Computer and Information Security Handbook

Front Cover

Computer and Information Security Handbook

Copyright Page

Contents

Foreword

Preface

Acknowledgments

About the Editor

Contributors

Part I: Overview of System and Network Security: A Comprehensive Introduction

Chapter 1. Building a Secure Organization

1. Obstacles to Security

Security Is Inconvenient

Computers Are Powerful and Complex

Computer Users Are Unsophisticated

Computers Created Without a Thought to Security

Current Trend Is to Share, Not Protect

Data Accessible from Anywhere

Security Isn't About Hardware and Software

The Bad Guys Are Very Sophisticated

Management Sees Security as a Drain on the Bottom Line

2. Ten Steps to Building a Secure Organization

A. Evaluate the Risks and Threats

B. Beware of Common Misconceptions

C. Provide Security Training for IT Staff—Now and Forever

D. Think "Outside the Box"

E. Train Employees: Develop a Culture of Security

F. Identify and Utilize Built-In Security Features of the Operating System and Applications

G. Monitor Systems

H. Hire a Third Party to Audit Security

I. Don't Forget the Basics

J. Patch, Patch, Patch

Chapter 2. A Cryptography Primer

1. What is Cryptography? What is Encryption?

How Is Cryptography Done?

2. Famous Cryptographic Devices

The Lorenz Cipher

Enigma

3. Ciphers

The Substitution Cipher

The Shift Cipher

The Polyalphabetic Cipher

The Kasiski/Kerckhoff Method

4. Modern Cryptography

The Vernam Cipher (Stream Cipher)

The One-Time Pad

Cracking Ciphers

The XOR Cipher and Logical Operands

Block Ciphers

5. The Computer Age

Data Encryption Standard

Theory of Operation

Implementation

Rivest, Shamir, and Adleman (RSA)

Advanced Encryption Standard (AES or Rijndael)

Chapter 3. Preventing System Intrusions

1. So, What is an Intrusion?

2. Sobering Numbers

3. Know Your Enemy: Hackers Versus Crackers

4. Motives

5. Tools of the Trade

6. Bots

7. Symptoms of Intrusions

8. What Can You Do?

Know Today's Network Needs

Network Security Best Practices

9. Security Policies

10. Risk Analysis

Vulnerability Testing

Audits

Recovery

11. Tools of Your Trade

Firewalls

Intrusion Prevention Systems

Application Firewalls

Access Control Systems

Unified Threat Management

12. Controlling User Access

Authentication, Authorization, and Accounting

What the User Knows

What the User Has

The User Is Authenticated, But Is She Authorized?

Accounting

Keeping Current

13. Conclusion

Chapter 4. Guarding Against Network Intrusions

1. Traditional Reconnaissance and Attacks

2. Malicious Software

Lures and "Pull" Attacks

3. Defense in Depth

4. Preventive Measures

Access Control

Vulnerability Testing and Patching

Closing Ports

Firewalls

Antivirus and Antispyware Tools

Spam Filtering

Honeypots

Network Access Control

5. Intrusion Monitoring and Detection

Host-Based Monitoring

Traffic Monitoring

Signature-Based Detection

Behavior Anomalies

Intrusion Prevention Systems

6. Reactive Measures

Quarantine

Traceback

7. Conclusions

Chapter 5. Unix and Linux Security

1. Unix and Security

The Aims of System Security

Achieving Unix Security

2. Basic Unix Security

Traditional Unix Systems

Standard File and Device Access Semantics

4. Protecting User Accounts and Strengthening Authentication

Establishing Secure Account Use

The Unix Login Process

Controlling Account Access

Noninteractive Access

Other Network Authentication Mechanisms

Risks of Trusted Hosts and Networks

Replacing Telnet, rlogin, and FTP Servers and Clients with SSH

5. Reducing Exposure to Threats by Limiting Superuser Privileges

Controlling Root Access

6. Safeguarding Vital Data by Securing Local and Network File Systems

Directory Structure and Partitioning for Security

Chapter 6. Eliminating the Security Weakness of Linux and Unix Operating Systems

1. Introduction to Linux and Unix

What Is Unix?

What Is Linux?

System Architecture

2. Hardening Linux and Unix

Network Hardening

Host Hardening

Systems Management Security

3. Proactive Defense for Linux and Unix

Vulnerability Assessment

Incident Response Preparation

Organizational Considerations

Chapter 7. Internet Security

1. Internet Protocol Architecture

Communications Architecture Basics

Getting More Specific

2. An Internet Threat Model

The Dolev-Yao Adversary Model

Layer Threats

3. Defending Against Attacks on the Internet

Layer Session Defenses

Session Startup Defenses

4. Conclusion

Chapter 8. The Botnet Problem

1. Introduction

2. Botnet Overview

Origins of Botnets

Botnet Topologies and Protocols

3. Typical Bot Life Cycle

4. The Botnet Business Model

5. Botnet Defense

Detecting and Removing Individual Bots

Detecting C&C Traffic

Detecting and Neutralizing the C&C Servers

Attacking Encrypted C&C Channels

Locating and Identifying the Botmaster

6. Botmaster Traceback

Traceback Challenges

Traceback Beyond the Internet

7. Summary

Chapter 9. Intranet Security

1. Plugging the Gaps: NAC and Access Control

2. Measuring Risk: Audits

3. Guardian at the Gate: Authentication and Encryption

4. Wireless Network Security

5. Shielding the Wire: Network Protection

6. Weakest Link in Security: User Training

7. Documenting the Network: Change Management

8. Rehearse the Inevitable: Disaster Recovery

9. Controlling Hazards: Physical and Environmental Protection

10. Know Your Users: Personnel Security

11. Protecting Data Flow: Information and System Integrity

12. Security Assessments

13. Risk Assessments

14. Conclusion

Chapter 10. Local Area Network Security

1. Identify Network Threats

Disruptive

Unauthorized Access

2. Establish Network Access Controls

3. Risk Assessment

4. Listing Network Resources

5. Threats

6. Security Policies

7. The Incident-handling Process

8. Secure Design Through Network Access Controls

9. Ids Defined

10. NIDS: Scope and Limitations

11. A Practical Illustration of NIDS

UDP Attacks

TCP SYN (Half-Open) Scanning

Some Not-So-Robust Features of NIDS

12. Firewalls

Firewall Security Policy

Configuration Script for sf Router

13. Dynamic Nat Configuration

14. The Perimeter

15. Access List Details

16. Types of Firewalls

17. Packet Filtering: IP Filtering Routers

18. Application-layer Firewalls: Proxy Servers

19. Stateful Inspection Firewalls

20. NIDS Complements Firewalls

21. Monitor and Analyze System Activities

Analysis Levels

22. Signature Analysis

23. Statistical Analysis

24. Signature Algorithms

Pattern Matching

Stateful Pattern Matching

Protocol Decode-based Analysis

Heuristic-Based Analysis

Anomaly-Based Analysis

Chapter 11. Wireless Network Security

1. Cellular Networks

Cellular Telephone Networks

802.11 Wireless LANs

2. Wireless Ad Hoc Networks

Wireless Sensor Networks

Mesh Networks

3. Security Protocols

WEP

WPA and WPA2

SPINS: Security Protocols for Sensor Networks

4. Secure Routing

SEAD

Ariadne

ARAN

SLSP

5. Key Establishment

Bootstrapping

Key Management

References

Chapter 12. Cellular Network Security

1. Introduction

2. Overview of Cellular Networks

Overall Cellular Network Architecture

Core Network Organization

Call Delivery Service

3. The State of the Art of Cellular Network Security

Security in the Radio Access Network

Security in Core Network

Security Implications of Internet Connectivity

Security Implications of PSTN Connectivity

4. Cellular Network Attack Taxonomy

Abstract Model

Abstract Model Findings

Three-Dimensional Attack Taxonomy

5. Cellular Network Vulnerability Analysis

Cellular Network Vulnerability Assessment Toolkit (CAT)

Advanced Cellular Network Vulnerability Assessment Toolkit (aCAT)

Cellular Network Vulnerability Assessment Toolkit for evaluation (eCAT)

6. Discussion

References

Chapter 13. RFID Security

1. RFID Introduction

RFID System Architecture

RFID Standards

RFID Applications

2. RFID Challenges

Counterfeiting

Sniffing

Tracking

Denial of Service

Other Issues

Comparison of All Challenges

3. RFID Protections

Basic RFID System

RFID System Using Symmetric-Key Cryptography

RFID System Using Public-key Cryptography

References

Part II: Managing Information Security

Chapter 14. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems

1. Information Security Essentials for IT Managers, Overview

Scope of Information Security Management

CISSP Ten Domains of Information Security

What is a Threat?

Common Attacks

Impact of Security Breaches

2. Protecting Mission-critical Systems

Information Assurance

Information Risk Management

Defense in Depth

Contingency Planning

3. Information Security from the Ground Up

Physical Security

Data Security

Systems and Network Security

Business Communications Security

Wireless Security

Web and Application Security

Security Policies and Procedures

Security Employee Training and Awareness

4. Security Monitoring and Effectiveness

Security Monitoring Mechanisms

Incidence Response and Forensic Investigations

Validating Security Effectiveness

References

Chapter 15. Security Management Systems

1. Security Management System Standards

2. Training Requirements

3. Principles of Information Security

4. Roles and Responsibilities of Personnel

5. Security Policies

6. Security Controls

7. Network Access

8. Risk Assessment

9. Incident Response

10. Summary

Chapter 16. Information Technology Security Management

1. Information Security Management Standards

Federal Information Security Management Act

International Standards Organization

Other Organizations Involved in Standards

2. Information Technology Security Aspects

Security Policies and Procedures

IT Security Processes

3. Conclusion

Chapter 17. Identity Management

1. Introduction

2. Evolution of Identity Management Requirements

Digital Identity Definition

Identity Management Overview

Privacy Requirement

User-Centricity

Usability Requirement

3. The Requirements Fulfilled by Current Identity Management Technologies

Evolution of Identity Management

Identity 2.0

4. Identity 2.0 for Mobile Users

Mobile Web 2.0

Mobility

Evolution of Mobile Identity

The Future of Mobile User-Centric Identity Management in an Ambient Intelligence World

Research Directions

5. Conclusion

Chapter 18. Intrusion Prevention and Detection Systems

1. What is an "Intrusion," Anyway?

Physical Theft

Abuse of Privileges (The Insider Threat)

2. Unauthorized Access by an Outsider

3. Malware Infection

4. The Role of the "0-day"

5. The Rogue's Gallery: Attackers and Motives

6. A Brief Introduction to TCP/IP

7. The TCP/IP data Architecture and Data Encapsulation

8. Survey of Intrusion Detection and Prevention Technologies

9. Anti-Malware Software

10. Network-based Intrusion Detection Systems

11. Network-based Intrusion Prevention Systems

12. Host-based Intrusion Prevention Systems

13. Security Information Management Systems

14. Network Session Analysis

15. Digital Forensics

16. System Integrity Validation

17. Putting it all Together

Chapter 19. Computer Forensics

1. What is Computer Forensics?

2. Analysis of Data

Computer Forensics and Ethics, Green Home Plate Gallery View

Database Reconstruction

3. Computer Forensics in the Court System

4. Understanding Internet History

5. Temporary Restraining Orders and Labor Disputes

Divorce

Patent Infringement

When to Acquire, When to Capture Acquisition

Creating Forensic Images Using Software and Hardware Write Blockers

Live Capture of Relevant Files

Redundant Array of Independent (or Inexpensive) Disks (RAID)

File System Analyses

NTFS

The Role of the Forensic Examiner in Investigations and File Recovery

Password Recovery

File Carving

Things to Know: How Time stamps Work

Experimental Evidence

Email Headers and Time stamps, Email Receipts, and Bounced Messages

Steganography "Covered Writing"

