Details

Introduction to Network Security


Introduction to Network Security

Theory and Practice
2. Aufl.

von: Jie Wang, Zachary A. Kissel

113,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 10.07.2015
ISBN/EAN: 9781118939505
Sprache: englisch
Anzahl Seiten: 440

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

Introductory textbook in the important area of network security for undergraduate and graduate students Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee security Fully updated to reflect new developments in network security Introduces a chapter on Cloud security, a very popular and essential topic Uses everyday examples that most computer users experience to illustrate important principles and mechanisms Features a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec
Preface xv About the Authors xix 1 Network Security Overview 1 1.1 Mission and Definitions 1 1.2 Common Attacks and Defense Mechanisms 3 1.2.1 Eavesdropping 3 1.2.2 Cryptanalysis 4 1.2.3 Password Pilfering 5 1.2.4 Identity Spoofing 13 1.2.5 Buffer-Overflow Exploitations 16 1.2.6 Repudiation 18 1.2.7 Intrusion 19 1.2.8 Traffic Analysis 19 1.2.9 Denial of Service Attacks 20 1.2.10 Malicious Software 22 1.3 Attacker Profiles 25 1.3.1 Hackers 25 1.3.2 Script Kiddies 26 1.3.3 Cyber Spies 26 1.3.4 Vicious Employees 27 1.3.5 Cyber Terrorists 27 1.3.6 Hypothetical Attackers 27 1.4 Basic Security Model 27 1.5 Security Resources 29 1.5.1 CERT 29 1.5.2 SANS Institute 29 1.5.3 Microsoft Security 29 1.5.4 NTBugtraq 29 1.5.5 Common Vulnerabilities and Exposures 30 1.6 Closing Remarks 30 1.7 Exercises 30 1.7.1 Discussions 30 1.7.2 Homework 31 2 Data Encryption Algorithms 45 2.1 Data Encryption Algorithm Design Criteria 45 2.1.1 ASCII Code 46 2.1.2 XOR Encryption 46 2.1.3 Criteria of Data Encryptions 48 2.1.4 Implementation Criteria 50 2.2 Data Encryption Standard 50 2.2.1 Feistel’s Cipher Scheme 50 2.2.2 DES Subkeys 52 2.2.3 DES Substitution Boxes 54 2.2.4 DES Encryption 55 2.2.5 DES Decryption and Correctness Proof 57 2.2.6 DES Security Strength 58 2.3 Multiple DES 59 2.3.1 Triple-DES with Two Keys 59 2.3.2 2DES and 3DES/3 59 2.3.3 Meet-in-the-Middle Attacks on 2DES 60 2.4 Advanced Encryption Standard 61 2.4.1 AES Basic Structures 61 2.4.2 AES S-Boxes 63 2.4.3 AES-128 Round Keys 65 2.4.4 Add Round Keys 66 2.4.5 Substitute-Bytes 67 2.4.6 Shift-Rows 67 2.4.7 Mix-Columns 67 2.4.8 AES-128 Encryption 68 2.4.9 AES-128 Decryption and Correctness Proof 69 2.4.10 Galois Fields 70 2.4.11 Construction of the AES S-Box and Its Inverse 73 2.4.12 AES Security Strength 74 2.5 Standard Block Cipher Modes of Operations 74 2.5.1 Electronic-Codebook Mode 75 2.5.2 Cipher-Block-Chaining Mode 75 2.5.3 Cipher-Feedback Mode 75 2.5.4 Output-Feedback Mode 76 2.5.5 Counter Mode 76 2.6 Offset Codebook Mode of Operations 77 2.6.1 Basic Operations 77 2.6.2 OCB Encryption and Tag Generation 78 2.6.3 OCB Decryption and Tag Verification 79 2.7 Stream Ciphers 80 2.7.1 RC4 Stream Cipher 80 2.7.2 RC4 Security Weaknesses 81 2.8 Key Generations 83 2.8.1 ANSI X9.17 PRNG 