图书信息:
0次推荐
13次浏览
0次下载
| 书名: | Computer and Information Security Handbook | |
|---|---|---|
| 作者: | Vacca, John R.; Vacca, John R. | |
| 出版时间: | 2012-11-05 | |
| ISBN: | 9780123943972(P-ISBN) ,9780123946126(O-ISBN) | |
| 摘要: | ||
| 摘要: | ||
书目详情:
Front CoverComputer and Information Security HandbookCopyright PageDedicationContentsForewordPrefaceOrganization of this BookPart 1: Overview of System and Network Security: A Comprehensive IntroductionPart 2: Managing Information SecurityPart 3: Cyber, Network, and Systems Forensics Security and AssurancePart 4: Encryption TechnologyPart 5: Privacy and Access ManagementPart 6: Storage SecurityPart 7: Physical SecurityPart 8: Practical SecurityPart 9: Advanced SecuritySupplemental MaterialsAcknowledgmentsAbout the EditorContributorsI. Overview of System and Network Security: A Comprehensive Introduction1 Building a Secure Organization1. Obstacles to SecuritySecurity Is Inconvenient2. Computers are Powerful and ComplexComputer Users Are UnsophisticatedComputers Created Without a Thought to Security3. Current Trend is to Share, Not ProtectData Accessible from Anywhere4. Security isn’t about Hardware and SoftwareThe Bad Guys Are Very SophisticatedManagement Sees Security as a Drain on the Bottom Line5. Ten Steps to Building a Secure OrganizationEvaluate the Risks and ThreatsThreats Based on the Infrastructure ModelThreats Based on the Business ItselfThreats Based on IndustryGlobal ThreatsBeware of Common MisconceptionsProvide Security Training for IT Staff—Now and ForeverThink “Outside the Box”DOXingTrain Employees: Develop a Culture of SecurityIdentify and Utilize Built-in Security Features of the Operating System and ApplicationsMonitor SystemsHire a Third Party to Audit SecurityDon’t Forget the BasicsChange Default Account PasswordsUse Robust PasswordsClose Unnecessary PortsPatch, Patch, PatchUse Administrator Accounts for Administrative TasksRestrict Physical AccessDon’t Forget Paper!6. Preparing for the Building of Security Control Assessments7. SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem2 A Cryptography Primer1 What is Cryptography? What is Encryption?How Is Cryptography Done?2 Famous Cryptographic DevicesThe Lorenz CipherEnigma3 CiphersThe Substitution CipherThe Shift CipherThe Polyalphabetic CipherThe Kasiski/Kerckhoff Method4 Modern CryptographyThe Vernam Cipher Stream Cipher)The One-Time PadCracking CiphersThe XOR Cipher and Logical OperandsBlock Ciphers5 The Computer AgeData Encryption StandardTheory of OperationImplementationRivest, Shamir, and Adleman RSA)Advanced Encryption Standard AES or Rijndael)OverviewThe Basics of AES6 How AES WorksBytesMathIn the BeginningRounds7 Selecting Cryptography: the Process8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem3 Detecting System Intrusions1. Introduction2. Monitoring Key Files in the SystemFiles Integrity3. Security ObjectivesThere Is Something Very Wrong HereAdditional Accounts on the SystemTimestampsHidden Files and Directories4. 0day AttacksAttack VectorsVulnerability WindowDiscoveryProtectionEthics5. Good Known StateMonitoring Running Processes in the SystemFiles with Weird Names6. RootkitsKernel-Level RootkitsUserland RootkitsRootkit Detection7. Low Hanging Fruit8. Antivirus Software9. Homegrown Intrusion Detection10. Full-Packet Capture DevicesDeploymentCentralizedDecentralizedCapacityFeatures: Filtered versus Full-Packet CaptureEncrypted versus Unencrypted StorageSustained Capture Speed versus Peak Capture SpeedPermanent versus Overwritable StorageData Security11. Out-of-Band Attack Vectors12. Security Awareness Training13. Data Correlation14. SIEM15. Other Weird Stuff on the System16. Detection17. Network-Based Detection of System Intrusions DSIs)18. SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences4 Preventing System Intrusions1. So, What is an Intrusion?2. Sobering Numbers3. Know Your Enemy: Hackers versus Crackers4. Motives5. The Crackers’ Tools of the TradeOur “Unsecured” Wireless World6. Bots7. Symptoms of Intrusions8. What Can You Do?Know Today’s Network NeedsNetwork Security Best Practices9. Security Policies10. Risk AnalysisVulnerability TestingAuditsRecovery11. Tools of Your TradeIntrusion Detection Systems IDSs)FirewallsIntrusion Prevention SystemsApplication FirewallsAccess Control SystemsUnified Threat Management12. Controlling User AccessAuthentication, Authorization, and AccountingWhat the User KnowsWhat the User HasTokensTime SynchronousEvent SynchronousChallenge-ResponseThe User is Authenticated, but is She/He Authorized?AccountingKeeping Current13. Intrusion Prevention Capabilities14. SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem5 Guarding Against Network Intrusions1 Traditional Reconnaissance and Attacks2 Malicious SoftwareLures and “Pull” Attacks3 Defense in Depth4 Preventive MeasuresAccess ControlVulnerability Testing and PatchingClosing PortsFirewallsAntivirus and Antispyware ToolsSpam FilteringHoneypotsNetwork Access Control5 Intrusion Monitoring and DetectionHost-Based MonitoringTraffic MonitoringSignature-Based DetectionBehavior AnomaliesIntrusion Prevention Systems6 Reactive MeasuresQuarantineTraceback7 Network-Based Intrusion Protection8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem6 Securing Cloud Computing Systems1 Cloud Computing Essentials: Examining the Cloud LayersAnalyzing Cloud Options in DepthPublicPrivateVirtual PrivateHybridEstablishing Cloud Security FundamentalsPolicy and Organizational RisksLock-inLoss of GovernanceCompliance ChallengesLoss of Business Reputation Due to Co-tenant ActivitiesCloud Service Termination or FailureCloud Provider AcquisitionSupply Chain FailureTechnical RisksResource ExhaustionResource Segregation FailureAbuse of High Privilege RolesManagement Interface CompromiseIntercepting Data in Transit, Data LeakageInsecure Deletion of DataDistributed Denial of Dervice DDoS)Economic Denial of Service EDoS)Encryption and Key Management Loss of Encryption Keys)Undertaking Malicious Probes or ScansCompromise of the Service EngineCustomer Requirements and Cloud Environment ConflictsLegal RisksSubpoena and e-discoveryVarying JurisdictionData ProtectionLicensingGeneral RisksNetwork FailuresPrivilege EscalationSocial EngineeringLoss or Compromise of Operational and Security Logs or Audit TrailsBackup LossUnauthorized Physical Access and Theft of EquipmentNatural DisastersOther Cloud Security ConceptsIncident Response IR), Notification and RemediationVirtualizationExternal AccreditationsDetermining When Security Goals Require a Private Cloud2 Software as a Service SaaS): Managing Risks in the CloudCentralizing Information with SaaS to Increase Data SecurityImplementing and Managing User Authentication and AuthorizationPermission and Password ProtectionNegotiating Security Requirements with VendorsIdentifying Needed Security MeasuresEstablishing a Service Level AgreementEnsuring SLAs Meet Organizational Security Requirements3 Platform as a Service PaaS): Securing the PlatformRestricting Network Access Through Security GroupsConfiguring Platform-Specific User Access ControlIntegrating with Cloud Authentication and Authorization SystemsCompartmentalizing Access to Protect Data ConfidentialitySecuring Data in Motion and Data at RestIdentifying Your Security PerimeterTechniques for Recovering Critical DataBasic Backup and RestorePilot LightWarm StandbyMultisite4 Infrastructure as a Service IaaS)Locking Down Cloud ServersVirtualization Software SecurityCustomer Guest Operating System OS) or Virtual Instance SecurityEnsuring the Cloud is Configured According to Best PracticesPolicyRisk ManagementConfiguration Management and Change ControlAuditingVulnerability ScanningSegregation of DutiesSecurity MonitoringConfirming