Product Cover Image

Network Defense and Countermeasures: Principles and Practices, 2nd Edition

By William (Chuck) Easttom

Published by Pearson IT Certification

Published Date: Oct 21, 2013

Description

Network Defense and Countermeasures:

Principles and Practices

 

Everything you need to know about modern network attacks and defense, in one book

Clearly explains core network security concepts, challenges, technologies, and skills

Thoroughly updated for the latest attacks and countermeasures

The perfect beginner’s guide for anyone interested in a network security career

 

Security is the IT industry’s hottest topic–and that’s where the hottest opportunities are, too. Organizations desperately need professionals who can help them safeguard against the most sophisticated attacks ever created–attacks from well-funded global criminal syndicates, and even governments.

 

Today, security begins with defending the organizational network. Network Defense and Countermeasures, Second Edition is today’s most complete, easy-to-understand introduction to modern network attacks and their effective defense.

From malware and DDoS attacks to firewalls and encryption, Chuck Easttom blends theoretical foundations with up-to-the-minute best-practice techniques. Starting with the absolute basics, he discusses crucial topics many security books overlook, including the emergence of network-based espionage and terrorism.

 

If you have a basic understanding of networks, that’s all the background you’ll need to succeed with this book: no math or advanced computer science is required. You’ll find projects, questions, exercises, case studies, links to expert resources, and a complete glossary–all designed to deepen your understanding and prepare you to defend real-world networks.

 

Chuck Easttom has worked in all aspects of IT, including network administration, software engineering, and IT management. For several years, he has taught IT topics in college and corporate environments, worked as an independent IT consultant, and served as an expert witness in court cases involving computers. He holds 28 industry certifications, including CISSP, ISSAP, Certified Ethical Hacker, Certified Hacking Forensics Investigator, EC Council Certified Security Administrator, and EC Council Certified Instructor. He served as subject matter expert for CompTIA in its development or revision of four certification tests, including Security+. He recently assisted the EC Council in developing its new advanced cryptography course. Easttom has authored 13 books on topics including computer security and crime.

 

Learn how to

  n  Understand essential network security concepts, challenges, and careers

  n  Learn how modern attacks work

  n  Discover how firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs) combine to protect modern networks

  n  Select the right security technologies for any network environment

  n  Use encryption to protect information

  n  Harden Windows and Linux systems and keep them patched

  n  Securely configure web browsers to resist attacks

  n  Defend against malware

  n  Define practical, enforceable security policies

  n  Use the “6 Ps” to assess technical and human aspects of system security

  n  Detect and fix system vulnerability

  n  Apply proven security standards and models, including Orange Book, Common Criteria, and Bell-LaPadula

  n  Ensure physical security and prepare for disaster recovery

  n  Know your enemy: learn basic hacking, and see how to counter it

  n  Understand standard forensic techniques and prepare for investigations of digital crime

 

Table of Contents

Pr>

 

Chapter 1: Introduction to Network Security 2

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

The Basics of a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

The OSI Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

What Does This Mean for Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Assessing Likely Threats to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Classifications of Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Likely Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Threat Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Understanding Security Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Choosing a Network Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Network Security and the Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Using Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

 

Chapter 2: Types of Attacks 38

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Understanding Denial of Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Defending Against Buffer Overflow Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Defending Against IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Defending Against Session Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Blocking Virus and Trojan Horse Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

 

Chapter 3: Fundamentals of Firewalls 72

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

What Is a Firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Implementing Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Selecting and Using a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Using Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

 

Chapter 4: Firewall Practical Applications 96

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Using Single Machine Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Windows 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Linux Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Using Small Office/Home Office Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Using Medium-Sized Network Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Using Enterprise Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

 

Chapter 5: Intrusion-Detection Systems 122

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Understanding IDS Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Understanding and Implementing IDS Systems . . . . . . . . . . . . . . . . . . . . . . . 126

Understanding and Implementing Honey Pots . . . . . . . . . . . . . . . . . . . . . . . . 130

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

 

Chapter 6: Encryption Fundamentals 142

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

The History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Learning About Modern Encryption Methods . . . . . . . . . . . . . . . . . . . . . . . . . 148

Identifying Good Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Understanding Digital Signatures and Certificates . . . . . . . . . . . . . . . . . . . . . 155

Understanding and Using Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Steganalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Exploring the Future of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

 

Chapter 7: Virtual Private Networks 170

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Basic VPN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Using VPN Protocols for VPN Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Implementing VPN Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

 

Chapter 8: Operating System Hardening 192

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Configuring Windows Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Configuring Linux Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Patching the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Configuring Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

 

Chapter 9: Defending Against Virus Attacks 228

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Understanding Virus Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Antivirus Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Additional Methods for Defending Your System . . . . . . . . . . . . . . . . . . . . . . . 249

What to Do If Your System Is Infected by a Virus . . . . . . . . . . . . . . . . . . . . . . 249

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

 

Chapter 10: Defending Against Trojan Horses, Spyware, and Adware 258

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Spyware and Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

 

Chapter 11: Security Policies 280

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Defining System Administration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Defining Developmental Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

 

Chapter 12: Assessing System Security 302

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Evaluating the Security Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Making the Initial Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Probing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Security Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

 

Chapter 13: Security Standards 338

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Using the Orange Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Using the Rainbow Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Using the Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Using Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

U.S. Federal Regulations, Guidelines, and Standards . . . . . . . . . . . . . . . . . . 356

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

 

Chapter 14: Physical Security and Disaster Recovery 366

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Ensuring Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

 

Chapter 15: Techniques Used by Attackers 376

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Preparing to Hack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

The Attack Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

 

Chapter 16: Introduction to Forensics 396

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

General Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

FBI Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Gathering Evidence from a Cell Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Forensic Tools to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

 

Chapter 17: Cyber Terrorism 414

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Defending Against Computer-Based Espionage . . . . . . . . . . . . . . . . . . . . . . . 415

Defending Against Computer-Based Terrorism . . . . . . . . . . . . . . . . . . . . . . . . 421

Choosing Defense Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

 

Appendix A: References 440

 

Glossary 444

 

Index 454

Purchase Info

ISBN-10: 0-13-338440-3

ISBN-13: 978-0-13-338440-6

Format: eBook (Watermarked)?

This eBook includes the following formats, accessible from your Account page after purchase:

ePubEPUBThe open industry format known for its reflowable content and usability on supported mobile devices.

MOBIMOBIThe eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

Adobe ReaderPDFThe popular standard, used most often with the free Adobe® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

Includes EPUB, MOBI, and PDF

$63.99

Add to Cart