Computer and Information Security Handbook

Book description

Presents information on how to analyze risks to your networks and the steps needed to select and deploy the appropriate countermeasures to reduce your exposure to physical and network threats. Also imparts the skills and knowledge needed to identify and counter some fundamental security risks and requirements, including Internet security threats and measures (audit trails IP sniffing/spoofing etc.) and how to implement security policies and procedures. In addition, this book covers security and network design with respect to particular vulnerabilities and threats. It also covers risk assessment and mitigation and auditing and testing of security systems as well as application standards and technologies required to build secure VPNs, configure client software and server operating systems, IPsec-enabled routers, firewalls and SSL clients. This comprehensive book will provide essential knowledge and skills needed to select, design and deploy a public key infrastructure (PKI) to secure existing and future applications.

* Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise* Comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints* Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Foreword
  7. Preface
    1. Organization of this Book
  8. Acknowledgments
  9. About the Editor
  10. Contributors
  11. Part I: Overview of System and Network Security: A Comprehensive Introduction
    1. Chapter 1. Building a Secure Organization
      1. 1. Obstacles to Security
      2. 2. Ten Steps to Building a Secure Organization
    2. Chapter 2. A Cryptography Primer
      1. 1. What is Cryptography? What is Encryption?
      2. 2. Famous Cryptographic Devices
      3. 3. Ciphers
      4. 4. Modern Cryptography
      5. 5. The Computer Age
    3. Chapter 3. Preventing System Intrusions
      1. 1. So, What is an Intrusion?
      2. 2. Sobering Numbers
      3. 3. Know Your Enemy: Hackers Versus Crackers
      4. 4. Motives
      5. 5. Tools of the Trade
      6. 6. Bots
      7. 7. Symptoms of Intrusions
      8. 8. What Can You Do?
      9. 9. Security Policies
      10. 10. Risk Analysis
      11. 11. Tools of Your Trade
      12. 12. Controlling User Access
      13. 13. Conclusion
    4. Chapter 4. Guarding Against Network Intrusions
      1. 1. Traditional Reconnaissance and Attacks
      2. 2. Malicious Software
      3. 3. Defense in Depth
      4. 4. Preventive Measures
      5. 5. Intrusion Monitoring and Detection
      6. 6. Reactive Measures
      7. 7. Conclusions
    5. Chapter 5. Unix and Linux Security
      1. 1. Unix and Security
      2. 2. Basic Unix Security
      3. 3. Protecting User Accounts and Strengthening Authentication
      4. 4. Reducing Exposure to Threats by Limiting Superuser Privileges
      5. 5. Safeguarding Vital Data by Securing Local and Network File Systems
    6. Chapter 6. Linux and Unix Security
      1. 1. Introduction to Linux and Unix
      2. 2. Hardening Linux and Unix
      3. 3. Proactive Defense for Linux and Unix
    7. Chapter 7. Internet Security
      1. 1. Internet Protocol Architecture
      2. 2. An Internet Threat Model
      3. 3. Defending Against Attacks on the Internet
      4. 4. Conclusion
    8. Chapter 8. The Botnet Problem
      1. 1. Introduction
      2. 2. Botnet Overview
      3. 3. Typical Bot Life Cycle
      4. 4. The Botnet Business Model
      5. 5. Botnet Defense
      6. 6. Botmaster Traceback
      7. 7. Summary
    9. Chapter 9. Intranet Security
      1. 1. Plugging the Gaps: NAC and Access Control
      2. 2. Measuring Risk: Audits
      3. 3. Guardian at the Gate: Authentication and Encryption
      4. 4. Wireless Network Security
      5. 5. Shielding the Wire: Network Protection
      6. 6. Weakest Link in Security: User Training
      7. 7. Documenting the Network: Change Management
      8. 8. Rehearse the Inevitable: Disaster Recovery
      9. 9. Controlling Hazards: Physical and Environmental Protection
