Scribd
Upload
705 views49 pages

Guide To Network Defense and Countermeasures 3rd Edition PDF

Guide to Network Defense and Countermeasures 3rd Edition

Uploaded by

aitbaddas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
705 views49 pages

Guide To Network Defense and Countermeasures 3rd Edition PDF

Guide to Network Defense and Countermeasures 3rd Edition

Uploaded by

aitbaddas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

Find the original Textbook (PDF) in the link below:

CLICK HERE
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
CHAPTER 1
Network Security
Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.......................1
Examining Network Security
Fundamentals ..................................................2
Threats to Network
Security .......................................................... 2
Common Attacks and
Defenses ........................................................ 6
Goals of Network
Security ........................................................... 9
Using a Layered Defense Strategy: Defense in
Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 11
Physical
Security.................................................................. 12
Authentication and Password
Security .................................................. 12
Operating System
Security........................................................... 13
Antivirus
Protection ...............................................................
13
Packet
Filtering ..................................................................
13
Firewalls .....................................................................
.. 14
Demilitarized Zone
(DMZ) .......................................................... 15
Intrusion Detection and Prevention System
(IDPS).......................................... 15
Virtual Private Networks
(VPNs)...................................................... 16
Network Auditing and Log
Files ...................................................... 17
Routing and Access Control
Methods .................................................. 18
The Impact of
Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
CHAPTER 2
TCP/IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
The OSI Model and TCP/IP
Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 36
The OSI
Model .................................................................. 36
TCP/IP
Addressing ................................................................
37
Address
Classes ..................................................................
38
Private IP Address
Ranges........................................................... 38
Subnetting ..................................................................
.... 39
Variable Length Subnet
Masking ...................................................... 42
Classless Interdomain
Routing........................................................ 42
Unicasting, Multicasting, and
Broadcasting............................................... 43
Examining Internet Protocol Version 4
(IPv4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 43
IP
Datagrams..................................................................
.. 43
IP Header
Structure ............................................................... 44
ICMP
Messages ..................................................................
46
TCP
Headers ....................................................................
47
UDP
Headers....................................................................
48
Packet
Fragmentation ............................................................
.. 49
The TCP Life Cycle and the TCP Three-Way
Handshake .................................... 51
Domain Name
System ............................................................. 53
Internet Protocol Version 6
(IPv6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 54
IPv6 Core
Protocols ............................................................... 55
IPv6
Addressing .................................................................
. 62
IPv6
Configuration..............................................................
.. 63
IPv6
Utilities ....................................................................
63
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
CHAPTER 3
Network Traffic
Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 79
Examining the Common Vulnerabilities and
Exposures
Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
How CVE
Works................................................................. 80
Scanning CVE Vulnerability
Descriptions ................................................ 82
Understanding Signature
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 83
Bad Header
Information ............................................................ 83
Suspicious Data
Payload ............................................................ 84
Single-Packet
Attacks .............................................................. 85
Multiple-Packet
Attacks ............................................................ 85
Analyzing
Packets ................................................................ 85
Analyzing Traffic
Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Examining Normal Network Traffic
Signatures ........................................... 89
Examining Abnormal Network Traffic
Signatures.......................................... 95
Identifying Suspicious
Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 100
Packet Header
Discrepancies........................................................
101
Advanced
Attacks ............................................................... 104
Remote Procedure Call
Attacks ...................................................... 105
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
CHAPTER 4
Routing
Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Examining the Routing
Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 120
The Address Resolution Protocol
Processes.............................................. 121
Accessing a
Router............................................................... 121
Routing
Tables.................................................................. 122
Static
Routing ..................................................................
122
Dynamic
Routing ................................................................
124
Routing
Metrics................................................................. 124
Choosing a Routing
Protocol ....................................................... 125
Route
Summarization ...........................................................
.. 125
Router Security
Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Creating and Using Access Control
Lists ............................................... 128
Use and
Rules .................................................................. 129
Standard
ACLs ................................................................. 130
Extended
ACLs ................................................................. 131
Named
ACLs................................................................... 132
Examining Cisco Router
Logging .................................................... 133
Cisco Authentication and
Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 136
Router
Passwords................................................................
137
Banners......................................................................
. 139
Remote Access with Secure
Shell ..................................................... 140
Hardening a
Router .............................................................. 143
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
CHAPTER 5
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Components of Cryptographic
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 158
Cryptographic
Primitives........................................................... 158
Encryption
Algorithms ............................................................
162
Hashing
Algorithms ..............................................................
165
Message Authentication
Code ....................................................... 167
Digital
Signatures................................................................
168
Key
Management ..............................................................
.. 169
Examining Cryptography
Standards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 173
Data Encryption
Standard.......................................................... 173
Triple
DES..................................................................... 173
Advanced Encryption
Standard ...................................................... 174
Internet and Web
Standards ........................................................ 174
Internet Protocol
Security .......................................................... 175
Modern Cryptanalysis
Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 179
Side Channel
Attacks ............................................................. 179
Passive
Attacks..................................................................
180
Chosen Ciphertext and Chosen Plaintext
Attacks ......................................... 180
XSL
Attacks ...................................................................
181
Random Number Generator
Attacks .................................................. 181
Related Key
Attacks .............................................................. 181
Integral
Cryptanalysis.............................................................
182
Differential
Cryptanalysis ..........................................................
182
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
CHAPTER 6
Wireless Network
Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 193
Wireless Communications
Primer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 194
Electromagnetic
Radiation ......................................................... 194
Infrared
Transmissions ............................................................
195
Radio Frequency
Transmissions...................................................... 196
Wireless LANs and Their
Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 206
Wireless
NICs .................................................................. 206
Access
Points ...................................................................
206
Antennas.....................................................................
. 208
Remote Wireless
Bridges........................................................... 210
Wireless
Gateways ...............................................................
211
WLAN
Configurations ............................................................
212
Wireless Networking
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 213
IEEE
802.11 ...................................................................
213
Radio Frequency and the
FCC ...................................................... 215
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
CHAPTER 7
Understanding Wireless
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 227
Security Concerns of Wireless
Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 228
IEEE 802.11 Media Access Control:
Frames............................................. 228
Scanning and
Attacks ............................................................. 232
Wardriving and Exploitation of Rogue
Devices........................................... 234
Wireless Man-in-the-Middle
Attacks .................................................. 235
Secure WLAN
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Association with a Wireless
Network.................................................. 235
Wireless
Authentication ...........................................................
236
Default WEP
Keys ............................................................... 239
Key Management Concerns in 802.11
Networks ......................................... 240
MAC Address Filtering and
Spoofing.................................................. 240
Wireless Device
Portability ......................................................... 240
Examining Wireless Security Solutions and
Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 241
Incorporating a Wireless Security
Policy ................................................ 241
Ensuring Physical
Security.......................................................... 242
Planning AP
Placement ............................................................
242
Changing Default Hardware and Software
Settings ........................................ 243
Strong Encryption and
Authentication ................................................. 244
Wireless
Auditing ................................................................
249
AP Logging
Functions............................................................. 250
Best Practices for Wireless Network
Security............................................. 251
Mobile Device
Security ............................................................ 252
Approaches to Mobile Device
Security ................................................. 253
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
CHAPTER 8
Intrusion Detection and Prevention
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 265
Goals of an
IDPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Common Detection
Methodologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 267
Anomaly and Signature Detection
Systems .............................................. 267
Stateful Protocol
Analysis .......................................................... 269
Examining IDPS
Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Sensors and
Agents............................................................... 270
Detection and Prevention
Capabilities ................................................. 272
Command
Console............................................................... 273
Database of Attack Signatures or
Behaviors ............................................. 273
Options for
IDPSs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Network-Based
IDPSs............................................................. 275
Host-Based
IDPSs................................................................ 279
Comparing an NIDPS and
HIDPS .................................................... 282
Hybrid
IDPSs................................................................... 282
Securing IDPS
Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
IDPS Security Best
Practices ........................................................ 284
Developing IDPS Filter
Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 284
Examining Intrusion Detection Step by
Step . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 285
Step 1: Installing the IDPS
Database .................................................. 285
Step 2: Gathering
Data ............................................................ 286
Step 3: Sending Alert
Messages ...................................................... 287
Step 4: The IDPS
Responds......................................................... 287
Step 5: The Administrator Assesses
Damage ............................................. 287
Step 6: Following Escalation
Procedures................................................ 288
Step 7: Logging and Reviewing
Events ................................................. 289
Evaluating IDPS
Products .......................................................... 289
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
CHAPTER 9
Firewalls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Overview of
Firewalls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Comparing Software and Hardware
Firewalls............................................ 308
Software-Based
Firewalls........................................................... 309
Hardware
Firewalls .............................................................. 310
Packet Filtering and Firewall Rule
Sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 311
Stateless Packet
Filtering ........................................................... 312
Stateful Packet
Filtering ........................................................... 313
Packet Filtering Based on
Position .................................................... 314
Firewall Rule
Sets................................................................ 317
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
CHAPTER 10
Firewall Design and
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 343
Designing Firewall
Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 344
Screening
Routers................................................................ 344
Dual-Homed
Hosts .............................................................. 344
Screened
Hosts.................................................................. 346
Screened Subnet
DMZs............................................................ 347
Multiple DMZ/Firewall
Configurations ................................................ 348
Multiple Firewall
Configurations ..................................................... 350
Reverse
Firewalls ................................................................
351
Choosing a Firewall
Configuration ................................................... 353
Examining Proxy
Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 353
Goals of Proxy
Servers ............................................................ 354
How Proxy Servers
Work .......................................................... 355
Choosing a Proxy
Server........................................................... 356
Filtering
Content ................................................................
358
Choosing a Bastion
Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 358
General
Requirements.............................................................
359
Selecting the Bastion Host
Machine ................................................... 359
Choosing an Operating
System ...................................................... 359
Memory and Processor
Speed ....................................................... 360
Location on the
Network .......................................................... 360
Hardening the Bastion
Host ........................................................ 360
Selecting Services to
Provide ........................................................ 361
Using
Honeypots ................................................................
362
Disabling User
Accounts ........................................................... 363
Handling Backups and
Auditing ..................................................... 364
Network Address
Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 364
One-to-One
NAT................................................................ 365
Many-to-One
NAT .............................................................. 365
Firewall Configuration
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 367
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
CHAPTER 11
VPN
Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Understanding VPN
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 386
VPN
Components ..............................................................
. 387
Types of
VPNs.................................................................. 388
Evaluating Business Needs for
VPNs .................................................. 389
Advantages and Disadvantages of
VPNs ............................................... 391
The Three VPN Core
Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 391
Encapsulation ............................................................
...... 391
Encryption...................................................................
.. 398
Authentication ............................................................
...... 404
Examining VPN Design and
Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 406
Mesh
Topology .................................................................
406
Star
Topology ..................................................................
407
Hybrid
Topology ................................................................
408
VPN
Domains ..................................................................
409
Using VPNs with
Firewalls ......................................................... 411
Adjusting Packet-Filtering Rules for
VPNs .............................................. 414
Ensuring Client
Security ........................................................... 416
Auditing VPNs and Setting VPN
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 418
Using VPN
Quarantine ............................................................
418
Logging VPN
Activity............................................................. 419
Auditing Compliance with VPN
Policies................................................ 419
Guidelines for VPN
Policies ........................................................ 420
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
CHAPTER 12
Internet and World Wide Web
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 437
Examining the Structure of the
Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 438
Understanding the Structure of the
Internet ............................................. 438
Tier
System ....................................................................
439
Understanding Weak Points in the Internet’s
Structure...................................... 440
Web Site Attack
Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Attack Techniques Against Web
Servers................................................ 443
Buffer Overflow
Attacks ........................................................... 443
SQL Injection
Attacks............................................................. 445
Attack Techniques Against Web
Users ................................................. 449
Hardening Web and Internet
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 453
Hardening DNS
Servers ........................................................... 453
DNSSEC ....................................................................
.. 455
Hardening Windows Web
Servers .................................................... 456
Configuring Security Settings in Apache Web
Server ....................................... 458
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
CHAPTER 13
Security Policy Design and
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 475
Understanding the Security Policy Life
Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 477
Needs
Assessment................................................................
477
System
Design ..................................................................
478
System
Implementation ..........................................................
.. 478
Performance
Monitoring ........................................................... 478
Examining the Concepts of Risk
Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 479
Risk Analysis
Factors ............................................................. 480
Risk Analysis
Methods ............................................................ 484
The Risk Analysis
Process.......................................................... 486
Analyzing Economic
Impacts........................................................ 487
Techniques for Minimizing
Risk ..................................................... 489
Examining the Concepts of Security
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 493
General Best Practices for a Security
Policy.............................................. 494
Developing Security Policies from Risk
Assessment ........................................ 495
Teaching Employees About Acceptable
Use ............................................. 496
Outlining Penalties for
Violations .................................................... 496
Criminal Computer
Offenses........................................................ 496
Enabling Management to Set
Priorities................................................. 497
Dealing with the Approval
Process.................................................... 498
Feeding Security Information to the Security Policy
Team ................................... 498
Helping Network Administrators Do Their
Jobs .......................................... 498
Using Security Policies to Conduct Risk
Analysis ......................................... 499
Developing a Security
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 499
Steps to Creating a Security
Policy .................................................... 500
Identifying Security Policy
Categories.................................................. 501
Defining Incident Handling
Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 507
Assembling a Response
Team ....................................................... 507
Specifying Escalation
Procedures ..................................................... 508
Responding to Security
Incidents ..................................................... 509
Including Worst-Case
Scenarios...................................................... 509
Updating the Security
Policy ........................................................ 510
Conducting Routine Security
Reviews ................................................. 510
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
CHAPTER 14
Ongoing Security
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 525
Strengthening Control: Security Event
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 526
Monitoring
Events ............................................................... 526
Managing Data from Multiple
Sensors................................................. 528
Evaluating IDPS
Signatures ......................................................... 530
Managing
Change ............................................................... 531
Strengthening Analysis: Security
Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 532
Operational
Auditing ............................................................. 533
Independent
Auditing ............................................................. 534
Strengthening Detection: Managing an
IDPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 534
Maintaining Your Current
System .................................................... 534
Changing or Adding
Software ....................................................... 535
Changing or Adding
Hardware ...................................................... 535
Strengthening Defense: Improving Defense-in-
Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 536
Active Defense-in-
Depth ........................................................... 536
Adding Security
Layers ............................................................ 537
Strengthening Performance: Keeping Pace with
Network
Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
538
Managing
Memory............................................................... 538
Managing
Bandwidth .............................................................
538
Managing
Storage ............................................................... 539
Staying Informed About Security
Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 539
Web
Sites .....................................................................
539
Mailing Lists and
Newsgroups ...................................................... 539
Certifications ..............................................................
..... 540
Chapter
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
Key
Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Review
Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Hands-On
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
Case
Projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
APPENDIX A
Security
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
INDEX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Introduction

This book is intended to provide students and


professionals with a solid foundation in the
fundamentals of advanced network security. The
previous edition of this book placed significant
emphasis on intrusion detection, but this edition
aims to provide a more balanced approach to
the topic of network defense and countermeasures.
As the range of threats to data systems
becomes broader, depending on a limited number of
security strategies becomes riskier. Informa-
tion security professionals need to have a broad
range of knowledge and skills. As a result, the

third edition includes topics such as routing security


and cryptography, which play an important
role in network defense, as well as newer concepts
such as IPv6 and unified threat management,
which have begun to play a larger role and are
expected to become more important in the
future.

Intended Audience
Guide to Network Defense and Countermeasures,
Third Edition is intended for students and
professionals who need hands-on experience with
installing routers, firewalls, proxy servers,

and intrusion detection and prevention systems


(IDPSs) as well as a strong conceptual under-
standing of routing, packet signature analysis,
firewalls, VPNs, intrusion detection and preven-
tion, wireless network security, cryptography, and
security policy management. Readers should

be familiar with basic networking concepts such as


TCP/IP, gateways, routers, and Ethernet
standards.

Find the original Textbook (PDF) in the link below:

CLICK HERE

You might also like