5. First Principles

6. Hacking a Windows XP Password

Net User Password Hack

Lanman Hashes and Rainbow Tables

Password Reset Disk

Memory Analysis and the Trojan Defense

User Artifact Analysis

Recovering Lost and Deleted Files

Email

Internet History

7. Network Analysis

Protocols

Analysis

8. Computer Forensics Applied

Tracking, Inventory, Location of Files, Paperwork, Backups, and So On

Testimonial

Experience Needed

Job Description, Technologist

Job Description Management

Commercial Uses

Solid Background

Education/Certification

Programming and Experience

Publications

9. Testifying as an Expert

Degrees of Certainty

Certainty Without Doubt

10. Beginning to End in Court

Defendants, Plaintiffs, and Prosecutors

Pretrial Motions

Trial: Direct and Cross-Examination

Rebuttal

Surrebuttal

Testifying: Rule 702. Testimony by Experts

Correcting Mistakes: Putting Your Head in the Sand

Chapter 20. Network Forensics

1. Scientific Overview

2. The Principles of Network Forensics

3. Attack Traceback and Attribution

IP Traceback

Stepping-Stone Attack Attribution

4. Critical Needs Analysis

5. Research Directions

VoIP Attribution

Tracking Botnets

Traceback in Anonymous Systems

Online Fraudster Detection and Attribution

Tracing Phishers

Tracing Illegal Content Distributor in P2P Systems

Chapter 21. Firewalls

1. Network Firewalls

2. Firewall Security Policies

Rule-Match Policies

3. A Simple Mathematical Model for Policies, Rules, and Packets

4. First-match Firewall Policy Anomalies

5. Policy Optimization

Policy Reordering

Combining Rules

Default Accept or Deny?

6. Firewall Types

Packet Filter

Stateful Packet Firewalls

Application Layer Firewalls

7. Host and Network Firewalls

8. Software and Hardware Firewall Implementations

9. Choosing the Correct Firewall

10. Firewall Placement and Network Topology

Demilitarized Zones

Perimeter Networks

Two-Router Configuration

Dual-Homed Host

Network Configuration Summary

11. Firewall Installation and Configuration

12. Supporting Outgoing Services Through Firewall Configuration

Forms of State

Payload Inspection

13. Secure External Services Provisioning

14. Network Firewalls for Voice and Video Applications

Packet Filtering H.323

15. Firewalls and Important Administrative Service Protocols

Routing Protocols

Internet Control Message Protocol

Network Time Protocol

Central Log File Management

Dynamic Host Configuration Protocol

16. Internal IP Services Protection

17. Firewall Remote Access Configuration

18. Load Balancing and Firewall Arrays

Load Balancing in Real Life

How to Balance the Load

Advantages and Disadvantages of Load Balancing

19. Highly Available Firewalls

Load Balancer Operation

Interconnection of Load Balancers and Firewalls

20. Firewall Management

21. Conclusion

Chapter 22. Penetration Testing

1. What is Penetration Testing?

2. How does Penetration Testing Differ from an Actual "Hack?"

3. Types of Penetration Testing

4. Phases of Penetration Testing

The Pre-Attack Phase

The Attack Phase

The Post-Attack Phase

5. Defining What's Expected

6. The Need for a Methodology

7. Penetration Testing Methodologies

8. Methodology in Action

EC-Council LPT Methodology

9. Penetration Testing Risks

10. Liability Issues

11. Legal Consequences

12. "Get out of jail free" Card

13. Penetration Testing Consultants

14. Required Skill Sets

15. Accomplishments

16. Hiring a Penetration Tester

17. Why Should a Company Hire You?

Qualifications

Work Experience

Cutting-Edge Technical Skills

Communication Skills

Attitude

Team Skills

Company Concerns

18. All's Well that Ends Well

Chapter 23. What Is Vulnerability Assessment?