      10. 10. Know Your Users: Personnel Security
      11. 11. Protecting Data Flow: Information and System Integrity
      12. 12. Security Assessments
      13. 13. Risk Assessments
      14. 14. Conclusion
    10. Chapter 10. Local Area Network Security
      1. 1. Identify Network Threats
      2. 2. Establish Network Access Controls
      3. 3. Risk Assessment
      4. 4. Listing Network Resources
      5. 5. Threats
      6. 6. Security Policies
      7. 7. The Incident-Handling Process
      8. 8. Secure Design Through Network Access Controls
      9. 9. IDS Defined
      10. 10. NIDS: Scope and Limitations
      11. 11. A Practical Illustration of NIDS
      12. 12. Firewalls
      13. 13. Dynamic NAT Configuration
      14. 14. The Perimeter
      15. 15. Access List Details
      16. 16. Types of Firewalls
      17. 17. Packet Filtering: IP Filtering Routers
      18. 18. Application-layer Firewalls: Proxy Servers
      19. 19. Stateful Inspection Firewalls
      20. 20. NIDS Complements Firewalls
      21. 21. Monitor and Analyze System Activities
      22. 22. Signature Analysis
      23. 23. Statistical Analysis
      24. 24. Signature Algorithms
    11. Chapter 11. Wireless Network Security
      1. 1. Cellular Networks
      2. 2. Wireless Ad Hoc Networks
      3. 3. Security Protocols
      4. 4. Secure Routing
      5. 5. Key Establishment
      6. References
    12. Chapter 12. Cellular Network Security
      1. 1. Introduction
      2. 2. Overview of Cellular Networks
      3. 3. The State of the Art of Cellular Network Security
      4. 4. Cellular Network Attack Taxonomy
      5. 5. Cellular Network Vulnerability Analysis
      6. 6. Discussion
      7. References
    13. Chapter 13. RFID Security
      1. 1. RFID Introduction
      2. 2. RFID Challenges
      3. 3. RFID Protections
      4. References
  12. Part II: Managing Information Security
    1. Chapter 14. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
      1. 1. Information Security Essentials for it Managers, Overview
      2. 2. Protecting Mission-critical Systems
      3. 3. Information Security from the Ground up
      4. 4. Security Monitoring and Effectiveness
      5. References
    2. Chapter 15. Security Management Systems
      1. 1. Security Management System Standards
      2. 2. Training Requirements
      3. 3. Principles of Information Security
      4. 4. Roles and Responsibilities of Personnel
      5. 5. Security Policies
      6. 6. Security Controls
      7. 7. Network Access
      8. 8. Risk Assessment
      9. 9. Incident Response
      10. 10. Summary
    3. Chapter 16. Information Technology Security Management
      1. 1. Information Security Management Standards
      2. 2. Information Technology Security Aspects
      3. 3. Conclusion
    4. Chapter 17. Identity Management
      1. 1. Introduction
      2. 2. Evolution of Identity Management Requirements
      3. 3. The Requirements Fulfilled by Current Identity Management Technologies
      4. 4. Identity 2.0 for mobile users
      5. 5. Conclusion
    5. Chapter 18. Intrusion Prevention and Detection Systems
      1. 1. What is an “Intrusion,” Anyway?
      2. 2. Unauthorized Access by an Outsider
      3. 3. Malware Infection
      4. 4. The Role of the “0-Day”
      5. 5. The Rogue’s Gallery: Attackers and Motives
      6. 6. A Brief Introduction to TCP/IP
      7. 7. The TCP/IP Data Architecture and Data Encapsulation
      8. 8. Survey of Intrusion Detection and Prevention Technologies
      9. 9. Anti-Malware Software
      10. 10. Network-based Intrusion Detection Systems
      11. 11. Network-based Intrusion Prevention Systems
      12. 12. Host-based Intrusion Prevention Systems
      13. 13. Security Information Management Systems
      14. 14. Network Session Analysis
      15. 15. Digital Forensics
      16. 16. System Integrity Validation
      17. 17. Putting it all Together
    6. Chapter 19. Computer Forensics
      1. 1. What is Computer Forensics?
      2. 2. Analysis of Data
      3. 3. Computer Forensics in the Court System
      4. 4. Understanding Internet History
      5. 5. Temporary Restraining Orders and Labor Disputes
      6. 5. First Principles
      7. 6. Hacking a Windows XP Password
      8. 7. Network Analysis
      9. 8. Computer Forensics Applied
      10. 9. Testifying as an Expert
      11. 10. Beginning to End in Court
    7. Chapter 20. Network Forensics
      1. 1. Scientific Overview
      2. 2. The Principles of Network Forensics
      3. 3. Attack Traceback and Attribution
      4. 4. Critical Needs Analysis
      5. 5. Research Directions
    8. Chapter 21. Firewalls
      1. 1. Network Firewalls
      2. 2. Firewall Security Policies
      3. 3. A Simple Mathematical Model for Policies, Rules, and Packets
      4. 4. First-match Firewall Policy Anomalies
      5. 5. Policy Optimization
      6. 6. Firewall Types
      7. 7. Host and Network Firewalls
      8. 8. Software and Hardware Firewall Implementations
      9. 9. Choosing the Correct Firewall
      10. 10. Firewall Placement and Network Topology
      11. 11. Firewall Installation and Configuration
      12. 12. Supporting Outgoing Services Through Firewall Configuration
      13. 13. Secure External Services Provisioning
      14. 14. Network Firewalls for Voice and Video Applications
      15. 15. Firewalls and Important Administrative Service Protocols
      16. 16. Internal IP Services Protection
      17. 17. Firewall Remote Access Configuration
      18. 18. Load Balancing and Firewall Arrays
      19. 19. Highly Available Firewalls
      20. 20. Firewall Management
      21. 21. Conclusion
    9. Chapter 22. Penetration Testing
      1. 1. What is Penetration Testing?
      2. 2. How does Penetration Testing Differ from an Actual “Hack?”
      3. 3. Types of Penetration Testing
      4. 4. Phases of Penetration Testing
      5. 5. Defining What’s Expected
      6. 6. The Need for a Methodology
      7. 7. Penetration Testing Methodologies
      8. 8. Methodology in Action
      9. 9. Penetration Testing Risks
      10. 10. Liability Issues
      11. 11. Legal Consequences
      12. 12. “Get Out of Jail Free” Card
      13. 13. Penetration Testing Consultants
      14. 14. Required Skill Sets
      15. 15. Accomplishments
      16. 16. Hiring a Penetration Tester
      17. 17. Why Should a Company Hire You?
      18. 18. All’s Well that Ends Well
    10. Chapter 23. What Is Vulnerability Assessment?
      1. 1. Reporting
      2. 2. The “It Won’t Happen to Us” Factor
      3. 3. Why Vulnerability Assessment?
      4. 4. Penetration Testing Versus Vulnerability Assessment
      5. 5. Vulnerability Assessment Goal
      6. 6. Mapping the Network
      7. 7. Selecting the Right Scanners
      8. 8. Central Scans Versus Local Scans
      9. 9. Defense in Depth Strategy
      10. 10. Vulnerability Assessment Tools
      11. 11. Scanner Performance
      12. 12. Scan Verification
      13. 13. Scanning Cornerstones
      14. 14. Network Scanning Countermeasures
      15. 15. Vulnerability Disclosure Date
      16. 16. Proactive Security Versus Reactive Security
      17. 17. Vulnerability Causes
      18. 18. DIY Vulnerability Assessment
      19. 19. Conclusion
  13. Part III: Encryption Technology
    1. Chapter 24. Data Encryption
      1. 1. Need for Cryptography
      2. 2. Mathematical Prelude to Cryptography
      3. 3. Classical Cryptography
      4. 4. Modern Symmetric Ciphers
      5. 5. Algebraic Structure
      6. 6. The Internal Functions of Rijndael in AES Implementation
      7. 7. Use of Modern Block Ciphers
      8. 8. Public-key Cryptography
      9. 9. Cryptanalysis of RSA
      10. 10. Diffie-Hellman Algorithm
      11. 11. Elliptic Curve Cryptosystems
      12. 12. Message Integrity and Authentication
      13. 13. Summary
      14. References
    2. Chapter 25. Satellite Encryption
      1. 1. The Need for Satellite Encryption
      2. 2. Satellite Encryption Policy
      3. 3. Implementing Satellite Encryption
      4. 4. The Future of Satellite Encryption
    3. Chapter 26. Public Key Infrastructure
      1. 1. Cryptographic Background
      2. 2. Overview of PKI
      3. 3. The X.509 Model
      4. 4. X.509 Implementation Architectures
      5. 5. X.509 Certificate Validation
      6. 6. X.509 Certificate Revocation
      7. 7. Server-based Certificate Validity Protocol
      8. 8. X.509 Bridge Certification Systems
      9. 9. X.509 Certificate Format
      10. 10. PKI Policy Description
      11. 11. PKI Standards Organizations
      12. 12. PGP Certificate Formats
      13. 13. PGP PKI Implementations
      14. 14. W3C
      15. 15. Alternative PKI architectures
      16. 16. Modified X.509 Architectures
      17. 17. Alternative Key Management Models
    4. Chapter 27. Instant-Messaging Security
      1. 1. Why Should I Care About Instant Messaging?
