Guide to firewalls and network security

Title:

Edition:

2nd ed.

Publication Information:

New York : Course Technology, 2008

Physical Description:

xxiv, 496 p. : ill. ; 24 cm.

ISBN:

9781435420168

Subject Term:

Computer networks -- Security measures

Computer networks -- Security measures -- Problems, exercises, etc

Added Author:

Whitman, Michael E.

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010207574	TK5105.59 G84 2008	Open Access Book	Book	Searching... Unknown

Firewalls are among the best-known security tools in use today, and their critical role ininformation security continues to grow. However, firewalls are most effective when they arebacked by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response.

Author Notes

Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Systems and Security in the CSIS Department at Kennesaw State University, where he is also Director of the KSU Center for Information Security Education and the coordinator for the Bachelor of Science in Information Security and Assurance. Dr. Whitman is an active researcher in Information Security and Ethical Computing. He currently teaches graduate and undergraduate courses in Information Security and Data Communications. He has published articles in the industry's top journals and co-authors a number of books in the field, published by Course Technology
Herbert Mattord, M.B.R., CISM, CISSP is currently on the Faculty at Kennesaw State University where he theaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics
Richard Austin, MS, CISSP, MCSE teaches undergraduate information security courses as a part-time faculty at Kennesaw state University and is an active member of SNIR's Security Technical Working Group as well as a frequent writer and presenter on storage networking security and digital forensics

Introduction	p. xvii
Chapter 1 Introduction to Information Security	p. 1
Introduction	p. 2
What Is Information Security?	p. 3
Critical Characteristics of Information	p. 4
CNSS Security Model	p. 5
Securing Components	p. 6
Balancing Information Security and Access	p. 6
Business Needs First	p. 7
Protecting the Functionality of an Organization	p. 7
Enabling the Safe Operation of Applications	p. 8
Protecting Data That Organizations Collect and Use	p. 8
Safeguarding Technology Assets in Organizations	p. 8
Security Professionals and the Organization	p. 8
Data Ownership	p. 9
Threats	p. 10
Human Error or Failure	p. 11
Compromises to Intellectual Property	p. 12
Espionage or Trespass	p. 13
Information Extortion	p. 16
Sabotage or Vandalism	p. 16
Theft	p. 17
Software Attacks	p. 17
Forces of Nature	p. 20
Deviations in Quality of Service	p. 21
Hardware Failures or Errors	p. 22
Software Failures or Errors	p. 23
Obsolescence	p. 23
Attacks	p. 23
Malicious Code	p. 23
"Hoaxes"	p. 24
Back Doors	p. 24
Password Crack	p. 25
Brute Force	p. 25
Dictionary	p. 25
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)	p. 25
Spoofing	p. 26
Man-in-the-Middle	p. 27
Spam	p. 28
Mail Bombing	p. 28
Sniffers	p. 28
Social Engineering	p. 28
Buffer Overflow	p. 30
Timing Attack	p. 30
Chapter Summary	p. 30
Review Questions	p. 31
Exercises	p. 32
Case Exercises	p. 33
Chapter 2 An Introduction to Networking	p. 37
Introduction	p. 38
Networking Fundamentals	p. 38
Reasons to Network	p. 39
Types of Networks	p. 40
Network Standards	p. 42
Internet Society (ISOC)	p. 42
Internet Assigned Numbers Authority (IANA)	p. 42
American National Standards Institute (ANSI)	p. 43
International Telecommunication Union (ITU)	p. 43
Institute of Electrical and Electronics Engineers (IEEE)	p. 43
Telecommunications Industry Association (TIA)	p. 43
International Organization for Standardization (ISO)	p. 44
OSI Reference Model and Security	p. 44
The Physical Layer	p. 45
Data Link Layer	p. 53
Network Layer	p. 56
Transport Layer	p. 59
Session Layer	p. 64
Presentation Layer	p. 64
Application Layer	p. 64
The Internet and TCP/IP	p. 66
The World Wide Web	p. 66
TCP/IP	p. 67
Chapter Summary	p. 69
Review Questions	p. 70
Exercises	p. 71
Case Exercises	p. 71
Chapter 3 Security Policies, Standards, and Planning	p. 73
Introduction	p. 74
Information Security Policy, Standards, and Practices	p. 75
Definitions	p. 75
Enterprise Information Security Policy (EISP)	p. 77
Issue-Specific Security Policy (ISSP)	p. 78
System-Specific Policy (SysSP)	p. 81
Policy Management	p. 83
Frameworks and Industry Standards	p. 85
The ISO 27000 Series	p. 86
NIST Security Models	p. 90
IETF Security Architecture	p. 91
Benchmarking and Best Business Practices	p. 91
Security Architecture	p. 92
Security Education, Training, and Awareness Program	p. 95
Security Education	p. 96
Security Training	p. 96
Security Awareness	p. 97
Continuity Strategies	p. 98
Business Impact Analysis	p. 101
Incident Response Planning	p. 104
Disaster Recovery Planning	p. 104
Business Continuity Planning	p. 105
Crisis Management	p. 106
Chapter Summary	p. 107
Review Questions	p. 108
Exercises	p. 109
Case Exercises	p. 110
Chapter 4 Finding Network Vulnerabilities	p. 113
Introduction	p. 114
Common Vulnerabilities	p. 114
Defects in Software or Firmware	p. 114
Weaknesses in Processes and Procedures	p. 121
Scanning and Analysis Tools	p. 121
Port Scanners	p. 125
Firewall Analysis Tools	p. 126
Operating System Detection Tools	p. 127
Vulnerability Scanners	p. 128
Packet Sniffers	p. 133
Wireless Security Tools	p. 134
Penetration Testing	p. 135
Chapter Summary	p. 138
Review Questions	p. 138
Exercises	p. 139
Case Exercises	p. 139
Chapter 5 Firewall Planning and Design	p. 141
Introduction	p. 142
Misconceptions About Firewalls	p. 143
Firewalls Explained	p. 143
An Analogy: Office Tower Security Guard	p. 144
Firewall Security Features	p. 145
Firewall User Protection	p. 145
Firewall Network Perimeter Security	p. 145
Firewall Components	p. 146
Firewall Security Tasks	p. 147
Types of Firewall Protection	p. 152
Packet Filtering	p. 152
PAT and NAT	p. 159
Application Layer Gateways	p. 160
Firewall Categories	p. 162
Processing Mode	p. 162
Firewall Generation	p. 164
Firewall Structures	p. 165
Firewall Architectures	p. 174
Limitations of Firewalls	p. 178
Chapter Summary	p. 178
Review Questions	p. 179
Exercises	p. 180
Case Exercises	p. 181
Chapter 6 Packet Filtering	p. 183
Introduction	p. 184
Understanding Packets and Packet Filtering	p. 184
Packet-Filtering Devices	p. 184
Anatomy of a Packet	p. 185
Packet-Filtering Rules	p. 187
Packet-Filtering Methods	p. 189
Stateless Packet Filtering	p. 190
Stateful Packet Filtering	p. 195
Filtering Based on Packet Content	p. 197
Setting Specific Packet Filter Rules	p. 197
Best Practices for Firewall Rules	p. 197
Rules That Cover Multiple Variations	p. 199
Rules for ICMP Packets	p. 199
Rules That Enable Web Access	p. 201
Rules That Enable DNS	p. 202
Rules That Enable FTP	p. 202
Rules That Enable E-Mail	p. 203
Chapter Summary	p. 205
Review Questions	p. 205
Exercises	p. 206
Case Exercises	p. 207
Chapter 7 Working with Proxy Servers and Application-Level Firewalls	p. 209
Introduction	p. 210
Overview of Proxy Servers	p. 210
How Proxy Servers Work	p. 210
How Proxy Servers Differ from Packet Filters	p. 212
Sample Proxy Server Configurations	p. 212
Goals of Proxy Servers	p. 214
Concealing Internal Clients	p. 215
Blocking URLs	p. 216
Blocking and Filtering Content	p. 216
E-Mail Proxy Protection	p. 217
Improving Performance	p. 217
Ensuring Security	p. 218
Providing User Authentication	p. 218
Redirecting URLs	p. 219
Proxy Server Configuration Considerations	p. 219
Providing for Scalability	p. 219
Working with Client Configurations	p. 219
Working with Service Configurations	p. 221
Creating Filter Rules	p. 221
Recognizing the Single Point of Failure	p. 222
Recognizing Buffer Overflow Vulnerabilities	p. 222
Choosing a Proxy Server	p. 222
Transparent Proxies	p. 222
Nontransparent Proxies	p. 223
SOCKS-Based Proxies	p. 223
Proxy Server-Based Firewalls Compared	p. 224
T.REX Open-Source Firewall	p. 225
Squid	p. 225
WinGate	p. 225
Symantec Enterprise Firewall	p. 226
Microsoft Internet Security & Acceleration Server	p. 226
Reverse Proxies	p. 226
When a Proxy Service Isn't the Correct Choice	p. 228
Chapter Summary	p. 229
Review Questions	p. 229
Exercises	p. 230
Case Exercises	p. 231
Chapter 8 Firewall Configuration and Administration	p. 233
Introduction	p. 234
Establishing Firewall Rules and Restrictions	p. 235
The Role of the Rules File	p. 235
Restrictive Firewalls	p. 235
Connectivity-Based Firewalls	p. 236
Firewall Configuration Strategies	p. 237
Scalability	p. 237
Productivity	p. 237
Dealing with IP Address Issues	p. 238
Approaches That Add Functionality to Your Firewall	p. 239
NAT/PAT	p. 239
Encryption	p. 239
Application Proxies	p. 240
VPNs	p. 240
Intrusion Detection and Prevention Systems	p. 241
Enabling a Firewall to Meet New Needs	p. 243
Verifying Resources Needed by the Firewall	p. 244
Identifying New Risks	p. 245
Adding Software Updates and Patches	p. 245
Adding Hardware	p. 246
Dealing with Complexity on the Network	p. 247
Adhering to Proven Security Principles	p. 248
Environmental Management	p. 248
BIOS, Boot, and Screen Locks	p. 248
Remote Management Interface	p. 249
Why Remote Management Tools Are Important	p. 249
Security Concerns	p. 250
Basic Features of Remote Management Tools	p. 250
Automating Security Checks	p. 251
Configuring Advanced Firewall Functions	p. 251
Data Caching	p. 251
Hot Standby Redundancy	p. 252
Load Balancing	p. 253
Filtering Content	p. 254
Chapter Summary	p. 256
Review Questions	p. 257
Exercises	p. 257
Case Exercises	p. 258
Chapter 9 Encryption and Firewalls	p. 259
Introduction	p. 260
Firewalls and Encryption	p. 260
The Cost of Encryption	p. 262
Preserving Data Integrity	p. 262
Maintaining Confidentiality	p. 262
Authenticating Network Clients	p. 263
Enabling Virtual Private Networks (VPNs)	p. 263
Principles of Cryptography	p. 263
Encryption Definitions	p. 264
Cryptographic Notation	p. 264
Encryption Operations	p. 265
Using Cryptographic Controls	p. 276
E-mail Security	p. 277
Securing the Web	p. 277
Securing Authentication	p. 278
Attacks on Cryptosystems	p. 280
Man-in-the-Middle Attack	p. 281
Correlation Attacks	p. 281
Dictionary Attacks	p. 281
Timing Attacks	p. 282
Defending from Attacks	p. 282
Chapter Summary	p. 283
Review Questions	p. 283
Exercises	p. 284
Case Exercises	p. 285
Chapter 10 Authenticating Users	p. 287
Introduction	p. 288
The Authentication Process in General	p. 288
How Firewalls Implement the Authentication Process	p. 289
Firewall Authentication Methods	p. 290
User Authentication	p. 291
Client Authentication	p. 291
Session Authentication	p. 292
Centralized Authentication	p. 293
Kerberos	p. 294
TACACS+	p. 295
Remote Authentication Dial-In User Service (RADIUS)	p. 296
TACACS+ and RADIUS Compared	p. 296
Password Security Issues	p. 298
Passwords That Can Be Cracked	p. 298
Password Vulnerabilities	p. 298
Lax Security Habits	p. 298
Password Security Tools	p. 299
One-Time Password Software	p. 299
The Shadow Password System	p. 299
Other Authentication Systems	p. 300
Single-Password Systems	p. 300
One-Time Password Systems	p. 300
Certificate-Based Authentication	p. 301
802.1X Wi-Fi Authentication	p. 302
Chapter Summary	p. 303
Review Questions	p. 303
Exercises	p. 304
Case Exercises	p. 305
Chapter 11 Setting Up a Virtual Private Network	p. 307
Introduction	p. 308
VPN Components and Operations	p. 309
VPN Components	p. 309
Essential Activities of VPNs	p. 313
Benefits and Drawbacks of VPNs	p. 314
VPNs Extend Network Boundaries	p. 314
Types of VPNs	p. 315
VPN Appliances	p. 316
Software VPN Systems	p. 317
VPN Combinations of Hardware and Software	p. 318
Combination VPNs	p. 318
VPN Setups	p. 318
Mesh Configuration	p. 318
Hub-and-Spoke Configuration	p. 319
Hybrid Configuration	p. 321
Configurations and Extranet and Intranet Access	p. 321
Tunneling Protocols Used with VPNs	p. 322
IPSec/IKE	p. 322
PPTP	p. 323
L2TP	p. 324
PPP Over SSL/PPP Over SSH	p. 324
Enabling Remote Access Connections Within VPNs	p. 325
Configuring the Server	p. 325
Configuring Clients	p. 326
VPN Best Practices	p. 327
The Need for a VPN Policy	p. 327
Packet Filtering and VPNs	p. 327
Auditing and Testing the VPN	p. 330
Chapter Summary	p. 33
Review Questions	p. 334
Exercises	p. 334
Case Exercises	p. 335
Chapter 12 Contingency Planning	p. 337
Introduction	p. 338
What Is Contingency Planning?	p. 339
Components of Contingency Planning	p. 341
Business Impact Analysis	p. 342
Incident Response Plan	p. 343
Disaster Recovery Plan	p. 344
Business Continuity Plan	p. 344
Incident Response: Preparation, Organization, and Prevention	p. 345
Planning for the Response During the Incident	p. 347
Planning for After the Incident	p. 349
Planning for Before the Incident	p. 349
Incident Classification and Detection	p. 351
Classifying Incidents	p. 352
Data Collection	p. 354
Detecting Compromised Software	p. 356
Challenges in Intrusion Detection	p. 357
Incident Reaction	p. 357
Selecting an IR Strategy	p. 357
Notification	p. 359
Documenting an Incident	p. 360
Incident Containment Strategies	p. 360
Interviewing Individuals Involved in the Incident	p. 361
Recovering from Incidents	p. 361
Identify and Resolve Vulnerabilities	p. 362
Restore Data	p. 363
Restore Services and Processes	p. 363
Restore Confidence Across the Organization	p. 363
IR Plan Maintenance	p. 363
The After-Action Review	p. 363
IR Plan Review and Maintenance	p. 365
Training	p. 365
Rehearsal	p. 365
Data and Application Resumption	p. 366
Disk-to-Disk-to-Tape	p. 366
Backup Strategies	p. 366
Tape Backup and Recovery	p. 367
Redundancy-Based Backup and Recovery Using RAID	p. 369
Database Backups	p. 371
Application Backups	p. 372
Real-Time Protection, Server Recovery, and Application Recovery	p. 372
Service Agreements	p. 377
Chapter Summary	p. 378
Review Questions	p. 379
Exercises	p. 379
Case Exercises	p. 380
Chapter 13 Intrusion Detection and Prevention Systems	p. 383
Introduction	p. 384
Intrusion Detection and Prevention	p. 384
IDPS Terminology	p. 385
Why Use an IDPS?	p. 387
Network-Based IDPS	p. 390
Host-Based IDPS	p. 394
IDPS Detection Methods	p. 396
IDPS Response Behavior	p. 398
Selecting IDPS Approaches and Products	p. 401
Strengths and Limitations of IDPSs	p. 406
Deployment and Implementation of an IDPS	p. 407
Measuring the Effectiveness of IDPSs	p. 415
Honey Pots, Honey Nets, and Padded Cell System	p. 417
Trap and Trace Systems	p. 419
Active Intrusion Prevention	p. 420
Chapter Summary	p. 420
Review Questions	p. 421
Exercises	p. 422
Case Exercises	p. 422
Chapter 14 Digital Forensics	p. 425
Introduction	p. 426
The Digital Forensic Team	p. 426
The First Response Team	p. 427
The Analysis Team	p. 428
Digital Forensics Methodology	p. 430
Affidavits and Search Warrants	p. 430
Acquiring the Evidence	p. 432
Identifying Sources	p. 432
Authenticating Evidence	p. 433
Collecting Evidence	p. 434
Maintaining the Chain of Custody	p. 447
Analyzing Evidence	p. 449
Searching for Evidence	p. 451
Reporting the Findings	p. 453
Interacting with Law Enforcement	p. 453
Anti-Forensics	p. 455
Chapter Summary	p. 456
Review Questions	p. 456
Exercises	p. 457
Case Exercise	p. 457
Glossary	p. 459
Index	p. 473

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents