Tài liệu Network Security Bible ppt

activi-The Five Parts of This Book Network Security Bible is organized into the following five parts: ✦ Part I: Security Principles and Practices ✦ Part II: Operating Systems and Applica

Network Security

Bible

Dr Eric Cole, Dr Ronald Krutz, and James W Conley

Network Security

Bible

Network Security

Bible

Dr Eric Cole, Dr Ronald Krutz, and James W Conley

Network Security Bible

Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS

OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES

OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data

Cole, Eric.

Network security bible / Eric Cole, Ronald Krutz, James W Conley.

p cm.

ISBN 0-7645-7397-7 (pbk.)

1 Computer security 2 Computer networks — Security measures 1 Krutz, Ronald L., 1938- II Conley,

James W III Title.

QA76.9.A25C5985 2005

005.8—dc22

2004025696

Trademarks: Wiley, the Wiley logo, and related trade dress are registered trademarks of John Wiley & Sons, Inc and/or its

affiliates, in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned

in this book.

To Kerry, Jackson, and Anna, who provide constant

inspiration and energy EBC

To my family — the real meaning of life RLK

To my beautiful wife, Jill, and handsome children, Matthew and Andrew JWC

Mary Beth Wakefield

Vice President & Executive Group Publisher

Graphics and Production Specialists

Sean DeckerCarrie A FosterDenny HagerJoyce Haughey

Quality Control Technician

Amanda BriggsJohn GreenoughLeeann Harney

Proofreading and Indexing

TECHBOOKS Production Services

About the Authors

Dr Eric Cole is the best-selling author of Hackers Beware and one of the

highest-rated speakers on the training circuit Eric has earned rave reviews for his ability

to educate and train network security professionals worldwide He has appeared onCNN and has been interviewed on various TV programs, including “CBS News” and

“60 Minutes.”

An information security expert for more than 15 years, Eric holds several sional certificates and helped develop several certifications and correspondingcourses He obtained his M.S in Computer Science at the New York Institute ofTechnology and recently earned his Doctorate degree in Network Steganographyfrom Pace University

profes-Eric has created and directed corporate security programs for several large zations, built numerous security consulting practices, and worked for more thanfive years at the Central Intelligence Agency He is currently Chief Scientist for TheSytex Group, Inc Information Research Center, where he heads up cutting-edgeresearch

organi-Dr Ronald L Krutz is a Senior Information Security Researcher in the Advanced

Technology Research center of The Sytex Group, Inc In this capacity, he works with

a team responsible for advancing the state of the art in information systems rity He has more than 30 years of experience in distributed computing systems,computer architectures, real-time systems, information assurance methodologies,and information security training He holds the CISSP and ISSEP information secu-rity certifications

secu-He has been an information security consultant at REALTECH Systems Corporationand BAE Systems, an associate director of the Carnegie Mellon Research Institute(CMRI), and a professor in the Carnegie Mellon University Department of Electricaland Computer Engineering Ron founded the CMRI Cybersecurity Center and wasfounder and director of the CMRI Computer, Automation, and Robotics Group He is

a former lead instructor for the (ISC)2CISSP Common Body of Knowledge reviewseminars Ron is also a Distinguished Special Lecturer in the Center for ForensicComputer Investigation at the University of New Haven, a part-time instructor in theUniversity of Pittsburgh Department of Electrical and Computer Engineering, and aRegistered Professional Engineer In addition, he is the author of six best-sellingpublications in the area of information systems security Ron holds B.S., M.S., andPh.D degrees in Electrical and Computer Engineering

James W Conley is a Senior Researcher in the Advanced Technology Research

Center of The Sytex Group, Inc He has more than 20 years of experience in security,beginning as a Security Officer in the United States Navy, then as a Senior SecuritySpecialist on CIA development efforts, and now as a security professional with certi-fications of CISSP/Security+/CCNA Additionally, he has over 18 years of experience

in project management, software engineering, and computer science He has astrong foundation in personnel management, software development, and systemsintegration Prior to joining Sytex, he held prominent positions in various compa-nies, such as Chief Information Officer, Director of Security, Vice President ofSecurity Solutions, and finally as President/CEO (ThinkSecure, LLC) Jim has exten-sive experience developing applications and securing systems in both UNIX andWindows environments, and has a B.S in Physics, M.S in Computer Science, and ispursuing a Ph.D in Machine Learning at George Mason University, Fairfax, Virginia.