      2. 2. What is Instant Messaging?
      3. 3. The Evolution of Networking Technologies
      4. 4. Game Theory and Instant Messaging
      5. 5. The Nature of the Threat
      6. 6. Common IM Applications
      7. 7. Defensive Strategies
      8. 8. Instant-messaging Security Maturity and Solutions
      9. 9. Processes
      10. 10. Conclusion
  14. Part IV: Privacy and Access Management
    1. Chapter 28. NET Privacy
      1. 1. Privacy in the Digital Society
      2. 2. The Economics of Privacy
      3. 3. Privacy-Enhancing Technologies
      4. 4. Network Anonymity
      5. 5. Conclusion
    2. Chapter 29. Personal Privacy Policies
      1. 1. Introduction
      2. 2. Content of Personal Privacy Policies
      3. 3. Semiautomated Derivation of Personal Privacy Policies
      4. 4. Specifying Well-Formed Personal Privacy Policies
      5. 5. Preventing Unexpected Negative Outcomes
      6. 6. The Privacy Management Model
      7. 7. Discussion and Related Work
      8. 8. Conclusions and Future Work
    3. Chapter 30. Virtual Private Networks
      1. 1. History
      2. 2. Who is in Charge?
      3. 3. VPN Types
      4. 4. Authentication Methods
      5. 5. Symmetric Encryption
      6. 6. Asymmetric Cryptography
      7. 7. Edge Devices
      8. 8. Passwords
      9. 9. Hackers and Crackers
    4. Chapter 31. Identity Theft
      1. 1. Experimental Design
      2. 2. Results and Analysis
      3. 3. Implications for Crimeware
      4. 4. Conclusion
    5. Chapter 32. VoIP Security
      1. 1. Introduction
      2. 2. Overview of Threats
      3. 3. Security in Voip
      4. 4. Future Trends
      5. 5. Conclusion
  15. Part V: Storage Security
    1. Chapter 33. SAN Security
      1. 1. Organizational Structure
      2. 2. Access Control Lists (ACL) and Policies
      3. 3. Physical Access
      4. 4. Change Management
      5. 5. Password Policies
      6. 6. Defense in Depth
      7. 7. Vendor Security Review
      8. 8. Data Classification
      9. 9. Security Management
      10. 10. Auditing
      11. 11. Management Access: Separation of Functions
      12. 12. Host Access: Partitioning
      13. 13. Data Protection: Replicas
      14. 15. Encryption in Storage
      15. 16. Application of Encryption
      16. 17. Conclusion
      17. References
    2. Chapter 34. Storage Area Networking Security Devices
      1. 1. What is a SAN?
      2. 2. SAN Deployment Justifications
      3. 3. The Critical Reasons for SAN Security
      4. 4. SAN Architecture and Components
      5. 5. SAN General Threats and Issues
      6. 6. Conclusion
    3. Chapter 35. Risk Management
      1. 1. The Concept of Risk
      2. 2. Expressing and Measuring Risk
      3. 3. The Risk Management Methodology
      4. 4. Risk Management Laws and Regulations
      5. 5. Risk Management Standards
      6. 6. Summary
  16. Part VI: Physical Security
    1. Chapter 36. Physical Security Essentials
      1. 1. Overview
      2. 2. Physical Security Threats
      3. 3. Physical Security Prevention and Mitigation Measures
      4. 4. Recovery from physical security breaches
      5. 5. Threat Assessment, Planning, and Plan Implementation
      6. 6. Example: a Corporate Physical Security Policy
      7. 7. Integration of Physical and Logical Security
      8. References
    2. Chapter 37. Biometrics
      1. 1. Relevant Standards
      2. 2. Biometric System Architecture
      3. 3. Using Biometric Systems
      4. 4. Security Considerations
      5. 5. Conclusion
    3. Chapter 38. Homeland Security
      1. 1. Statutory Authorities
      2. 2. Homeland Security Presidential Directives
      3. 3. Organizational Actions
      4. 4. Conclusion
    4. Chapter 39. Information Warfare
      1. 1. Information Warfare Model
      2. 2. Information Warfare Defined
      3. 3. IW: Myth or Reality?
      4. 4. Information Warfare: Making Iw Possible
      5. 5. Preventative Strategies
      6. 6. Legal Aspects of IW
      7. 7. Holistic View of Information Warfare
      8. 8. Conclusion
  17. Part VII: Advanced Security
    1. Chapter 40. Security Through Diversity
      1. 1. Ubiquity
      2. 2. Example Attacks Against Uniformity
      3. 3. Attacking Ubiquity with Antivirus Tools
      4. 4. The Threat of Worms
      5. 5. Automated Network Defense
      6. 6. Diversity and the Browser
      7. 7. Sandboxing and Virtualization
      8. 8. DNS Example of Diversity Through Security
      9. 9. Recovery from Disaster is Survival
      10. 10. Conclusion
    2. Chapter 41. Reputation Management
      1. 1. The Human Notion of Reputation
      2. 2. Reputation Applied to the Computing World
      3. 3. State of the Art of Attack-Resistant Reputation Computation
      4. 4. Overview of Current Online Reputation Service
      5. 5. Conclusion
    3. Chapter 42. Content Filtering
      1. 1. The Problem with Content Filtering
      2. 2. User Categories, Motivations, and Justifications
      3. 3. Content Blocking Methods
      4. 4. Technology and Techniques for Content-Filtering Control
      5. 5. Categories
      6. 6. Legal Issues
      7. 7. Issues and Problems with Content Filtering
      8. 9. Related Products
      9. 10. Conclusion
    4. Chapter 43. Data Loss Protection
      1. 1. Precursors of DLP
      2. 2. What is DLP?
      3. 3. Where to Begin?
      4. 4. Data is Like Water
      5. 5. You Don’t Know What You Don’t Know
      6. 6. How Do DLP Applications Work?
      7. 7. Eat Your Vegetables
      8. 8. It’s a Family Affair, Not Just It Security’s Problem
      9. 9. Vendors, Vendors Everywhere! Who Do You Believe?
      10. 10. Conclusion
  18. Part VIII: Appendices
    1. Appendix A. Configuring Authentication Service on Microsoft Windows Vista
      1. 1. Backup and Restore of Stored Usernames and Passwords
      2. 2. Credential Security Service Provider and SSO for Terminal Services Logon
      3. 3. TLS/SSL Cryptographic Enhancements
      4. 4. Kerberos Enhancements
      5. 5. Smart Card Authentication Changes
      6. 6. Previous Logon Information
    2. Appendix B. Security Management and Resiliency
    3. Appendix C. List of Top Security Implementation and Deployment Companies
      1. List of SAN Implementation and Deployment Companies
      2. SAN Security Implementation and Deployment Companies:
    4. Appendix D. List of Security Products
      1. Security Software
    5. Appendix E. List of Security Standards
    6. Appendix F. List of Miscellaneous Security Resources
      1. Conferences
      2. Consumer Information
      3. Directories
      4. Help and Tutorials
      5. Mailing Lists
      6. News and Media
      7. Organizations
      8. Products and Tools
      9. Research
      10. Content Filtering Links
      11. Other Logging Resources
    7. Appendix G. Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
      1. Accomplishment
      2. Background
      3. Additional Information
    8. Appendix H. Configuring Wireless Internet Security Remote Access
      1. Adding the Access Points as RADIUS Clients to IAS
      2. Adding Access Points to the First IAS Server
      3. Scripting the Addition of Access Points to IAS Server (Alternative Procedure)
      4. Configuring the Wireless Access Points
      5. Enabling Secure WLAN Authentication on Access Points
      6. Additional Settings to Secure Wireless Access Points
      7. Replicating RADIUS Client Configuration to Other IAS Servers
    9. Appendix I. Frequently Asked Questions
    10. Appendix J. Glossary
  19. Index

Product information

  • Title: Computer and Information Security Handbook
  • Author(s): John R. Vacca
  • Release date: May 2009
  • Publisher(s): Morgan Kaufmann
  • ISBN: 9780080921945