Safeguards have been ImplementedNetworkingOperating SystemsApplicationsScanning for and Patching VulnerabilitiesControlling and Verifying Configuration Management5 Leveraging Provider-Specific Security OptionsDefining Security Groups to Control AccessFiltering Traffic by Port NumberDiscovering and Benefiting from the Provider’s Built-in SecurityProtecting Archived DataConfidentialityIntegrityAvailability6 Achieving Security in a Private CloudTaking Full Responsibility for SecurityManaging the Risks of Public CloudsIdentifying and Assigning Security Tasks in Each SPI Service Model: SaaS, PaaS, IaaSSelecting the Appropriate ProductComparing Product-Specific Security FeaturesConsidering Organizational Implementation RequirementsVirtual Private Cloud VPC)Simulating a Private Cloud in a Public EnvironmentGoogle Secure Data Connector SDC)Amazon VPCIndustry-Standard, VPN-Encrypted ConnectionsThe Hybrid Cloud AlternativeConnecting On-Premises Data with Cloud ApplicationsSecurely Bridging with VPCDynamically Expanding Capacity to Meet Business Surges7 Meeting Compliance RequirementsManaging Cloud GovernanceRetaining Responsibility for the Accuracy of the DataVerifying Integrity in Stored and Transmitted DataDemonstrating Due Care and Due DiligenceSupporting Electronic DiscoveryPreserving a Chain of EvidenceAssuring Compliance with Government Certification and Accreditation RegulationsHIPAASarbanes–OxleyData Protection ActPCI DSSLimiting the Geographic Location of DataFollowing Standards for Auditing Information SystemsNegotiating Third-party Provider Audits8 Preparing for Disaster RecoveryImplementing a Plan to Sustain AvailabilityReliably Connecting to the Cloud across the Public InternetAnticipating a Sudden Provider Change or LossArchiving SaaS Data LocallyAddressing Data Portability and Interoperability in Preparation for a Change in Cloud ProvidersExploiting the Cloud for Efficient Disaster Recovery OptionsAchieving Cost-effective Recovery Time ObjectivesEmploying a Strategy of Redundancy to Better Resist DoS9 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences7 Fault Tolerance and Resilience in Cloud Computing Environments1 Introduction2 Cloud Computing Fault ModelCloud Computing ArchitectureFailure Behavior of ServersFailure Behavior of the Network3 Basic Concepts on Fault Tolerance4 Different Levels of Fault Tolerance in Cloud Computing5 Fault Tolerance against Crash Failures in Cloud Computing6 Fault Tolerance against Byzantine Failures in Cloud Computing7 Fault Tolerance as a Service in Cloud Computing8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemAcknowledgmentsReferences8 Securing Web Applications, Services, and Servers1 Setting the StageDefining Threats to Your Web AssetsSurveying the Legal Landscape and Privacy IssuesWeb Services Overview2 Basic Security for HTTP Applications and ServicesBasic AuthenticationTransport Layer SecurityServer AuthenticationMutual AuthenticationApplication to REST ServicesGSS-API Negotiated Security3 Basic Security for SOAP ServicesWS-Security OverviewProtocol DesignUsage of WS-SecurityAuthentication with WSSWS-I Security ProfileExample for a WSDL for WS-Security4 Identity Management and Web ServicesBackgroundSecurity Assertion Markup LanguageSAML Token TypesSAML ProtocolUsing SAML Tokens with WS-*WS-Trust ArchitectureBuilding Federations with WS-FederationAdvanced HTTP SecurityOAuth Overview and Use CasesOpenID Connect5 Authorization PatternsAccess Control ModelsXACML OverviewXACML and SAML for ABAC and RBAC6 Security ConsiderationsAvoiding Common ErrorsOWASP Top 10SANS Top 20Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and ServersCritical Control 4: Continuous Vulnerability Assessment and RemediationCritical Control 6: Application Software SecurityCritical Control 9: Security Skills Assessment and Appropriate Training to Fill GapsCritical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and SwitchesCritical Control 11: Limitation and Control of Network Ports, Protocols, and ServicesCritical Control 13: Boundary DefenseCritical Control 19: Secure Network EngineeringCritical Control 20: Penetration Tests and Red Team ExercisesOther ResourcesTesting and Vulnerability AssessmentTesting StrategyVulnerability Assessment Tools7 Challenges8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem9 Unix and Linux Security1 Unix and SecurityThe Aims of System SecurityAuthenticationAuthorizationAvailabilityIntegrityConfidentiality2 Basic Unix Security OverviewTraditional Unix SystemsKernel Space versus User LandSemantics of User Space SecurityStandard File and Device Access SemanticsRead, Write, ExecuteSpecial PermissionsSet-ID BitSticky BitMandatory LockingPermissions on DirectoriesRead and WriteExecuteSetIDOther File SystemsDiscretionary Versus Mandatory Access Control3 Achieving Unix SecuritySystem PatchingLocking Down the SystemMinimizing User PrivilegesDetecting Intrusions with Audits and Logs4 Protecting User Accounts and Strengthening AuthenticationEstablishing Secure Account UseThe Unix Login ProcessControlling Account AccessThe Local FilesNetwork Information SystemUsing PAMs to Modify AuthNNoninteractive AccessOther Network Authentication MechanismsRisks of Trusted Hosts and NetworksReplacing Telnet, Rlogin, and FTP Servers and Clients with SSH5 Limiting Superuser PrivilegesConfiguring Secure TerminalsGaining Root Privileges with suUsing Groups Instead of RootUsing the sudo1) Mechanism6 Securing Local and Network File SystemsDirectory Structure and Partitioning for SecurityEmploying Read-Only PartitionsFinding Special FilesOwnership and Access PermissionsLocate SetID FilesLocate Suspicious Files and Directories7 Network ConfigurationBasic Network SetupDetecting and Disabling Standard UNIX ServicesHost-Based FirewallRestricting Remote Administrative AccessConsoles and Terminals on Restricted NetworksDedicated Administrative Networks8 Improving the Security of Linux and Unix Systems9 Additional ResourcesUseful ToolsWebminnmapLCFGFurther Information10 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem10 Eliminating the Security Weakness of Linux and Unix Operating Systems1 Introduction to Linux and UnixWhat is Unix?HistoryUnix Is a BrandUnix Is a SpecificationLineageWhat is Linux?Most Popular Unix-like OSLinux Is a KernelLinux is a CommunityLinux Is DistributionsLinux Standard BaseA Word of WarningSystem ArchitectureKernelFile SystemUsers and GroupsPermissionsProcesses2 Hardening Linux and UnixNetwork HardeningMinimizing Attack SurfaceEliminate Unnecessary ServicesSecurely Configure Necessary ServicesHost-basedChroot and Other JailsAccess ControlStrong AuthenticationTwo-Factor AuthenticationPKIDedicated Service AccountsAdditional ControlsEncrypted CommunicationsLog AnalysisIDS/IPSHost HardeningPermissionsAdministrative AccountsGroupsFile System Attributes and ACLsIntrusion DetectionAudit TrailsFile ChangesSpecialized HardeningGRSec/PAXSELinuxSystems Management SecurityAccount ManagementPatchingBackups3 Proactive Defense for Linux and UnixVulnerability AssessmentNetwork-based AssessmentHost-based AssessmentIncident Response PreparationPredefined Roles and Contact ListSimple Message for End UsersBlue Team/Red Team ExercisesOrganizational ConsiderationsSeparation of DutiesForced Vacations4 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem11 Internet Security1 Internet Protocol ArchitectureCommunications Architecture BasicsGetting More SpecificThe PHY LayerThe MAC LayerThe Network LayerThe Transport LayerThe Sockets LayerAddress Resolution ProtocolDynamic Host Configuration ProtocolDomain Naming ServiceInternet Control Message ProtocolRoutingApplications2 An Internet Threat ModelThe Dolev–Yao Adversary ModelLayer ThreatsEavesdroppingForgeriesReplayDelay and RushingReorderMessage DeletionSummary3 Defending against Attacks on the internetLayer Session DefensesDefending against EavesdroppingIndependence of KeysLimited OutputKey SizeMode of OperationDefending against Forgeries and ReplaysIndependence of Authentication KeysNo Reuse of Replay Counter Values with a KeyKey SizeMessage Authentication Code Tag SizeSession Start-up DefensesMutual AuthenticationKey SecrecySession State ConsistencyMutual AuthenticationA Symmetric Key Mutual Authentication MethodAn Asymmetric Key Mutual Authentication MethodA CaveatKey EstablishmentState Consistency4 Internet Security Checklist5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem12 The Botnet Problem1 Introduction2 Botnet OverviewOrigins of BotnetsBotnet Topologies and ProtocolsCentralizedPeer-To-Peer3 Typical Bot Life Cycle4 The Botnet Business Model5 Botnet DefenseDetecting and Removing Individual BotsDetecting C&C; TrafficDetecting and Neutralizing the C&C; ServersAttacking Encrypted C&C; ChannelsLocating and Identifying the Botmaster6 Botmaster TracebackTraceback ChallengesStepping StonesMultiple ProtocolsLow-Latency Anonymous NetworkEncryptionLow-Traffic VolumeTraceback Beyond the Internet7 Preventing Botnets8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem13 Intranet Security1 Smartphones and Tablets in the Intranet2 Security Considerations3 Plugging the Gaps: NAC and Access Control4 Measuring Risk: Audits5 Guardian at the Gate: Authentication and Encryption6 Wireless Network Security7 Shielding the Wire: Network Protection8 Weakest Link in Security: User Training9 Documenting the Network: Change Management10 Rehearse the Inevitable: Disaster Recovery11 Controlling Hazards: Physical and Environmental Protection12 Know Your Users: Personnel Security13 Protecting Data Flow: Information and System Integrity14 Security Assessments15 Risk Assessments16 Intranet Security Implementation Process Checklist17 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem14 Local Area Network Security1 Identify Network ThreatsDisruptiveUnauthorized Access2 Establish Network Access Controls3 Risk Assessment4 Listing Network Resources5 Threats6 Security Policies7 The Incident-Handling Process8 Secure Design Through Network Access Controls9 IDS Defined10 Nids: Scope and Limitations11 A Practical Illustration of NIDSUDP AttacksTCP SYN Half-Open) ScanningSome Not-So-Robust Features of NIDS12 FirewallsFirewall Security PolicyConfiguration Script for sf Router13 Dynamic NAT Configuration14 The Perimeter15 Access List Details16 Types of Firewalls17 Packet Filtering: IP Filtering Routers18 Application-Layer Firewalls: Proxy Servers19 Stateful Inspection Firewalls20 Nids Complements Firewalls21 Monitor and Analyze System ActivitiesAnalysis Levels22 Signature Analysis23 Statistical Analysis24 Signature AlgorithmsPattern MatchingStateful Pattern MatchingProtocol Decode-based AnalysisHeuristic-based AnalysisAnomaly-based Analysis25 Local Area Network Security Countermeasures Implementation Checklist26 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem15 Wireless Network Security1 Cellular NetworksCellular Telephone Networks802.11 Wireless LANs2 Wireless Ad hoc NetworksWireless Sensor NetworksWireless Multimedia Sensor NetworksInternet of ThingsMesh Networks3 Security Protocols4 WEPWPA and WPA2WPAWPA2SPINS: Security Protocols for Sensor NetworksSNEPμTΕSLA5 Secure RoutingSEADAriadne6 ARAN7 SLSP8 Key EstablishmentBootstrappingBootstrapping in Wireless Ad Hoc NetworksBootstrapping in Wireless Sensor NetworksKey ManagementClassificationContributory SchemesDiffie-hellman Key Exchange9 INGHypercube and Octopus H & O)Distributed SchemesPartially Distributed Threshold CA SchemeSelf-organized Key Management PGP-A)Self-Healing Session Key Distribution10 Management Countermeasures11 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences16 Wireless Sensor Network Security1 Introduction to the Wireless Sensor Network WSN)WSN Architecture and Protocol StackApplication LayerMiddlewareTransport LayerNetwork LayerData Link LayerPhysical LayerMobility PlanePower PlaneTask Management PlaneVulnerabilities and Attacks on WSNPassive AttackActive Attack2 Threats to PrivacyReconnaissanceEavesdroppingThreats to ControlMan-in-the-Middle AttackRadio InterferenceInjection AttackReplay AttackByzantine AttackSybil AttackSinkhole AttackThreats to AvailabilityDenial of Service DoS) or DDoSHELLO Flood AttackJammingCollisionNode CompromiseAttacks Specific to WSNAttacks on Beaconing ProtocolAttacks on Geographic- and Energy-Aware Routing GEAR)Security in WSN Using a Layered ApproachSecurity Measures in the Physical LayerSecurity Measures in the Data Link Layer3 Security Measures for WSNAuthenticationLightweight Private Key Infrastructure PKI) for WSNKey Management in WSNSymmetric Key AlgorithmsFully Pairwise-Shared KeysTrusted Server Mechanismsλ-Secure n×n Key-Establishment SchemesRandom Key-Predistribution SchemesBasic Random Key-Predistribution SchemePhase I: Key PredistributionPhase II: Shared-Key DiscoveryPhase III: Path-Key Establishmentq-Composite SchemeRandom Pairwise Key SchemeMultispace Key SchemesDeterministic Key-Predistribution SchemesPublic Key Algorithms4 Secure Routing in WSN5 Routing Classifications in WSNDatacentric CommunicationLocation InformationNetwork Layering and In-Network ProcessingPath RedundancyQuality of Service QoS)Network DynamicsNetwork HeterogeneityRouting Protocols in WSNSelective-Forwarding Attack in WSNCross-Layer Design Approach in WSNLower to UpperUpper to LowerLower and UpperIntegration of Adjacent LayersDesign Coupling without InterfacesVertical and Horizontal Calibration across LayersHorizontal Calibration6 WSN Security Framework and StandardsIEEE 802.15.4ZigBee7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences17 Cellular Network Security1 Introduction2 Overview of Cellular NetworksOverall Cellular Network ArchitectureCore Network OrganizationCall Delivery Service3 The State of the Art of Cellular Network SecuritySecurity in the Radio Access NetworkSecurity in Core NetworkSecurity Implications of Internet ConnectivitySecurity Implications of PSTN Connectivity4 Cellular Network Attack TaxonomyAbstract ModelAbstract Model FindingsInteractionsSample Cascading AttackCross-Infrastructure Cyber Cascading AttacksIsolating Vulnerabilities5 Cellular Network Vulnerability AnalysisCellular Network Vulnerability Assessment Toolkit CAT)Cascading Effect Detection RulesAttack GraphCondition NodesAction NodesGoal NodesEdgesTreesAttack Scenario DerivationEnd-User effectOrigin of AttackAttack Propagation and Side EffectsExample Attack ScenarioAdvanced Cellular Network Vulnerability Assessment Toolkit aCAT)Network Dependency ModelInfection Propagation IP) RulesAlerting AttackCellular Network Vulnerability Assessment Toolkit for Evaluation eCAT)Boolean ProbabilitiesAttack Graph MarkingHotspotsCoverage Measurement Formulas6 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences18 RFID Security1 RFID IntroductionRFID System ArchitectureTagsRFID ReadersBack-End DatabaseRFID StandardsRFID Applications2 RFID ChallengesCounterfeitingSniffingTrackingOther IssuesSpoofingRepudiationInsert AttacksReplay AttacksPhysical AttacksVirusesSocial IssuesComparison of All Challenges3 RFID ProtectionsBasic RFID SystemRFID System Using Symmetric-Key CryptographyUsing the Symmetric Key to Provide Authentication and PrivacyOther Symmetric-Key Cryptography-based ApproachesRFID System using Public-Key CryptographyAuthentication with Public-Key CryptographyIdentity-Based Cryptography Used in the RFID Networks4 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences19 Optical Network Security1 Optical NetworksFiberRefraction of LightRefractive IndexTotal Internal ReflectionSingle Mode Versus MultimodeLayers Within Sites2 Securing Optical NetworksTechniquesFourier AnalysisStatement of the Equation3 Identifying VulnerabilitiesSignal IntelligenceAccess to Equipment4 Corrective ActionsSecuring EquipmentEncryption5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences20 Optical Wireless Security1 Optical Wireless Systems OverviewHistoryTodayTheory of Operation2 Deployment ArchitecturesMeshRingPoint to Point3 High Bandwidth4 Low Cost5 Implementation6 Surface Area7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemII. Managing Information Security21 Information Security Essentials for IT Managers: Protecting Mission-Critical Systems1 Information Security Essentials for it Managers, OverviewScope of Information Security ManagementCISSP Ten Domains of Information SecurityWhat is a Threat?Common AttacksImpact of Security Breaches2 Protecting Mission-Critical SystemsInformation AssuranceInformation Risk ManagementAdministrative, Technical, and Physical ControlsRisk AnalysisDefense in DepthContingency PlanningAn Incident Response IR) PlanBusiness Continuity Planning BCP)3 Information Security from the Ground UpPhysical SecurityFacility RequirementsAdministrative, Technical, and Physical ControlsData SecurityData ClassificationAccess Control ModelsSystems and Network SecurityHost-Based SecurityNetwork-Based SecurityIntrusion DetectionIntrusion PreventionBusiness Communications SecurityGeneral Rules for Self-ProtectionHandling Protection ResourcesRules for Mobile IT SystemsOperation on Open NetworksAdditional Business Communications GuidelinesWireless SecurityAccess ControlConfidentialityIntegrityAvailabilityEnhancing Security ControlsWeb and Application SecurityWeb SecurityApplication SecuritySecurity Policies and ProceduresSecurity Employee Training and AwarenessThe Ten Commandments of SETA4 Security Monitoring and EffectivenessSecurity Monitoring MechanismsIncidence Response and Forensic InvestigationsValidating Security EffectivenessVulnerability Assessments and Penetration Tests5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem22 Security Management Systems1 Security Management System Standards2 Training Requirements3 Principles of Information Security4 Roles and Responsibilities of Personnel5 Security Policies6 Security Controls7 Network Access8 Risk Assessment9 Incident Response10 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem23 Policy-driven System Management1 Introduction2 Security and Policy-based ManagementSystem Architecture and Security ManagementThe Promise of Policy-based ManagementPolicy BasicsPolicy Hierarchy and RefinementPolicy Organization and ConflictsPolicy DistributionGeneric Policy ArchitectureAutonomic ComputingAccreditation3 Classification and LanguagesSecurity ObjectivesSecurity PrinciplesAccess Control Models4 Controls for Enforcing Security Policies in Distributed SystemsCriteria for Control SelectionFirewall TechnologiesChannel and Message Protection Technologies5 Products and TechnologiesSAP Access ControlMicrosoft Group PolicyCISCOXACMLSELinux6 Research ProjectsPonderPoSecCoSystem and Security ModelRequirements EngineeringPolicy Specification and HarmonizationPolicy Refinement and OptimizationConfiguration Validation and Audit7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemAcknowledgmentsReferences24 Information Technology Security Management1 Information Security Management StandardsFederal Information Security Management ActInternational Standards Organization2 Other Organizations Involved in Standards3 Information Technology Security AspectsSecurity Policies and ProceduresSecurity Organization StructureEnd UserExecutive ManagementSecurity OfficerData/Information OwnersInformation System AuditorInformation Technology PersonnelSystems AdministratorIT Security ProcessesProcesses for a Business Continuity StrategyProcesses for IT Security Governance PlanningRules and Regulations4 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem25 Online Identity and User Management Services1 Introduction2 Evolution of Identity Management RequirementsDigital Identity DefinitionIdentity Management OverviewPrivacy RequirementUser CentricityUsability Requirement3 The Requirements Fulfilled by Identity Management TechnologiesEvolution of Identity Management4 Identity Management 1.0Silo ModelSolution by AggregationCentralized vs. Federation Identity ManagementA Simple Centralized ModelMeta-DirectoriesVirtual DirectoriesSingle-Sign-On SSO)Federated Identity ManagementIdentity 2.0Identity 2.0 InitiativesLIDXRI/XDISAMLShibbolethID-WSFRoadmap to Interoperable Federated Identity ServicesOpenID 2.0OpenID StackInfoCardSXIP 2.0HigginsSummarizing Table5 Social Login and User Management6 Identity 2.0 for Mobile UsersIntroductionMobile Web 2.0MobilityEvolution of Mobile IdentityPDA as Solution to Strong AuthenticationDifferent Kinds of Strong Authentication Through a Mobile PDASMS Based One-Time Password OTP)Soft Token ApplicationFull Option Mobile SolutionFuture of Mobile User-Centric Identity Management in an Ambient Intelligence AmI) WorldAmI ScenarioRequirements for Mobile User-centric Identity Management in an AmI world7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences26 Intrusion Prevention and Detection Systems1 What is an ‘Intrusion’ Anyway?2 Physical Theft3 Abuse of Privileges The Insider Threat)4 Unauthorized Access by Outsider5 Malware Infection6 The Role of the ‘0-Day’7 The Rogue’s Gallery: Attackers and MotivesScript KiddyJoy RiderMercenaryNation-State Backed8 A Brief Introduction to TCP/IP9 The TCP/IP Data Architecture and Data Encapsulation10 Survey of Intrusion Detection and Prevention Technologies11 Anti-Malware Software12 Network-Based Intrusion Detection Systems13 Network-Based Intrusion Prevention Systems14 Host-Based Intrusion Prevention Systems15 Security Information Management Systems16 Network Session Analysis17 Digital Forensics18 System Integrity Validation19 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences27 TCP/IP Packet Analysis1 The Internet ModelThe Physical LayerThe Data Link LayerAddressing in a LAN Select and Type an H3 HereBenefits and Applications of Spoofing the MAC AddressThe Network LayerIP Packet FormatInternet Protocol Addressing: Classful AddressingSubnet Mask and SubnettingRouting Internet Protocol RIP)Open Shortest Path First OSPF)Border Gateway Protocol BGP)Address Resolution Protocol ARP)Reverse Address Resolution Protocol RARP)Internet Control Message Protocol ICMP)The Transport LayerA TCP Connection—Three-way HandshakingState Transition DiagramConnection Termination—In a three-way handshakeHalf-CloseConnection ResetSYN Flooding AttackUser Datagram Protocol UDP)The Application LayerDynamic Host Configuration Protocol DHCP)Domain Name Server DNS)TracerouteIpConfigPingNetstat2 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem28 The Enemy The Intruder’s Genesis)1 Introduction2 Active ReconnaissanceNetwork MappingNmapIdlescanDecoy HostFIN ScanPort ScanningPingTCP SYN Half OpenFragmentation ScanningPort NumbersWell-Known PortsNonstandard PortsBounce ScansVulnerability Scanning3 Enumeration4 Penetration and Gain AccessStack-Based Buffer Overflow AttacksPassword AttacksSniffingSniffing ToolsIP Address SpoofingMAC Address Modifying Utility: SMACDNS SpoofingSession HijackingTCP Session HijackingRoute Table ModificationUDP HijackingSession-Hijacking Tool: HuntWeb HijackingSQL Injection5 Maintain AccessCovering TracksBackdoors and Trojan HorsesBackdoor Tool: NetcatRootkits6 Defend Network Against Unauthorized Access7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem29 Firewalls1 Abstract2 Contents30 Penetration Testing1 Introduction2 What is Penetration Testing?3 How Does Penetration