WIXLIB

NetworkASecurityBeginner's Guide,Third EditionEric MaiwaldMcGrawHillNew YorkLisbonChicagoLondonMilanNew DelhiSeoulSingaporeSan FranciscoMadridMexicoCitySan JuanSydneyToronto

ContentsxviiACKNOWLEDGMENTSINTRODUCTIONxixABOUT THE SERIESxxiInformation Security BasicsPART I1What Is InformationWhereSorceryADefineNotIs Traded for Fallible,RetrospectiveSecurityasas a3Security?Look atManageable Realities45SecurityProcess,13Point ProductsAnti-virus Software13Access Controls13Firewalls13Smart Cards14Biometrics15Intrusion Detection and Prevention16Policy ManagementVulnerability Scanning1616ix

XNetworkSecurity: A Beginner's Guide17EncryptionData Loss Prevention17Physical Security Mechanisms17192 Types of Attacks21Access Attacks21SnoopingEavesdroppingInterception2223How Access Attacks AreAccomplished23Modification Attacks27Changes28Insertion28Deletion28How Modification Attacks Are Accomplished28Denial-of-Service Attacks29Denial of Access to Information30Denial of Access to30Denial of Access toApplicationsSystems30Denial of Access to Communications30How Denial-of-Service Attacks Are30AccomplishedRepudiation AttacksMasquerading3 Hacker32EventDenyingHow Repudiation Attacksan3232AreTechniquesAccomplished3235A Hacker's Motivation37Challenge37Greed38Malicious IntentHacking Techniques3940Bad Passwords40Open Sharing41Software ngDenial-of-Service54Malicious Software58Methods of the Untargeted Hacker61Targets61Reconnaissance61

ContentsAttack Methods64Use of CompromisedSystems64Methods of the Targeted Hacker70Reconnaissance70Attack Methods74Use of Compromised Systems764 InformationThe69TargetsSecurity ServicesConfidentiality ServiceConfidentiality of FilesConfidentiality of InformationTraffic Flow Confidentiality798081in Transmission84Attacks That Can Be Prevented85The Integrity ServiceIntegrity85of Files86Integrity of Information DuringTransmissionAttacks That Can Be PreventedThe8787Availability acks That Can Be ion and Authentication90Audit91Attacks That Can Be Prevented92PART IIGroundwork5 Policy97IsWhy PolicyImportantDefining What Security ShouldPutting Everyoneonthe SameThe Various Policies Used by98Be99Page99Organizations99Information Policy100Security PolicyAcceptable Use Policy103Internet Use109E-mailPolicyPolicyUser108110Management ProceduresSystem Administration Procedure110Backup PolicyIncident Response Procedure114112115XI

xilSecurity: A Beginner's GuideNetworkConfiguration ManagementDesign MethodologyDisaster Recovery PlansCreating Appropriate PolicyWhat IsDefiningProcedureImportantDefining Acceptable BehaviorIdentifying StakeholdersDefining Appropriate OutlinesPolicy DevelopmentDeploying PolicyGaining Using Policy EffectivelySystems andExisting iewsPolicy6119126EducationNew118Managing Risk129Defining Countermeasures142Measuring RiskProbabilistic144Maximum146AImpact147Hybrid Approach7 The 9152Network154Physical Security156Policies and ent Results163

ContentsDeveloping Policy164Choosing the Order of PoliciesUpdating Existing PoliciesImplementing SecuritySecurity Reporting SystemsUse-MonitoringSystem Vulnerability ScansPolicy AdherenceAuthentication SystemsPerimeter SecurityNetworktoDevelopMonitoring sical urityStaff173AuditsPolicy174Adherence AuditsPeriodic and NewProject175AssessmentsPenetration Tests8 Information Security Best PracticesAdministrative Security Practices175175179180Policies and n186Contingency PlansSecurity Project Plans189Security Practices193Technical191Network Controls193Malicious Code ionPatching Systems198Backup and Recovery199Physical Security199198Xlii

XIVSecurity: A Beginner's GuideNetworkMakingUse of ISO 27002Key Concepts201of the Standard202How This Standard Can Be UsedPART IIINetwork9 PerimeterSecurity TechnologyTechnologyPerimeters and PerimeterPolicy207Basics210Routers210Network Intrusion Prevention211Systems213Web Application Firewalls215Proxies and URL Filters216Data Loss Prevention216Anti-malware Controls217Virtual Private Networks218Physical Separation219Defense-in-DepthCreating a Perimeter Architecture220221DMZ Perimeter Architecture222Employee Perimeter Architecture225Monitoring TechnologyThePurposes of MonitoringMonitoring TechnologiesIntrusion Detection Systems229230231232Network Behavior Analysis233Network Forensics234System LogsApplication Logs235Vulnerability ScanningCreating a Monitoring ArchitectureCorrelating EventsSeparation of Duties11209Perimeter ControlsFirewalls10203Encryption TechnologyEncryption ConceptsEncryption TermsAttacks AgainstEncryptionSymmetric Key EncryptionSubstitution ime Pads252Data Encryption Standard253Password Encryption254The Advanced Encryption Standard: Rijndael255

ContentsPublicKey EncryptionDiffie-Hellman KeyRSAOther Public256ExchangeKey AlgorithmsDigital SignaturesSecure Hash FunctionsKey ManagementKey CreationKey DistributionKey CertificationKey ProtectionKey RevocationKey RecoveryTrust in the EncryptionSystemOther Considerations2582592612 22 2 2652662672672 7f\Q270974. ' TheSupporting CastAvailabilityGlossaryIndex274275279293XV

Contents Xlii DevelopingPolicy 164 ChoosingtheOrderofPoliciesto Develop 165 UpdatingExistingPolicies 166 Implementing Security 166 SecurityReportingSystems 167 Use-Monitoring 167 SystemVulnerabilityScans 167 Policy Adherence 168 Authentication Systems 169 PerimeterSecurity 169 NetworkMonitoringSystems 17