Preface 7
About the Author 13
Chapter 1 Introduction 1
Computer Security Concepts 4
The OSI Security Architecture 8
Security Attacks 9
Security Services 11
Security Mechanisms 15
A Model for Network Security 16
Standards 19
Outline of This Book 19
Recommended Reading 20
Internet and Web Resources 20
Key Terms, Review Questions, and Problems 21
PART ONE CRyPTOgRAPhy 23
Chapter 2 Symmetric Encryption and Message Confidentiality 23
Symmetric Encryption Principles 25
Symmetric Block Encryption Algorithms 30
Random and Pseudorandom Numbers 36
Stream Ciphers and RC4 41
Cipher Block Modes of Operation 46
Recommended Reading 51
Key Terms, Review Questions, and Problems 52
Chapter 3 Public-Key Cryptography and Message Authentication 57
Approaches to Message Authentication 59
Secure Hash Functions 63
Message Authentication Codes 70
Public-Key Cryptography Principles 76
Public-Key Cryptography Algorithms 79
Digital Signatures 87
Recommended Reading 88
Key Terms, Review Questions, and Problems 88
PART TWO NETWORk SECuRiTy APPliCATiONS 95
Chapter 4 Key Distribution and User Authentication 95
Symmetric Key Distribution Using Symmetric Encryption 96
Kerberos 98
Key Distribution Using Asymmetric Encryption 111
X.509 Certificates 113
Public-Key Infrastructure 121
Federated Identity Management 123
Recommended Reading 129
Key Terms, Review Questions, and Problems 130
Chapter 5 Network Access Control and Cloud Security 135
Network Access Control 136
Extensible Authentication Protocol 139
IEEE 802.1X Port-Based Network Access Control 143
Cloud Computing 145
Cloud Security Risks and Countermeasures 152
Data Protection in the Cloud 154
Cloud Security as a Service 157
Recommended Reading 160
Key Terms, Review Questions, and Problems 161
Chapter 6 Transport-Level Security 162
Web Security Considerations 163
Secure Sockets Layer SSL 165
Transport Layer Security TLS 179
HTTPS 183
Secure Shell SSH 184
Recommended Reading 195
Key Terms, Review Questions, and Problems 196
Chapter 7 Wireless Network Security 198
Wireless Security 199
Mobile Device Security 202
IEEE 802.11 Wireless LAN Overview 206
IEEE 802.11i Wireless LAN Security 212
Recommended Reading 226
Key Terms, Review Questions, and Problems 227
Chapter 8 Electronic Mail Security 230
Pretty Good Privacy PGP 231
SMIME 239
DomainKeys Identified Mail DKIM 255
Recommended Reading 262
Key Terms, Review Questions, and Problems 262
Chapter 9 IP Security 264
IP Security Overview 266
IP Security Policy 270
Encapsulating Security Payload 276
Combining Security Associations 283
Internet Key Exchange 287
Cryptographic Suites 295
Recommended Reading 297
Key Terms, Review Questions, and Problems 297
Contents 5
PART ThREE SySTEm SECuRiTy 299
Chapter 10 Malicious Software 299
Types of Malicious Software Malware 300
PropagationInfected ContentViruses 303
PropagationVulnerability ExploitWorms 308
PropagationSocial EngineeringSPAM E-mail, Trojans 313
PayloadSystem Corruption 315
PayloadAttack AgentZombie, Bots 316
PayloadInformation TheftKeyloggers, Phishing, Spyware 318
PayloadStealthingBackdoors, Rootkits 319
Countermeasures 321
Distributed Denial of Service Attacks 327
Recommended Reading 332
Key Terms, Review Questions, and Problems 333
Chapter 11 Intruders 336
Intruders 338
Intrusion Detection 342
Password Management 357
Recommended Reading 368
Key Terms, Review Questions, and Problems 369
Chapter 12 Firewalls 373
The Need for Firewalls 374
Firewall Characteristics 375
Types of Firewalls 377
Firewall Basing 383
Firewall Location and Configurations 386
Recommended Reading 391
Key Terms, Review Questions, and Problems 391
APPENDICES 395
Appendix A Some Aspects of Number Theory 395
Prime and Relatively Prime Numbers 396
Modular Arithmetic 398
Appendix B Projects for Teaching Network Security 400
Research Projects 401
Hacking Project 402
Programming Projects 402
Laboratory Exercises 403
Practical Security Assessments 403
Firewall Projects 403
Case Studies 404
Writing Assignments 404
ReadingReport Assignments 404
References 405
Index 412
內容試閱:
Preface
There is the book, Inspector. I leave it with you, and you cannot doubt that
it contains a full explanation.
The Adventure of the Lions Mane, Sir Arthur Conan Doyle
In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping
and electronic fraud, there is indeed no time at which security does not matter.
Two trends have come together to make the topic of this book of vital interest. First, the
explosive growth in computer systems and their interconnections via networks has increased
the dependence of both organizations and individuals on the information stored and communicated
using these systems. This, in turn, has led to a heightened awareness of the need
to protect data and resources from disclosure, to guarantee the authenticity of data and
messages, and to protect systems from network-based attacks. Second, the disciplines of
cryptography and network security have matured, leading to the development of practical,
readily available applications to enforce network security.
Objectives
It is the purpose of this book to provide a practical survey of network security applications
and standards. The emphasis is on applications that are widely used on the Internet and for
corporate networks, and on standards especially Internet standards that have been widely
deployed.
What s New in the Fifth Edition
In the four years since the fourth edition of this book was published, the field has seen continued
innovations and improvements. In this new edition, I try to capture these changes
while maintaining a broad and comprehensive coverage of the entire field. To begin this
process of revision, the fourth edition of this book was extensively reviewed by a number
of professors who teach the subject and by professionals working in the field. The result is
that, in many places, the narrative has been clarified and tightened, and illustrations have
been improved.
Beyond these refinements to improve pedagogy and user-friendliness, there have been
substantive changes throughout the book. Roughly the same chapter organization has been
retained, but much of the material has been revised and new material has been added. The
most noteworthy changes are as follows:
? Network access control: A new chapter provides coverage of network access control,
including a general overview plus discussions of the Extensible Authentication Protocol
and IEEE 802.1X.