Title:
Computer system security : basic concepts and solved exercises
Personal Author:
Series:
Computer and communication sciences
Publication Information:
Lausanne, Switzerland : EFPL Press, 2007
Physical Description:
xii, 260 p. : ill. ; 25 cm.
ISBN:
9781420046205
Subject Term:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010203289 | QA76.9.A25 A96 2004 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Computer System Security: Basic Concepts and Solved Exercises is designed to expose students and others to the basic aspects of computer security. Written by leading experts and instructors, it covers e-mail security; viruses and antivirus programs; program and network vulnerabilities; firewalls, address translation and filtering; cryptography; secure communications; secure applications; and security management. Written as an accompanying text for courses on network protocols, it also provides a basic tutorial for those whose livelihood is dependent upon secure systems. The solved exercises included have been taken from courses taught in the Communication Systems department at the EPFL.
.
Author Notes
Gildas Avoine is postdoctoral researcher at the Massachusetts Institute of Technology
Philippe Oechslin has worked in research at Bell Labs and at the University College of London
Table of Contents
| Foreword | p. xi |
| Chapter 1 Forged E-Mail and Spam | p. 1 |
| 1.1 Forging E-Mail Headers | p. 1 |
| 1.2 Spamming | p. 3 |
| 1.3 Notes | p. 7 |
| Exercises | p. 8 |
| 1 Forged E-Mail | p. 8 |
| 2 Web Mail Services and Anonymity | p. 8 |
| 3 Information Disclosure | p. 8 |
| 4 Spam and Open Relays | p. 8 |
| 5 SMTP Servers that Allow Relaying | p. 9 |
| 6 Anonymous Mails | p. 9 |
| 7 Rules to Avoid Open Relay | p. 10 |
| 8 Anti-Spam Software | p. 10 |
| 9 Prevention against Spam | p. 10 |
| Solutions | p. 11 |
| Chapter 2 Malwares | p. 19 |
| 2.1 Description and Classification | p. 19 |
| 2.2 Protection | p. 28 |
| 2.3 Notes | p. 31 |
| Exercises | p. 32 |
| 10 Viruses and Worms | p. 32 |
| 11 Backdoors and Trojan Horses | p. 32 |
| 12 Undetectable Viruses | p. 33 |
| 13 Virus with an Encrypted Attached File | p. 33 |
| 14 BIOS Virus | p. 33 |
| 15 Analysis of a Malware | p. 34 |
| 16 Virus Detection | p. 35 |
| 17 Antivirus Software | p. 35 |
| 18 Filtering Attached Files | p. 36 |
| 19 Restoring the System after Infection | p. 36 |
| Solutions | p. 37 |
| Chapter 3 Network and Application Vulnerabilities | p. 43 |
| 3.1 TCP/IP Basics | p. 43 |
| 3.2 Denial of Service | p. 46 |
| 3.3 IP Spoofing | p. 51 |
| 3.4 Session Hijacking | p. 53 |
| 3.5 Sniffing | p. 55 |
| 3.6 Exploits | p. 56 |
| 3.7 Notes | p. 60 |
| Exercises | p. 61 |
| 20 Denial of Service Attack | p. 61 |
| 21 Kevin Mitnick's Attack | p. 61 |
| 22 IP Spoofing | p. 63 |
| 23 TCP Hijacking | p. 64 |
| 24 Network Traffic Analysis | p. 65 |
| 25 ARP/DNS Spoofing | p. 66 |
| 26 DHCP Vulnerabilities | p. 68 |
| 27 Reminder on C Pointers | p. 69 |
| 28 Address Modification in the Stack | p. 69 |
| 29 Exploit on a Program in C | p. 70 |
| 30 Vulnerabilities of CGI Scripts | p. 71 |
| 31 SQL Injection | p. 72 |
| Solutions | p. 73 |
| Chapter 4 Firewalls and Proxies | p. 85 |
| 4.1 Firewalls | p. 85 |
| 4.2 Proxies | p. 103 |
| 4.3 Notes | p. 111 |
| Exercises | p. 112 |
| 32 Basic Principles for Configuring a Firewall | p. 112 |
| 33 Filtering Rules for a Stateless Firewall | p. 112 |
| 34 Filtering Rules for a Stateless Firewall (2) | p. 112 |
| 35 Filtering Rules for a Stateful Firewall | p. 113 |
| 36 Vulnerabilities of a Stateless Firewall | p. 113 |
| 37 Network Address Translation | p. 114 |
| 38 E-mail Headers | p. 114 |
| 39 Maximum Number of TCP Connections | p. 115 |
| 40 Peer-to-Peer | p. 115 |
| 41 FTP Client using NAT | p. 115 |
| 42 FTP Server using NAT | p. 115 |
| 43 Fool of Addresses | p. 115 |
