On A Networked Computer System

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Department of Management Services. Request for Information

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Critical Controls for Cyber Security.

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Privilege Gone Wild: The State of Privileged Account Management in 2015

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

NIST Cyber Security Activities

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

How To Protect Your Data From Being Hacked

What We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Cybercrimes: A Multidisciplinary Analysis

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

IoT & SCADA Cyber Security Services

Resilient and Secure Solutions for the Water/Wastewater Industry

How To Achieve Pca Compliance With Redhat Enterprise Linux

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Cloud Computing for SCADA

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

CYBER SECURITY POLICY For Managers of Drinking Water Systems

05.0 Application Development

SECURITY. Risk & Compliance Services

How To Buy Nitro Security

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Encyclopedia of Distance Learning Second Edition

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Security Controls What Works. Southside Virginia Community College: Security Awareness

Cybersecurity: Protecting Your Business. March 11, 2015

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

CESG Certification of Cyber Security Training Courses

Beyond the Hype: Advanced Persistent Threats

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI

Introduction to Cyber Security / Information Security

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Privilege Gone Wild: The State of Privileged Account Management in 2015

Fundamentals of a Windows Server Infrastructure MOC 10967

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Innovative Defense Strategies for Securing SCADA & Control Systems

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

trends and audit considerations

Cisco Advanced Services for Network Security

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Transcription:

Cyber Security Standards, Practices and Industrial Applications: Systems and Methodologies Junaid Ahmed Zubairi State University of New York at Fredonia, USA Athar Mahboob National University of Sciences & Technology, Pakistan

Senior Editorial Director: Director of Book Publications: Editorial Director: Acquisitions Editor: Development Editor: Production Editor: Typesetters: Print Coordinator: Cover Design: Kristin Klinger Julia Mosemann Lindsay Johnston Erika Carter Michael Killian Sean Woznicki Adrienne Freeland Jamie Snavely Nick Newcomer Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: cust@igi-global.com Web site: http://www.igi-global.com Copyright 2012 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging-in-Publication Data Cyber security standards, practices and industrial applications: systems and methodologies / Junaid Ahmed Zubairi and Athar Mahboob, editors. p. cm. Includes bibliographical references and index. Summary: This book details the latest and most important advances in security standards, introducing the differences between information security (covers the understanding of security requirements, classification of threats, attacks and information protection systems and methodologies) and network security (includes both security protocols as well as systems which create a security perimeter around networks for intrusion detection and avoidance) --Provided by publisher. ISBN 978-1-60960-851-4 (hbk.) -- ISBN 978-1-60960-852-1 (ebook) -- ISBN 978-1-60960-853-8 (print & perpetual access) 1. Computer networks--security measures. 2. Computer security. 3. Data protection. 4. Electronic data processing departments--security measures. I. Zubairi, Junaid Ahmed, 1961- II. Mahboob, Athar, 1971- TK5105.59.C92 2012 005.8--dc22 2011009262 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library. All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not necessarily of the publisher.

Editorial Advisory Board Kassem Saleh, Kuwait University, Kuwait Sajjad Madani, COMSATS Institute of Information Technology, Pakistan Badar Hussain, KCI Engineering, USA Omer Mahmoud, Int l Islamic University, Malaysia List of Reviewers Alfredo Pironti, Politecnico di Torino, Torino, Italy Athar Mahboob, National University of Sciences & Technology, Pakistan Badar Hussain, KCI Engineering, USA Davide Pozza, Politecnico di Torino, Italy Junaid Ahmed Zubairi, State University of New York at Fredonia, USA Junaid Hussain, National University of Sciences & Technology, Pakistan Kashif Latif, National University of Sciences & Technology, Pakistan Morgan Henrie, Morgan Henrie Inc., USA Omer Mahmoud, Int l Islamic University, Malaysia Riccardo Sisto, Politecnico di Torino, Italy Sajjad Ahmed Madani, COMSATS Institute of Information Technology, Pakistan Shakeel Ali, Cipher Storm Ltd., UK Sohail Sattar, NED University of Engineering & Technology, Pakistan Syed Ali Khayam, National University of Sciences & Technology, Pakistan Wen Chen Hu, University of North Dakota, USA

Table of Contents Foreword...xii Preface...xiii Acknowledgment...xviii Section 1 Mobile and Wireless Security Chapter 1 Securing Wireless Ad Hoc Networks: State of the Art and Challenges... 1 Victor Pomponiu, University of Torino, Italy Chapter 2 Smartphone Data Protection Using Mobile Usage Pattern Matching... 23 Wen-Chen Hu, University of North Dakota, USA Naima Kaabouch, University of North Dakota, USA S. Hossein Mousavinezhad, Idaho State University, USA Hung-Jen Yang, National Kaohsiung Normal University, Taiwan Chapter 3 Conservation of Mobile Data and Usability Constraints... 40 Rania Mokhtar, University Putra Malaysia (UPM), Malaysia Rashid Saeed, International Islamic University Malaysia (IIUM), Malaysia Section 2 Social Media, Botnets and Intrusion Detection Chapter 4 Cyber Security and Privacy in the Age of Social Networks... 57 Babar Bhatti, MutualMind, Inc., USA

Chapter 5 Botnets and Cyber Security: Battling Online Threats... 75 Ahmed Mansour Manasrah, National Advanced IPv6 Center, Malaysia Omar Amer Abouabdalla, National Advanced IPv6 Center, Malaysia Moein Mayeh, National Advanced IPv6 Center, Malaysia Nur Nadiyah Suppiah, National Advanced IPv6 Center, Malaysia Chapter 6 Evaluation of Contemporary Anomaly Detection Systems (ADSs)... 90 Ayesha Binte Ashfaq, National University of Sciences & Technology (NUST), Pakistan Syed Ali Khayam, National University of Sciences & Technology (NUST), Pakistan Section 3 Formal Methods and Quantum Computing Chapter 7 Practical Quantum Key Distribution... 114 Sellami Ali, International Islamic University Malaysia (IIUM), Malaysia Chapter 8 Automated Formal Methods for Security Protocol Engineering... 138 Alfredo Pironti, Politecnico di Torino, Italy Davide Pozza, Politecnico di Torino, Italy Riccardo Sisto, Politecnico di Torino, Italy Section 4 Embedded Systems and SCADA Security Chapter 9 Fault Tolerant Remote Terminal Units (RTUs) in SCADA Systems... 168 Syed Misbahuddin, Sir Syed University of Engineering and Technology, Pakistan Nizar Al-Holou, University of Detroit Mercy, USA Chapter 10 Embedded Systems Security... 179 Muhammad Farooq-i-Azam, COMSATS Institute of Information Technology, Pakistan Muhammad Naeem Ayyaz, University of Engineering and Technology, Pakistan

Section 5 Industrial and Applications Security Chapter 11 Cyber Security in Liquid Petroleum Pipelines... 200 Morgan Henrie, MH Consulting, Inc., USA Chapter 12 Application of Cyber Security in Emerging C4ISR Systems and Related Technologies... 223 Ashfaq Ahmad Malik, National University of Sciences & Technology, Pakistan Athar Mahboob, National University of Sciences & Technology, Pakistan Adil Khan, National University of Sciences & Technology, Pakistan Junaid Zubairi, State University of New York at Fredonia, USA Chapter 13 Practical Web Application Security Audit Following Industry Standards and Compliance... 259 Shakeel Ali, Cipher Storm Ltd., UK Compilation of References... 280 About the Contributors... 303 Index... 310

Detailed Table of Contents Foreword...xii Preface...xiii Acknowledgment...xviii Section 1 Mobile and Wireless Security Chapter 1 Securing Wireless Ad Hoc Networks: State of the Art and Challenges... 1 Victor Pomponiu, University of Torino, Italy In this chapter, first authors introduce the main wireless technologies along with their characteristics. Then, a description of the attacks that can be mounted on these networks is given. A separate section will review and compare the most recent intrusion detection techniques for wireless ad hoc networks. Finally, based on the current state of the art, the conclusions, and major challenges are discussed. Chapter 2 Smartphone Data Protection Using Mobile Usage Pattern Matching... 23 Wen-Chen Hu, University of North Dakota, USA Naima Kaabouch, University of North Dakota, USA S. Hossein Mousavinezhad, Idaho State University, USA Hung-Jen Yang, National Kaohsiung Normal University, Taiwan This research proposes a set of novel approaches to protecting handheld data by using mobile usage pattern matching, which compares the current handheld usage pattern to the stored usage patterns. If they are drastic different, a security action such as requiring a password entry is activated. Various algorithms of pattern matching can be used in this research. Two of them are discussed in this chapter. Chapter 3 Conservation of Mobile Data and Usability Constraints... 40 Rania Mokhtar, University Putra Malaysia (UPM), Malaysia Rashid Saeed, International Islamic University Malaysia (IIUM), Malaysia