Testing Differ from an Actual “Hack?”4 Types of Penetration Testing5 Phases of Penetration TestingThe Pre-Attack PhaseThe Attack PhaseThe Post-Attack Phase6 Defining What’s Expected7 The Need for a Methodology8 Penetration Testing Methodologies9 Methodology in ActionEC-Council LPT MethodologyInformation GatheringVulnerability AnalysisExternal Penetration TestingInternal Network Penetration TestingRouter Penetration TestingFirewall Penetration TestingIDS Penetration TestingWireless Network Penetration TestingDenial-of-Service Penetration TestingPassword-Cracking Penetration TestingSocial Engineering Penetration TestingStolen Laptop, PDA, and Cell Phone Penetration TestingApplication Penetration TestingPhysical Security Penetration TestingDatabase Penetration TestingVoice-Over-IP Penetration TestingVPN Penetration Testing10 Penetration Testing Risks11 Liability Issues12 Legal Consequences13 “Get Out of Jail Free” Card14 Penetration Testing Consultants15 Required Skill Sets16 Accomplishments17 Hiring a Penetration Tester18 Why Should a Company Hire You?QualificationsWork ExperienceCutting-Edge Technical SkillsCommunication SkillsAttitudeTeam SkillsCompany Concerns19 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem31 What is Vulnerability Assessment?1 Introduction2 Reporting3 The “it Won’t Happen to US” Factor4 Why Vulnerability Assessment?DSS PCI Compliance5 Penetration Testing Versus Vulnerability Assessment6 Vulnerability Assessment Goal7 Mapping the Network8 Selecting the Right Scanners9 Central Scans Versus Local Scans10 Defense in Depth Strategy11 Vulnerability Assessment ToolsNessusGFI LANguardRetinaCore ImpactISS Internet ScannerX-Scan12 SARAQualysGuard13 SAINT14 MBSA15 Scanner Performance16 Scan Verification17 Scanning Cornerstones18 Network Scanning Countermeasures19 Vulnerability Disclosure DateFind Security Holes before they Become Problems20 Proactive Security Versus Reactive Security21 Vulnerability CausesPassword Management FlawsFundamental Operating System Design FlawsSoftware BugsUnchecked User Input22 Diy Vulnerability Assessment23 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem32 Security Metrics: An Introduction and Literature Review1 Introduction2 Why Security Metrics?3 The Nature of Security MetricsTraditional Security MetricsThe Organization PerspectiveIssues Associated with Definition and ApplicationScientifically Based Security Metrics4 Getting Started with Security Metrics5 Metrics in Action—Towards an Intelligent Security Dashboard6 Security Metrics in the LiteratureThe Nature of Security MetricsMeasuring the Security of a Computer SystemManaging IT Security RisksMeasuring the Effectiveness of a Security Process7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferencesIII. Cyber, Network, and Systems Forensics Security and Assurance33 Cyber Forensics1 What is Cyber Forensics?2 Analysis of DataCyber Forensics and Ethics, Green Home Plate Gallery ViewDatabase Reconstruction3 Cyber Forensics in the Court System4 Understanding Internet History5 Temporary Restraining Orders and Labor DisputesDivorcePatent InfringementWhen to Acquire, When to Capture AcquisitionCreating Forensic Images Using Software and Hardware Write BlockersLive Capture of Relevant FilesRedundant Array of Independent or Inexpensive) Disks RAID)File System AnalysesNTFSThe Role of the Forensic Examiner in Investigations and File RecoveryPassword RecoveryFile CarvingThings to Know: How Time Stamps WorkExperimental EvidenceXPVistaEmail Headers and Time Stamps, Email Receipts, and Bounced MessagesSteganography “Covered Writing”6 First Principles7 Hacking a Windows XP PasswordNet User Password HackLanman Hashes and Rainbow Tables*Password Reset DiskMemory Analysis and the Trojan DefenseUser Artifact AnalysisRecovering Lost and Deleted FilesSoftware InstallationRecent FilesStart MenuEmailInternet History8 Network AnalysisProtocolsAnalysis9 Cyber Forensics Applied10 Tracking, Inventory, Location of Files, Paperwork, Backups, and so onTestimonialExperience NeededJob Description, TechnologistJob Description ManagementCommercial UsesSolid BackgroundEducation/CertificationProgramming and ExperienceCommunicationsPublications11 Testifying as an ExpertDegrees of CertaintyGenerally TrueReasonable Degree of CertaintyCertainty without Doubt12 Beginning to End in CourtDefendants, Plaintiffs, and ProsecutorsPretrial MotionsTrial: Direct and Cross-ExaminationRebuttalSurrebuttalTestifying: Rule 702. Testimony by ExpertsCorrecting Mistakes: Putting Your Head in the SandDirect TestimonyCross-Examination13 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem34 Cyber Forensics and Incident Response1 Introduction to Cyber ForensicsResponding to IncidentsApplying Forensic Analysis SkillsDistinguishing between Unpermitted Corporate and Criminal Activity2 Handling Preliminary InvestigationsPlanning for Incident ResponseCommunicating with Site PersonnelKnowing Your Organization’s PoliciesMinimizing the Impact on Your OrganizationIdentifying the Incident Life CyclePreparationDetection, Collection, and AnalysisContainment, Eradication, and RecoveryPost-Incident ActivityCapturing Volatile Information3 Controlling an InvestigationCollecting Digital EvidenceChain of Custody and Process IntegrityAdvantages of Having a Forensic Analysis TeamLegal Aspects of Acquiring Evidence: Securing and Documenting the SceneProcessing and Logging Evidence4 Conducting Disk-Based AnalysisForensics Lab OperationsAcquiring a Bit-Stream ImageSpecialized HardwareSoftware: LinuxWindowsEnabling a Write BlockerEstablishing a BaselinePhysically Protecting the MediaDisk Structure and Recovery TechniquesDisk Geometry ComponentsInspecting Windows File System ArchitecturesFAT File Allocation Table)New Technology File System NTFS)Master File Table MFT)Alternate Data Streams ADS)Locating and Restoring Deleted Content5 Investigating Information-Hiding TechniquesUncovering Hidden InformationScanning and Evaluating Alternate Data StreamsExecuting Code from a StreamSteganography Tools and ConceptsDetecting SteganographyScavenging Slack SpaceInspecting Header Signatures and File ManglingCombining FilesBinding Multiple Executable FilesFile Time Analysis6 Scrutinizing EmailInvestigating the Mail ClientInterpreting Email HeadersRecovering Deleted Emails7 Validating Email Header InformationDetecting Spoofed EmailVerifying Email Routing8 Tracing Internet AccessInspecting Browser Cache and History FilesExploring Temporary Internet FilesVisited URLs, Search Queries, Recently Opened FilesResearching Cookie StorageReconstructing Cleared Browser HistoryAuditing Internet SurfingTracking User ActivityUncovering Unauthorized Usage9 Searching Memory in Real TimeComparing the Architecture of ProcessesIdentifying User and Kernel MemoryInspecting ThreadsDiscovering Rogue DLLs and DriversEmploying Advanced Process Analysis MethodsEvaluating Processes with Windows Management Instrumentation WMI)Walking Dependency TreesAuditing Processes and ServicesInvestigating the Process TableDiscovering Evidence in the RegistryDeploying and Detecting a Rootkit10 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences35 Securing e-Discovery1 Information Management2 Legal and Regulatory ObligationSecuring the Field of PlayStep 1: Examine the Information Management EnvironmentStep 2: Measure: How Secure is the System?Step 3: Remediate IssuesExampleIdentificationIdentification IntegrationSecuring Zone 1Securing Zone 2Securing Zone 4: Preservation, Collection, and ProcessingPreservationWhat is Metadata?What is Data Forensics?CollectionData Retention PoliciesInternal CollectionExternal CollectionCollection “Don’ts”ProcessingSecuring the Processing Architecture—Zone 4Staging Collection Data)MountingEarly Case Assessment ECM)ProcessingSecuring Zone 5: Hosting/ReviewMore is LessSecuring Zone 6: Production and PresentationSecurity3 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem36 Network Forensics1 Scientific Overview2 The Principles of Network Forensics3 Attack Traceback and AttributionIP TracebackActive ProbingICMP Traceback iTrace)Packet MarkingLog-Based TracebackStepping-Stone Attack Attribution4 Critical Needs Analysis5 Research DirectionsVoIP AttributionTracking BotnetsTraceback in Anonymous SystemsOnline Fraudster Detection and AttributionTracing PhishersTracing Illegal Content Distributor in P2P Systems6 SummaryIDS SoftwareSecurity Event Management SoftwareNFAT SoftwareDHCP ServersPacket SniffersNetwork MonitoringISP RecordsSend Network Traffic to the IP AddressChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemIV. Encryption Technology37 Data Encryption1 Need for CryptographyAuthenticationConfidentialityIntegrityNonrepudiation2 Mathematical Prelude to CryptographyMapping or FunctionProbabilityComplexity3 Classical CryptographyThe Euclidean AlgorithmThe Extended Euclidean AlgorithmModular ArithmeticCongruenceResidue ClassInversesFundamental Theorem of ArithmeticCongruence Relation DefinedSubstitution CipherTransposition Cipher4 Modern Symmetric CiphersS-BoxP-BoxesProduct Ciphers5 Algebraic StructureDefinition GroupDefinitions of Finite and Infinite Groups Order of a Group)Definition Abelian GroupExamples of a GroupDefinition: SubgroupDefinition: Cyclic GroupRingsExamplesDefinition: FieldExamplesFinite Fields GF2n)Modular Polynomial Arithmetic Over GF2)Using a Generator to Represent the Elements of GF2n)GF23) is a Finite Field6 The Internal Functions of Rijndael in AES ImplementationMathematical PreliminariesStateThe S-Box SubByte)ShiftRowsMixingSubkey AdditionPutting it TogetherRound7 Use of Modern Block CiphersThe Electronic Code Book ECB)Cipher-Block Chaining CBC)8 Public-Key CryptographyReview: Number TheoryCoprimesCardinality of PrimesFactoringFermat’s Little TheoremDiscrete LogarithmPrimitive Roots9 Cryptanalysis of RSAFactorization AttackDiscrete Logarithm Problem10 Diffie-Hellman Algorithm11 Elliptic Curve CryptosystemsAn ExampleAddition FormulaExample of Elliptic Curve AdditionEC Security12 Message Integrity and AuthenticationCryptographic Hash FunctionsPreimage ResistanceSecond Preimage Resistance Weak Collision Resistance)Strong Collision ResistanceMessage AuthenticationDigital SignatureMessage Integrity Uses a Hash Function in Signing the MessageRSA Digital Signature SchemeRSA Digital Signature and the Message Digest13 Triple Data Encryption Algorithm TDEA) Block CipherApplications14 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceEXERCISEProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences38 Satellite Encryption1 Introduction2 The Need for Satellite Encryption3 Implementing Satellite EncryptionGeneral Satellite Encryption IssuesUplink EncryptionExtraplanetary Link EncryptionDownlink Encryption4 Pirate Decryption of Satellite TransmissionsCircuit-based SecurityRemovable Security Cards5 Satellite Encryption Policy6 Satellite Encryption Service7 The Future of Satellite Encryption8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem39 Public Key Infrastructure1 Abstract2 Contents40 Password-based Authenticated Key Establishment Protocols1 Introduction to Key ExchangeWhat Are Key Exchange Protocols?The Historic Example: The Diffie-Hellman Key ExchangeAuthenticationMan in the MiddleImplicit and Explicit AuthenticationClassical Key ExchangeLong-term Symmetric KeysRelying on Public-Key Infrastructure2 Password-Authenticated Key ExchangeThe Need for User-Friendly, Password-Based SolutionsNew Security ThreatsDictionary AttacksForward Secrecy and Known Session KeysOther Security PropertiesKey Confirmation and Authentication in PAKE3 Concrete ProtocolsEncrypted Key ExchangeSecurity and EfficiencySecurity and Efficiency by DesignSecurity in TheoryFlawsProposed StandardizationKey Confirmation and Mutual AuthenticationOn the Security of Hash-and-Multiply Instantiations of the Encryption ProcessSimple Password Exponential Key ExchangeSecurity and EfficiencySecurity and Efficiency by DesignSecurity in TheoryFlawsProposed StandardizationKey Confirmation and Mutual AuthenticationDefending against Exponential EquivalencePassword-Authenticated Key Exchange by JugglingInterlude: Proving Knowledge of Discrete LogarithmsJ-PAKEA Concrete ZKP ProtocolJ-PAKE’s SecurityFlawsProposed StandardizationPatents and Deployment4 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences41 Instant-Messaging Security1 Why Should I Care about Instant Messaging?2 What is Instant Messaging?3 The Evolution of Networking Technologies4 Game Theory and Instant MessagingYour WorkforceFactor #1Factor #2Generational GapsFactor #3Factor #4TransactionsFactor #5Factor #65 The Nature of the ThreatMalicious ThreatFactor #7Factor #8VulnerabilitiesMan-in-the-Middle AttacksPhishing and Social EngineeringKnowledge is the CommodityFactor #9Data and Traffic AnalysisFactor #10Unintentional ThreatsIntellectual Property LeakageInappropriate UseFactor #11Regulatory ConcernsFactor #126 Common IM ApplicationsConsumer Instant MessagingEnterprise Instant MessagingInstant-Messaging AggregatorsBackdoors: Instant Messaging Via Other Means HTML)Mobile Dimension7 Defensive Strategies8 Instant-Messaging Security Maturity and SolutionsAsset ManagementBuilt-In SecurityContent FilteringClassic SecurityComplianceData Loss PreventionLoggingAnomaly DetectionArchival9 ProcessesInstant-Messaging Activation and ProvisioningApplication ReviewPeopleReviseAudit10 SummaryExample Answers to Key FactorsChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemV. Privacy and Access Management42 Privacy on the Internet1 Privacy in the Digital SocietyThe Origins, the DebatePrivacy Threats2 The Economics of PrivacyPrivacy and BusinessPrivacy and the Web3 Privacy-Enhancing TechnologiesAccess Control Models and LanguagesLanguages for Privacy-Aware Access Control and Privacy PreferencesPrivacy in Mobile Environments4 Network AnonymityOnion Routing and TORNetwork Anonymity ServicesAnonymous Remailers5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences43 Privacy-Enhancing Technologies1 The Concept of Privacy2 Legal Privacy PrinciplesLegitimacyPurpose Specification and Purpose Binding Also Called Purpose Limitation)Data MinimizationTransparency and Rights of the Data SubjectsSecurity3 Classification of PETs4 Traditional Privacy Goals of PETs5 Privacy Metrics6 Data Minimization TechnologiesAnonymous CommunicationDC NetworkMix NetsAN.ONOnion Routing/TorData Minimization at Application LevelBlind Signatures and Anonymous eCashZero-Knowledge ProofsAnonymous CredentialsPrivate Information Retrieval7 Transparency-Enhancing ToolsClassificationEx-ante Transparency-Enhancing ToolsEx-Post Transparency-Enhancing Tools8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences44 Personal Privacy Policies1 Introduction2 Content of Personal Privacy PoliciesPrivacy Legislation and DirectivesRequirements from Privacy PrinciplesPrivacy Policy Specification3 Semiautomated Derivation of Personal Privacy PoliciesAn ExampleRetrieval from a Community of Peers4 Specifying Well-Formed Personal Privacy PoliciesUnexpected OutcomesOutcomes from the Way the Matching Policy was ObtainedPolicy UpgradesPolicy DowngradesOutcomes from the Content of the Matching PolicyValid FieldCollector FieldRetention TimeDisclose-to Field5 Preventing Unexpected Negative OutcomesDefinition 1Definition 2Rules for Specifying near Well-Formed Privacy PoliciesRule for Specifying ValidRule for Specifying CollectorRule for Specifying Retention TimeRule for Specifying Disclose-ToApproach for Obtaining Near Well-Formed