Contents at a Glance

Acknowledgments xxv

Introduction xxvii

Part I: Security Principles and Practices 1

Chapter 1: Information System Security Principles 3

Chapter 2: Information System Security Management 43

Chapter 3: Access Control Considerations 79

Part II: Operating Systems and Applications 97

Chapter 4: Windows Security 99

Chapter 5: UNIX and Linux Security 155

Chapter 6: Web Browser and Client Security 201

Chapter 7: Web Security 237

Chapter 8: E-mail Security 273

Chapter 9: Domain Name System 309

Chapter 10: Server Security 333

Part III: Network Security Fundamentals 365

Chapter 11: Network Protocols 367

Chapter 12: Wireless Security 381

Chapter 13: Network Architecture Fundamentals 417

Part IV: Communications 445

Chapter 14: Secret Communication 447

Chapter 15: Covert Communication 479

Chapter 16: Applications of Secure/Covert Communication 529

Part V: The Security Threat and the Response 555

Chapter 17: Intrusion Detection and Response 557

Chapter 18: Security Assessments, Testing, and Evaluation 591

Chapter 19: Putting Everything Together 613

Index 625

Acknowledgments xxv

Introduction xxvii

Part I: Security Principles and Practices 1 Chapter 1: Information System Security Principles 3

Key Principles of Network Security 3

Confidentiality 4

Integrity 4

Availability 4

Other important terms 4

Formal Processes 5

The systems engineering process 5

The Information Assurance Technical Framework 6

The Information Systems Security Engineering process 11

The Systems Development Life Cycle 21

Information systems security and the SDLC 22

Risk Management 31

Definitions 32

Risk management and the SDLC 33

Summary 42

Chapter 2: Information System Security Management 43

Security Policies 43

Senior management policy statement 44

Standards, guidelines, procedures, and baselines 45

Security Awareness 46

Training 46

Measuring awareness 47

Managing the Technical Effort 48

Program manager 48

Program management plan 48

Systems engineering management plan 48

Configuration Management 56

Primary functions of configuration management 56

Definitions and procedures 57

Business Continuity and Disaster Recovery Planning 59

Business continuity planning 60

Disaster recovery planning 64

Physical Security 67

Controls 68

Environmental issues 72

Fire suppression 73

Object reuse and data remanence 74

Legal and Liability Issues 75

Types of computer crime 75

Electronic monitoring 76

Liability 76

Summary 77

Chapter 3: Access Control Considerations 79

Control Models 79

Discretionary access control 79

Mandatory access control 80

Non-discretionary access control 81

Types of Access Control Implementations 81

Preventive/Administrative 81

Preventive/Technical 82

Preventive/Physical 82

Detective/Administrative 82

Detective/Technical 83

Detective/Physical 83

Centralized/Decentralized access controls 84

Identification and Authentication 84

Passwords 85

Biometrics 85

Single Sign-On 86

Databases 90

Relational databases 90

Other database types 92

Remote Access 93

RADIUS 93

TACACS and TACACS+ 93

Password Authentication Protocol 94

Challenge Handshake Authentication Protocol 94

Callback 95

Summary 95

Part II: Operating Systems and Applications 97

Chapter 4: Windows Security 99

Windows Security at the Heart of the Defense 101

Who would target me? 101

Be afraid 102

Microsoft recommendations 103

Out-of-the-Box Operating System Hardening 105

Prior to system hardening 105

The general process of system hardening 105

Windows 2003 new installation example 107

Specifics of system hardening 110

Securing the typical Windows business workstation 114

Securing the typical Windows gaming system 114

Installing Applications 115

Antivirus protection 116

Personal firewalls 118

Secure Shell 118

Secure FTP 119

Pretty Good Privacy 119

Putting the Workstation on the Network 120

Test the hardened workstation 120

Physical security 120

Architecture 120

Firewall 121

Intrusion detection systems 122

Operating Windows Safely 122

Separate risky behavior 122

Physical security issues 124

Configuration issues 125

Configuration control 127

Operating issues 130

Upgrades and Patches 138

Keep current with Microsoft upgrades and patches 138

Keep current with application upgrades and patches 139

Keep current with antivirus signatures 139

Use the most modern Windows version 140

Maintain and Test the Security 140

Scan for vulnerabilities 141

Test questionable applications 141

Be sensitive to the performance of the system 141

Replace old Windows systems 142

Periodically re-evaluate and rebuild 142

Monitoring 143

Logging and auditing 144

Clean up the system 144

Prepare for the eventual attack 145

Attacks Against the Windows Workstation 145

Viruses 145

Worms 146

Trojan horses 147

Spyware and ad support 148

Spyware and “Big Brother” 149

Physical attacks 149

TEMPEST attacks 150

Backdoors 150

Denial-of-service attacks 151

File extensions 151

Packet sniffing 152

Hijacking and session replay 152

Social engineering 152

Summary 153

Chapter 5: UNIX and Linux Security 155

The Focus of UNIX/Linux Security 155

UNIX as a target 155

UNIX/Linux as a poor target 157

Open source issues 158

Physical Security 160

Limiting access 161

Detecting hardware changes 162

Disk partitioning 163

Prepare for the eventual attack 164

Controlling the Configuration 166

Installed packages 166

Kernel configurations 167

Operating UNIX Safely 174

Controlling processes 174

Controlling users 187

Encryption and certificates 194

Hardening UNIX 196

Configuration items 196

TCP wrapper 198

Checking strong passwords 198

Packet filtering with iptables 199

Summary 200

Chapter 6: Web Browser and Client Security 201

Web Browser and Client Risk 201

Privacy versus security 202

Web browser convenience 202

Web browser productivity and popularity 202

Web browser evolution 203

Web browser risks 204

Issues working against the attacker 205

How a Web Browser Works 205

HTTP, the browser protocol 205

Cookies 208

Maintaining state 210

Caching 212

Secure Socket Layer 212

Web Browser Attacks 216

Hijacking attack 216

Replay attack 217

Browser parasites 218

Operating Safely 219

Keeping current with patches 220

Avoiding viruses 220

Using secure sites 220

Securing the network environment 222

Using a secure proxy 223

Avoid using private data 223

General recommendations 224

Web Browser Configurations 225

Cookies 225

Plugins 226

Netscape-specific issues 230

Internet Explorer–specific issues 231

Summary 236

Chapter 7: Web Security 237

What Is HTTP? 237

How Does HTTP Work? 239

HTTP implementation 242

Persistent connections 244

The client/server model 248

Put 249

Get 250

Burstable TCP 250

HTML 251

Server Content 252

CGI scripts 252

PHP pages 253

Client Content 254

JavaScript 254

Java 255

ActiveX 257

State 260

What is state? 260

How does it relate to HTTP? 260

What applications need state? 260

Tracking state 261

Cookies 261

Web bugs 264

URL tracking 265

Hidden frames 265

Hidden fields 266

Attacking Web Servers 266

Account harvesting 266

SQL injection 267

E-commerce Design 269

Physical location 269

Summary 271

Chapter 8: E-mail Security 273

The E-mail Risk 273

Data vulnerabilities 273

Simple e-mail versus collaboration 274

Spam 285

Maintaining e-mail confidentiality 288

Maintaining e-mail integrity 289

E-mail availability issues 290

The E-mail Protocols 290

SMTP 290

POP 294

IMAP 295

E-mail Authentication 296

Plain login 296

Login authentication 297

APOP 297

NTLM/SPA 298

+OK logged onPOP before SMTP 299

Kerberos and GSSAPI 299

Operating Safely When Using E-mail 300

Be paranoid 300

Mail client configurations 301

Application versions 302

Architectural considerations 302

SSH tunnel 303

PGP and GPG 307

Summary 308

Chapter 9: Domain Name System 309

Purpose of DNS 310

Forward lookups 315

Reverse lookups 316

Alternative Approaches to Name Resolution 318

Security Issues with DNS 319

Misconfigurations 321

Zone transfers 322

Predictable query IDs 325

Recursion and iterative queries 325

DNS Attacks 326

Simple DNS attack 327

Cache poisoning 327

Designing DNS 329

Split DNS 329

Split-split DNS 329

Master Slave DNS 331

Detailed DNS Architecture 331

Summary 332

Chapter 10: Server Security 333

General Server Risks 333

Security by Design 334

Maintain a security mindset 335

Establishing a secure development environment 340

Secure development practices 344

Test, test, test 351

Operating Servers Safely 354

Controlling the server configuration 354

Controlling users and access 356

Passwords 357

Monitoring, auditing, and logging 357

Server Applications 358

Data sharing 358

Peer to peer 362

Instant messaging and chat 363

Summary 364

Part III: Network Security Fundamentals 365 Chapter 11: Network Protocols 367

Protocols 367

The Open Systems Interconnect Model 368

The OSI Layers 369

The Application layer 369

The Presentation layer 370

The Session Layer 370

The Transport layer 371

The Network layer 372

The Data Link layer 373

The Physical layer 374

The TCP/IP Model 375

TCP/IP Model Layers 377

Network Address Translation 379

Summary 379

Chapter 12: Wireless Security 381

Electromagnetic Spectrum 381

The Cellular Phone Network 383

Placing a Cellular Telephone Call 385

Wireless Transmission Systems 386

Time Division Multiple Access 386

Frequency Division Multiple Access 386

Code Division Multiple Access 387

Wireless transmission system types 388

Pervasive Wireless Data Network Technologies 393

Spread spectrum 393

Spread spectrum basics 393

IEEE Wireless LAN Specifications 397

The PHY layer 398

The MAC layer 398

IEEE 802.11 Wireless Security 400

WEP 400

WEP security upgrades 402

802.11i 408

Bluetooth 413

Wireless Application Protocol 414

Summary 416

Chapter 13: Network Architecture Fundamentals 417

Network Segments 418

Public networks 418

Semi-private networks 418

Private networks 419

Perimeter Defense 419

Network Address Translation 420

Basic Architecture Issues 422

Subnetting, Switching, and VLANs 424

Address Resolution Protocol and Media Access Control Addresses 426

Dynamic Host Configuration Protocol and Addressing Control 428Firewalls 429Packet filtering firewalls 430Stateful packet filtering 432Proxy firewalls 433Disadvantages of firewalls 434Intrusion Detection Systems 435Types of intrusion detection systems 436Methods and modes of intrusion detection 439Responses to Intrusion Detection 442Common Attacks 442Summary 444

Part IV: Communications 445

Chapter 14: Secret Communication 447

General Terms 448Historic Cryptography 449Substitution ciphers 449Ciphers that shaped history 455The Four Cryptographic Primitives 455Random number generation 456Cast Introduction 460Symmetric Encryption 460Stream ciphers 462Block ciphers 463Sharing keys 465Asymmetric Encryption (Two-Key Encryption) 467Using a Certificate Authority 468Using a web of trust 469Digital signatures 470Hash functions 471Keyed hash functions 473Putting These Primitives Together to Achieve CIA 473The Difference Between Algorithm and Implementation 475Proprietary Versus Open Source Algorithms 476Summary 477

Chapter 15: Covert Communication 479

Where Hidden Data Hides 479Where Did It Come From? 481Where Is It Going? 482Overview of Steganography 482Why do we need steganography? 483Pros of steganography 484

Cons of steganography 485Comparison to other technologies 485History of Steganography 488Using steganography in the fight for the Roman Empire 488Steganography during war 489Core Areas of Network Security and Their Relation to Steganography 490Confidentiality 490Integrity 491Availability 491Additional goals of steganography 491Principles of Steganography 492Steganography Compared to Cryptography 493Protecting your ring example 493Putting all of the pieces together 494Types of Steganography 495Original classification scheme 496New classification scheme 497Color tables 501Products That Implement Steganography 503S-Tools 503Hide and Seek 506Jsteg 508EZ-Stego 511Image Hide 512Digital Picture Envelope 514Camouflage 516Gif Shuffle 517Spam Mimic 519Steganography Versus Digital Watermarking 520What is digital watermarking? 521Why do we need digital watermarking? 521Properties of digital watermarking 521Types of Digital Watermarking 522Invisible watermarking 522Visible watermarking 523Goals of Digital Watermarking 523Digital Watermarking and Stego 524Uses of digital watermarking 524Removing digital watermarks 526Summary 526

Chapter 16: Applications of Secure/Covert Communication 529

E-mail 530POP/IMAP protocols 530Pretty Good Privacy 531Kerberos 532Authentication Servers 534

Working Model 535Public Key Infrastructure 537Public and private keys 538Key management 540Web of trust 541Virtual Private Networks 541Design issues 543IPSec-based VPN 544IPsec header modes 545PPTP/PPP-based VPNs 547Secure Shell 548Secure Sockets Layer/Transport Layer Security 549SSL Handshake 550Summary 554

Part V: The Security Threat and the Response 555

Chapter 17: Intrusion Detection and Response 557

Malicious Code 557Viruses 557Review of Common Attacks 559Denial-of-service/Distributed denial-of-service attacks 559Back door 560Spoofing 560Man-in-the-middle 561Replay 561TCP/Hijacking 561Fragmentation attacks 562Weak keys 562Mathematical attacks 563Social engineering 563Port scanning 564Dumpster diving 564Birthday attacks 564Password guessing 565Software exploitation 565Inappropriate system use 566Eavesdropping 566War driving 567TCP sequence number attacks 567War dialing/demon dialing attacks 567Intrusion Detection Mechanisms 567Antivirus approaches 567Intrusion detection and response 568IDS issues 571