The goal of this chapter is to examine and raise awareness about cyber security threats from social media, to describe the state of technology to mitigate security risks introduced by social networks, to shed light on standards for identity and information sharing or lack thereof, and to present new research and development. The chapter will serve as a reference to students, researchers, practitioners, and consultants in the area of social media, cyber security, and Information and Communication technologies (ICT). Section 2 Social Media, Botnets and Intrusion Detection Chapter 4 Cyber Security and Privacy in the Age of Social Networks... 57 Babar Bhatti, MutualMind, Inc., USA The goal of this chapter is to examine and raise awareness about cyber security threats from social media, to describe the state of technology to mitigate security risks introduced by social networks, to shed light on standards for identity and information sharing or lack thereof, and to present new research and development. The chapter will serve as a reference to students, researchers, practitioners, and consultants in the area of social media, cyber security, and Information and Communication technologies (ICT). Chapter 5 Botnets and Cyber Security: Battling Online Threats... 75 Ahmed Mansour Manasrah, National Advanced IPv6 Center, Malaysia Omar Amer Abouabdalla, National Advanced IPv6 Center, Malaysia Moein Mayeh, National Advanced IPv6 Center, Malaysia Nur Nadiyah Suppiah, National Advanced IPv6 Center, Malaysia This chapter provides a brief overview of the botnet phenomena and its pernicious aspects. Current governmental and corporate efforts to mitigate the threat are also described, together with the bottlenecks limiting their effectiveness in various countries. The chapter concludes with a description of lines of investigation that could counter the botnet phenomenon. Chapter 6 Evaluation of Contemporary Anomaly Detection Systems (ADSs)... 90 Ayesha Binte Ashfaq, National University of Sciences & Technology (NUST), Pakistan Syed Ali Khayam, National University of Sciences & Technology (NUST), Pakistan Due to the rapidly evolving nature of network attacks, a considerable paradigm shift has taken place with focus now on Network-based Anomaly Detection Systems (NADSs) that can detect zero-day attacks. At this time, it is important to evaluate existing anomaly detectors to determine and learn from their strengths and weaknesses. Thus, the authors aim to evaluate the performance of eight prominent network-based anomaly detectors under malicious portscan attacks.

Section 3 Formal Methods and Quantum Computing Chapter 7 Practical Quantum Key Distribution... 114 Sellami Ali, International Islamic University Malaysia (IIUM), Malaysia The central objective of this chapter is to study and implement practical systems for quantum cryptography using decoy state protocol. In particular we seek to improve dramatically both the security and the performance of practical QKD system (in terms of substantially higher key generation rate and longer distance). Chapter 8 Automated Formal Methods for Security Protocol Engineering... 138 Alfredo Pironti, Politecnico di Torino, Italy Davide Pozza, Politecnico di Torino, Italy Riccardo Sisto, Politecnico di Torino, Italy The objective of this chapter is to give a circumstantial account of the state-of-the-art reached in this field, showing how formal methods can help in improving quality. Since automation is a key factor for the acceptability of these techniques in the engineering practice, the chapter focuses on automated techniques and illustrates in particular how high-level protocol models in the Dolev-Yao style can be automatically analyzed and how it is possible to automatically enforce formal correspondence between an abstract high-level model and an implementation. Section 4 Embedded Systems and SCADA Security Chapter 9 Fault Tolerant Remote Terminal Units (RTUs) in SCADA Systems... 168 Syed Misbahuddin, Sir Syed University of Engineering and Technology, Pakistan Nizar Al-Holou, University of Detroit Mercy, USA This chapter proposes a fault tolerant scheme to untangle the RTU s failure issue. According to the scheme, every RTU will have at least two processing elements. In case of either processor s failure, the surviving processor will take over the tasks of the failed processor to perform its tasks. With this approach, an RTU can remain functional despite the failure of the processor inside the RTU. Chapter 10 Embedded Systems Security... 179 Muhammad Farooq-i-Azam, COMSATS Institute of Information Technology, Pakistan Muhammad Naeem Ayyaz, University of Engineering and Technology, Pakistan Whereas a lot of research has already been done in the area of security of general purpose computers and software applications, hardware and embedded systems security is a relatively new and emerging area

of research. This chapter provides details of various types of existing attacks against hardware devices and embedded systems, analyzes existing design methodologies for their vulnerability to new types of attacks, and along the way describes solutions and countermeasures against them for the design and development of secure systems. Section 5 Industrial and Applications Security Chapter 11 Cyber Security in Liquid Petroleum Pipelines... 200 Morgan Henrie, MH Consulting, Inc., USA The world s critical infrastructure includes entities such as the water, waste water, electrical utilities, and the oil and gas industry. In many cases, these rely on pipelines that are controlled by supervisory control and data acquisition (SCADA) systems. SCADA systems have evolved to highly networked, common platform systems. This evolutionary process creates expanding and changing cyber security risks. The need to address this risk profile is mandated from the highest government level. This chapter discusses the various processes, standards, and industry based best practices that are directed towards minimizing these risks. Chapter 12 Application of Cyber Security in Emerging C4ISR Systems and Related Technologies... 223 Ashfaq Ahmad Malik, National University of Sciences & Technology, Pakistan Athar Mahboob, National University of Sciences & Technology, Pakistan Adil Khan, National University of Sciences & Technology, Pakistan Junaid Zubairi, State University of New York at Fredonia, USA The C4ISR system is a system of systems and it can also be termed as network of networks and works on similar principles as the Internet. Hence it is vulnerable to similar attacks called cyber attacks and warrants appropriate security measures to save it from these attacks or to recover if the attack succeeds. All of the measures put in place to achieve this are called cyber security of C4ISR systems. This chapter gives an overview of C4ISR systems focusing on the perspective of cyber security warranting information assurance. Chapter 13 Practical Web Application Security Audit Following Industry Standards and Compliance... 259 Shakeel Ali, Cipher Storm Ltd., UK Today, nearly 80% of total applications are web-based and externally accessible depending on the organization policies. In many cases, number of security issues discovered not only depends on the system configuration but also the application space. Rationalizing security functions into the application is a common practice but assessing their level of resiliency requires structured and systematic approach to test the application against all possible threats before and after deployment. The application security

assessment process and tools presented here are mainly focused and mapped with industry standards and compliance including PCI-DSS, ISO27001, GLBA, FISMA, SOX, and HIPAA, in order to assist the regulatory requirements. Compilation of References... 280 About the Contributors... 303 Index... 310

xii Foreword The role of cyber infrastructure in the global economy is becoming increasing dominant as this infrastructure has enabled global business and social interaction across cultural and societal boundaries. However, the benefits of this infrastructure can be significantly overshadowed by widespread cyber security incidents as adversarial activities are increasingly international in scope. Online marketplaces for stolen IDs and financial data could be run by criminals maintaining servers across international boundaries and impacting financial enterprises all over the globe. The denial of service (DoS) attack in Estonia is a sobering revelation of how an attack on the cyber infrastructure can severely affect the functioning of an entire nation. With the growing capability of spreading worms over the Internet, the deployment of heterogeneous operating systems, growing number of software patches, sporadic usage of client software (e.g., growing usage of VoIP services with vulnerabilities), and networking technologies (e.g., the on-going aggressive migration towards IPv6) are some of the leading examples diversely impacting the security of the global cyber infrastructure. The phenomenal adaptation of social networking in the cyberspace is also providing opportunities for attackers. In addition, diverse perspectives and policies adopted by various segments of the cyber infrastructure exacerbate security risks, and further hamper our understanding of security/privacy concerns and the choice of technological and policy measures. To build a secure cyber infrastructure, we need to understand how to design various components of this infrastructure securely. Over the years, we have learned that cyber security needs to be viewed in terms of security of all its components and best practices and standards need to be adopted globally. This understanding has several facets and a holistic approach is required to address security challenges from all the dimensions. Cyber security has a long way to go, and covering the complete spectrum of this topic is a daunting task. We need not only to learn how to achieve it but also need to realize that it is essential to pursue it. Addressing this need, this book provides a balanced and comprehensive treatment to this vast topic. We expect the readers will greatly benefit from this book and practice the knowledge provided in it. Arif Ghafoor Purdue University, USA

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information