Guide to firewalls and network security : intrusion detection and VPNs.

cover image

Where to find it

Information & Library Science Library

Call Number
TK5105.59 .G85 2009
Status
Available

Authors, etc.

Names:

Summary

Firewalls are among the best-known security tools in use today, and their critical role ininformation security continues to grow. However, firewalls are most effective when they arebacked by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response.

Contents

  • Introduction p. xvii
  • Chapter 1 Introduction to Information Security p. 1
  • Introduction p. 2
  • What Is Information Security? p. 3
  • Critical Characteristics of Information p. 4
  • CNSS Security Model p. 5
  • Securing Components p. 6
  • Balancing Information Security and Access p. 6
  • Business Needs First p. 7
  • Protecting the Functionality of an Organization p. 7
  • Enabling the Safe Operation of Applications p. 8
  • Protecting Data That Organizations Collect and Use p. 8
  • Safeguarding Technology Assets in Organizations p. 8
  • Security Professionals and the Organization p. 8
  • Data Ownership p. 9
  • Threats p. 10
  • Human Error or Failure p. 11
  • Compromises to Intellectual Property p. 12
  • Espionage or Trespass p. 13
  • Information Extortion p. 16
  • Sabotage or Vandalism p. 16
  • Theft p. 17
  • Software Attacks p. 17
  • Forces of Nature p. 20
  • Deviations in Quality of Service p. 21
  • Hardware Failures or Errors p. 22
  • Software Failures or Errors p. 23
  • Obsolescence p. 23
  • Attacks p. 23
  • Malicious Code p. 23
  • "Hoaxes" p. 24
  • Back Doors p. 24
  • Password Crack p. 25
  • Brute Force p. 25
  • Dictionary p. 25
  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) p. 25
  • Spoofing p. 26
  • Man-in-the-Middle p. 27
  • Spam p. 28
  • Mail Bombing p. 28
  • Sniffers p. 28
  • Social Engineering p. 28
  • Buffer Overflow p. 30
  • Timing Attack p. 30
  • Chapter Summary p. 30
  • Review Questions p. 31
  • Exercises p. 32
  • Case Exercises p. 33
  • Chapter 2 An Introduction to Networking p. 37
  • Introduction p. 38
  • Networking Fundamentals p. 38
  • Reasons to Network p. 39
  • Types of Networks p. 40
  • Network Standards p. 42
  • Internet Society (ISOC) p. 42
  • Internet Assigned Numbers Authority (IANA) p. 42
  • American National Standards Institute (ANSI) p. 43
  • International Telecommunication Union (ITU) p. 43
  • Institute of Electrical and Electronics Engineers (IEEE) p. 43
  • Telecommunications Industry Association (TIA) p. 43
  • International Organization for Standardization (ISO) p. 44
  • OSI Reference Model and Security p. 44
  • The Physical Layer p. 45
  • Data Link Layer p. 53
  • Network Layer p. 56
  • Transport Layer p. 59
  • Session Layer p. 64
  • Presentation Layer p. 64
  • Application Layer p. 64
  • The Internet and TCP/IP p. 66
  • The World Wide Web p. 66
  • TCP/IP p. 67
  • Chapter Summary p. 69
  • Review Questions p. 70
  • Exercises p. 71
  • Case Exercises p. 71
  • Chapter 3 Security Policies, Standards, and Planning p. 73
  • Introduction p. 74
  • Information Security Policy, Standards, and Practices p. 75
  • Definitions p. 75
  • Enterprise Information Security Policy (EISP) p. 77
  • Issue-Specific Security Policy (ISSP) p. 78
  • System-Specific Policy (SysSP) p. 81
  • Policy Management p. 83
  • Frameworks and Industry Standards p. 85
  • The ISO 27000 Series p. 86
  • NIST Security Models p. 90
  • IETF Security Architecture p. 91
  • Benchmarking and Best Business Practices p. 91
  • Security Architecture p. 92
  • Security Education, Training, and Awareness Program p. 95
  • Security Education p. 96
  • Security Training p. 96
  • Security Awareness p. 97
  • Continuity Strategies p. 98
  • Business Impact Analysis p. 101
  • Incident Response Planning p. 104
  • Disaster Recovery Planning p. 104
  • Business Continuity Planning p. 105
  • Crisis Management p. 106
  • Chapter Summary p. 107
  • Review Questions p. 108
  • Exercises p. 109
  • Case Exercises p. 110
  • Chapter 4 Finding Network Vulnerabilities p. 113
  • Introduction p. 114
  • Common Vulnerabilities p. 114
  • Defects in Software or Firmware p. 114
  • Weaknesses in Processes and Procedures p. 121
  • Scanning and Analysis Tools p. 121
  • Port Scanners p. 125
  • Firewall Analysis Tools p. 126
  • Operating System Detection Tools p. 127
  • Vulnerability Scanners p. 128
  • Packet Sniffers p. 133
  • Wireless Security Tools p. 134
  • Penetration Testing p. 135
  • Chapter Summary p. 138
  • Review Questions p. 138
  • Exercises p. 139
  • Case Exercises p. 139
  • Chapter 5 Firewall Planning and Design p. 141
  • Introduction p. 142
  • Misconceptions About Firewalls p. 143
  • Firewalls Explained p. 143
  • An Analogy: Office Tower Security Guard p. 144
  • Firewall Security Features p. 145
  • Firewall User Protection p. 145
  • Firewall Network Perimeter Security p. 145
  • Firewall Components p. 146
  • Firewall Security Tasks p. 147
  • Types of Firewall Protection p. 152
  • Packet Filtering p. 152
  • PAT and NAT p. 159
  • Application Layer Gateways p. 160
  • Firewall Categories p. 162
  • Processing Mode p. 162
  • Firewall Generation p. 164
  • Firewall Structures p. 165
  • Firewall Architectures p. 174
  • Limitations of Firewalls p. 178
  • Chapter Summary p. 178
  • Review Questions p. 179
  • Exercises p. 180
  • Case Exercises p. 181
  • Chapter 6 Packet Filtering p. 183
  • Introduction p. 184
  • Understanding Packets and Packet Filtering p. 184
  • Packet-Filtering Devices p. 184
  • Anatomy of a Packet p. 185
  • Packet-Filtering Rules p. 187
  • Packet-Filtering Methods p. 189
  • Stateless Packet Filtering p. 190
  • Stateful Packet Filtering p. 195
  • Filtering Based on Packet Content p. 197
  • Setting Specific Packet Filter Rules p. 197
  • Best Practices for Firewall Rules p. 197
  • Rules That Cover Multiple Variations p. 199
  • Rules for ICMP Packets p. 199
  • Rules That Enable Web Access p. 201
  • Rules That Enable DNS p. 202
  • Rules That Enable FTP p. 202
  • Rules That Enable E-Mail p. 203
  • Chapter Summary p. 205
  • Review Questions p. 205
  • Exercises p. 206
  • Case Exercises p. 207
  • Chapter 7 Working with Proxy Servers and Application-Level Firewalls p. 209
  • Introduction p. 210
  • Overview of Proxy Servers p. 210
  • How Proxy Servers Work p. 210
  • How Proxy Servers Differ from Packet Filters p. 212
  • Sample Proxy Server Configurations p. 212
  • Goals of Proxy Servers p. 214
  • Concealing Internal Clients p. 215
  • Blocking URLs p. 216
  • Blocking and Filtering Content p. 216
  • E-Mail Proxy Protection p. 217
  • Improving Performance p. 217
  • Ensuring Security p. 218
  • Providing User Authentication p. 218
  • Redirecting URLs p. 219
  • Proxy Server Configuration Considerations p. 219
  • Providing for Scalability p. 219
  • Working with Client Configurations p. 219
  • Working with Service Configurations p. 221
  • Creating Filter Rules p. 221
  • Recognizing the Single Point of Failure p. 222
  • Recognizing Buffer Overflow Vulnerabilities p. 222
  • Choosing a Proxy Server p. 222
  • Transparent Proxies p. 222
  • Nontransparent Proxies p. 223
  • SOCKS-Based Proxies p. 223
  • Proxy Server-Based Firewalls Compared p. 224
  • T.REX Open-Source Firewall p. 225
  • Squid p. 225
  • WinGate p. 225
  • Symantec Enterprise Firewall p. 226
  • Microsoft Internet Security & Acceleration Server p. 226
  • Reverse Proxies p. 226
  • When a Proxy Service Isn't the Correct Choice p. 228
  • Chapter Summary p. 229
  • Review Questions p. 229
  • Exercises p. 230
  • Case Exercises p. 231
  • Chapter 8 Firewall Configuration and Administration p. 233
  • Introduction p. 234
  • Establishing Firewall Rules and Restrictions p. 235
  • The Role of the Rules File p. 235
  • Restrictive Firewalls p. 235
  • Connectivity-Based Firewalls p. 236
  • Firewall Configuration Strategies p. 237
  • Scalability p. 237
  • Productivity p. 237
  • Dealing with IP Address Issues p. 238
  • Approaches That Add Functionality to Your Firewall p. 239
  • NAT/PAT p. 239
  • Encryption p. 239
  • Application Proxies p. 240
  • VPNs p. 240
  • Intrusion Detection and Prevention Systems p. 241
  • Enabling a Firewall to Meet New Needs p. 243
  • Verifying Resources Needed by the Firewall p. 244
  • Identifying New Risks p. 245
  • Adding Software Updates and Patches p. 245
  • Adding Hardware p. 246
  • Dealing with Complexity on the Network p. 247
  • Adhering to Proven Security Principles p. 248
  • Environmental Management p. 248
  • BIOS, Boot, and Screen Locks p. 248
  • Remote Management Interface p. 249
  • Why Remote Management Tools Are Important p. 249
  • Security Concerns p. 250
  • Basic Features of Remote Management Tools p. 250
  • Automating Security Checks p. 251
  • Configuring Advanced Firewall Functions p. 251
  • Data Caching p. 251
  • Hot Standby Redundancy p. 252
  • Load Balancing p. 253
  • Filtering Content p. 254
  • Chapter Summary p. 256
  • Review Questions p. 257
  • Exercises p. 257
  • Case Exercises p. 258
  • Chapter 9 Encryption and Firewalls p. 259
  • Introduction p. 260
  • Firewalls and Encryption p. 260
  • The Cost of Encryption p. 262
  • Preserving Data Integrity p. 262
  • Maintaining Confidentiality p. 262
  • Authenticating Network Clients p. 263
  • Enabling Virtual Private Networks (VPNs) p. 263
  • Principles of Cryptography p. 263
  • Encryption Definitions p. 264
  • Cryptographic Notation p. 264
  • Encryption Operations p. 265
  • Using Cryptographic Controls p. 276
  • E-mail Security p. 277
  • Securing the Web p. 277
  • Securing Authentication p. 278
  • Attacks on Cryptosystems p. 280
  • Man-in-the-Middle Attack p. 281
  • Correlation Attacks p. 281
  • Dictionary Attacks p. 281
  • Timing Attacks p. 282
  • Defending from Attacks p. 282
  • Chapter Summary p. 283
  • Review Questions p. 283
  • Exercises p. 284
  • Case Exercises p. 285
  • Chapter 10 Authenticating Users p. 287
  • Introduction p. 288
  • The Authentication Process in General p. 288
  • How Firewalls Implement the Authentication Process p. 289
  • Firewall Authentication Methods p. 290
  • User Authentication p. 291
  • Client Authentication p. 291
  • Session Authentication p. 292
  • Centralized Authentication p. 293
  • Kerberos p. 294
  • TACACS+ p. 295
  • Remote Authentication Dial-In User Service (RADIUS) p. 296
  • TACACS+ and RADIUS Compared p. 296
  • Password Security Issues p. 298
  • Passwords That Can Be Cracked p. 298
  • Password Vulnerabilities p. 298
  • Lax Security Habits p. 298
  • Password Security Tools p. 299
  • One-Time Password Software p. 299
  • The Shadow Password System p. 299
  • Other Authentication Systems p. 300
  • Single-Password Systems p. 300
  • One-Time Password Systems p. 300
  • Certificate-Based Authentication p. 301
  • 802.1X Wi-Fi Authentication p. 302
  • Chapter Summary p. 303
  • Review Questions p. 303
  • Exercises p. 304
  • Case Exercises p. 305
  • Chapter 11 Setting Up a Virtual Private Network p. 307
  • Introduction p. 308
  • VPN Components and Operations p. 309
  • VPN Components p. 309
  • Essential Activities of VPNs p. 313
  • Benefits and Drawbacks of VPNs p. 314
  • VPNs Extend Network Boundaries p. 314
  • Types of VPNs p. 315
  • VPN Appliances p. 316
  • Software VPN Systems p. 317
  • VPN Combinations of Hardware and Software p. 318
  • Combination VPNs p. 318
  • VPN Setups p. 318
  • Mesh Configuration p. 318
  • Hub-and-Spoke Configuration p. 319
  • Hybrid Configuration p. 321
  • Configurations and Extranet and Intranet Access p. 321
  • Tunneling Protocols Used with VPNs p. 322
  • IPSec/IKE p. 322
  • PPTP p. 323
  • L2TP p. 324
  • PPP Over SSL/PPP Over SSH p. 324
  • Enabling Remote Access Connections Within VPNs p. 325
  • Configuring the Server p. 325
  • Configuring Clients p. 326
  • VPN Best Practices p. 327
  • The Need for a VPN Policy p. 327
  • Packet Filtering and VPNs p. 327
  • Auditing and Testing the VPN p. 330
  • Chapter Summary p. 33
  • Review Questions p. 334
  • Exercises p. 334
  • Case Exercises p. 335
  • Chapter 12 Contingency Planning p. 337
  • Introduction p. 338
  • What Is Contingency Planning? p. 339
  • Components of Contingency Planning p. 341
  • Business Impact Analysis p. 342
  • Incident Response Plan p. 343
  • Disaster Recovery Plan p. 344
  • Business Continuity Plan p. 344
  • Incident Response: Preparation, Organization, and Prevention p. 345
  • Planning for the Response During the Incident p. 347
  • Planning for After the Incident p. 349
  • Planning for Before the Incident p. 349
  • Incident Classification and Detection p. 351
  • Classifying Incidents p. 352
  • Data Collection p. 354
  • Detecting Compromised Software p. 356
  • Challenges in Intrusion Detection p. 357
  • Incident Reaction p. 357
  • Selecting an IR Strategy p. 357
  • Notification p. 359
  • Documenting an Incident p. 360
  • Incident Containment Strategies p. 360
  • Interviewing Individuals Involved in the Incident p. 361
  • Recovering from Incidents p. 361
  • Identify and Resolve Vulnerabilities p. 362
  • Restore Data p. 363
  • Restore Services and Processes p. 363
  • Restore Confidence Across the Organization p. 363
  • IR Plan Maintenance p. 363
  • The After-Action Review p. 363
  • IR Plan Review and Maintenance p. 365
  • Training p. 365
  • Rehearsal p. 365
  • Data and Application Resumption p. 366
  • Disk-to-Disk-to-Tape p. 366
  • Backup Strategies p. 366
  • Tape Backup and Recovery p. 367
  • Redundancy-Based Backup and Recovery Using RAID p. 369
  • Database Backups p. 371
  • Application Backups p. 372
  • Real-Time Protection, Server Recovery, and Application Recovery p. 372
  • Service Agreements p. 377
  • Chapter Summary p. 378
  • Review Questions p. 379
  • Exercises p. 379
  • Case Exercises p. 380
  • Chapter 13 Intrusion Detection and Prevention Systems p. 383
  • Introduction p. 384
  • Intrusion Detection and Prevention p. 384
  • IDPS Terminology p. 385
  • Why Use an IDPS? p. 387
  • Network-Based IDPS p. 390
  • Host-Based IDPS p. 394
  • IDPS Detection Methods p. 396
  • IDPS Response Behavior p. 398
  • Selecting IDPS Approaches and Products p. 401
  • Strengths and Limitations of IDPSs p. 406
  • Deployment and Implementation of an IDPS p. 407
  • Measuring the Effectiveness of IDPSs p. 415
  • Honey Pots, Honey Nets, and Padded Cell System p. 417
  • Trap and Trace Systems p. 419
  • Active Intrusion Prevention p. 420
  • Chapter Summary p. 420
  • Review Questions p. 421
  • Exercises p. 422
  • Case Exercises p. 422
  • Chapter 14 Digital Forensics p. 425
  • Introduction p. 426
  • The Digital Forensic Team p. 426
  • The First Response Team p. 427
  • The Analysis Team p. 428
  • Digital Forensics Methodology p. 430
  • Affidavits and Search Warrants p. 430
  • Acquiring the Evidence p. 432
  • Identifying Sources p. 432
  • Authenticating Evidence p. 433
  • Collecting Evidence p. 434
  • Maintaining the Chain of Custody p. 447
  • Analyzing Evidence p. 449
  • Searching for Evidence p. 451
  • Reporting the Findings p. 453
  • Interacting with Law Enforcement p. 453
  • Anti-Forensics p. 455
  • Chapter Summary p. 456
  • Review Questions p. 456
  • Exercises p. 457
  • Case Exercise p. 457
  • Glossary p. 459
  • Index p. 473

Other details