| 44 Connection Authentication | p. 116 |
| 45 HTTPS Proxies' Security | p. 116 |
| 46 FTP Proxy | p. 116 |
| 47 Transparent Proxy | p. 117 |
| 48 Proxy Circumvention | p. 117 |
| 49 Intrusion Detection | p. 118 |
| 50 Intrusion Detection System and Proxy | p. 119 |
| 51 Wild Modems | p. 119 |
| 52 Network Security Assessment | p. 119 |
| 53 Startup SAs Network Security | p. 127 |
| Solutions | p. 129 |
| Chapter 5 Cryptography | p. 147 |
| 5.1 Main Goals of Cryptography | p. 147 |
| 5.2 Symmetric-Key Cryptography | p. 148 |
| 5.3 Asymmetric Cryptography | p. 150 |
| 5.4 Cryptanalysis | p. 153 |
| 5.5 Notes | p. 154 |
| Exercises | p. 156 |
| 54 Kerckhoffs' Principles | p. 156 |
| 55 Security Objectives | p. 156 |
| 56 RSA Algorithm | p. 156 |
| 57 Decryption of an Encrypted Message Using RSA | p. 157 |
| 58 RSA Vulnerabilities | p. 157 |
| 59 Exhaustive Search for Symmetric Keys | p. 157 |
| 60 Exhaustive Search for Asymmetric Keys | p. 158 |
| 61 Hash Functions and the Birthday Paradox | p. 158 |
| 62 Symmetric Encryption Modes | p. 158 |
| 63 Symmetric and Asymmetric Encryption | p. 160 |
| 64 Loss of a Private Key | p. 160 |
| 65 Certificates | p. 161 |
| Solutions | p. 162 |
| Chapter 6 Secure Communications | p. 169 |
| 6.1 Virtual Private Networks | p. 169 |
| 6.2 Transport Layer Security | p. 175 |
| 6.3 Secure Shell | p. 177 |
| 6.4 Notes | p. 178 |
| Exercises | p. 179 |
| 66 L2TP | p. 179 |
| 67 IPSec | p. 180 |
| 68 L2TP and IPSec | p. 180 |
| 69 IPSec Between Intermediate Routers | p. 180 |
| 70 IPSec and NAT | p. 181 |
| 71 IKE | p. 181 |
| 72 IKE's Main Mode and Aggressive Mode | p. 181 |
| 73 SSH and VPN | p. 182 |
| 74 Use of SSH | p. 183 |
| 75 Authentication Without Passwords Using SSH | p. 183 |
| 76 SSL/TLS | p. 184 |
| 77 HTTPS | p. 184 |
| 78 Remote Access to a Mail Server | p. 184 |
| Solutions | p. 186 |
| Chapter 7 Security at the User Level | p. 195 |
| 7.1 Password-Based Authentication | p. 195 |
| 7.2 Challenge-Response Protocols | p. 202 |
| 7.3 Kerberos: A Network Authentication Protocol | p. 203 |
| 7.4 PGP: Pretty Good Privacy | p. 206 |
| 7.5 Notes | p. 211 |
| Exercises | p. 212 |
| 79 Authentication Using Passwords | p. 212 |
| 80 Types of Authentication | p. 212 |
| 81 Password Hashes | p. 212 |
| 82 Password Cracking Using an Exhaustive Search | p. 213 |
| 83 Password Cracking Using a Dictionary | p. 213 |
| 84 Stolen Hashes | p. 213 |
| 85 Authentication on a Web Site | p. 214 |
| 86 Physical Access Control | p. 214 |
| 87 Wireless Local Area Network | p. 217 |
| 88 Kerberos Authentication System | p. 218 |
| 89 Kerberos Key Server | p. 218 |
| 90 Stealing Kerberos Keys | p. 218 |
| 91 Kerberos Tickets | p. 219 |
| 92 Third-Party-Based Authentication Protocol | p. 219 |
| 93 Authentication with a Centralized Server | p. 220 |
| 94 PGP Certificates and S/MIME | p. 222 |
| 95 Generating PGP Keys | p. 222 |
| 96 Distinguishing the Keys in PGP | p. 223 |
| 97 PGP Web of Trust | p. 223 |
| 98 PGP Deployment | p. 223 |
| 99 Approaches to Secure E-Mails | p. 224 |
| 100 Choosing a Layer to Secure Communications | p. 225 |
| Solutions | p. 226 |
| Chapter 8 Management of Information Security | p. 243 |
| 8.1 Risk Analysis | p. 243 |
| 8.2 Key Documents | p. 244 |
| 8.3 ISO 27001: the Information Security Management System | p. 245 |
| 8.4 ISO 17799: Code of Practice for Information Security Management | p. 246 |
| 8.5 The German IT Baseline Protection Manual | p. 247 |
| 8.6 The Common Criteria | p. 248 |
| 8.7 Notes | p. 250 |
| Exercises | p. 251 |
| 101 Your Position as a Security Officer | p. 251 |
| 102 Documentation | p. 251 |
| 103 Security Standards | p. 251 |
| 104 The Security Gap | p. 252 |
| 105 Risk Analysis | p. 252 |
| 106 Audit | p. 253 |
| Solutions | p. 254 |
| Acronyms | p. 257 |
| References | p. 259 |