83 2.8.2 BBS Pseudorandom Bit Generator 83 2.9 Closing Remarks 84 2.10 Exercises 85 2.10.1 Discussions 85 2.10.2 Homework 85 3 Public-Key Cryptography and Key Management 93 3.1 Concepts of Public-Key Cryptography 93 3.2 Elementary Concepts and Theorems in Number Theory 95 3.2.1 Modular Arithmetic and Congruence Relations 96 3.2.2 Modular Inverse 96 3.2.3 Primitive Roots 98 3.2.4 Fast Modular Exponentiation 98 3.2.5 Finding Large Prime Numbers 100 3.2.6 The Chinese Remainder Theorem 101 3.2.7 Finite Continued Fractions 102 3.3 Diffie-Hellman Key Exchange 103 3.3.1 Key Exchange Protocol 103 3.3.2 Man-in-the-Middle Attacks 104 3.3.3 Elgamal PKC 106 3.4 RSA Cryptosystem 106 3.4.1 RSA Key Pairs, Encryptions, and Decryptions 106 3.4.2 RSA Parameter Attacks 109 3.4.3 RSA Challenge Numbers 112 3.5 Elliptic-Curve Cryptography 113 3.5.1 Commutative Groups on Elliptic Curves 113 3.5.2 Discrete Elliptic Curves 115 3.5.3 ECC Encodings 116 3.5.4 ECC Encryption and Decryption 117 3.5.5 ECC Key Exchange 118 3.5.6 ECC Strength 118 3.6 Key Distributions and Management 118 3.6.1 Master Keys and Session Keys 119 3.6.2 Public-Key Certificates 119 3.6.3 CA Networks 120 3.6.4 Key Rings 121 3.7 Closing Remarks 123 3.8 Exercises 123 3.8.1 Discussions 123 3.8.2 Homework 124 4 Data Authentication 129 4.1 Cryptographic Hash Functions 129 4.1.1 Design Criteria of Cryptographic Hash Functions 130 4.1.2 Quest for Cryptographic Hash Functions 131 4.1.3 Basic Structure of Standard Hash Functions 132 4.1.4 SHA-512 132 4.1.5 WHIRLPOOL 135 4.1.6 SHA-3 Standard 139 4.2 Cryptographic Checksums 143 4.2.1 Exclusive-OR Cryptographic Checksums 143 4.2.2 Design Criteria of MAC Algorithms 144 4.2.3 Data Authentication Algorithm 144 4.3 HMAC 144 4.3.1 Design Criteria of HMAC 144 4.3.2 HMAC Algorithm 145 4.4 Birthday Attacks 145 4.4.1 Complexity of Breaking Strong Collision Resistance 146 4.4.2 Set Intersection Attack 147 4.5 Digital Signature Standard 149 4.5.1 Signing 149 4.5.2 Signature Verifying 150 4.5.3 Correctness Proof of Signature Verification 150 4.5.4 Security Strength of DSS 151 4.6 Dual Signatures and Electronic Transactions 151 4.6.1 Dual Signature Applications 152 4.6.2 Dual Signatures and Electronic Transactions 152 4.7 Blind Signatures and Electronic Cash 153 4.7.1 RSA Blind Signatures 153 4.7.2 Electronic Cash 154 4.7.3 Bitcoin 156 4.8 Closing Remarks 158 4.9 Exercises 158 4.9.1 Discussions 158 4.9.2 Homework 158 5 Network Security Protocols in Practice 165 5.1 Crypto Placements in Networks 165 5.1.1 Crypto Placement at the Application Layer 168 5.1.2 Crypto Placement at the Transport Layer 168 5.1.3 Crypto Placement at the Network Layer 168 5.1.4 Crypto Placement at the Data-Link Layer 169 5.1.5 Implementations of Crypto Algorithms 169 5.2 Public-Key Infrastructure 170 5.2.1 X.509 Public-Key Infrastructure 170 5.2.2 X.509 Certificate Formats 171 5.3 IPsec: A Security Protocol at the Network Layer 173 5.3.1 Security Association 173 5.3.2 Application Modes and Security Associations 174 5.3.3 AH Format 176 5.3.4 ESP Format 178 5.3.5 Secret Key Determination and Distribution 179 5.4 SSL/TLS: Security Protocols at the Transport Layer 183 5.4.1 SSL Handshake Protocol 184 5.4.2 SSL Record Protocol 187 5.5 PGP and S/MIME: Email Security Protocols 188 5.5.1 Basic Email Security Mechanisms 189 5.5.2 PGP 190 5.5.3 S/MIME 191 5.6 Kerberos: An Authentication Protocol 192 5.6.1 Basic Ideas 192 5.6.2 Single-Realm Kerberos 193 5.6.3 Multiple-Realm Kerberos 195 5.7 SSH: Security Protocols for Remote Logins 197 5.8 Electronic Voting Protocols 198 5.8.1 Interactive Proofs 198 5.8.2 Re-encryption Schemes 199 5.8.3 Threshold Cryptography 200 5.8.4 The Helios Voting Protocol 202 5.9 Closing Remarks 204 5.10 Exercises 204 5.10.1 Discussions 204 5.10.2 Homework 204 6 Wireless Network Security 211 6.1 Wireless Communications and 802.11 WLAN Standards 211 6.1.1 WLAN Architecture 212 6.1.2 802.11 Essentials 213 6.1.3 Wireless Security Vulnerabilities 214 6.2 Wired Equivalent Privacy 215 6.2.1 Device Authentication and Access Control 215 6.2.2 Data Integrity Check 215 6.2.3 LLC Frame Encryption 216 6.2.4 Security Flaws of WEP 218 6.3 Wi-Fi Protected Access 221 6.3.1 Device Authentication and Access Controls 221 6.3.2 TKIP Key Generations 222 6.3.3 TKIP Message Integrity Code 224 6.3.4 TKIP Key Mixing 226 6.3.5 WPA Encryption and Decryption 229 6.3.6 WPA Security Strength and Weaknesses 229 6.4 IEEE 802.11i/WPA2 230 6.4.1 Key Generations 231 6.4.2 CCMP Encryptions and MIC 231 6.4.3 802.11i Security Strength and Weaknesses 232 6.5 Bluetooth Security 233 6.5.1 Piconets 233 6.5.2 Secure Pairings 235 6.5.3 SAFER+ Block Ciphers 235 6.5.4 Bluetooth Algorithms E1, E21, and E22 238 6.5.5 Bluetooth Authentication 240 6.5.6 A PIN Cracking Attack 241 6.5.7 Bluetooth Secure Simple Pairing 242 6.6 ZigBee Security 243 6.6.1 Joining a Network 243 6.6.2 Authentication 244 6.6.3 Key Establishment 244 6.6.4 Communication Security 245 6.7 Wireless Mesh Network Security 245 6.7.1 Blackhole Attacks 247 6.7.2 Wormhole Attacks 247 6.7.3 Rushing Attacks 247 6.7.4 Route-Error-Injection Attacks 247 6.8 Closing Remarks 248 6.9 Exercises 248 6.9.1 Discussions 248 6.9.2 Homework 248 7 Cloud Security 253 7.1 The Cloud Service Models 253 7.1.1 The REST Architecture 254 7.1.2 Software-as-a-Service 254 7.1.3 Platform-as-a-Service 254 7.1.4 Infrastructure-as-a-Service 254 7.1.5 Storage-as-a-Service 255 7.2 Cloud Security Models 255 7.2.1 Trusted-Third-Party 255 7.2.2 Honest-but-Curious 255 7.2.3 Semi-Honest-but-Curious 255 7.3 Multiple Tenancy 256 7.3.1 Virtualization 256 7.3.2 Attacks 258 7.4 Access Control 258 7.4.1 Access Control in Trusted Clouds 259 7.4.2 Access Control in Untrusted Clouds 260 7.5 Coping with Untrusted Clouds 263 7.5.1 Proofs of Storage 264 7.5.2 Secure Multiparty Computation 265 7.5.3 Oblivious Random Access Machines 268 7.6 Searchable Encryption 271 7.6.1 Keyword Search 271 7.6.2 Phrase Search 274 7.6.3 Searchable Encryption Attacks 275 7.6.4 Searchable Symmetric Encryptions for the SHBC Clouds 276 7.7 Closing Remarks 280 7.8 Exercises 280 7.8.1 Discussions 280 7.8.2 Homework 280 8 Network Perimeter Security 283 8.1 General Firewall Framework 284 8.2 Packet Filters 285 8.2.1 Stateless Filtering 285 8.2.2 Stateful Filtering 287 8.3 Circuit Gateways 288 8.3.1 Basic Structures 288 8.3.2 SOCKS 290 8.4 Application Gateways 290 8.4.1 Cache Gateways 291 8.4.2 Stateful Packet Inspections 291 8.5 Trusted Systems and Bastion Hosts 291 8.5.1 Trusted Operating Systems 292 8.5.2 Bastion hosts and Gateways 293 8.6 Firewall Configurations 294 8.6.1 Single-Homed Bastion Host System 294 8.6.2 Dual-Homed Bastion Host System 294 8.6.3 Screened Subnets 296 8.6.4 Demilitarized Zones 297 8.6.5 Network Security Topology 297 8.7 Network Address Translations 298 8.7.1 Dynamic NAT 298 8.7.2 Virtual Local Area Networks 298 8.7.3 Small Office and Home Office Firewalls 299 8.8 Setting Up Firewalls 299 8.8.1 Security Policy 300 8.8.2 Building a Linux Stateless Packet Filter 300 8.9 Closing Remarks 301 8.10 Exercises 301 8.10.1 Discussions 301 8.10.2 Homework 302 9 Intrusion Detections 309 9.1 Basic Ideas of Intrusion Detection 309 9.1.1 Basic Methodology 310 9.1.2 Auditing 311 9.1.3 IDS Components 312 9.1.4 IDS Architecture 313 9.1.5 Intrusion Detection Policies 315 9.1.6 Unacceptable Behaviors 316 9.2 Network-Based Detections and Host-Based Detections 316 9.2.1 Network-Based Detections 317 9.2.2 Host-Based Detections 318 9.3 Signature Detections 319 9.3.1 Network Signatures 320 9.3.2 Host-Based Signatures 321 9.3.3 Outsider Behaviors and Insider Misuses 322 9.3.4 Signature Detection Systems 323 9.4 Statistical Analysis 324 9.4.1 Event Counter 324 9.4.2 Event Gauge 324 9.4.3 Event Timer 325 9.4.4 Resource Utilization 325 9.4.5 Statistical Techniques 325 9.5 Behavioral Data Forensics 325 9.5.1 Data Mining Techniques 326 9.5.2 A Behavioral Data Forensic Example 326 9.6 Honeypots 327 9.6.1 Types of Honeypots 327 9.6.2 Honeyd 328 9.6.3 MWCollect Projects 331 9.6.4 Honeynet Projects 331 9.7 Closing Remarks 331 9.8 Exercises 332 9.8.1 Discussions 332 9.8.2 Homework 332 10 The Art of Anti-Malicious Software 337 10.1 Viruses 337 10.1.1 Virus Types 338 10.1.2 Virus Infection Schemes 340 10.1.3 Virus Structures 341 10.1.4 Compressor Viruses 342 10.1.5 Virus Disseminations 343 10.1.6 Win32 Virus Infection Dissection 344 10.1.7 Virus Creation Toolkits 345 10.2 Worms 346 10.2.1 Common Worm Types 346 10.2.2 The Morris Worm 346 10.2.3 The Melissa Worm 347 10.2.4 The Code Red Worm 348 10.2.5 The Conficker Worm 348 10.2.6 Other Worms Targeted at Microsoft Products 349 10.2.7 Email Attachments 350 10.3 Trojans 351 10.3.1 Ransomware 353 10.4 Malware Defense 353 10.4.1 Standard Scanning Methods 354 10.4.2 Anti-Malicious-Software Products 354 10.4.3 Malware Emulator 355 10.5 Hoaxes 356 10.6 Peer-to-Peer Security 357 10.6.1 P2P Security Vulnerabilities 357 10.6.2 P2P Security Measures 359 10.6.3 Instant Messaging 359 10.6.4 Anonymous Networks 359 10.7 Web Security 360 10.7.1 Basic Types of Web Documents 361 10.7.2 Security of Web Documents 362 10.7.3 ActiveX 363 10.7.4 Cookies 364 10.7.5 Spyware 365 10.7.6 AJAX Security 365 10.7.7 Safe Web Surfing 367 10.8 Distributed Denial-of-Service Attacks 367 10.8.1 Master-Slave DDoS Attacks 367 10.8.2 Master-Slave-Reflector DDoS Attacks 367 10.8.3 DDoS Attacks Countermeasures 368 10.9 Closing Remarks 370 10.10 Exercises 370 10.10.1 Discussions 370 10.10.2 Homework 370 Appendix A 7-bit ASCII code 377 Appendix B SHA-512 Constants (in Hexadecimal) 379 Appendix C Data Compression Using ZIP 381 Exercise 382 Appendix D Base64 Encoding 383 Exercise 384 Appendix E Cracking WEP Keys Using WEPCrack 385 E.1 System Setup 385 AP 385 Trim Size: 170mm x 244mm Wang ftoc.tex V1 - 04/21/2015 10:14 P.M. Page xiv xiv Contents User’s Network Card 385 Attacker’s Network Card 386 E.2 Experiment Details 386 Step 1: Initial Setup 386 Step 2: Attacker Setup 387 Step 3: Collecting Weak Initialization Vectors 387 Step 4: Cracking 387 E.3 Sample Code 388 Appendix F Acronyms 393 Further Reading 399 Index 406
Jie Wang, University of Massachusetts Lowell, USZachary A. Kissel, Merrimack College, US
Updated with recent advances in network security, Introduction to Network Security covers basic concepts and practical applications, providing students with a solid base on which to build critical thinking skills. It features useful sections on cloud and utility computing in addition to home and business network settings. Readers will first gain an overview of network security before progressing to security threats, key protocols and network perimeter defenses. The book finally concludes with cloud security and anti-malicious software, hot topics in both industry and academia. Comprehensively covers fundamental concepts with newer topics such as electronic cash, bit-coin, P2P, SHA-3, E-voting, and Zigbee security Fully updated to reflect new developments in network security Introduces a chapter on Cloud security, a very popular and essential topic Uses everyday examples that most computer users experience to illustrate important principles and mechanisms Features a companion website with Powerpoint slides for lectures and solution manuals to selected exercise problems, available at http://www.cs.uml.edu/~wang/NetSec Introduction to Network Security: Theory and Practice remains an essential textbook for upper level undergraduate and graduate students in computer science. IT professionals and agencies interested in the wider area of network security will find it a comprehensive reference text. "A beneficial introduction to network security [... and] a useful textbook for network security."—ACM Computing Reviews "An interesting and well-written overview of a variety of aspects of network security [...] recommended to all theoreticians and practitioners that would like to have available a comprehensive compendium treating modern network security."—Zentralblatt MATH

Diese Produkte könnten Sie auch interessieren:

CCNA Cloud Complete Study Guide
CCNA Cloud Complete Study Guide
von: Todd Montgomery, Stephen Olson
PDF ebook
40,99 €
CCNA Cloud Complete Study Guide
CCNA Cloud Complete Study Guide
von: Todd Montgomery, Stephen Olson
EPUB ebook
40,99 €