1. Reporting

2. The "It Won't Happen to Us" Factor

3. Why Vulnerability Assessment?

4. Penetration Testing Versus Vulnerability Assessment

5. Vulnerability Assessment Goal

6. Mapping the Network

7. Selecting the Right Scanners

8. Central Scans Versus Local Scans

9. Defense in Depth Strategy

10. Vulnerability Assessment Tools

Nessus

GFI LANguard

Retina

Core Impact

ISS Internet Scanner

X-Scan

Sara

QualysGuard

SAINT

MBSA

11. Scanner Performance

12. Scan Verification

13. Scanning Cornerstones

14. Network Scanning Countermeasures

15. Vulnerability Disclosure Date

Find Security Holes Before They Become Problems

16. Proactive Security Versus Reactive Security

17. Vulnerability Causes

Password Management Flaws

Fundamental Operating System Design Flaws

Software Bugs

Unchecked User Input

18. DIY Vulnerability Assessment

19. Conclusion

Part III: Encryption Technology

Chapter 24. Data Encryption

1. Need for Cryptography

Authentication

Confidentiality

Integrity

Nonrepudiation

2. Mathematical Prelude to Cryptography

Mapping or Function

Probability

Complexity

3. Classical Cryptography

The Euclidean Algorithm

The Extended Euclidean Algorithm

Modular Arithmetic

Congruence

Residue Class

Inverses

Fundamental Theorem of Arithmetic

Congruence Relation Defined

Substitution Cipher

Transposition Cipher

4. Modern Symmetric Ciphers

S-Box

P-Boxes

Product Ciphers

5. Algebraic Structure

Definition Group

Definitions of Finite and Infinite Groups (Order of a Group)

Definition Abelian Group

Examples of a Group

Definition: Subgroup

Definition: Cyclic Group

Rings

Definition: Field

Finite Fields GF(2[sup(n)])

Modular Polynomial Arithmetic Over GF(2)

Using a Generator to Represent the Elements of GF(2[sup(n)])

GF(2[sup(3)]) Is a Finite Field

6. The Internal Functions of Rijndael in AES Implementation

Mathematical Preliminaries

State

7. Use of Modern Block Ciphers

The Electronic Code Book (ECB)

Cipher-Block Chaining (CBC)

8. Public-key Cryptography

Review: Number Theory

9. Cryptanalysis of RSA

Factorization Attack

10. Diffie-Hellman Algorithm

11. Elliptic Curve Cryptosystems

An Example

Example of Elliptic Curve Addition

EC Security

12. Message Integrity and Authentication

Cryptographic Hash Functions

Message Authentication

Digital Signature

Message Integrity Uses a Hash Function in Signing the Message

RSA Digital Signature Scheme

RSA Digital Signature and the Message Digest

13. Summary

References

Chapter 25. Satellite Encryption

1. The Need for Satellite Encryption

2. Satellite Encryption Policy

3. Implementing Satellite Encryption

General Satellite Encryption Issues

Uplink Encryption

Extraplanetary Link Encryption

Downlink Encryption

4. The Future of Satellite Encryption

Chapter 26. Public Key Infrastructure

1. Cryptographic Background

Digital Signatures

Public Key Encryption

2. Overview of PKI

3. The X.509 Model

The History of X.509

The X.509 Certificate Model

4. X.509 Implementation Architectures

5. X.509 Certificate Validation

Validation Step 1: Construct the Chain and Validate Signatures

Validation Step 2: Check Validity Dates, Policy and Key Usage

Validation Step 3: Consult Revocation Authorities

6. X.509 Certificate Revocation

Online Certificate Status Protocol

7. Server-based Certificate Validity Protocol

8. X.509 Bridge Certification Systems

Mesh PKIs and Bridge CAs

9. X.509 Certificate Format

X.509 V1 and V2 Format

X.509 V3 Format

X.509 Certificate Extensions

Policy Extensions

Certificate Policy

10. PKI Policy Description

11. PKI Standards Organizations

IETF PKIX

SDSI/SPKI

IETF OpenPGP

12. PGP Certificate Formats

13. PGP PKI Implementations

14. W3C

15. Alternative PKI Architectures

16. Modified X.509 Architectures

Perlman and Kaufman's User-Centric PKI

Gutmann's Plug and Play PKI

Callas's Self-Assembling PKI

17. Alternative Key Management Models

Chapter 27. Instant-Messaging Security

1. Why Should I Care About Instant Messaging?

2. What is Instant Messaging?

3. The Evolution of Networking Technologies

4. Game Theory and Instant Messaging

Your Workforce

Generational Gaps

Transactions

5. The Nature of the Threat

Malicious Threat

Vulnerabilities

Man-in-the-Middle Attacks

Phishing and Social Engineering

Knowledge Is the Commodity

Data and Traffic Analysis

Unintentional Threats

Regulatory Concerns

6. Common IM Applications

Consumer Instant Messaging

Enterprise Instant Messaging

Instant-Messaging Aggregators

Backdoors: Instant Messaging Via Other Means (HTML)

Mobile Dimension

7. Defensive Strategies

8. Instant-messaging Security Maturity and Solutions

Asset Management

Built-In Security

Content Filtering

Classic Security

Compliance

Data Loss Prevention

Logging

Archival

9. Processes

Instant-Messaging Activation and Provisioning

Application Review

People

Revise

Audit

10. Conclusion

Example Answers to Key Factors

Part IV: Privacy and Access Management

Chapter 28. NET Privacy

1. Privacy in the Digital Society

The Origins, The Debate

Privacy Threats

2. The Economics of Privacy

The Value of Privacy

Privacy and Business

3. Privacy-Enhancing Technologies

Languages for Access Control and Privacy Preferences

Data Privacy Protection

Privacy for Mobile Environments

4. Network Anonymity

Onion Routing

Anonymity Services

5. Conclusion

Chapter 29. Personal Privacy Policies

1. Introduction

2. Content of Personal Privacy Policies

Privacy Legislation and Directives

Requirements from Privacy Principles

Privacy Policy Specification

3. Semiautomated Derivation of Personal Privacy Policies

An Example

Retrieval from a Community of Peers

4. Specifying Well-formed Personal Privacy Policies

Unexpected Outcomes

Outcomes From the Way the Matching Policy Was Obtained

5. Preventing Unexpected Negative Outcomes

Definition 1

Definition 2

Rules for Specifying Near Well-Formed Privacy Policies

Approach for Obtaining Near Well-Formed Privacy Policies

6. The Privacy Management Model

How Privacy Policies Are Used

Personal Privacy Policy Negotiation

Personal Privacy Policy Compliance

7. Discussion and Related Work

8. Conclusions and Future Work

Chapter 30. Virtual Private Networks

1. History

2. Who is in Charge?

3. VPN Types

IPsec

L2TP

L2TPv3

L2F

PPTP VPN

MPLS

MPVPN™

SSH

SSL-VPN

TLS

4. Authentication Methods

Hashing

HMAC

MD5

SHA-1

5. Symmetric Encryption

6. Asymmetric Cryptography

7. Edge Devices

8. Passwords

9. Hackers and Crackers

Chapter 31. Identity Theft

1. Experimental Design

Authentic Payment Notification: Plain Versus Fancy Layout

Strong Phishing Message: Plain Versus Fancy Layout

Authentic Promotion: Effect of Small Footers

Weak Phishing Message

Authentic Message

Login Page

Login Page: Strong and Weak Content Alignment

Login Page: Authentic and Bogus (But Plausible) URLs

Login Page: Hard and Soft Emphasis on Security

Bad URL, with and without SSL and Endorsement Logo

High-Profile Recall Notice

Low-Profile Class-Action Lawsuit

2. Results and Analysis

3. Implications for Crimeware

Example: Vulnerability of Web-Based Update Mechanisms

Example: The Unsubscribe Spam Attack

The Strong Narrative Attack

4. Conclusion

Chapter 32. VoIP Security

1. Introduction

VoIP Basics

2. Overview of Threats

Taxonomy of Threats

Reconnaissance of VoIP Networks

Denial of Service

Loss of Privacy

Exploits

3. Security in VoIP

Preventative Measures

Reactive

4. Future Trends

Forking Problem in SIP

Security in Peer-to-Peer SIP

End-to-End Identity with SBCs

5. Conclusion

Part V: Storage Security

Chapter 33. SAN Security

1. Organizational Structure

AAA

Restricting Access to Storage

2. Access Control Lists (ACL) and Policies

Data Integrity Field (DIF)

3. Physical Access

4. Change Management

5. Password Policies

6. Defense in Depth

7. Vendor Security Review

8. Data Classification

9. Security Management

Security Setup

Unused Capabilities

10. Auditing

Updates

Monitoring

Security Maintenance

11. Management Access: Separation of Functions

Limit Tool Access

Secure Management Interfaces

12. Host Access: Partitioning

S_ID Checking

13. Data Protection: Replicas

Erasure

Potential Vulnerabilities and Threats

Physical Attacks

Management Control Attacks

Host Attacks

World Wide Name Spoofing

Man-in-the-Middle Attacks

E-Port Replication Attack

Denial-of-Service Attacks

Session Hijacking Attacks

15. Encryption in Storage

The Process

Encryption Algorithms

Key Management

Configuration Management

16. Application of Encryption

Risk Assessment and Management

Modeling Threats

Use Cases for Protecting Data at Rest

Use Considerations

Deployment Options

17. Conclusion

References

Chapter 34. Storage Area Networking Security Devices

1. What is a SAN?

2. SAN Deployment Justifications

3. The Critical Reasons for SAN Security

Why Is SAN Security Important?

4. SAN Architecture and Components

SAN Switches

5. SAN General Threats and Issues

SAN Cost: A Deterrent to Attackers

Physical Level Threats, Issues, and Risk Mitigation

Logical Level Threats, Vulnerabilities, and Risk Mitigation

6. Conclusion

Chapter 35. Risk Management

1. The Concept of Risk

2. Expressing and Measuring Risk

3. The Risk Management Methodology

Context Establishment

Risk Assessment

Risk Treatment

Risk Communication

Risk Monitoring and Review

Integrating Risk Management into the System Development Life Cycle

Critique of Risk Management as a Methodology

Risk Management Methods

4. Risk Management Laws and Regulations

5. Risk Management Standards

6. Summary

Part VI: Physical Security

Chapter 36. Physical Security Essentials

1. Overview

2. Physical Security Threats

Natural Disasters

Environmental Threats

Technical Threats

Human-Caused Physical Threats

3. Physical Security Prevention and Mitigation Measures

Environmental Threats

Technical Threats

Human-Caused Physical Threats

4. Recovery from Physical Security Breaches

5. Threat Assessment, Planning, and Plan Implementation

Threat Assessment

Planning and Implementation

6. Example: A Corporate Physical Security Policy

7. Integration of Physical and Logical Security

References

Chapter 37. Biometrics

1. Relevant Standards

2. Biometric System Architecture

Data Capture

Signal Processing

Matching

Data Storage

Decision

Adaptation

3. Using Biometric Systems

Enrollment

Authentication

Identification

4. Security Considerations

Error Rates

Doddington's Zoo

Birthday Attacks

Comparing Technologies

Storage of Templates

5. Conclusion

Chapter 38. Homeland Security

1. Statutory Authorities

The USA PATRIOT Act of 2001 (PL 107-56)

The Aviation and Transporation Security Act of 2001 (PL 107-71)

Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173)

Public Health Security, Bioterrorism Preparedness & Response Act of 2002 (PL 107-188)

Homeland Security Act of 2002 (PL 107-296)

E-Government Act of 2002 (PL 107-347)

2. Homeland Security Presidential Directives

3. Organizational Actions

Department of Homeland Security Subcomponents

State and Federal Organizations

The Governor's Office of Homeland Security

California Office of Information Security and Privacy Protection

Private Sector Organizations for Information Sharing

4. Conclusion

Chapter 39. Information Warfare

1. Information Warfare Model

2. Information Warfare Defined

3. IW: Myth or Reality?

4. Information Warfare: Making IW Possible

Offensive Strategies

5. Preventative Strategies

6. Legal Aspects of IW

Terrorism and Sovereignty

Liability Under International Law

Remedies Under International Law

Developing Countries Response

7. Holistic View of Information Warfare

8. Conclusion

Part VII: Advanced Security

Chapter 40. Security Through Diversity

1. Ubiquity

2. Example Attacks Against Uniformity

3. Attacking Ubiquity With Antivirus Tools

4. The Threat of Worms

5. Automated Network Defense

6. Diversity and the Browser

7. Sandboxing and Virtualization

8. DNS Example of Diversity through Security

9. Recovery from Disaster is Survival

10. Conclusion

Chapter 41. Reputation Management

1. The Human Notion of Reputation

2. Reputation Applied to the Computing World

3. State of the Art of Attack-resistant Reputation Computation

4. Overview of Current Online Reputation Service

eBay

Opinity

Rapleaf

Venyo

TrustPlus + Xing + ZoomInfo + SageFire

Naymz + Trufina

The GORB

ReputationDefender

Summarizing Table

5. Conclusion

Chapter 42. Content Filtering

1. The Problem with Content Filtering

2. User Categories, Motivations, and Justifications

Schools

Commercial Business

Financial Organizations

Healthcare Organizations

Internet Service Providers

U.S. Government

Other Governments

Libraries

Parents

3. Content Blocking Methods

Banned Word Lists

URL Block

Category Block

Bayesian Filters

Safe Search Integration to Search Engines with Content Labeling

Content-Based Image Filtering (CBIF)

4. Technology and Techniques for Content-Filtering Control

Internet Gateway-Based Products/Unified Threat Appliances

5. Categories

6. Legal Issues

Federal Law: ECPA

CIPA: The Children's Internet Protection Act

The Trump Card of Content Filtering: The "National Security Letter"

ISP Content Filtering Might Be a "Five-Year Felony"

7. Issues and Problems with Content Filtering

Bypass and Circumvention

Client-Based Proxies

Open Proxies

HTTP Web-Based Proxies (Public and Private)

Secure Public Web-Based Proxies

Process Killing

Remote PC Control Applications

Overblocking and Underblocking

Blacklist and Whitelist Determination

Casual Surfing Mistake

Getting the List Updated

Time-of-Day Policy Changing

Override Authorization Methods

Hide Content in "Noise" or Use Steganography

Nonrepudiation: Smart Cards, ID Cards for Access

Warn and Allow Methods

Integration with Spam Filtering tools

Detect Spyware and Malware in the HTTP Payload

Integration with Directory Servers

Language Support

Financial Considerations Are Important

Scalability and Usability

Performance Issues

Reporting Is a Critical Requirement

Bandwidth Usage

Precision Percentage and Recall

9. Related Products

10. Conclusion

Chapter 43. Data Loss Protection

1. Precursors of DLP

2. What is DLP?

3. Where to Begin?

4. Data is Like Water

5. You Don't Know What You Don't Know

Precision versus Recall

6. How Do DLP Applications Work?

7. Eat Your Vegetables

Data in Motion

Data at Rest

Data in Use

8. It's a Family Affair, Not Just it Security's Problem

9. Vendors, Vendors Everywhere! Who Do You Believe?

10. Conclusion

Part VIII: Appendices

Appendix A: Configuring Authentication Service on Microsoft Windows Vista

1. Backup and Restore of Stored Usernames and Passwords

Automation and Scripting

Security Considerations

2. Credential Security Service Provider and SSO for Terminal Services Logon

Requirements

Configuration

Security Considerations

3. TLS/SSL Cryptographic Enhancements

AES Cipher Suites

ECC Cipher Suites

Schannel CNG Provider Model

Default Cipher Suite Preference

Previous Cipher Suites

4. Kerberos Enhancements

AES

Read-Only Domain Controller and Kerberos Authentication

5. Smart Card Authentication Changes

Additional Changes to Common Smart Card Logon Scenarios

6. Previous Logon Information

Configuration

Security Considerations

Appendix B: Security Management and Resiliency

Appendix C: List of Top Security Implementation and Deployment Companies

List of SAN Implementation and Deployment Companies

SAN Security Implementation and Deployment Companies:

Appendix D: List of Security Products

Security Software

Appendix E: List of Security Standards

Appendix F: List of Miscellaneous Security Resources

Conferences

Consumer Information

Directories

Help and Tutorials

Mailing Lists

News and Media

Organizations

Products and Tools

Research

Content Filtering Links

Other Logging Resources

Appendix G: Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security

Accomplishment

Background

Additional Information

Appendix H: Configuring Wireless Internet Security Remote Access

Adding the Access Points as RADIUS Clients to IAS

Adding Access Points to the first IAS Server

Scripting the Addition of Access Points to IAS Server (Alternative Procedure)

Configuring the Wireless Access Points

Enabling Secure WLAN Authentication on Access Points

Additional Settings to Secure Wireless Access Points

Replicating RADIUS Client Configuration to Other IAS Servers

Appendix I: Frequently Asked Questions

Appendix J: Glossary

A

B

C

D

E

F

G

H

I

K

L

M

N

O

P

R

S

T

U

V

W

Y

Index

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z