CART

(0) items

Firewalls and Network Security : Intrusion Detection and Vpns,9781435420168
This item qualifies for
FREE SHIPPING!
FREE SHIPPING OVER $59!

Your order must be $59 or more, you must select US Postal Service Shipping as your shipping preference, and the "Group my items into as few shipments as possible" option when you place your order.

Bulk sales, PO's, Marketplace Items, eBooks, Apparel, and DVDs not included.

Firewalls and Network Security : Intrusion Detection and Vpns

by ; ; ;
Edition:
2nd
ISBN13:

9781435420168

ISBN10:
1435420160
Format:
Paperback
Pub. Date:
6/10/2008
Publisher(s):
Cengage Learning

Questions About This Book?

What version or edition is this?
This is the 2nd edition with a publication date of 6/10/2008.
What is included with this book?
  • The Used copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included.

Related Products


  • Guide to Firewalls and Network Security
    Guide to Firewalls and Network Security
  • Guide to Firewalls and Network Security : Intrusion Detection and VPNs
    Guide to Firewalls and Network Security : Intrusion Detection and VPNs





Summary

Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response. Book jacket.

Author Biography

Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Systems and Security in the CSIS Department at Kennesaw State University, where he is also Director of the KSU Center for Information Security Education and the coordinator for the Bachelor of Science in Information Security and Assurance. Dr. Whitman is an active researcher in Information Security and Ethical Computing. He currently teaches graduate and undergraduate courses in Information Security and Data Communications. He has published articles in the industry's top journals and co-authors a number of books in the field, published by Course Technology Herbert Mattord, M.B.R., CISM, CISSP is currently on the Faculty at Kennesaw State University where he theaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics Richard Austin, MS, CISSP, MCSE teaches undergraduate information security courses as a part-time faculty at Kennesaw state University and is an active member of SNIR's Security Technical Working Group as well as a frequent writer and presenter on storage networking security and digital forensics

Table of Contents

Introductionp. xvii
Introduction to Information Securityp. 1
Introductionp. 2
What Is Information Security?p. 3
Critical Characteristics of Informationp. 4
CNSS Security Modelp. 5
Securing Componentsp. 6
Balancing Information Security and Accessp. 6
Business Needs Firstp. 7
Protecting the Functionality of an Organizationp. 7
Enabling the Safe Operation of Applicationsp. 8
Protecting Data That Organizations Collect and Usep. 8
Safeguarding Technology Assets in Organizationsp. 8
Security Professionals and the Organizationp. 8
Data Ownershipp. 9
Threatsp. 10
Human Error or Failurep. 11
Compromises to Intellectual Propertyp. 12
Espionage or Trespassp. 13
Information Extortionp. 16
Sabotage or Vandalismp. 16
Theftp. 17
Software Attacksp. 17
Forces of Naturep. 20
Deviations in Quality of Servicep. 21
Hardware Failures or Errorsp. 22
Software Failures or Errorsp. 23
Obsolescencep. 23
Attacksp. 23
Malicious Codep. 23
"Hoaxes"p. 24
Back Doorsp. 24
Password Crackp. 25
Brute Forcep. 25
Dictionaryp. 25
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)p. 25
Spoofingp. 26
Man-in-the-Middlep. 27
Spamp. 28
Mail Bombingp. 28
Sniffersp. 28
Social Engineeringp. 28
Buffer Overflowp. 30
Timing Attackp. 30
Chapter Summaryp. 30
Review Questionsp. 31
Exercisesp. 32
Case Exercisesp. 33
An Introduction to Networkingp. 37
Introductionp. 38
Networking Fundamentalsp. 38
Reasons to Networkp. 39
Types of Networksp. 40
Network Standardsp. 42
Internet Society (ISOC)p. 42
Internet Assigned Numbers Authority (IANA)p. 42
American National Standards Institute (ANSI)p. 43
International Telecommunication Union (ITU)p. 43
Institute of Electrical and Electronics Engineers (IEEE)p. 43
Telecommunications Industry Association (TIA)p. 43
International Organization for Standardization (ISO)p. 44
OSI Reference Model and Securityp. 44
The Physical Layerp. 45
Data Link Layerp. 53
Network Layerp. 56
Transport Layerp. 59
Session Layerp. 64
Presentation Layerp. 64
Application Layerp. 64
The Internet and TCP/IPp. 66
The World Wide Webp. 66
TCP/IPp. 67
Chapter Summaryp. 69
Review Questionsp. 70
Exercisesp. 71
Case Exercisesp. 71
Security Policies, Standards, and Planningp. 73
Introductionp. 74
Information Security Policy, Standards, and Practicesp. 75
Definitionsp. 75
Enterprise Information Security Policy (EISP)p. 77
Issue-Specific Security Policy (ISSP)p. 78
System-Specific Policy (SysSP)p. 81
Policy Managementp. 83
Frameworks and Industry Standardsp. 85
The ISO 27000 Seriesp. 86
NIST Security Modelsp. 90
IETF Security Architecturep. 91
Benchmarking and Best Business Practicesp. 91
Security Architecturep. 92
Security Education, Training, and Awareness Programp. 95
Security Educationp. 96
Security Trainingp. 96
Security Awarenessp. 97
Continuity Strategiesp. 98
Business Impact Analysisp. 101
Incident Response Planningp. 104
Disaster Recovery Planningp. 104
Business Continuity Planningp. 105
Crisis Managementp. 106
Chapter Summaryp. 107
Review Questionsp. 108
Exercisesp. 109
Case Exercisesp. 110
Finding Network Vulnerabilitiesp. 113
Introductionp. 114
Common Vulnerabilitiesp. 114
Defects in Software or Firmwarep. 114
Weaknesses in Processes and Proceduresp. 121
Scanning and Analysis Toolsp. 121
Port Scannersp. 125
Firewall Analysis Toolsp. 126
Operating System Detection Toolsp. 127
Vulnerability Scannersp. 128
Packet Sniffersp. 133
Wireless Security Toolsp. 134
Penetration Testingp. 135
Chapter Summaryp. 138
Review Questionsp. 138
Exercisesp. 139
Case Exercisesp. 139
Firewall Planning and Designp. 141
Introductionp. 142
Misconceptions About Firewallsp. 143
Firewalls Explainedp. 143
An Analogy: Office Tower Security Guardp. 144
Firewall Security Featuresp. 145
Firewall User Protectionp. 145
Firewall Network Perimeter Securityp. 145
Firewall Componentsp. 146
Firewall Security Tasksp. 147
Types of Firewall Protectionp. 152
Packet Filteringp. 152
PAT and NATp. 159
Application Layer Gatewaysp. 160
Firewall Categoriesp. 162
Processing Modep. 162
Firewall Generationp. 164
Firewall Structuresp. 165
Firewall Architecturesp. 174
Limitations of Firewallsp. 178
Chapter Summaryp. 178
Review Questionsp. 179
Exercisesp. 180
Case Exercisesp. 181
Packet Filteringp. 183
Introductionp. 184
Understanding Packets and Packet Filteringp. 184