Privacy Policies6 The Privacy Management ModelHow Privacy Policies are UsedThe Matching of Privacy PoliciesDefinition 3 Matching Collector and Disclose-to)Definition 4 Matching Rules)Definition 5 Matching Privacy Policies)Definition 6 Upgrade and Downgrade of Rules and Policies)Shortcut 1Shortcut 2Shortcut 3Personal Privacy Policy NegotiationPersonal Privacy Policy Compliance7 Discussion and Related Work8 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-on ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem45 Detection of Conflicts in Security Policies1 Introduction2 Conflicts in Security PoliciesSecurity RequirementsPoliciesAbstract PoliciesExecutable PoliciesPolicy Enforcement MechanismsContradictoryRedundantIrrelevantConflict ResolutionSeparation of Duty3 Conflicts in Executable Security PoliciesJava EE Access Control4 Conflicts in Network Security PoliciesFiltering Intra-policy ConflictsManual Testing5 Query-Based Conflict DetectionConflict Detection by Anomaly ClassificationA More in-Depth View of Packet Filter Conflict AnalysisStateful Firewall AnalysisInter-Firewall AnalysisChannel Protection ConflictsIPsec Intra-Policy Conflict DetectionIPsec Inter-Policy Conflict Detection6 Semantic Web Technology for Conflict DetectionUse of Standard ReasonersAd-Hoc Reasoning MethodsClosed World Assumption CWA)Reasoning on Complex Property PathsUnique Name Assumption UNA)Rule-Based Inferencing7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemAcknowledgmentsReferences46 Supporting User Privacy Preferences in Digital Interactions1 Introduction2 Basic Concepts and DesiderataClient PortfolioDisclosure PoliciesTrust NegotiationClient Privacy PreferencesServer Privacy Preferences3 Cost-Sensitive Trust NegotiationProblem 1: Minimum Sensitivity Cost problemNonsensitive PoliciesDefinition 1: Minimum Directed Acyclic GraphSensitive PoliciesOpen Issues4 Point-Based Trust ManagementProblem 2: Credential Selection ProblemDynamic Programming AlgorithmOpen Issues5 Logical-Based Minimal Credential DisclosureQualitative PreferencesDefinition 2: Optimal Disclosure SetsOpen Issues6 Privacy Preferences in Credential-Based InteractionsSensitivity LabelsDisclosureProblem 3: Minimum Disclosure ProblemOpen Issues7 Fine-Grained Disclosure of Sensitive Access PoliciesDisclosure PolicyPolicy CommunicationOpen Issues8 Open Issues9 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemAcknowledgmentsReferences47 Privacy and Security in Environmental Monitoring Systems: Issues and Solutions1 Introduction2 System Architectures3 Environmental Data4 Security and Privacy Issues in Environmental MonitoringSecurity RisksDamages to the System InfrastructureViolation of the Communication ChannelsUnauthorized AccessPrivacy RisksData Correlation and AssociationData EvolutionsUnusual DataUsers’ Locations5 CountermeasuresCounteracting Security RisksProtecting Environmental Data Access PatternsEnforcing Access Restrictions on Environmental DataCounteracting Privacy RisksEncrypting Stored and Outsourced Environmental DataFragmenting Stored or Outsourced Environmental DataProtecting Published Environmental DataPublishing Environmental MacrodataDetecting Sensitive CellsProtecting Sensitive CellsPublishing Environmental MicrodataProtecting the Privacy of Location Information in Environmental Data6 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemAcknowledgmentsReferences48 Virtual Private Networks1 History2 Who is in Charge?3 VPN TypesIPsecL2TPL2TPv3 or HigherL2FPPTP VPNMPLSMPVPN™SSHSSL-VPNTLS4 Authentication MethodsHashingHMACMD5SHA-15 Symmetric Encryption6 Asymmetric Cryptography7 Edge Devices8 Passwords9 Hackers and Crackers10 Mobile VPN11 VPN Deployments12 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemResources49 Identity Theft1 Abstract2 Contents50 VoIP Security1 IntroductionVoIP Basics2 Overview of ThreatsReconnaissance of VoIP NetworksDenial of ServiceMalformed Request DoSLoad-Based DoSControl Packet FloodsCall Data FloodsDistributed Denial-of-Service AttackLoss of PrivacyTFTP Configuration File SniffingTraffic AnalysisConversation EavesdroppingMan-in-the-Middle AttacksReplay AttacksImpersonationRedirection AttackSession DisruptionExploitsSocial Engineering3 Security in VoIPPreventative MeasuresEavesdroppingIdentityTraffic AnalysisReactiveIPSRate LimitingChallenging4 Future TrendsForking Problem in SIPSecurity in Peer-to-Peer SIPJoin/Leave AttackAttacks on Overlay RoutingRegistration AttacksMan-in-the-middle AttacksAttacks on Bootstrapping NodesDuplicate Identity AttacksFree RidingEnd-to-End Identity with SBCsSIP Security Using Identity-Based Cryptography5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemVI. Storage Security51 SAN Security1 Abstract2 Contents52 Storage Area Networking Security Devices1 What is a San?2 San Deployment Justifications3 The Critical Reasons for San SecurityWhy is SAN Security Important?4 San Architecture and ComponentsSAN SwitchesNetwork Attached Storage NAS)FabricHBA and ControllersTape LibraryProtocols, Storage Formats and CommunicationsBlock-Based IP Storage IP)Secure iSCSISecure FCIPFibre Channel Storage FCS)Secure FCPSecure Fibre Channel Storage NetworksSMB/CIFSNetwork File System NFS)Online Fixed Content5 San General Threats and IssuesSAN Cost: A Deterrent to AttackersPhysical Level Threats, Issues, and Risk MitigationPhysical EnvironmentHardware Failure ConsiderationsSecure Sensitive Data on Removable Media to Protect “Externalized Data”Know Thy Network or Storage Network)Use Best Practices for Disaster Recovery and BackupLogical Level Threats, Vulnerabilities, and Risk MitigationBegin with a Security PolicyInstrument the Network with Security ToolsIntrusion Detection and Prevention Systems IDS/IPS)Network Traffic Pattern Behavior AnalysisFull Network Traffic Capture and ReplaySecure Network and Management toolsRestrict Remote SupportAttempt to Minimize User ErrorEstablish Proper Patch Management ProceduresUse Configuration Management ToolsSet Baseline ConfigurationsCenter for Internet SecurityNational Security AgencyVulnerability ScanningSystem HardeningManagement ToolsSeparate Areas of the SANPhysicalLogicalVirtualPenetration TestingOWASPOSSTMMISSAISACAEncryptionConfidentialityDeciding What to EncryptType of Encryption to UseProving that Data is EncryptedEncryption Challenges and Other IssuesLoggingPolicies and ProceduresPrioritize Log ManagementCreate and Maintain a Log Management InfrastructureProvide Support for Staff with Log Management ResponsibilitiesEstablish a Log Management Operational ProcessWhat Events Should Be Logged for SANs?Attempts to Gain Access Through Existing AccountsFailed File or Resource Access AttemptsUnauthorized Changes to Users, Groups and ServicesSystems Most Vulnerable to AttackSuspicious or Unauthorized Network Traffic Patterns6 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem53 Risk Management1 The Concept of Risk2 Expressing and Measuring Risk3 The Risk Management MethodologyContext EstablishmentRisk AssessmentRisk TreatmentRisk Communication and ConsultationRisk Monitoring and ReviewIntegrating Risk Management into the System Development Life CycleCritique of Risk Management as a MethodologyRisk Management Methods4 Risk Management Laws and Regulations5 Risk Management Standards6 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemVII. Physical Security54 Physical Security Essentials1 Overview2 Physical Security ThreatsNatural DisastersEnvironmental ThreatsInappropriate Temperature and HumidityFire and SmokeWater DamageChemical, Radiological, and Biological HazardsDustInfestationTechnical ThreatsElectrical PowerElectromagnetic InterferenceHuman-Caused Physical Threats3 Physical Security Prevention and Mitigation MeasuresEnvironmental ThreatsInappropriate Temperature and HumidityFire and SmokeWater DamageOther Environmental ThreatsTechnical ThreatsHuman-Caused Physical Threats4 Recovery from Physical Security Breaches5 Threat Assessment, Planning, and Plan ImplementationThreat AssessmentPlanning and Implementation6 Example: A Corporate Physical Security Policy7 Integration of Physical and Logical Security8 Physical Security Checklist9 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem55 Disaster Recovery1 Introduction2 Measuring Risk and Avoiding DisasterAssessing Risk in the EnterpriseSteps in the Risk ProcessMatching the Response to the Threat3 The Business Impact Assessment BIA)Identifying Business-Critical ActivitiesSpecifying Required IT Support from Technical StaffDesigning Recovery SolutionsEstablishing a Disaster Recovery SiteSite Choices: Configuration and AcquisitionChoosing Suppliers: In-House Versus Third PartySpecifying Equipment4 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem56 Biometrics1 Relevant Standards2 Biometric System ArchitectureData CaptureSignal ProcessingMatchingData StorageDecisionAdaptation3 Using Biometric SystemsEnrollmentAuthenticationIdentification4 Security ConsiderationsError RatesDoddington’s ZooBirthday AttacksComparing TechnologiesStorage of Templates5 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem57 Homeland Security1 Abstract2 Contents58 Cyber Warfare1 Cyber Warfare Model2 Cyber Warfare Defined3 CW: Myth or Reality?4 Cyber Warfare: Making CW PossiblePreparationResearchReconnaissanceVulnerability EnumerationOffensive StrategiesPsychological WeaponsTechnical WeaponsVulnerability DatabasesDeployment ToolsPayloadsControl ConsolesDefensive Strategies5 Legal Aspects of CWTerrorism and SovereigntyLiability Under International LawState ResponsibilityIndividual LiabilityRemedies Under International LawSelf-DefenseInternational Criminal CourtOther RemediesDeveloping Countries Response6 Holistic View of Cyber Warfare7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemVIII. Practical Security59 System Security1 Foundations of SecurityDifferentiating Security ThreatsHardware and Peripheral SecurityExamplePatch Management and Policies2 Basic CountermeasuresSecurity Controls and FirewallsApplication SecurityHardening and Minimization3 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem60 Securing the Infrastructure1 Communication Security GoalsNetwork Design and ComponentsSwitching and RoutingPorts and ProtocolsThreatsSpoofingIntercepting TrafficPacket CapturingDenial of ServiceDistributed Denial of ServiceARP PoisoningDNS Poisoning2 Attacks and CountermeasuresNetwork FirewallProxies3 SummaryInfrastructure Security Tasks ChecklistChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem61 Access Controls1 Infrastructure Weaknesses: DAC, MAC, and RBACDiscretionary Access ControlMandatory Access ControlRole-Based Access ControlLogical Access ControlsPhysical Access Controls2 Strengthening the Infrastructure: Authentication SystemsKerberos and CHAPRandomly, the Authenticator Sends Another Challenge to the Peer and Repeats the Steps Mentioned AboveWireless Security Access Controls3 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem62 Assessments and Audits1 Assessing Vulnerabilities and Risk: Penetration Testing and Vulnerability AssessmentsPort Scanning and Password CrackingOVAL and CVE2 Risk Management: Quantitative Risk MeasurementsEstablishing a BaselineAuditing and LoggingReviewing Policy Settings3 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem63 Fundamentals of Cryptography1 Assuring Privacy with EncryptionPhysical Versus Logical SecurityThe Confidentiality, Integrity, and Availability CIA) Model and BeyondConfidentialityIntegrityAvailabilityCryptographic Standards and Protocols: Block Ciphers—Approved AlgorithmsAES2 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemIX. Advanced Security64 Security Through Diversity1 Ubiquity2 Example Attacks Against Uniformity3 Attacking Ubiquity with Antivirus Tools4 The Threat of Worms5 Automated Network Defense6 Diversity and the Browser7 Sandboxing and Virtualization8 DNS Example of Diversity Through Security9 Recovery from Disaster is Survival10 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem65 Online e-Reputation Management Services1 Introduction2 The Human Notion of Reputation3 Reputation Applied to the Computing World4 State of the Art of Attack—Resistant Reputation Computation5 Overview of Current Online Reputation ServiceeBayOpinityRapleafVenyoTrustPlus+Xing+ZoomInfo+SageFireNaymz+Trufina: Visible.MeThe GORBReputationDefender: Reputation.comKloute-Reputation Monitoring Servicese-Reputation Insurances6 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemBibliography66 Content Filtering1 Abstract2 Contents67 Data Loss Protection1 Precursors of DLP2 What is DLP?3 Where to Begin?4 Data is Like Water5 You Don’t Know What You Don’t KnowPrecision versus Recall6 How Do DLP Applications Work?7 Eat Your VegetablesData in MotionData at RestData in Use8 IT’s a Family Affair, not Just it Security’s Problem9 Vendors, Vendors Everywhere! Who do you Believe?10 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblem68 Satellite Cyber Attack Search and Destroy1 Hacks, Interference, and JammingIdentifying ThreatsCommunicating with SatellitesImproving Cyber Security2 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences69 Verifiable Voting Systems1 Introduction2 Security RequirementsInterrelationships and ConflictsAchieving System SecurityChallengesCompromises3 Verifiable Voting SchemesVerifiable Supervised SchemesVerifiable Remote Schemes4 Building BlocksEncryption SchemesRSA CipherElGamal CipherPaillier CipherSecret Sharing and Threshold TechniquesShamir’s Secret SharingVerifiable Secret SharingThreshold ElGamalZero-Knowledge ProofsInteractive Proofs and Fiat-Shamir HeuristicsSchnorr Identification AlgorithmChaum-Pedersen ProtocolCramer-Damgård-Schoenmakers ProtocolMixnetsChaum’s Mixnet and Randomized Partial CheckingNeff’s MixnetOther Useful TechniquesBlind SignatureDesignated Verifier ProofPlaintext Equivalent TestProxy Re-encryption5 Survey of Noteworthy SchemesSchemes Based on Blind SignatureSchemes Based on MixnetsSchemes Based on Homomorphic EncryptionSpecific Voter-Verifiable SchemesChaum’s Visual Cryptography SchemeScantegrity IINon-crypto SchemesRandell and Ryan’s SchemeRemote Voting schemesPrêt à VoterEvolution of Prêt à VoterTabulation IssuesPermutations of the Candidate OrderLeakage of Ballot InformationCoercionChain-voting6 Threats to Verifiable Voting SystemsAuthentication of ReceiptsUse of Cryptography7 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferences70 Advanced Data Encryption1 Mathematical Concepts ReviewedFermat’s Little TheoremDiscrete LogarithmPrimitive RootsDefinition GroupDefinition of Finite and Infinite Groups Order of a Group)Definition of Abelian GroupExamples of a GroupDefinition SubgroupDefinition of Cyclic GroupRingsExamplesDefinition FieldExamplesFinite Fields GF2n)DefinitionDefinitionDefinitionTheoremTheoremExampleModular Polynomial Arithmetic over GF2)Using a Generator to Represent the Elements of GF2n)GF23) is a Finite Field2 The RSA CryptosystemFactorization AttackChosen-Ciphertext AttackThe eth Roots ProblemDiscrete Logarithm ProblemDiscrete Logarithm Problem DLP)Lattice-based Cryptography—NTRUNTRU CryptosystemTruncated Polynomial RingsInverses in Truncated Polynomial RingNTRU Parameters and KeysKey GenerationNTRU EncryptionExample of NTRU EncryptionNTRU DecryptionExample of NTRU DecryptionWhy Does NTRU Work?3 SummaryChapter Review Questions/ExercisesTrue/FalseMultiple ChoiceExerciseProblemHands-On ProjectsProjectCase ProjectsProblemOptional Team Case ProjectProblemReferencesIndex
评论:
