| |
| |
Introduction | |
| |
| |
| |
Introduction to Information Security | |
| |
| |
Introduction | |
| |
| |
What Is Information Security? | |
| |
| |
Critical Characteristics of Information | |
| |
| |
CNSS Security Model | |
| |
| |
Securing Components | |
| |
| |
Balancing Information Security and Access | |
| |
| |
Business Needs First | |
| |
| |
Protecting the Functionality of an Organization | |
| |
| |
Enabling the Safe Operation of Applications | |
| |
| |
Protecting Data That Organizations Collect and Use | |
| |
| |
Safeguarding Technology Assets in Organizations | |
| |
| |
Security Professionals and the Organization | |
| |
| |
Data Ownership | |
| |
| |
Threats | |
| |
| |
Human Error or Failure | |
| |
| |
Compromises to Intellectual Property | |
| |
| |
Espionage or Trespass | |
| |
| |
Information Extortion | |
| |
| |
Sabotage or Vandalism | |
| |
| |
Theft | |
| |
| |
Software Attacks | |
| |
| |
Forces of Nature | |
| |
| |
Deviations in Quality of Service | |
| |
| |
Hardware Failures or Errors | |
| |
| |
Software Failures or Errors | |
| |
| |
Obsolescence | |
| |
| |
Attacks | |
| |
| |
Malicious Code | |
| |
| |
"Hoaxes" | |
| |
| |
Back Doors | |
| |
| |
Password Crack | |
| |
| |
Brute Force | |
| |
| |
Dictionary | |
| |
| |
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) | |
| |
| |
Spoofing | |
| |
| |
Man-in-the-Middle | |
| |
| |
Spam | |
| |
| |
Mail Bombing | |
| |
| |
Sniffers | |
| |
| |
Social Engineering | |
| |
| |
Buffer Overflow | |
| |
| |
Timing Attack | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
An Introduction to Networking | |
| |
| |
Introduction | |
| |
| |
Networking Fundamentals | |
| |
| |
Reasons to Network | |
| |
| |
Types of Networks | |
| |
| |
Network Standards | |
| |
| |
Internet Society (ISOC) | |
| |
| |
Internet Assigned Numbers Authority (IANA) | |
| |
| |
American National Standards Institute (ANSI) | |
| |
| |
International Telecommunication Union (ITU) | |
| |
| |
Institute of Electrical and Electronics Engineers (IEEE) | |
| |
| |
Telecommunications Industry Association (TIA) | |
| |
| |
International Organization for Standardization (ISO) | |
| |
| |
OSI Reference Model and Security | |
| |
| |
The Physical Layer | |
| |
| |
Data Link Layer | |
| |
| |
Network Layer | |
| |
| |
Transport Layer | |
| |
| |
Session Layer | |
| |
| |
Presentation Layer | |
| |
| |
Application Layer | |
| |
| |
The Internet and TCP/IP | |
| |
| |
The World Wide Web | |
| |
| |
TCP/IP | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Security Policies, Standards, and Planning | |
| |
| |
Introduction | |
| |
| |
Information Security Policy, Standards, and Practices | |
| |
| |
Definitions | |
| |
| |
Enterprise Information Security Policy (EISP) | |
| |
| |
Issue-Specific Security Policy (ISSP) | |
| |
| |
System-Specific Policy (SysSP) | |
| |
| |
Policy Management | |
| |
| |
Frameworks and Industry Standards | |
| |
| |
The ISO 27000 Series | |
| |
| |
NIST Security Models | |
| |
| |
IETF Security Architecture | |
| |
| |
Benchmarking and Best Business Practices | |
| |
| |
Security Architecture | |
| |
| |
Security Education, Training, and Awareness Program | |
| |
| |
Security Education | |
| |
| |
Security Training | |
| |
| |
Security Awareness | |
| |
| |
Continuity Strategies | |
| |
| |
Business Impact Analysis | |
| |
| |
Incident Response Planning | |
| |
| |
Disaster Recovery Planning | |
| |
| |
Business Continuity Planning | |
| |
| |
Crisis Management | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Finding Network Vulnerabilities | |
| |
| |
Introduction | |
| |
| |
Common Vulnerabilities | |
| |
| |
Defects in Software or Firmware | |
| |
| |
Weaknesses in Processes and Procedures | |
| |
| |
Scanning and Analysis Tools | |
| |
| |
Port Scanners | |
| |
| |
Firewall Analysis Tools | |
| |
| |
Operating System Detection Tools | |
| |
| |
Vulnerability Scanners | |
| |
| |
Packet Sniffers | |
| |
| |
Wireless Security Tools | |
| |
| |
Penetration Testing | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Firewall Planning and Design | |
| |
| |
Introduction | |
| |
| |
Misconceptions About Firewalls | |
| |
| |
Firewalls Explained | |
| |
| |
An Analogy: Office Tower Security Guard | |
| |
| |
Firewall Security Features | |
| |
| |
Firewall User Protection | |
| |
| |
Firewall Network Perimeter Security | |
| |
| |
Firewall Components | |
| |
| |
Firewall Security Tasks | |
| |
| |
Types of Firewall Protection | |
| |
| |
Packet Filtering | |
| |
| |
PAT and NAT | |
| |
| |
Application Layer Gateways | |
| |
| |
Firewall Categories | |
| |
| |
Processing Mode | |
| |
| |
Firewall Generation | |
| |
| |
Firewall Structures | |
| |
| |
Firewall Architectures | |
| |
| |
Limitations of Firewalls | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Packet Filtering | |
| |
| |
Introduction | |
| |
| |
Understanding Packets and Packet Filtering | |
| |
| |
Packet-Filtering Devices | |
| |
| |
Anatomy of a Packet | |
| |
| |
Packet-Filtering Rules | |
| |
| |
Packet-Filtering Methods | |
| |
| |
Stateless Packet Filtering | |
| |
| |
Stateful Packet Filtering | |
| |
| |
Filtering Based on Packet Content | |
| |
| |
Setting Specific Packet Filter Rules | |
| |
| |
Best Practices for Firewall Rules | |
| |
| |
Rules That Cover Multiple Variations | |
| |
| |
Rules for ICMP Packets | |
| |
| |
Rules That Enable Web Access | |
| |
| |
Rules That Enable DNS | |
| |
| |
Rules That Enable FTP | |
| |
| |
Rules That Enable E-Mail | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Working with Proxy Servers and Application-Level Firewalls | |
| |
| |
Introduction | |
| |
| |
Overview of Proxy Servers | |
| |
| |
How Proxy Servers Work | |
| |
| |
How Proxy Servers Differ from Packet Filters | |
| |
| |
Sample Proxy Server Configurations | |
| |
| |
Goals of Proxy Servers | |
| |
| |
Concealing Internal Clients | |
| |
| |
Blocking URLs | |
| |
| |
Blocking and Filtering Content | |
| |
| |
E-Mail Proxy Protection | |
| |
| |
Improving Performance | |
| |
| |
Ensuring Security | |
| |
| |
Providing User Authentication | |
| |
| |
Redirecting URLs | |
| |
| |
Proxy Server Configuration Considerations | |
| |
| |
Providing for Scalability | |
| |
| |
Working with Client Configurations | |
| |
| |
Working with Service Configurations | |
| |
| |
Creating Filter Rules | |
| |
| |
Recognizing the Single Point of Failure | |
| |
| |
Recognizing Buffer Overflow Vulnerabilities | |
| |
| |
Choosing a Proxy Server | |
| |
| |
Transparent Proxies | |
| |
| |
Nontransparent Proxies | |
| |
| |
SOCKS-Based Proxies | |
| |
| |
Proxy Server-Based Firewalls Compared | |
| |
| |
T.REX Open-Source Firewall | |
| |
| |
Squid | |
| |
| |
WinGate | |
| |
| |
Symantec Enterprise Firewall | |
| |
| |
Microsoft Internet Security & Acceleration Server | |
| |
| |
Reverse Proxies | |
| |
| |
When a Proxy Service Isn't the Correct Choice | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Firewall Configuration and Administration | |
| |
| |
Introduction | |
| |
| |
Establishing Firewall Rules and Restrictions | |
| |
| |
The Role of the Rules File | |
| |
| |
Restrictive Firewalls | |
| |
| |
Connectivity-Based Firewalls | |
| |
| |
Firewall Configuration Strategies | |
| |
| |
Scalability | |
| |
| |
Productivity | |
| |
| |
Dealing with IP Address Issues | |
| |
| |
Approaches That Add Functionality to Your Firewall | |
| |
| |
NAT/PAT | |
| |
| |
Encryption | |
| |
| |
Application Proxies | |
| |
| |
VPNs | |
| |
| |
Intrusion Detection and Prevention Systems | |
| |
| |
Enabling a Firewall to Meet New Needs | |
| |
| |
Verifying Resources Needed by the Firewall | |
| |
| |
Identifying New Risks | |
| |
| |
Adding Software Updates and Patches | |
| |
| |
Adding Hardware | |
| |
| |
Dealing with Complexity on the Network | |
| |
| |
Adhering to Proven Security Principles | |
| |
| |
Environmental Management | |
| |
| |
BIOS, Boot, and Screen Locks | |
| |
| |
Remote Management Interface | |
| |
| |
Why Remote Management Tools Are Important | |
| |
| |
Security Concerns | |
| |
| |
Basic Features of Remote Management Tools | |
| |
| |
Automating Security Checks | |
| |
| |
Configuring Advanced Firewall Functions | |
| |
| |
Data Caching | |
| |
| |
Hot Standby Redundancy | |
| |
| |
Load Balancing | |
| |
| |
Filtering Content | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Encryption and Firewalls | |
| |
| |
Introduction | |
| |
| |
Firewalls and Encryption | |
| |
| |
The Cost of Encryption | |
| |
| |
Preserving Data Integrity | |
| |
| |
Maintaining Confidentiality | |
| |
| |
Authenticating Network Clients | |
| |
| |
Enabling Virtual Private Networks (VPNs) | |
| |
| |
Principles of Cryptography | |
| |
| |
Encryption Definitions | |
| |
| |
Cryptographic Notation | |
| |
| |
Encryption Operations | |
| |
| |
Using Cryptographic Controls | |
| |
| |
E-mail Security | |
| |
| |
Securing the Web | |
| |
| |
Securing Authentication | |
| |
| |
Attacks on Cryptosystems | |
| |
| |
Man-in-the-Middle Attack | |
| |
| |
Correlation Attacks | |
| |
| |
Dictionary Attacks | |
| |
| |
Timing Attacks | |
| |
| |
Defending from Attacks | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Authenticating Users | |
| |
| |
Introduction | |
| |
| |
The Authentication Process in General | |
| |
| |
How Firewalls Implement the Authentication Process | |
| |
| |
Firewall Authentication Methods | |
| |
| |
User Authentication | |
| |
| |
Client Authentication | |
| |
| |
Session Authentication | |
| |
| |
Centralized Authentication | |
| |
| |
Kerberos | |
| |
| |
TACACS+ | |
| |
| |
Remote Authentication Dial-In User Service (RADIUS) | |
| |
| |
TACACS+ and RADIUS Compared | |
| |
| |
Password Security Issues | |
| |
| |
Passwords That Can Be Cracked | |
| |
| |
Password Vulnerabilities | |
| |
| |
Lax Security Habits | |
| |
| |
Password Security Tools | |
| |
| |
One-Time Password Software | |
| |
| |
The Shadow Password System | |
| |
| |
Other Authentication Systems | |
| |
| |
Single-Password Systems | |
| |
| |
One-Time Password Systems | |
| |
| |
Certificate-Based Authentication | |
| |
| |
802.1X Wi-Fi Authentication | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Setting Up a Virtual Private Network | |
| |
| |
Introduction | |
| |
| |
VPN Components and Operations | |
| |
| |
VPN Components | |
| |
| |
Essential Activities of VPNs | |
| |
| |
Benefits and Drawbacks of VPNs | |
| |
| |
VPNs Extend Network Boundaries | |
| |
| |
Types of VPNs | |
| |
| |
VPN Appliances | |
| |
| |
Software VPN Systems | |
| |
| |
VPN Combinations of Hardware and Software | |
| |
| |
Combination VPNs | |
| |
| |
VPN Setups | |
| |
| |
Mesh Configuration | |
| |
| |
Hub-and-Spoke Configuration | |
| |
| |
Hybrid Configuration | |
| |
| |
Configurations and Extranet and Intranet Access | |
| |
| |
Tunneling Protocols Used with VPNs | |
| |
| |
IPSec/IKE | |
| |
| |
PPTP | |
| |
| |
L2TP | |
| |
| |
PPP Over SSL/PPP Over SSH | |
| |
| |
Enabling Remote Access Connections Within VPNs | |
| |
| |
Configuring the Server | |
| |
| |
Configuring Clients | |
| |
| |
VPN Best Practices | |
| |
| |
The Need for a VPN Policy | |
| |
| |
Packet Filtering and VPNs | |
| |
| |
Auditing and Testing the VPN | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Contingency Planning | |
| |
| |
Introduction | |
| |
| |
What Is Contingency Planning? | |
| |
| |
Components of Contingency Planning | |
| |
| |
Business Impact Analysis | |
| |
| |
Incident Response Plan | |
| |
| |
Disaster Recovery Plan | |
| |
| |
Business Continuity Plan | |
| |
| |
Incident Response: Preparation, Organization, and Prevention | |
| |
| |
Planning for the Response During the Incident | |
| |
| |
Planning for After the Incident | |
| |
| |
Planning for Before the Incident | |
| |
| |
Incident Classification and Detection | |
| |
| |
Classifying Incidents | |
| |
| |
Data Collection | |
| |
| |
Detecting Compromised Software | |
| |
| |
Challenges in Intrusion Detection | |
| |
| |
Incident Reaction | |
| |
| |
Selecting an IR Strategy | |
| |
| |
Notification | |
| |
| |
Documenting an Incident | |
| |
| |
Incident Containment Strategies | |
| |
| |
Interviewing Individuals Involved in the Incident | |
| |
| |
Recovering from Incidents | |
| |
| |
Identify and Resolve Vulnerabilities | |
| |
| |
Restore Data | |
| |
| |
Restore Services and Processes | |
| |
| |
Restore Confidence Across the Organization | |
| |
| |
IR Plan Maintenance | |
| |
| |
The After-Action Review | |
| |
| |
IR Plan Review and Maintenance | |
| |
| |
Training | |
| |
| |
Rehearsal | |
| |
| |
Data and Application Resumption | |
| |
| |
Disk-to-Disk-to-Tape | |
| |
| |
Backup Strategies | |
| |
| |
Tape Backup and Recovery | |
| |
| |
Redundancy-Based Backup and Recovery Using RAID | |
| |
| |
Database Backups | |
| |
| |
Application Backups | |
| |
| |
Real-Time Protection, Server Recovery, and Application Recovery | |
| |
| |
Service Agreements | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Intrusion Detection and Prevention Systems | |
| |
| |
Introduction | |
| |
| |
Intrusion Detection and Prevention | |
| |
| |
IDPS Terminology | |
| |
| |
Why Use an IDPS? | |
| |
| |
Network-Based IDPS | |
| |
| |
Host-Based IDPS | |
| |
| |
IDPS Detection Methods | |
| |
| |
IDPS Response Behavior | |
| |
| |
Selecting IDPS Approaches and Products | |
| |
| |
Strengths and Limitations of IDPSs | |
| |
| |
Deployment and Implementation of an IDPS | |
| |
| |
Measuring the Effectiveness of IDPSs | |
| |
| |
Honey Pots, Honey Nets, and Padded Cell System | |
| |
| |
Trap and Trace Systems | |
| |
| |
Active Intrusion Prevention | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercises | |
| |
| |
| |
Digital Forensics | |
| |
| |
Introduction | |
| |
| |
The Digital Forensic Team | |
| |
| |
The First Response Team | |
| |
| |
The Analysis Team | |
| |
| |
Digital Forensics Methodology | |
| |
| |
Affidavits and Search Warrants | |
| |
| |
Acquiring the Evidence | |
| |
| |
Identifying Sources | |
| |
| |
Authenticating Evidence | |
| |
| |
Collecting Evidence | |
| |
| |
Maintaining the Chain of Custody | |
| |
| |
Analyzing Evidence | |
| |
| |
Searching for Evidence | |
| |
| |
Reporting the Findings | |
| |
| |
Interacting with Law Enforcement | |
| |
| |
Anti-Forensics | |
| |
| |
Chapter Summary | |
| |
| |
Review Questions | |
| |
| |
Exercises | |
| |
| |
Case Exercise | |
| |
| |
Glossary | |
| |
| |
Index | |