did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780619131241

Guide to Network Defense and Countermeasures

by
  • ISBN13:

    9780619131241

  • ISBN10:

    0619131241

  • Format: Paperback
  • Copyright: 2003-05-28
  • Publisher: Cengage Learning
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $253.95

Summary

Network Defense and Countermeasures provides the reader with a solid foundation in network security fundamentals; while with the primary emphasis is on intrusion detection, the book also covers such essential practices as developing a security policy and then implementing that policy by performing Network Address Translation, packet filtering, and installing proxy servers, firewalls, and Virtual Private Networks. In addition, this text will prepare students to take the second exam, Network Defense and Countermeasures, for the Security Certified Network Professional (SCNP) Certification. This text assumes familiarity with the Internet and basic networking concepts such as TCP/IP, gateways, routers, and Ethernet.

Table of Contents

Preface xv
Chapter 1 Foundations of Network Security 1(47)
Knowing Your Enemies
2(6)
What Hackers Are Looking For and What You Should Protect
2(3)
Who Are the Attackers?
5(3)
Goals of Network Security
8(4)
Maintaining Privacy
8(1)
Preserving Data Integrity
9(1)
Authenticating Users
10(1)
Enabling Connectivity
11(1)
Understanding TCP/IP Networking
12(5)
IP Addressing
13(2)
Subnetting
15(2)
Exploring IP Packet Structure
17(8)
IP Datagrams
18(6)
DNS and Network Security
24(1)
Routing and Access Control
25(2)
Router-Based Firewalls
25(1)
Routing Tables
26(1)
Access Control Lists
26(1)
Securing Individual Workstations
27(5)
General Principles When Securing a Workstation
27(1)
Memory Considerations
28(1)
Processor Speed
29(1)
Securing Windows 2000 and XP Computers
29(2)
Securing UNIX and Linux Computers
31(1)
Day-to-Day Security Maintenance
31(1)
Web and Internet-Based Security Concerns
32(1)
E-Mail Vulnerabilities
32(1)
Scripting
32(1)
Problems with Always-On Connections
33(1)
Chapter Summary
33(1)
Key Terms
34(4)
Review Questions
38(4)
Hands-On Projects
42(5)
Case Projects
47(1)
Chapter 2 Designing a Network Defense 48(47)
Common Attack Threats
49(5)
Network Vulnerabilities
49(1)
Denial of Service (DoS) Attacks
50(2)
Remote Procedure Call Abuses
52(1)
Viruses, Worms, and Trojan Horses
52(1)
Man-in-the-Middle Attacks
53(1)
Fragmented IP Packets
54(1)
Providing Layers of Network Defense
54(15)
Layer 1: Physical Security
55(1)
Layer 2: Password Security
55(1)
Layer 3: Operating System Security
56(1)
Layer 4: Using Anti-Virus Protection
56(1)
Layer 5: Packet Filtering
56(3)
Layer 6: Firewalls
59(3)
Layer 7: Proxy Servers
62(3)
Layer 8: DMZ
65(3)
Layer 9: Intrusion Detection System (IDS)
68(1)
Layer 10: Virtual Private Networks (VPNs)
68(1)
Layer 11: Logging and Administration
69(1)
Essential Network Security Activities
69(6)
Encryption
69(1)
Authentication
70(1)
Developing a Packet Filtering Rule Base
71(1)
Virus Protection
71(1)
Secure Remote Access
72(1)
Working with Log Files
72(3)
Integrating Intrusion Detection Systems (IDSs)
75(5)
Anticipating Attacks
76(1)
IDS Notification Options
76(1)
Locating the IDS
77(3)
Responding to Alerts
80(1)
Chapter Summary
80(1)
Key Terms
81(3)
Review Questions
84(3)
Hands-on Projects
87(6)
Case Projects
93(2)
Chapter 3 Risk Analysis and Security Policy Design 95(48)
Getting Started with Risk Analysis
96(12)
Fundamental Concepts of Risk Analysis
97(4)
Approaches to Risk Analysis
101(4)
Risk Analysis: An Ongoing Process
105(1)
Analyzing Economic Impacts
106(2)
Deciding How to Minimize Risk
108(8)
Deciding How to Secure Hardware
109(1)
Ranking Resources to Be Protected
110(1)
Deciding How to Secure Information
110(2)
Deciding How to Conduct Routine Analysis
112(1)
Deciding How to Handle Security Incidents
113(3)
What Makes a Good Security Policy?
116(4)
Developing Security Policies from Risk Assessment
117(1)
Teaching Employees about Acceptable Use
118(1)
Enabling Management to Set Priorities
118(1)
Helping Network Administrators Do Their jobs
118(1)
Using Security Policies to Enable Risk Analysis
119(1)
Formulating a Security Policy
120(1)
Seven Steps to Creating a Security Policy
120(1)
Categories of Security Policies
121
Performing Ongoing Risk Analysis
120(10)
Conducting Routine Security Reviews
120(1)
Working with Management
120(1)
Responding to Security Incidents
120(1)
Updating the Security Policy
120(10)
Chapter Summary
130(1)
Key Terms
131(1)
Review Questions
132(4)
Hands-on Projects
136(5)
Case Projects
141(2)
Chapter 4 Choosing and Designing Firewalls 143(48)
Choosing a Bastion Host
144(7)
General Requirements
144(1)
Selecting the Host Machine
145(3)
Deciding What the Bastion Host Will(and Will Not) Do
148(3)
Handling Backups and Auditing
151(1)
Firewall Configurations
151(14)
What Firewalls Are
152(2)
What Firewalls Are Not
154(1)
Screening Router
155(1)
Dual-Homed Host
156(1)
Screened Host
157(1)
Screened Subnet DMZ
158(1)
Multiple DMZ/Firewall Configurations
159(2)
Multiple Firewall Configurations
161(2)
Reverse Firewall
163(2)
Firewall Software and Hardware
165(5)
Software-Based Firewalls
166(2)
Firewall Hardware
168(1)
Hybrid Firewalls
169(1)
Establishing Rules and Restrictions
170(8)
Keep the Rule Base Simple
171(1)
Base the Rule Base on Your Security Policy
172(1)
Setting Up Application Rules
173(1)
Restricting or Allowing Subnets
174(1)
Restricting Ports and Protocols
175(1)
Controlling Internet Services
175(3)
Chapter Summary
178(1)
Key Terms
179(2)
Review Questions
181(4)
Hands-on Projects
185(4)
Case Projects
189(2)
Chapter 5 Configuring Firewalls 191(46)
Approaches to Packet Filtering
192(6)
Stateless Packet Filtering
192(1)
Stateful Packet Filtering
193(3)
Packet Filtering Depends on Position
196(2)
Creating Packet Filter Rules
198(10)
Filtering by TCP or UDP Port Number
200(3)
ICMP Message Type
203(2)
Filtering by Service
205(1)
Filtering by ACK Bit
206(1)
IP Option Specifications
207(1)
Network Address Translation (NAT)
208(2)
Hide-Mode Mapping
209(1)
Static Mapping
210(1)
Authenticating Users
210(13)
Step 1: Deciding What to Authenticate
211(4)
Step 2: Deciding How to Authenticate
215(5)
Step 3: Putting It All Together
220(3)
Chapter Summary
223(1)
Key Terms
224(2)
Review Questions
226(4)
Hands-on Projects
230(5)
Case Projects
235(2)
Chapter 6 Strengthening and Managing Firewalls 237(48)
Working with Proxy Servers
238(9)
Goals of Proxy Servers
238(2)
How Proxy Servers Work
240(2)
Choosing a Proxy Server
242(2)
Filtering Content
244(3)
Managing Firewalls to Improve Security
247(11)
Editing the Rule Base
248(2)
Managing Log Files
250(5)
Improving Firewall Performance
255(2)
Configuring Advanced Firewall Functions
257(1)
Installing and Configuring Check Point NG
258(4)
Installing Check Point Modules
258(3)
Configuring Network Objects
261(1)
Creating Filter Rules
262(1)
Installing and Configuring Microsoft ISA Server 2000
262(4)
Licensing ISA Server 2000
263(1)
Installation Issues
263(1)
Creating a Security Policy
264(1)
Monitoring the Server
265(1)
Managing and Configuring iptables
266(4)
Built-In Chains
266(3)
User-Defined Chains
269(1)
Chapter Summary
270(1)
Key Terms
271(1)
Review Questions
272(4)
Hands-on Projects
276(7)
Case Projects
283(2)
Chapter 7 Setting up a Virtual Private Network 285(41)
Exploring VPNs: What, Why, and How
286(14)
What VPNs Are
286(7)
Why Establish a VPN?
293(2)
How to Configure VPNs
295(5)
Understanding Tunneling Protocols
300(5)
IPSec/IKE
300(4)
Secure Shell (SSH)
304(1)
Socks V. 5
304(1)
Point-to-Point Protocol Tunneling (PPTP)
304(1)
Layer 2 Tunneling Protocol (L2TP)
305(1)
Encryption Schemes Used by VPNs
305(3)
Triple-Data Encryption Standard (Triple-DES)
306(1)
Secure Sockets Layer (SSL)
306(2)
Kerberos
308(1)
Adjusting Packet Filtering Rules for VPNs
308(3)
PPTP Filters
309(1)
L2TP and IPSec Filters
310(1)
Chapter Summary
311(1)
Key Terms
312(2)
Review Questions
314(4)
Hands-on Projects
318(6)
Case Projects
324(2)
Chapter 8 Intrusion Detection: An Overview 326(40)
Intrusion Detection System Components
327(8)
Network Sensor
327(3)
Alert Systems
330(3)
Command Console
333(1)
Response System
334(1)
Database of Attack Signatures or Behaviors
334(1)
Intrusion Detection Step-By-Step
335(6)
Step 1: Installing the IDS Database
336(1)
Step 2: Gathering Data
337(1)
Step 3: Sending Alert Messages
338(1)
Step 4: The IDS Responds
338(1)
Step 5: The Administrator Assesses Damage
338(1)
Step 6: Pursuing Escalation Procedures if Necessary
339(1)
Step 7: Logging and Reviewing the Event
340(1)
Options for Implementing Intrusion Detection Systems
341(7)
Network-Based Intrusion Detection System (NIDS)
341(2)
Host-Based Intrusion Detection Systems (HIDS)
343(3)
Hybrid IDS Implementations
346(2)
Evaluating Intrusion Detection Systems
348(4)
Freeware Network-Based IDS: Snort
349(1)
Commercial Host-Based IDS: Norton Internet Security
350(1)
Anomaly-Based IDS: Tripwire
351(1)
Network-Based IDS: RealSecure
351(1)
IDS Hardware Appliances
351(1)
Signature-Based IDS: Cisco Secure IDS
352(1)
Chapter Summary
352(1)
Key Terms
353(2)
Review Questions
355(3)
Hands-on Projects
358(6)
Case Projects
364(2)
Chapter 9 Intrusion Detection: Preventive Measures 366(50)
Common Vulnerabilities and Exposures (CVE)
367(3)
How the CVE Database Works
367(2)
Scanning CVE Vulnerability Descriptions
369(1)
Logging and Intrusion Detection
370(2)
Analyzing Intrusion Signatures
372(21)
Understanding Signature Analysis
373(2)
Capturing Packets
375(6)
Normal Traffic Signatures
381(6)
Suspicious Traffic Signatures
387(6)
Identifying Suspicious Events
393(5)
Packet Header Discrepancies
394(3)
Advanced IDS Attacks
397(1)
Remote Procedure Calls
397(1)
Developing IDS Filter Rules
398(4)
Rule Actions
399(1)
Rule Data
399(1)
Rule Options
400(2)
Chapter Summary
402(1)
Key Terms
403(2)
Review Questions
405(4)
Hands-on Projects
409(5)
Case Projects
414(2)
Chapter 10 Intrusion Detection: Incident Response 416(42)
Developing a Security Incident Response Team (SIRT)
417(5)
Goals of a Security Incident Response Team (SIRT)
417(1)
Responsibilities of the Team Members
418(3)
Public Resource Teams
421(1)
Outsourcing Incident Response
422(1)
How to Respond: The Incident Response Process
422(9)
Step 1: Preparation
422(2)
Step 2: Notification
424(1)
Step 3: Response
425(3)
Step 4: Countermeasures
428(2)
Step 5: Recovery
430(1)
Step 6: Follow-Up
430(1)
Dealing with False Alarms
431(1)
Filtering Alerts
431(1)
Disabling Signatures
432(1)
Dealing with Legitimate Security Alerts
432(6)
Assessing Impact
433(1)
Developing an Action Plan
434(1)
Internal Versus External Incidents
435(1)
Taking Corrective Measures to Prevent Reoccurrence
435(1)
Working Under Pressure
436(1)
Gathering Data for Prosecution
437(1)
After the Attack: Computer Forensics
438(4)
Tracing Attacks
438(1)
Using Data Mining to Discover Patterns
439(1)
Prosecuting Offenders
440(2)
Chapter Summary
442(2)
Key Terms
444(1)
Review Questions
445(4)
Hands-on Projects
449(6)
Case Projects
455(3)
Chapter 11 Strengthening Defense through Ongoing Management 458(35)
Strengthening Control: Security Event Management
459(8)
Monitoring Events
460(1)
Managing Data from Multiple Sensors
461(3)
Evaluating Your IDS Signatures
464(1)
Managing Change
465(2)
Strengthening Analysis: Security Auditing
467(2)
Operational Auditing
468(1)
Independent Auditing
468(1)
Strengthening Detection: Managing the IDS
469(2)
Maintaining Your Current System
469(1)
Changing or Adding Software
470(1)
Changing or Adding Hardware
471(1)
Strengthening Defense: Improving Defense in Depth
471(3)
Active Defense in Depth
472(1)
Adding Security Layers
473(1)
Strengthening Performance: Keeping Pace With Network Needs
474(2)
Memory
474(1)
Bandwidth
475(1)
Managing Storage
475(1)
Maintaining Your Own Knowledge Base
476(2)
Web Sites
476(1)
Mailing Lists and Newsgroups
477(1)
Trade Publications
477(1)
Certifications
478(1)
Chapter Summary
478(1)
Key Terms
479(2)
Review Questions
481(4)
Hands-on Projects
485(6)
Case Projects
491(2)
Appendix A SCO-402 Objectives 493(4)
Appendix B Security Resources 497(6)
Security Standards
498(1)
Open Security Evaluation Criteria (http://osec.neohapsis.com)
498(1)
Common Vulnerabilities and Exposures (www.cve.mitre.org )
498(1)
Viruses and Security Incidents
498(1)
Symantec Security Response (http://securityresponse.symantec.com)
498(1)
Whitehats Network Security Resource (www.whitehats. com)
498(1)
Incidents.org (www.incidents.org)
499(1)
Dshield.org (www.dshield.org)
499(1)
Security Organizations on the Web
499(1)
The Center for Internet Security (www.cisecurity.org)
499(1)
SANS Institute (www.sans.org)
499(1)
The Cert Coordination Center (www.cert.org)
500(1)
FIRST (www.first.org)
500(1)
Mailing Lists and Newsletters
500(1)
Mailing Lists
500(1)
Newsletters and Trade Publications
501(1)
Security Certification Sites
501(2)
Global Information Assurance Certification (GIAC) (www.giac.org)
502(1)
The International Information Systems Security Certification Consortium (ISC)2 (www.isc2.org)
502(1)
CompTIA Certification (www.comptia.org/certification/default.asp)
502(1)
Glossary 503(12)
Index 515

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program