Honeypots 573Purposes 573Honeypot categories 574When to use a honeypot 575When not to use a honeypot 575Current solutions 576Honeynet Project 577Incident Handling 577CERT/CC practices 578Internet Engineering Task Force guidance 583Layered security and IDS 584Computer Security and Incident Response Teams 585Security Incident Notification Process 587Automated notice and recovery mechanisms 588Summary 589

Chapter 18: Security Assessments, Testing, and Evaluation 591

Information Assurance Approaches and Methodologies 591The Systems Security Engineering Capability Maturity Model 592NSA Infosec Assessment Methodology 594Operationally Critical Threat, Asset,

and Vulnerability Evaluation 595Federal Information Technology Security

Assessment Framework 595Certification and Accreditation 596The National Information Assurance Certification

and Accreditation Process 596Four phases of NIACAP 597DoD Information Technology Security Certification

and Accreditation Process 598The four phases of DITSCAP 599Federal Information Processing Standard 102 600OMB Circular A-130 601The National Institute of Standards and Technology

Closed-box test 610Open-box test 610Auditing and Monitoring 610Auditing 610Monitoring 611Summary 612

Chapter 19: Putting Everything Together 613

Critical Problems Facing Organizations 613How do I convince management security is a problem

and that they should spend money on it? 613How do I keep up with the increased number of attacks? 615How do you make employees part of the solution and

not part of the problem? 615How do you analyze all of the log data? 616How do I keep up with all of the different systems across

my enterprise and make sure they are all secure? 617How do I know if I am a target of corporate espionage

or some other threat? 617Top 10 common mistakes 618General Tips for Protecting a Site 620Defense in depth 620Principle of least privilege 621Know what is running on your system 621Prevention is ideal but detection is a must 622Apply and test patches 623Regular checks of systems 623Summary 623

Index 625

John Wiley is a wonderful publisher to work with Carol Long is an insightful and

energetic executive editor who provides continual support Marcia Ellett vided constant guidance and expertise, and without all of her help and hard work,this book would not be where it is today

pro-As deadlines approach you reach out to your co-workers who are truly friends totap into the expertise and knowledge Sandy Ring, Bill Speirs, and Vignesh Kumarall wrote or helped write chapters in the book Their technical knowledge is topnotch and their input was critical to the success of the book

The authors would not be working together or be able to complete the book out having the opportunity to work for such a great company, TSGI (The SytexGroup, Inc.) Continuing thanks to Syd Martin for understanding the importance ofresearch and for allowing creative minds to think of solutions to complex technicalproblems Syd’s support is critical to the success of this book and the success ofthe cutting-edge research the team produces

with-Most of all we want to thank God for blessing us with a great life and a wonderfulfamily

Eric has Kerry, who is a loving and supportive wife Without her none of this would

be possible Eric’s wonderful son, Jackson, and his princess, Anna, bring joy andhappiness to him everyday

Ron is blessed with an understanding and supporting wife; children, Sheri and Lisa;and wonderful grandchildren, Patrick, Ryan, Aaron, and Emma

Jim receives unlimited love and support from his lovely wife, Jill, and his exceptionalchildren, Matthew and Andrew

In addition, we thank all of our friends, family, and co-workers who have supported

us in a variety of ways through this entire process

Network security spans a large number of disciplines, ranging from

manage-ment and policy topics to operating system kernel fundamanage-mentals

Historically, the coverage of these and the other network security areas was sented in multiple, specialized publications or given a high-level treatment that was

pre-not suited to the practitioner Network Security Bible approaches network security

from the view of the individual who wants to learn and apply the associated work security best practices without having to sort through a myriad of extraneousmaterial from multiple sources The information provided in this text includes

net-“secrets” learned by practicing professionals in the field of network securitythrough many years of real-world experience

The Goal of This Book

Network Security Bible provides comprehensive coverage of the fundamental

con-cepts of network security and the processes and means required to implement asecure network The goal of this text is to provide the reader with an understanding

of security engineering processes and network security best practices, including in-depth specifics on the following topics:

Network Security Bible meets the needs of information security professionals and

other individuals who have to deal with network security in their everyday ties It is truly an all-inclusive reference that tells you why and how to achieve asecure network in clear and concise terms

activi-The Five Parts of This Book

Network Security Bible is organized into the following five parts:

✦ Part I: Security Principles and Practices

✦ Part II: Operating Systems and Applications

✦ Part III: Network Security Fundamentals

✦ Part IV: Communications

✦ Part V: The Security Threat and Response

The flow of the material is designed to provide a smooth transition from tal principles and basic knowledge to the practical details of network security

fundamen-In this manner, the text can serve as a learning mechanism for people new to thefield as well as a valuable reference and guide for experienced professionals

Part I: Security Principles and Practices

Part I provides a background in the fundamentals of information system security.Specifically, it comprises chapters on information system security principles, infor-mation system security management, and access control

✦ Chapter 1: Information System Security Principles It is important that the

network security practitioner be intimately familiar with the fundamentaltenets of information system security, particularly the concepts of confiden-tiality, integrity, and availability (CIA) These topics are explained in detail inthis chapter and then related to threats, vulnerabilities, and possible impacts

of threats realized After covering these basic topics, the formal processes ofsystems engineering (SE), information systems security engineering (ISSE),the systems development life cycle (SDLC), and the relationship of networksecurity to the SDLC are explained These subject areas provide the readerwith an excellent understanding of applying standard rules to incorporateinformation system security into system development activities These skillsare particularly valuable to individuals working in large companies that needthe discipline provided by these methods and to government organizationsrequired to apply formal information security approaches in their everydayoperations

✦ Chapter 2: Information System Security Management To continue to

pro-vide a basis for delving into network security issues, this chapter discussesthe important, but sometimes neglected, roles of management and administra-tion in implementing good network security All personnel in an organizationshould be aware of the information security policies, procedures, and guide-lines and practice them on an ongoing basis The existence of these docu-ments and practices are of critical importance to an organization and should

be incorporated into the organization’s routine operations For example, theseemingly innocuous requirement of requiring critical personnel to take vaca-tion time in blocks of a week or more might reveal covert and illegal activities

on the part of those individuals when they are replaced by new personnel during the vacation interval Also, corporate officers will be exposed to legalliability if they do not have policies in place addressing the protection of theorganization’s intellectual property and other critical information

Chapter 2 also provides clear and concise guidelines on the best practices toensure the continuity of an organization’s critical operations during and after

a disaster Business continuity planning (BCP) and disaster recover planning(DRP) approaches are explained and illustrated, providing for continuity ofcritical business functions and networked information systems, respectively

✦ Chapter 3: Access Control Considerations Controlling access to critical

net-work and computer resources is one of the most important requirements forany organization Chapter 4 defines and illustrates the concepts of identifying

a user or process to an information system, verifying the identity of that user

or process (authentication), and granting access privileges to specificresources (authorization) In addition, this chapter covers the methods ofimplementing secure access to information systems from remote sites

Part II: Operating Systems and Applications

In the second part of this book, the security issues and solutions associated withoperating systems such as Windows, UNIX, and Linux are detailed Following thesetopics, Web browser security, Web security, e-mail security, domain name systems,and server applications are addressed The authors provide insights and directions

to implementing operating system and Web security based on their extensive rience in these areas

expe-✦ Chapter 4: Windows Security Because the many versions of the Windows

operating system that are in widespread use, their security vulnerabilitiespose serious threats to their host computers Chapter 4 reviews these secu-rity problems and offers steps to be taken to securely install Windows, hardenthe operating system, operate securely, and maintain a safe system

✦ Chapter 5: UNIX and Linux Security UNIX and the open source Linux

operat-ing systems are becomoperat-ing increasoperat-ingly popular as counters to the reliabilityproblems of the Windows operating systems Thus, network security aspects

of UNIX and Linux are covered in Chapter 5, including kernel issues, ous services, and specific services such as NFS, Sendmail, BIND, and RIP.

extrane-✦ Chapter 6: Web Browser and Client Security Web browsers pose serious

threats to the security of their host machines and this chapter explores thesources of those threats, focusing on the Netscape and Internet Explorerbrowsers The authors provide their solutions to securing a Web browser andprotecting corporate portals

✦ Chapter 7: Web Security Building on the information and solutions presented

for Web browsers, Chapter 7 continues by examining the Hypertext TransferProtocol (HTTP); Common Gateway Interface (CGI) security issues; privacyconcerns associated with cookies, hidden fields and URL tracking; auditing;and the secure implementation of e-commerce applications

✦ Chapter 8: E-mail Security Because we all use e-mail, the information security

knowledge covered in this chapter is directly applicable to users, IT sionals, and security personnel Chapter 8 explains the different types ofe-mail, including SMTP, POP3, and IMAP The authors describe how to prop-erly configure e-mail systems, and how to handle security problems associ-ated with those types

profes-✦ Chapter 9: Domain Name System This chapter describes the concepts

behind the Domain Name System (DNS), Master and Slave Name servers, andthe design of Domain Name Systems, including split DNS and split-split DNS.The authors then describe how to set up different types of DNS servers anddiscuss recursion and zone transfers

✦ Chapter 10: Server Security Another key knowledge component of network

security is understanding the different types of servers and their associatedapplications Chapter 10 describes the general principles to be observedwhen putting a server on line and then specifically presents valuable com-mentary on FTP servers, instant messaging, NetBIOS file sharing, secure shell,Kazaa, and remote access of computer-based information

Part III: Network Security Fundamentals

This part describes the various network protocols, particularly the specifics of theOSI and TCP models The fundamental concepts of wireless communication andwireless security are explained, including coding schemes, the different wirelesstechnology generations, and wireless vulnerabilities The authors then providedetailed recommendations and guidance for securing networks along with descrip-tions of the components of network architectures

✦ Chapter 11: Network Protocols This chapter explains in detail the OSI and

TCP models and the IP, ICMP, TCP, and UDP protocols It also reviews addressresolution concepts and methods and relates them to the general goals of net-work security

✦ Chapter 12: Wireless Security Wireless connections to the Internet are

becoming extremely popular and this chapter covers topics including thewireless frequency spectrum, fundamentals of wireless transmission, the dif-ferent coding schemes and generations of wireless technology, and securityissues associated with wireless applications

✦ Chapter 13: Network Architecture Fundamentals The components of a

net-work and their corresponding configurations for implementing security arecritical factors in the protection information systems Chapter 14 providesclear descriptions and explanations of network bridges, routers, switches,firewalls, gateways, guards, and other important network elements Theirfunctions and relationship to the overall security of a network are reviewedand guidelines for their application are provided

Part IV: Communications

Part IV of this book reveals the best practices and approaches related to cations security

communi-✦ Chapter 14: Secret Communication Secret communication involves the

means to encrypt and decrypt messages as well as to authenticate the sender

Chapter 14 provides a history of cryptography, reviews the fundamentals ofsymmetric and asymmetric encryption, explains digital signatures, and con-cludes with an overview of generally accepted cryptographic axioms

✦ Chapter 15: Covert Communication Covert communication refers to

commu-nication that conceals the fact that hidden information is being transmitted

In secret communication, described in Chapter 14, an attacker is aware thatsensitive information is being transmitted in scrambled form The problemfor the attacker is to retrieve the information by unscrambling or decrypting

it In covert communication, sensitive information might be hidden where in an image or in a microdot that appears as a period at the end of asentence Thus, an attacker does not know that information is hidden unless

some-he or ssome-he csome-hecks everything that is being transmitted for concealed messages

This type of covert communication is known as steganography Chapter 15describes the goals of steganography, its advantages and disadvantages,methods of embedding sensitive information in other components such asimages, and tools for detecting hidden information

✦ Chapter 16: Applications of Secure/Covert Communication Chapter 16

details the methods of achieving secure and covert communication The ics addressed include e-mail security, implementing virtual private networks(VPNs), and applying different protocols to protect information transmittedover the Internet The chapter also addresses digital certificates to “certify”

top-individuals’ public keys and methods of managing cryptographic keys in anorganizational setting

Part V: The Security Threat and Response

The chapters in this part primarily address the issues of detecting and responding

to network intrusions and assuring the security controls that have been put in placeactually do provide the expected results This section and the text conclude with

“putting everything together” through detailed descriptions of the most commonproblems in network security, their solutions, and planning for future situations

✦ Chapter 17: Intrusion Detection and Response The network security

practi-tioner has to be familiar with and understand the various types and effects

of malicious code Chapter 17 explains these different kinds of malware, cusses common types and sources of attacks, and shows how to detect andhandle intrusions into a network and its resources

dis-✦ Chapter 18: Security Assessments, Testing, and Evaluation Private and

gov-ernmental organizations, by necessity, have to ensure that their networks andinformation systems are secure from attacks Both entities have critical andsensitive information that have to be protected from violations of confidential-ity, integrity, and availability Therefore, these organizations have developedassessment and evaluation approaches that can be applied to determinewhether a network is really secure, even after appropriate controls have beenimplemented Chapter 18 discusses these methodologies, including theSystems Security Engineering Capability Maturity Model (SSE-CMM), the dif-ferent types of certification and accreditation approaches, the NationalInstitute for Standards and Technology (NIST) information security publica-tions, and the various types of testing and auditing practices

✦ Chapter 19: Putting Everything Together At this point in Network Security

Bible, the elements that comprise a network, security architectures, security

threats, countermeasures, incident handling, and assessment approacheshave been covered in detail Chapter 19 ties all these entities together bydescribing the top 10 problems of network security, the top 10 solutions tothese problems, the top 10 mistakes information security and IT practitionersmake, and how to develop a framework for future activities and challenges

How to Use This Book

Network Security Bible is designed for use as a comprehensive tutorial on the field of

network security, as a “how to” manual for implementing network security, as a erence document for the information and network security practitioner, and as aguide for planning future network security issues and projects

ref-Use as a comprehensive tutorial on the field of network security

Network Security Bible is organized to provide the reader with an understanding of

the fundamentals of information system security by covering their basic principles,standard processes, management issues, and access control concepts With thisfoundation, the text expands into discussions of the popular operating systems,Internet security, and Web security Following this material, a tutorial on networkingprotocols, wireless communications, and network architectures provides an under-standing of networking and communications The book then explores the funda-mentals of intrusion detection and information security assessment methodologies

All these topics comprise book parts so that the reader can focus on the areas ofparticular interest to him or her and scan or skip topics that are familiar Thus, thebook is designed to provide either a comprehensive or selective tutorial, based onthe experience and training of the reader

Use as a “how to” manual for implementing network security

The authors of this text have extensive experience in analyzing network securityproblems and implementing effective solutions Based on this experience, theauthors provide guidance and detail “secrets” used by real-world practitioners tosolve real-world problems These “secrets” apply to the following areas:

Use as a reference document for the information and network security practitioner

The chapters of Network Security Bible contain fundamental and advanced knowledge

on network security and related topics This content will serve as a useful referencesource for the information security practitioner in conducting his or her everydaysecurity-related activities The chapters on operating systems, access control, wire-less security, Web security, intrusion detection and response, and assessmentmethodologies will be particularly useful in present and future applications

Use as a guide for planning future network security issues and projects

The book emphasizes topics that are focused on planning for the future and pating network security problems and issues These topics address the followingrelevant and important areas:

antici-✦ How to apply good systems engineering principles to the development ofinformation security systems

✦ Recommendations concerning which standards and guidelines are most ful and that should be used in implementing and achieving required networksecurity

use-✦ How to implement organizational security policies and how to ensure thatthey are understood and institutionalized

✦ How to make sure that the organization is prepared for a disaster

✦ How to protect against possible future liability suits

✦ How to plan for expanded, secure, remote access requirements

✦ How to implement wireless security

✦ How to protect against future attacks

✦ How to handle future attacks

✦ How to assess the effectiveness of proposed new security architecturesThese issues and approaches are then summarized in the last chapter

Security Principles and Practices

In This Part Chapter 1

Information SystemSecurity Principles

Chapter 2

Information SystemSecurity Management

Chapter 3

Access ControlConsiderations

I

Information System Security Principles

Anumber of organizations have defined terminology and

methodologies for applying systems engineering (SE)principles to large tasks and undertakings When informationsystems and networks are involved, companion InformationSystem Security Engineering (ISSE) processes should bepracticed concurrently with SE at project initiation

This chapter defines the fundamental principles of networksecurity and explains the SE and ISSE processes It alsodescribes the steps in the systems development life cycle(SDLC) and reviews how network and information technology(IT) security practices can be incorporated into the SDLCactivities

The chapter concludes with coverage of risk management niques and the application of risk management in the SDLC

tech-Key Principles of Network Security

Network security revolves around the three key principles ofconfidentiality, integrity, and availability (C-I-A) Dependingupon the application and context, one of these principlesmight be more important than the others For example, a gov-ernment agency would encrypt an electronically transmittedclassified document to prevent an unauthorized person fromreading its contents Thus, confidentiality of the information isparamount If an individual succeeds in breaking the encryp-tion cipher and, then, retransmits a modified encrypted ver-sion, the integrity of the message is compromised On the

Understanding thesystems engineeringand InformationSystems SecurityEngineering processSummarizing theSystem DevelopmentLife Cycle (SDLC)Relating informationsystems security andthe SDLC

Managing risk