Packet-Filtering Devicesp. 184
Anatomy of a Packetp. 185
Packet-Filtering Rulesp. 187
Packet-Filtering Methodsp. 189
Stateless Packet Filteringp. 190
Stateful Packet Filteringp. 195
Filtering Based on Packet Contentp. 197
Setting Specific Packet Filter Rulesp. 197
Best Practices for Firewall Rulesp. 197
Rules That Cover Multiple Variationsp. 199
Rules for ICMP Packetsp. 199
Rules That Enable Web Accessp. 201
Rules That Enable DNSp. 202
Rules That Enable FTPp. 202
Rules That Enable E-Mailp. 203
Chapter Summaryp. 205
Review Questionsp. 205
Exercisesp. 206
Case Exercisesp. 207
Working with Proxy Servers and Application-Level Firewallsp. 209
Introductionp. 210
Overview of Proxy Serversp. 210
How Proxy Servers Workp. 210
How Proxy Servers Differ from Packet Filtersp. 212
Sample Proxy Server Configurationsp. 212
Goals of Proxy Serversp. 214
Concealing Internal Clientsp. 215
Blocking URLsp. 216
Blocking and Filtering Contentp. 216
E-Mail Proxy Protectionp. 217
Improving Performancep. 217
Ensuring Securityp. 218
Providing User Authenticationp. 218
Redirecting URLsp. 219
Proxy Server Configuration Considerationsp. 219
Providing for Scalabilityp. 219
Working with Client Configurationsp. 219
Working with Service Configurationsp. 221
Creating Filter Rulesp. 221
Recognizing the Single Point of Failurep. 222
Recognizing Buffer Overflow Vulnerabilitiesp. 222
Choosing a Proxy Serverp. 222
Transparent Proxiesp. 222
Nontransparent Proxiesp. 223
SOCKS-Based Proxiesp. 223
Proxy Server-Based Firewalls Comparedp. 224
T.REX Open-Source Firewallp. 225
Squidp. 225
WinGatep. 225
Symantec Enterprise Firewallp. 226
Microsoft Internet Security & Acceleration Serverp. 226
Reverse Proxiesp. 226
When a Proxy Service Isn't the Correct Choicep. 228
Chapter Summaryp. 229
Review Questionsp. 229
Exercisesp. 230
Case Exercisesp. 231
Firewall Configuration and Administrationp. 233
Introductionp. 234
Establishing Firewall Rules and Restrictionsp. 235
The Role of the Rules Filep. 235
Restrictive Firewallsp. 235
Connectivity-Based Firewallsp. 236
Firewall Configuration Strategiesp. 237
Scalabilityp. 237
Productivityp. 237
Dealing with IP Address Issuesp. 238
Approaches That Add Functionality to Your Firewallp. 239
NAT/PATp. 239
Encryptionp. 239
Application Proxiesp. 240
VPNsp. 240
Intrusion Detection and Prevention Systemsp. 241
Enabling a Firewall to Meet New Needsp. 243
Verifying Resources Needed by the Firewallp. 244
Identifying New Risksp. 245
Adding Software Updates and Patchesp. 245
Adding Hardwarep. 246
Dealing with Complexity on the Networkp. 247
Adhering to Proven Security Principlesp. 248
Environmental Managementp. 248
BIOS, Boot, and Screen Locksp. 248
Remote Management Interfacep. 249
Why Remote Management Tools Are Importantp. 249
Security Concernsp. 250
Basic Features of Remote Management Toolsp. 250
Automating Security Checksp. 251
Configuring Advanced Firewall Functionsp. 251
Data Cachingp. 251
Hot Standby Redundancyp. 252
Load Balancingp. 253
Filtering Contentp. 254
Chapter Summaryp. 256
Review Questionsp. 257
Exercisesp. 257
Case Exercisesp. 258
Encryption and Firewallsp. 259
Introductionp. 260
Firewalls and Encryptionp. 260
The Cost of Encryptionp. 262
Preserving Data Integrityp. 262
Maintaining Confidentialityp. 262
Authenticating Network Clientsp. 263
Enabling Virtual Private Networks (VPNs)p. 263
Principles of Cryptographyp. 263
Encryption Definitionsp. 264
Cryptographic Notationp. 264
Encryption Operationsp. 265
Using Cryptographic Controlsp. 276
E-mail Securityp. 277
Securing the Webp. 277
Securing Authenticationp. 278
Attacks on Cryptosystemsp. 280
Man-in-the-Middle Attackp. 281
Correlation Attacksp. 281
Dictionary Attacksp. 281
Timing Attacksp. 282
Defending from Attacksp. 282
Chapter Summaryp. 283
Review Questionsp. 283
Exercisesp. 284
Case Exercisesp. 285
Authenticating Usersp. 287
Introductionp. 288
The Authentication Process in Generalp. 288
How Firewalls Implement the Authentication Processp. 289
Firewall Authentication Methodsp. 290
User Authenticationp. 291
Client Authenticationp. 291
Session Authenticationp. 292
Centralized Authenticationp. 293
Kerberosp. 294
TACACS+p. 295
Remote Authentication Dial-In User Service (RADIUS)p. 296
TACACS+ and RADIUS Comparedp. 296
Password Security Issuesp. 298
Passwords That Can Be Crackedp. 298
Password Vulnerabilitiesp. 298
Lax Security Habitsp. 298
Password Security Toolsp. 299
One-Time Password Softwarep. 299
The Shadow Password Systemp. 299
Other Authentication Systemsp. 300
Single-Password Systemsp. 300
One-Time Password Systemsp. 300
Certificate-Based Authenticationp. 301
802.1X Wi-Fi Authenticationp. 302
Chapter Summaryp. 303
Review Questionsp. 303
Exercisesp. 304
Case Exercisesp. 305
Setting Up a Virtual Private Networkp. 307
Introductionp. 308
VPN Components and Operationsp. 309
VPN Componentsp. 309
Essential Activities of VPNsp. 313
Benefits and Drawbacks of VPNsp. 314
VPNs Extend Network Boundariesp. 314
Types of VPNsp. 315
VPN Appliancesp. 316
Software VPN Systemsp. 317
VPN Combinations of Hardware and Softwarep. 318
Combination VPNsp. 318
VPN Setupsp. 318
Mesh Configurationp. 318
Hub-and-Spoke Configurationp. 319
Hybrid Configurationp. 321
Configurations and Extranet and Intranet Accessp. 321
Tunneling Protocols Used with VPNsp. 322
IPSec/IKEp. 322
PPTPp. 323
L2TPp. 324
PPP Over SSL/PPP Over SSHp. 324
Enabling Remote Access Connections Within VPNsp. 325
Configuring the Serverp. 325
Configuring Clientsp. 326
VPN Best Practicesp. 327
The Need for a VPN Policyp. 327
Packet Filtering and VPNsp. 327
Auditing and Testing the VPNp. 330
Chapter Summaryp. 33
Review Questionsp. 334
Exercisesp. 334
Case Exercisesp. 335
Contingency Planningp. 337
Introductionp. 338
What Is Contingency Planning?p. 339
Components of Contingency Planningp. 341
Business Impact Analysisp. 342
Incident Response Planp. 343
Disaster Recovery Planp. 344
Business Continuity Planp. 344
Incident Response: Preparation, Organization, and Preventionp. 345
Planning for the Response During the Incidentp. 347
Planning for After the Incidentp. 349
Planning for Before the Incidentp. 349
Incident Classification and Detectionp. 351
Classifying Incidentsp. 352
Data Collectionp. 354
Detecting Compromised Softwarep. 356
Challenges in Intrusion Detectionp. 357
Incident Reactionp. 357
Selecting an IR Strategyp. 357
Notificationp. 359
Documenting an Incidentp. 360
Incident Containment Strategiesp. 360
Interviewing Individuals Involved in the Incidentp. 361
Recovering from Incidentsp. 361
Identify and Resolve Vulnerabilitiesp. 362
Restore Datap. 363
Restore Services and Processesp. 363
Restore Confidence Across the Organizationp. 363
IR Plan Maintenancep. 363
The After-Action Reviewp. 363
IR Plan Review and Maintenancep. 365
Trainingp. 365
Rehearsalp. 365
Data and Application Resumptionp. 366
Disk-to-Disk-to-Tapep. 366
Backup Strategiesp. 366
Tape Backup and Recoveryp. 367
Redundancy-Based Backup and Recovery Using RAIDp. 369
Database Backupsp. 371
Application Backupsp. 372
Real-Time Protection, Server Recovery, and Application Recoveryp. 372
Service Agreementsp. 377
Chapter Summaryp. 378
Review Questionsp. 379
Exercisesp. 379
Case Exercisesp. 380
Intrusion Detection and Prevention Systemsp. 383
Introductionp. 384
Intrusion Detection and Preventionp. 384
IDPS Terminologyp. 385
Why Use an IDPS?p. 387
Network-Based IDPSp. 390
Host-Based IDPSp. 394
IDPS Detection Methodsp. 396
IDPS Response Behaviorp. 398
Selecting IDPS Approaches and Productsp. 401
Strengths and Limitations of IDPSsp. 406
Deployment and Implementation of an IDPSp. 407
Measuring the Effectiveness of IDPSsp. 415
Honey Pots, Honey Nets, and Padded Cell Systemp. 417
Trap and Trace Systemsp. 419
Active Intrusion Preventionp. 420
Chapter Summaryp. 420
Review Questionsp. 421
Exercisesp. 422
Case Exercisesp. 422
Digital Forensicsp. 425
Introductionp. 426
The Digital Forensic Teamp. 426
The First Response Teamp. 427
The Analysis Teamp. 428
Digital Forensics Methodologyp. 430
Affidavits and Search Warrantsp. 430
Acquiring the Evidencep. 432
Identifying Sourcesp. 432
Authenticating Evidencep. 433
Collecting Evidencep. 434
Maintaining the Chain of Custodyp. 447
Analyzing Evidencep. 449
Searching for Evidencep. 451
Reporting the Findingsp. 453
Interacting with Law Enforcementp. 453
Anti-Forensicsp. 455
Chapter Summaryp. 456
Review Questionsp. 456
Exercisesp. 457
Case Exercisep. 457
Glossaryp. 459
Indexp. 473
Table of Contents provided by Ingram. All Rights Reserved.


Please wait while the item is added to your cart...