Guide to Firewalls and Network Security With Intrusion Detection and VPNs

Name: Guide to Firewalls and Network Security With Intrusion Detection and VPNs
Price: 5.01 USD
Availability: InStock
ISBN: 9781435420168

ISBN-10: 1435420160

ISBN-13: 9781435420168

Edition: 2nd 2009

Authors: Richard Austin, Herbert J. Mattord, Michael E. Whitman, Greg Holden

List price: $235.95

30 day, 100% satisfaction guarantee!

Marketplace

4 new & used from $5.01

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log…

Book details

List price: $235.95
Edition: 2nd
Copyright year: 2009
Publisher: Course Technology
Publication date: 6/10/2008
Binding: Paperback
Pages: 520
Size: 7.50" wide x 9.05" long x 1.00" tall
Weight: 1.694
Language: English

Richard Austin is a professional photographer who's worked with newspapers and magazines for the past twenty years. He lives in Devon, England.

Herbert J. Mattord, Ph.D, CISM, CISSP, teaches courses in Information Security and Assurance at Kennesaw State University (KSU) in Kennesaw, GA. He is the associate director of the KSU Center for Information Security Education (infosec.kennesaw.edu), as well as the coordinator for the KSU Information Security and Assurance and Information Systems programs of study. He completed 26 years of IT industry experience before becoming a full-time academic in 2002. His experiences as an application developer, database administrator, project manager, and information security practitioner are a valuable background to his teaching role at KSU. While engaged in his IT career, he worked as an adjunct…

Michael E. Whitman, Ph.D, CISM, CISSP, is a professor of information security and director of the Coles Center for Information Security Education at Kennesaw State University (KSU) in Kennesaw, GA. With over 12 years of experience designing and implementing information security curriculum and over 20 years of experience teaching and researching at the university level, Dr. Whitman has served as a consultant to several Fortune 1000 organizations, the United States Government, and the State of Georgia on issues related to information security. He has authored several textbooks in information security including Principles of Information Security and Management of Information Security,…



Introduction



Introduction to Information Security


Introduction


What Is Information Security?


Critical Characteristics of Information


CNSS Security Model


Securing Components


Balancing Information Security and Access


Business Needs First


Protecting the Functionality of an Organization


Enabling the Safe Operation of Applications


Protecting Data That Organizations Collect and Use


Safeguarding Technology Assets in Organizations


Security Professionals and the Organization


Data Ownership


Threats


Human Error or Failure


Compromises to Intellectual Property


Espionage or Trespass


Information Extortion


Sabotage or Vandalism


Theft


Software Attacks


Forces of Nature


Deviations in Quality of Service


Hardware Failures or Errors


Software Failures or Errors


Obsolescence


Attacks


Malicious Code


"Hoaxes"


Back Doors


Password Crack


Brute Force


Dictionary


Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)


Spoofing


Man-in-the-Middle


Spam


Mail Bombing


Sniffers


Social Engineering


Buffer Overflow


Timing Attack


Chapter Summary


Review Questions


Exercises


Case Exercises



An Introduction to Networking


Introduction


Networking Fundamentals


Reasons to Network


Types of Networks


Network Standards


Internet Society (ISOC)


Internet Assigned Numbers Authority (IANA)


American National Standards Institute (ANSI)


International Telecommunication Union (ITU)


Institute of Electrical and Electronics Engineers (IEEE)


Telecommunications Industry Association (TIA)


International Organization for Standardization (ISO)


OSI Reference Model and Security


The Physical Layer


Data Link Layer


Network Layer


Transport Layer


Session Layer


Presentation Layer


Application Layer


The Internet and TCP/IP


The World Wide Web


TCP/IP


Chapter Summary


Review Questions


Exercises


Case Exercises



Security Policies, Standards, and Planning


Introduction


Information Security Policy, Standards, and Practices


Definitions


Enterprise Information Security Policy (EISP)


Issue-Specific Security Policy (ISSP)


System-Specific Policy (SysSP)


Policy Management


Frameworks and Industry Standards


The ISO 27000 Series


NIST Security Models


IETF Security Architecture


Benchmarking and Best Business Practices


Security Architecture


Security Education, Training, and Awareness Program


Security Education


Security Training


Security Awareness


Continuity Strategies


Business Impact Analysis


Incident Response Planning


Disaster Recovery Planning


Business Continuity Planning


Crisis Management


Chapter Summary


Review Questions


Exercises


Case Exercises



Finding Network Vulnerabilities


Introduction


Common Vulnerabilities


Defects in Software or Firmware


Weaknesses in Processes and Procedures


Scanning and Analysis Tools


Port Scanners


Firewall Analysis Tools


Operating System Detection Tools


Vulnerability Scanners


Packet Sniffers


Wireless Security Tools


Penetration Testing


Chapter Summary


Review Questions


Exercises


Case Exercises



Firewall Planning and Design


Introduction


Misconceptions About Firewalls


Firewalls Explained


An Analogy: Office Tower Security Guard


Firewall Security Features


Firewall User Protection


Firewall Network Perimeter Security


Firewall Components


Firewall Security Tasks


Types of Firewall Protection


Packet Filtering


PAT and NAT


Application Layer Gateways


Firewall Categories


Processing Mode


Firewall Generation


Firewall Structures


Firewall Architectures


Limitations of Firewalls


Chapter Summary


Review Questions


Exercises


Case Exercises



Packet Filtering


Introduction


Understanding Packets and Packet Filtering


Packet-Filtering Devices


Anatomy of a Packet


Packet-Filtering Rules


Packet-Filtering Methods


Stateless Packet Filtering


Stateful Packet Filtering


Filtering Based on Packet Content


Setting Specific Packet Filter Rules


Best Practices for Firewall Rules


Rules That Cover Multiple Variations


Rules for ICMP Packets


Rules That Enable Web Access


Rules That Enable DNS


Rules That Enable FTP


Rules That Enable E-Mail


Chapter Summary


Review Questions


Exercises


Case Exercises



Working with Proxy Servers and Application-Level Firewalls


Introduction


Overview of Proxy Servers


How Proxy Servers Work


How Proxy Servers Differ from Packet Filters


Sample Proxy Server Configurations


Goals of Proxy Servers


Concealing Internal Clients


Blocking URLs


Blocking and Filtering Content


E-Mail Proxy Protection


Improving Performance


Ensuring Security


Providing User Authentication


Redirecting URLs


Proxy Server Configuration Considerations


Providing for Scalability


Working with Client Configurations


Working with Service Configurations


Creating Filter Rules


Recognizing the Single Point of Failure


Recognizing Buffer Overflow Vulnerabilities


Choosing a Proxy Server


Transparent Proxies


Nontransparent Proxies


SOCKS-Based Proxies


Proxy Server-Based Firewalls Compared


T.REX Open-Source Firewall


Squid


WinGate


Symantec Enterprise Firewall


Microsoft Internet Security & Acceleration Server


Reverse Proxies


When a Proxy Service Isn't the Correct Choice


Chapter Summary


Review Questions


Exercises


Case Exercises



Firewall Configuration and Administration


Introduction


Establishing Firewall Rules and Restrictions


The Role of the Rules File


Restrictive Firewalls


Connectivity-Based Firewalls


Firewall Configuration Strategies


Scalability


Productivity


Dealing with IP Address Issues


Approaches That Add Functionality to Your Firewall


NAT/PAT


Encryption


Application Proxies


VPNs


Intrusion Detection and Prevention Systems


Enabling a Firewall to Meet New Needs


Verifying Resources Needed by the Firewall


Identifying New Risks


Adding Software Updates and Patches


Adding Hardware


Dealing with Complexity on the Network


Adhering to Proven Security Principles


Environmental Management


BIOS, Boot, and Screen Locks


Remote Management Interface


Why Remote Management Tools Are Important


Security Concerns


Basic Features of Remote Management Tools


Automating Security Checks


Configuring Advanced Firewall Functions


Data Caching


Hot Standby Redundancy


Load Balancing


Filtering Content


Chapter Summary


Review Questions


Exercises


Case Exercises



Encryption and Firewalls


Introduction


Firewalls and Encryption


The Cost of Encryption


Preserving Data Integrity


Maintaining Confidentiality


Authenticating Network Clients


Enabling Virtual Private Networks (VPNs)


Principles of Cryptography


Encryption Definitions


Cryptographic Notation


Encryption Operations


Using Cryptographic Controls


E-mail Security


Securing the Web


Securing Authentication


Attacks on Cryptosystems


Man-in-the-Middle Attack


Correlation Attacks


Dictionary Attacks


Timing Attacks


Defending from Attacks


Chapter Summary


Review Questions


Exercises


Case Exercises



Authenticating Users


Introduction


The Authentication Process in General


How Firewalls Implement the Authentication Process


Firewall Authentication Methods


User Authentication


Client Authentication


Session Authentication


Centralized Authentication


Kerberos


TACACS+


Remote Authentication Dial-In User Service (RADIUS)


TACACS+ and RADIUS Compared


Password Security Issues


Passwords That Can Be Cracked


Password Vulnerabilities


Lax Security Habits


Password Security Tools


One-Time Password Software


The Shadow Password System


Other Authentication Systems


Single-Password Systems


One-Time Password Systems


Certificate-Based Authentication


802.1X Wi-Fi Authentication


Chapter Summary


Review Questions


Exercises


Case Exercises



Setting Up a Virtual Private Network


Introduction


VPN Components and Operations


VPN Components


Essential Activities of VPNs


Benefits and Drawbacks of VPNs


VPNs Extend Network Boundaries


Types of VPNs


VPN Appliances


Software VPN Systems


VPN Combinations of Hardware and Software


Combination VPNs


VPN Setups


Mesh Configuration


Hub-and-Spoke Configuration


Hybrid Configuration


Configurations and Extranet and Intranet Access


Tunneling Protocols Used with VPNs


IPSec/IKE


PPTP


L2TP


PPP Over SSL/PPP Over SSH


Enabling Remote Access Connections Within VPNs


Configuring the Server


Configuring Clients


VPN Best Practices


The Need for a VPN Policy


Packet Filtering and VPNs


Auditing and Testing the VPN


Chapter Summary


Review Questions


Exercises


Case Exercises



Contingency Planning


Introduction


What Is Contingency Planning?


Components of Contingency Planning


Business Impact Analysis


Incident Response Plan


Disaster Recovery Plan


Business Continuity Plan


Incident Response: Preparation, Organization, and Prevention


Planning for the Response During the Incident


Planning for After the Incident


Planning for Before the Incident


Incident Classification and Detection


Classifying Incidents


Data Collection


Detecting Compromised Software


Challenges in Intrusion Detection


Incident Reaction


Selecting an IR Strategy


Notification


Documenting an Incident


Incident Containment Strategies


Interviewing Individuals Involved in the Incident


Recovering from Incidents


Identify and Resolve Vulnerabilities


Restore Data


Restore Services and Processes


Restore Confidence Across the Organization


IR Plan Maintenance


The After-Action Review


IR Plan Review and Maintenance


Training


Rehearsal


Data and Application Resumption


Disk-to-Disk-to-Tape


Backup Strategies


Tape Backup and Recovery


Redundancy-Based Backup and Recovery Using RAID


Database Backups


Application Backups


Real-Time Protection, Server Recovery, and Application Recovery


Service Agreements


Chapter Summary


Review Questions


Exercises


Case Exercises



Intrusion Detection and Prevention Systems


Introduction


Intrusion Detection and Prevention


IDPS Terminology


Why Use an IDPS?


Network-Based IDPS


Host-Based IDPS


IDPS Detection Methods


IDPS Response Behavior


Selecting IDPS Approaches and Products


Strengths and Limitations of IDPSs


Deployment and Implementation of an IDPS


Measuring the Effectiveness of IDPSs


Honey Pots, Honey Nets, and Padded Cell System


Trap and Trace Systems


Active Intrusion Prevention


Chapter Summary


Review Questions


Exercises


Case Exercises



Digital Forensics


Introduction


The Digital Forensic Team


The First Response Team


The Analysis Team


Digital Forensics Methodology


Affidavits and Search Warrants


Acquiring the Evidence


Identifying Sources


Authenticating Evidence


Collecting Evidence


Maintaining the Chain of Custody


Analyzing Evidence


Searching for Evidence


Reporting the Findings


Interacting with Law Enforcement


Anti-Forensics


Chapter Summary


Review Questions


Exercises


Case Exercise


Glossary


Index