×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Guide to Firewalls and Network Security / Edition 2
     

Guide to Firewalls and Network Security / Edition 2

by Michael E. Whitman
 

See All Formats & Editions

ISBN-10: 1435420160

ISBN-13: 2901435420167

Pub. Date: 06/10/2008

Publisher: Cengage Learning

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book

Overview

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response.

About the Author:
Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Systems and Security in the CSIS Department at Kennesaw State University, where he is also Director of the KSU Center for Information Security Education and the coordinator for the Bachelor of Science in Information Security and Assurance. Dr. Whitman is an active researcher in Information Security and Ethical Computing. He currently teaches graduate and undergraduate courses in Information Security and Data Communications. He has published articles in the industry's top journals and co-authors a number of books in the field, published by Course Technology

About the Author:
Herbert Mattord,M.B.R., CISM, CISSP is currently on the Faculty at Kennesaw State University where he theaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics

About the Author:
Richard Austin, MS, CISSP, MCSE teaches undergraduate information security courses as a part-time faculty at Kennesaw state University and is an active member of SNIR's Security Technical Working Group as well as a frequent writer and presenter on storage networking security and digital forensics

Product Details

ISBN-13:
2901435420167
Publisher:
Cengage Learning
Publication date:
06/10/2008
Edition description:
Older Edition
Pages:
520

Related Subjects

Table of Contents


Introduction     xvii
Introduction to Information Security     1
Introduction     2
What Is Information Security?     3
Critical Characteristics of Information     4
CNSS Security Model     5
Securing Components     6
Balancing Information Security and Access     6
Business Needs First     7
Protecting the Functionality of an Organization     7
Enabling the Safe Operation of Applications     8
Protecting Data That Organizations Collect and Use     8
Safeguarding Technology Assets in Organizations     8
Security Professionals and the Organization     8
Data Ownership     9
Threats     10
Human Error or Failure     11
Compromises to Intellectual Property     12
Espionage or Trespass     13
Information Extortion     16
Sabotage or Vandalism     16
Theft     17
Software Attacks     17
Forces of Nature     20
Deviations in Quality of Service     21
Hardware Failures or Errors     22
Software Failures or Errors     23
Obsolescence     23
Attacks     23
Malicious Code     23
"Hoaxes"     24
Back Doors     24
Password Crack     25
Brute Force     25
Dictionary     25
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)     25
Spoofing     26
Man-in-the-Middle     27
Spam     28
Mail Bombing     28
Sniffers     28
Social Engineering     28
Buffer Overflow     30
Timing Attack     30
Chapter Summary     30
Review Questions     31
Exercises     32
Case Exercises     33
An Introduction to Networking     37
Introduction     38
Networking Fundamentals     38
Reasons to Network     39
Types of Networks     40
Network Standards     42
Internet Society (ISOC)     42
Internet Assigned Numbers Authority (IANA)     42
American National Standards Institute (ANSI)     43
International Telecommunication Union (ITU)     43
Institute of Electrical and Electronics Engineers (IEEE)      43
Telecommunications Industry Association (TIA)     43
International Organization for Standardization (ISO)     44
OSI Reference Model and Security     44
The Physical Layer     45
Data Link Layer     53
Network Layer     56
Transport Layer     59
Session Layer     64
Presentation Layer     64
Application Layer     64
The Internet and TCP/IP     66
The World Wide Web     66
TCP/IP     67
Chapter Summary     69
Review Questions     70
Exercises     71
Case Exercises     71
Security Policies, Standards, and Planning     73
Introduction     74
Information Security Policy, Standards, and Practices     75
Definitions     75
Enterprise Information Security Policy (EISP)     77
Issue-Specific Security Policy (ISSP)     78
System-Specific Policy (SysSP)     81
Policy Management     83
Frameworks and Industry Standards     85
The ISO 27000 Series     86
NIST Security Models     90
IETF Security Architecture      91
Benchmarking and Best Business Practices     91
Security Architecture     92
Security Education, Training, and Awareness Program     95
Security Education     96
Security Training     96
Security Awareness     97
Continuity Strategies     98
Business Impact Analysis     101
Incident Response Planning     104
Disaster Recovery Planning     104
Business Continuity Planning     105
Crisis Management     106
Chapter Summary     107
Review Questions     108
Exercises     109
Case Exercises     110
Finding Network Vulnerabilities     113
Introduction     114
Common Vulnerabilities     114
Defects in Software or Firmware     114
Weaknesses in Processes and Procedures     121
Scanning and Analysis Tools     121
Port Scanners     125
Firewall Analysis Tools     126
Operating System Detection Tools     127
Vulnerability Scanners     128
Packet Sniffers     133
Wireless Security Tools     134
Penetration Testing      135
Chapter Summary     138
Review Questions     138
Exercises     139
Case Exercises     139
Firewall Planning and Design     141
Introduction     142
Misconceptions About Firewalls     143
Firewalls Explained     143
An Analogy: Office Tower Security Guard     144
Firewall Security Features     145
Firewall User Protection     145
Firewall Network Perimeter Security     145
Firewall Components     146
Firewall Security Tasks     147
Types of Firewall Protection     152
Packet Filtering     152
PAT and NAT     159
Application Layer Gateways     160
Firewall Categories     162
Processing Mode     162
Firewall Generation     164
Firewall Structures     165
Firewall Architectures     174
Limitations of Firewalls     178
Chapter Summary     178
Review Questions     179
Exercises     180
Case Exercises     181
Packet Filtering     183
Introduction      184
Understanding Packets and Packet Filtering     184
Packet-Filtering Devices     184
Anatomy of a Packet     185
Packet-Filtering Rules     187
Packet-Filtering Methods     189
Stateless Packet Filtering     190
Stateful Packet Filtering     195
Filtering Based on Packet Content     197
Setting Specific Packet Filter Rules     197
Best Practices for Firewall Rules     197
Rules That Cover Multiple Variations     199
Rules for ICMP Packets     199
Rules That Enable Web Access     201
Rules That Enable DNS     202
Rules That Enable FTP     202
Rules That Enable E-Mail     203
Chapter Summary     205
Review Questions     205
Exercises     206
Case Exercises     207
Working with Proxy Servers and Application-Level Firewalls     209
Introduction     210
Overview of Proxy Servers     210
How Proxy Servers Work     210
How Proxy Servers Differ from Packet Filters     212
Sample Proxy Server Configurations     212
Goals of Proxy Servers     214
Concealing Internal Clients     215
Blocking URLs     216
Blocking and Filtering Content     216
E-Mail Proxy Protection     217
Improving Performance     217
Ensuring Security     218
Providing User Authentication     218
Redirecting URLs     219
Proxy Server Configuration Considerations     219
Providing for Scalability     219
Working with Client Configurations     219
Working with Service Configurations     221
Creating Filter Rules     221
Recognizing the Single Point of Failure     222
Recognizing Buffer Overflow Vulnerabilities     222
Choosing a Proxy Server     222
Transparent Proxies     222
Nontransparent Proxies     223
SOCKS-Based Proxies     223
Proxy Server-Based Firewalls Compared     224
T.REX Open-Source Firewall     225
Squid     225
WinGate     225
Symantec Enterprise Firewall     226
Microsoft Internet Security & Acceleration Server     226
Reverse Proxies     226
When a Proxy Service Isn't the Correct Choice     228
Chapter Summary      229
Review Questions     229
Exercises     230
Case Exercises     231
Firewall Configuration and Administration     233
Introduction     234
Establishing Firewall Rules and Restrictions     235
The Role of the Rules File     235
Restrictive Firewalls     235
Connectivity-Based Firewalls     236
Firewall Configuration Strategies     237
Scalability     237
Productivity     237
Dealing with IP Address Issues     238
Approaches That Add Functionality to Your Firewall     239
NAT/PAT     239
Encryption     239
Application Proxies     240
VPNs     240
Intrusion Detection and Prevention Systems     241
Enabling a Firewall to Meet New Needs     243
Verifying Resources Needed by the Firewall     244
Identifying New Risks     245
Adding Software Updates and Patches     245
Adding Hardware     246
Dealing with Complexity on the Network     247
Adhering to Proven Security Principles     248
Environmental Management     248
BIOS, Boot, and Screen Locks     248
Remote Management Interface     249
Why Remote Management Tools Are Important     249
Security Concerns     250
Basic Features of Remote Management Tools     250
Automating Security Checks     251
Configuring Advanced Firewall Functions     251
Data Caching     251
Hot Standby Redundancy     252
Load Balancing     253
Filtering Content     254
Chapter Summary     256
Review Questions     257
Exercises     257
Case Exercises     258
Encryption and Firewalls     259
Introduction     260
Firewalls and Encryption     260
The Cost of Encryption     262
Preserving Data Integrity     262
Maintaining Confidentiality     262
Authenticating Network Clients     263
Enabling Virtual Private Networks (VPNs)     263
Principles of Cryptography     263
Encryption Definitions     264
Cryptographic Notation     264
Encryption Operations     265
Using Cryptographic Controls     276
E-mail Security      277
Securing the Web     277
Securing Authentication     278
Attacks on Cryptosystems     280
Man-in-the-Middle Attack     281
Correlation Attacks     281
Dictionary Attacks     281
Timing Attacks     282
Defending from Attacks     282
Chapter Summary     283
Review Questions     283
Exercises     284
Case Exercises     285
Authenticating Users     287
Introduction     288
The Authentication Process in General     288
How Firewalls Implement the Authentication Process     289
Firewall Authentication Methods     290
User Authentication     291
Client Authentication     291
Session Authentication     292
Centralized Authentication     293
Kerberos     294
TACACS+     295
Remote Authentication Dial-In User Service (RADIUS)     296
TACACS+ and RADIUS Compared     296
Password Security Issues     298
Passwords That Can Be Cracked     298
Password Vulnerabilities     298
Lax Security Habits      298
Password Security Tools     299
One-Time Password Software     299
The Shadow Password System     299
Other Authentication Systems     300
Single-Password Systems     300
One-Time Password Systems     300
Certificate-Based Authentication     301
802.1X Wi-Fi Authentication     302
Chapter Summary     303
Review Questions     303
Exercises     304
Case Exercises     305
Setting Up a Virtual Private Network     307
Introduction     308
VPN Components and Operations     309
VPN Components     309
Essential Activities of VPNs     313
Benefits and Drawbacks of VPNs     314
VPNs Extend Network Boundaries     314
Types of VPNs     315
VPN Appliances     316
Software VPN Systems     317
VPN Combinations of Hardware and Software     318
Combination VPNs     318
VPN Setups     318
Mesh Configuration     318
Hub-and-Spoke Configuration     319
Hybrid Configuration     321
Configurations and Extranet and Intranet Access      321
Tunneling Protocols Used with VPNs     322
IPSec/IKE     322
PPTP     323
L2TP     324
PPP Over SSL/PPP Over SSH     324
Enabling Remote Access Connections Within VPNs     325
Configuring the Server     325
Configuring Clients     326
VPN Best Practices     327
The Need for a VPN Policy     327
Packet Filtering and VPNs     327
Auditing and Testing the VPN     330
Chapter Summary     33
Review Questions     334
Exercises     334
Case Exercises     335
Contingency Planning     337
Introduction     338
What Is Contingency Planning?     339
Components of Contingency Planning     341
Business Impact Analysis     342
Incident Response Plan     343
Disaster Recovery Plan     344
Business Continuity Plan     344
Incident Response: Preparation, Organization, and Prevention     345
Planning for the Response During the Incident     347
Planning for After the Incident     349
Planning for Before the Incident      349
Incident Classification and Detection     351
Classifying Incidents     352
Data Collection     354
Detecting Compromised Software     356
Challenges in Intrusion Detection     357
Incident Reaction     357
Selecting an IR Strategy     357
Notification     359
Documenting an Incident     360
Incident Containment Strategies     360
Interviewing Individuals Involved in the Incident     361
Recovering from Incidents     361
Identify and Resolve Vulnerabilities     362
Restore Data     363
Restore Services and Processes     363
Restore Confidence Across the Organization     363
IR Plan Maintenance     363
The After-Action Review     363
IR Plan Review and Maintenance     365
Training     365
Rehearsal     365
Data and Application Resumption     366
Disk-to-Disk-to-Tape     366
Backup Strategies     366
Tape Backup and Recovery     367
Redundancy-Based Backup and Recovery Using RAID     369
Database Backups     371
Application Backups      372
Real-Time Protection, Server Recovery, and Application Recovery     372
Service Agreements     377
Chapter Summary     378
Review Questions     379
Exercises     379
Case Exercises     380
Intrusion Detection and Prevention Systems     383
Introduction     384
Intrusion Detection and Prevention     384
IDPS Terminology     385
Why Use an IDPS?     387
Network-Based IDPS     390
Host-Based IDPS     394
IDPS Detection Methods     396
IDPS Response Behavior     398
Selecting IDPS Approaches and Products     401
Strengths and Limitations of IDPSs     406
Deployment and Implementation of an IDPS     407
Measuring the Effectiveness of IDPSs     415
Honey Pots, Honey Nets, and Padded Cell System     417
Trap and Trace Systems     419
Active Intrusion Prevention     420
Chapter Summary     420
Review Questions     421
Exercises     422
Case Exercises     422
Digital Forensics     425
Introduction     426
The Digital Forensic Team     426
The First Response Team     427
The Analysis Team     428
Digital Forensics Methodology     430
Affidavits and Search Warrants     430
Acquiring the Evidence     432
Identifying Sources     432
Authenticating Evidence     433
Collecting Evidence     434
Maintaining the Chain of Custody     447
Analyzing Evidence     449
Searching for Evidence     451
Reporting the Findings     453
Interacting with Law Enforcement     453
Anti-Forensics     455
Chapter Summary     456
Review Questions     456
Exercises     457
Case Exercise     457
Glossary     459
Index     473

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews