网络安全_计算机网络通信，安全_计算机类_最新资料_得益网

黑客VS网管大作战

2008-11-14 13:35:57

黑客VS网管大作战
共12集高清视频
包含华夏黑客同盟,绿色军团等著名黑客组织2008年VIP精华视频.
配语音讲解
资料不含任何黑客软件(己删除黑客工具,仅保留了高清视频)
资料仅供技术研究,误用于实战.

华夏黑客同盟VIP会员班2008下半年精华视频合集

2008-11-13 11:44:59

华夏黑客同盟VIP会员班2008下半年精华视频合集
共12集,包含:regsnap的使用,autoruns的使用,批处理保护CMD等实用高清晰视频教程.
注:本资料全部为高清晰视频教程,不含任何黑客工具.

snort源码分析

2008-07-29 10:57:13

第一章系统架构总概.pdf
第二章系统初始化.pdf
第三章打开数据截获接口.pdf
第四章插件初始化.pdf
第五章检测规则初始化引擎.pdf
第六章构建规则快速配匹引擎.pdf
第七章数据包处理.pdf
Snort学习笔记.htm
snort学习笔记和函数说明.htm
基于snort的入侵检测系统.doc
源码分析.doc
Snort 中文手册.htm

Cryptography and Security Services Mechanisms and Applications

2008-07-24 08:41:29

Foreword........................................................................................................................ x
Preface...........................................................................................................................xi
Acknowledgment..........................................................................................................xv
Chapter I. Classic Cryptography................................................................................. 1
Classic Cryptography...................................................................................................... 1
Objectives........................................................................................................................ 1
Introduction..................................................................................................................... 1
Classic Cipher Techniques............................................................................................... 3
Early Cipher Machines.................................................................................................... 6
Cryptanalysis in World War II....................................................................................... 12
Summary........................................................................................................................ 12
Learning Objectives Review.......................................................................................... 13
References..................................................................................................................... 14
Chapter II. Information Assurance............................................................................ 15
Information Assistance................................................................................................... 15
Objectives...................................................................................................................... 15
Introduction................................................................................................................... 15
Computer Network Architecture.................................................................................... 16
iv
The OSI Model............................................................................................................... 17
The TCP/IP Model......................................................................................................... 20
Security Policies, Services, and Mechanisms................................................................ 22
Placeholder Names Used in Cryptography................................................................... 26
The Transformation of the Crypto Industry................................................................... 27
U.S. Export Regulations for Encryption Equipment...................................................... 29
Summary........................................................................................................................ 30
Learning Objectives Review.......................................................................................... 31
References..................................................................................................................... 32
Chapter III. Number Theory and Finite Fields........................................................ 33
Number Theory and Finite Fields.................................................................................. 33
Objectives...................................................................................................................... 33
Introduction................................................................................................................... 33
Principle of Counting..................................................................................................... 34
Exponentiation and Prime Numbers.............................................................................. 35
The Euclidean Algorithm............................................................................................... 35
Congruence Arithmetic.................................................................................................. 36
Summary of Properties................................................................................................... 41
Calculation of the Reciprocal (Multiplicative Inverse).................................................42
Multiplication and Exponentiation in Modulo p............................................................ 43
RSA Algorithm................................................................................................................ 45
Finite Fields................................................................................................................... 45
Boolean Binary Expressions.......................................................................................... 48
Summary........................................................................................................................ 49
Learning Objectives Review.......................................................................................... 49
References..................................................................................................................... 50
Chapter IV. Confidentiality: Symmetric Encryption................................................51
Confidentiality: Symmetric Encryption.......................................................................... 51
Objectives...................................................................................................................... 51
Introduction................................................................................................................... 52
Crypto Systems............................................................................................................... 54
Stream Cypher Symmetric Encryption...........................................................................54
Basic Theory of Enciphering......................................................................................... 58
Perfect Secrecy............................................................................................................... 62
Shift Registers................................................................................................................ 64
Block Encryption Algorithms......................................................................................... 80
Block Cipher Modes of Operation................................................................................. 90
Summary........................................................................................................................ 97
Learning Objectives Review.......................................................................................... 97
References..................................................................................................................... 99
Chapter V. Confidentiality: Asymmetric Encryption............................................. 101
Confidentiality: Asymmetric Encryption......................................................................101
Objectives..................................................................................................................... 101
Introduction.................................................................................................................. 102
Exponentiation and Public-Key Ciphers..................................................................... 104
Pohlig-Hellman Algorithm........................................................................................... 105
The RSA Algorithm....................................................................................................... 106
ElGamal Algorithm...................................................................................................... 109
Key Management......................................................................................................... 110
Security Services and Public-Key Encryption............................................................. 110
Combining Asymmetric and Symmetric Ciphers......................................................... 110
The Diffie-Hellman Key Agreement System..................................................................111
The Diffie-Hellman Key Agreement Method................................................................ 114
The RSA Key Transport System.................................................................................... 115
Variation of ElGamal System....................................................................................... 116
Summary...................................................................................................................... 118
Learning Objectives Review........................................................................................ 119
References.................................................................................................................... 121
Chapter VI. Integrity and Authentication............................................................... 122
Integrity and Authentication........................................................................................ 122
Objectives..................................................................................................................... 122
Introduction.................................................................................................................. 123
Message Authentication Code (MAC)......................................................................... 123
Hash Functions............................................................................................................ 125
Secure Hash Standard.................................................................................................. 127
Secure Hash Algorithm: SHA-1................................................................................... 131
MD5 Message Digest Algorithm.................................................................................. 137
Keyed-Hash Message Authentication Code (HMAC).................................................. 138
Authentication (Digital Signatures)............................................................................. 141
Digital Signature Standard (FIPS 186-2).................................................................... 143
Digital Signature Algorithm (ANSI X9.30).................................................................. 143
RSA Digital Signature (ANSI X9.31)........................................................................... 145
Elliptic Curve Digital Signature Algorithm (ANSI X9.62)........................................... 146
ElGamal Digital Signature.......................................................................................... 146
Summary...................................................................................................................... 148
Learning Objectives Review........................................................................................ 148
References.................................................................................................................... 150
Chapter VII. Access Authentication.........................................................................152
Access Authentication.................................................................................................. 152
Objectives..................................................................................................................... 152
Introduction.................................................................................................................. 153
Authentication Concepts.............................................................................................. 154
IEEE 802.1X Authentication........................................................................................ 155
Extensible Authentication Protocol (EAP)................................................................... 157
Other Password Mechanisms....................................................................................... 167
Password Security Considerations.............................................................................. 169
EAP Authentication Servers......................................................................................... 171
Remote Authentication Dial-In User Service (RADIUS)............................................. 171
Needham and Schroeder.............................................................................................. 173
Kerberos....................................................................................................................... 174
ITU-T X.509: Authentication Framework.................................................................... 177
Hash and Encryption Recommendations..................................................................... 182
Summary...................................................................................................................... 184
Learning Objectives Review........................................................................................ 185
References.................................................................................................................... 187
Chapter VIII. Elliptic Curve Cryptography...........................................................189
Elliptic Curve Cryptography........................................................................................ 189
Objectives..................................................................................................................... 189
Introduction.................................................................................................................. 190
Finite Fields................................................................................................................. 192
Elliptic Curves and Points........................................................................................... 193
Arithmetic in an Elliptic Curve Group over Fp............................................................194
Arithmetic in an Elliptic Curve Group over F2
m..........................................................196
Order of a Point........................................................................................................... 198
Curve Order................................................................................................................. 199
Selecting an Elliptic Curve and G, the Generator Point............................................. 199
Elliptic Curve Domain Parameters............................................................................. 200
Elliptic Curve Domain Parameters over Fp.................................................................201
Elliptic Curve Domain Parameters over F2
m...............................................................202
Cryptography Using Elliptic Curves........................................................................... 202
Attacks on the Elliptic Curve Discrete Logarithm Problem (ECDLP)........................ 203
Public Key Systems Public Key Size Comparisons...................................................... 206
Software Implementations............................................................................................ 207
Key Pair Generation.................................................................................................... 207
Enciphering and Deciphering a Message Using ElGamal.......................................... 208
ECDH Key Agreement................................................................................................. 210
ECDSA Signature Generation...................................................................................... 211
ECDSA Signature Verification..................................................................................... 211
EC Cipher Suites.......................................................................................................... 212
Summary...................................................................................................................... 214
Learning Objectives Review........................................................................................ 214
References.................................................................................................................... 215
Chapter IX. Certificates and Public Key Infrastructure........................................ 217
Certificates and Public Key Infrastructure.................................................................. 217
Objectives..................................................................................................................... 217
Introduction.................................................................................................................. 218
X.509 Basic Certificate Fields..................................................................................... 219
RSA Certification......................................................................................................... 220
Cylink (Seek) Certification........................................................................................... 220
Cylink Certification Based on ElGamal....................................................................... 222
Variation of ElGamal Certification.............................................................................. 223
Public-Key Infrastructure (PKI).................................................................................. 226
PKI Management Model.............................................................................................. 227
PKI Management Requirements..................................................................................230
Certificate Life-Cycle................................................................................................... 231
PKI Management Operations...................................................................................... 231
CRL Basic Fields......................................................................................................... 236
CA Trust Models.......................................................................................................... 237
Encryption Algorithms Supported in PKI....................................................................240
Private Key Proof of Possession (POP)...................................................................... 242
Two Models for PKI Deployment................................................................................. 242
Summary...................................................................................................................... 243
Learning Objectives Review........................................................................................ 243
References.................................................................................................................... 245
Chapter X. Electronic Mail Security........................................................................ 246
Electronic Mail Security..............................................................................................246
Objectives..................................................................................................................... 246
Introduction.................................................................................................................. 247
Pretty Good Privacy (PGP)......................................................................................... 247
PGP E-Mail Compatibility.......................................................................................... 248
RADIX 64: E-Mail Format Compatibility................................................................... 248
E-Mail Size Compatibility............................................................................................ 250
Key Rings..................................................................................................................... 250
PGP Digital Certificates.............................................................................................. 251
Establishment of Trust................................................................................................. 253
Secure MIME (S/MIME).............................................................................................. 256
S/MIME Message Formats.......................................................................................... 258
Creating a Signed-Only Message................................................................................ 258
Creating a Enveloped-Only Message..........................................................................261
Signed and Enveloped MIME Entities......................................................................... 262
Summary...................................................................................................................... 262
Learning Objectives Review........................................................................................ 263
References.................................................................................................................... 265
Chapter XI. VPNS and IPSEC.................................................................................266
VPNS and IPSEC......................................................................................................... 266
Objectives..................................................................................................................... 266
Introduction.................................................................................................................. 267
VPN Services................................................................................................................ 268
IP Tunneling Mechanisms............................................................................................ 269
IPsec ........................................................................................................................... 269
IPsec Architecture........................................................................................................ 270
IPsec Protocols............................................................................................................ 271
IPsec Negotiation......................................................................................................... 272
Security Associations................................................................................................... 273
Security Protocols........................................................................................................ 274
Authentication Header................................................................................................. 275
Encapsulating Security Protocol (ESP).......................................................................277
AH and ESP Modes of Operation................................................................................ 280
Algorithms for Encryption and Authentication in IPsec.............................................. 281
Internet Key Exchange (IKE v2).................................................................................. 281
IKE Message Exchanges.............................................................................................. 283
IKE_SA_INIT............................................................................................................... 284
IKE_SA_AUTH............................................................................................................ 285
CREATE_CHILD_SAs................................................................................................. 286
Informational Exchange in IKE................................................................................... 288
Integrity and Authentication in IKE............................................................................. 290
Diffie-Hellman Group Descriptors.............................................................................. 291
IPsec and IKE v2 Identifiers........................................................................................ 293
Summary...................................................................................................................... 297
Learning Objectives Review........................................................................................ 297
References.................................................................................................................... 299
Chapter XII. TLS, SSL, and SET.............................................................................300
TLS, SSL, and SET....................................................................................................... 300
Objectives..................................................................................................................... 300
Introduction.................................................................................................................. 301
Transport Layer Security (TLS)................................................................................... 302
Handshake Protocol..................................................................................................... 305
Alert Message Protocol................................................................................................ 312
Change Cipher Spec Protocol...................................................................................... 313
Application Protocol.................................................................................................... 313
SSL VPN.......................................................................................................................314
Secure Electronic Transaction Protocol (SET)............................................................ 315
Summary...................................................................................................................... 330
Learning Objectives Review........................................................................................ 331
References.................................................................................................................... 332
Chapter XIII. Web Services Security....................................................................... 334
Web Services Security..................................................................................................334
Objectives..................................................................................................................... 334
Web Services................................................................................................................ 335
Extensible Markup Language, XML............................................................................ 338
Simple Object Access Protocol (SOAP)....................................................................... 341
Universal Discovery, Description, and Integration (UDDI)....................................... 342
Web Services Description Language, WSDL............................................................... 343
Web Services Security..................................................................................................344
XML Security............................................................................................................... 345
XML Encryption........................................................................................................... 345
XML Signature............................................................................................................. 361
XML Key Management Specification........................................................................... 375
Security Assertion Markup Languages (SAML).......................................................... 389
Web Services Security Language (WS-Security).......................................................... 395
Summary...................................................................................................................... 405
Learning Objectives Review........................................................................................ 406
References.................................................................................................................... 407
Chapter XIV. Wireless Security................................................................................ 409
Wireless Security.......................................................................................................... 409
Objectives..................................................................................................................... 409
Introduction.................................................................................................................. 409
WIMAX......................................................................................................................... 411
WIMAX (IEEE 802.16e) Security................................................................................ 412
Wi-Fi ........................................................................................................................... 420
IEE802.11 Wireless LAN.............................................................................................. 422
802.11i: WLAN Security Enhancement........................................................................ 424
Wi-Fi Protected Access (WPA or WPA1) and WPA2.................................................... 425
Bluetooth...................................................................................................................... 436
Summary...................................................................................................................... 443
Learning Objectives Review........................................................................................ 444
References.................................................................................................................... 445
Glossary of Terms...................................................................................................... 447
About the Author....................................................................................................... 467
Index ........................................................................................................................... 468

sniiffer高手系列1

2008-07-22 19:24:05

sniiffer高手系列1

sniffer高手系列5(完成)

2008-07-22 16:49:13

sniffer高手系列5

sniffer高手系列4

2008-07-22 16:19:19

sniffer高手系列4

sniffer高手系列3

2008-07-22 15:49:49

sniffer高手系列3

网络安全技术与反黑

2008-07-15 17:16:26

本书是一本关于网络安全方面书籍。全书共分为：网络安全以及黑客两部分。网络安全部分由浅入深地向读者介绍了网络安全的重要性，并从理论和实际结合的角度出发，详细介绍了防火墙的作用、设计、分类、配置以及一些新技术。黑客部分主要以巧妙的攻击实例在安全漏洞方面给读者全面的启示，并针对网络漏洞完善网络安全措施。本书内容新颖，通俗易懂。适于普通网络爱好者和专业网络管理人员等各种层次的读者阅读。

光纤熔接

2008-07-14 13:01:12

请可一看

<超级容易学电脑——系统优化、病毒防治与防黑防黑>视频教程

2008-07-14 10:52:28

超级容易学电脑——系统优化、病毒防治与防黑
本视频主要讲述系统优化,病毒防治和防黑(防人之心不可无).害人之心不可有,不讲述病毒的具体原理.只讲要怎么做来确保本机的安全.

Google Hacking for Penetration Testers, Volume 2

2008-06-24 20:09:35

目录内容如下：
Contents
Chapter 1 Google Searching Basics . . . . . . . . . . . . . . . . . . . 1
Chapter 2 Advanced Operators . . . . . . . . . . . . . . . . . . . . . 49
Chapter 3 Google Hacking Basics . . . . . . . . . . . . . . . . . . . 93
Chapter 4 Document Grinding and Database Digging . . . . .121
Chapter 5 Google’s Part in an Information Collection Framework . . 161
Chapter 6 Locating Exploits and Finding Targets . . . . . 223
Chapter 7 Ten Simple Security Searches That Work . . . 263
Chapter 8 Tracking Down Web Servers,Login Portals, and Network Hardware . . .281
Chapter 9 Usernames, Passwords,and Secret Stuff, Oh My! . . . . . . . . 345
Chapter 10 Hacking Google Services . . . . . . . . . . . . . . . 373
Chapter 11 Google Hacking Showcase . . . . . . . . . . . . . . 419
Chapter 12 Protecting Yourself from Google Hackers. . 479
Index . . . . . . . . . . . . . . . . . . . . 521

Computer Network Security

2008-06-11 01:23:42

Preface
The frequency of computer network attacks and the subsequent
sensational news reporting have alerted the public to the vulnerability
of computer networks and the dangers of not only using them but also
of depending on them. In addition, such activities and reports have put
society in a state of constant fear always expecting the next big one and
what it would involve, and forced people to focus on security issues.
The greatest fear among professionals however, is that of a public with
a hundred percent total dependency on computers and computer
networks becoming desensitized, having reached a level where they are
almost immune, where they no longer care about such fears. If this
ever happens, we the professionals, and society in general, as creators
of these networks, will have failed to ensure their security.
Unfortunately, there are already signs that this is beginning to
happen. We are steamrolling at full speed into total dependency on
computers and computer networks, yet despite the multiplicity of
sometimes confusing security solutions and best practices on the
market, numerous security experts and proclaimed good intentions of
implementation of these solutions, there is no one agreed on approach
to the network security problem. In fact, if the current computer
ownership, use, and dependency on computers and computer network
keep on track, the number of such attacks is likewise going to keep
rising at probably the same rate if not higher. Likewise the national
critical infrastructures will become more intertwined than they are now,
making the security of these systems a great priority for national and
individual security.
The picture we have painted here of total dependency worries many,
especially those in the security community. Without a doubt security
professionals are more worried about computer system security and
information security than the average computer user because they are
the people in the trenches on the forefront of the system security battle,
just as soldiers in a war might worry more about the prospects of a
successful outcome than would the general civilian population. They
are worried more because they know that whatever quantity of
resources we have as a society, we are not likely to achieve perfect
security because security is a continuous process based on a changing
technology. As the technology changes, security parameters, needs,
requirements, and standards change.We are playing a catch up game
whose outcome is uncertain and probably un-winnable.There are
several reasons for this.
First, the overwhelming number of computer network
vulnerabilities are software based resulting from either application or
system software. As anyone with a first course in software engineering
will tell you, it is impossible to test out all bugs in a software product
with billions of possible outcomes based on just a few inputs. So unlike
other branches of product engineering such as car and airplane
manufacturing, where one can test all possible outcomes from any given
inputs, it is impossible to do this in software. This results in an
unknown number of bugs in every software product. Yet the role of
software as the engine that drives these networks is undisputable and
growth of the software industry is only in its infancy.
Second, there is more computer proliferation and dependence on
computers and computer networks. As more people join cyberspace,
more system attacks are likely. This is evidenced in the recent spree of
cyber attacks. The rate of cyber vandalism both reported and unreported
is on the rise. Organized attacks such as "Solar Sunrise" on Defense
Department computers in February 1998, and computer viruses such as
Melissa, "I LOVE" and the "Blaster" and "Sobig" worms are
increasing. According to Carnegie Mellon University's CERT
Coordination Center, a federally funded emergency response team, the
number of security incidents handled by CERT was on the rise from
1,334 in 1993 to 82,094 by the end of 2002.
Third, it is extremely difficult to find a suitable security solution
although there are thousands of them, some very good and others not
worth mentioning. In the last several years, as security issues and
frequent system attacks have hit the news, there has been a tremendous
response from security firms and individuals to develop security
solutions and security best practices. However, as the number of
security solutions skyrocketed so did the confusion among security
experts on the best solutions for given situations.
Fourth, as in the case of security solutions, there has been an
oversupply of security experts, which is good in a situation where we
have more security problems on the rise. However, the more security
experts you get, the more diverse their answers become on security
issues. It is almost impossible to find two security experts agreeing on
the same security issues. This, together with the last concern, create a
sea of confusion.
When all these factors are put in place, the picture we get is a
gloomy one. It indicates, even in light of massive efforts since
September 11, 2001, and the numerous security solutions and security
experts, that we still have a poor state of cyberspace security, and
that the cyberspace resources are as vulnerable as ever, if not more so.
For example, the cyberspace infrastructure and communication
protocols are still inherently weak; there are no plans to educate the
average user in cyberspace to know the computer network
infrastructure, its weaknesses and vulnerabilities and how to fix them,
while our dependency on computers has not abetted; in fact it is on the
rise. Although we have a multitude of solutions, these solutions are for
already known vulnerabilities. Security history has shown us that
hackers do not always use existing scripts. Brand new attack scripts are
likely to continue, yet the only known remedy mechanisms and
solutions to the problem are patching loopholes after an attack has
occurred. Finally, although there are efforts to streamline reporting,
much of the effort is still voluntary.
More efforts and massive awareness, therefore, are needed to bring
the public to where they can be active participants in the fight for
cyberspace security. Although there has been more movement in
security awareness since the September 11, 2001 attacks on America,
thanks to the Department of Homeland Security and the President's
Critical Infrastructure Initiative, our task of educating the public and
enlisting their help is just beginning.
This book, a massive and comprehensive volume, is intended to
bring maximum awareness of cyberspace security, in general and
computer network security , in particular, and to suggest ways to deal
with the security situation. It does this comprehensively in four parts
and twenty chapters. Part I gives the reader an understanding of the
working of and the security situation of computer networks. Part I1
builds on this knowledge and exposes the reader to the prevailing
security situation based on a constant security threat. It surveys several
security threats. Part 111, the largest, forms the core of the book and
presents to the reader most of the best practices and solutions that are
currently in use. Part IV is for projects. In addition to the solutions,
several products and services are given for each security solution
under discussion.
In summary the book attempts to achieve the following objectives:
1 Educate the public about computer security in general
terms and computer network security in particular,
with reference to the Internet,
2 Alert the public to the magnitude of computer
network vulnerabilities, weaknesses, and loopholes
inherent in the computer network infrastructure
3 Bring to the public attention effective security best
practices and solutions, expert opinions on those
solutions, and the possibility of ad-hoc solutions
4 Look at the roles legislation, regulation, and
enforcement play in computer network security
efforts
5 Finally, initiate a debate on the future of cyberspace
security where it is still lacking.
Since the book covers a wide variety of security topics, solutions,
and best practices, it is intended to be both a teaching and a reference
tool for all interested in learning about computer network security
issues and available techniques to prevent cyber attacks. The depth
and thorough discussion and analysis of most of the computer network
security issues, together with the discussion of security solutions given,
makes the book a unique reference source of ideas for computer
network security personnel, network security policy makers, and
those reading for leisure. In addition the book provokes the reader by
raising valid legislative, legal, social, and ethical security issues
including the increasingly diminishing line between individual privacy
and the need for collective and individual security.
The book targets college students in computer science, information
science, technology studies, library sciences, engineering, and to a
lesser extent students in the arts and sciences who are interested in
information technology. In addition, students in information
management sciences will find the book particularly helpful.
Practitioners, especially those working in information-intensive areas,
will likewise find the book a good reference source. It will also be
valuable to those interested in any aspect of cyberspace security and
those simply wanting to become cyberspace literate.
Joseph Migga Kizza
Chattanooga, Tennessee

Contents

Preface xix
Part I: Understanding Computer Network Security
1 . Computer Network Fundamentals 3
1.1 Introduction 3
1.2 Computer Network Models 4
1.3 Computer Network Types 5
1.3.1 Local Area Network (LANs) 5
1.3.2 Wide Area Networks (WANs) 6
1.3.3 Metropolitan Area Networks (MANS) 7
1.4 Data Communication Media Technology 8
1.4.1 Transmission Technology 8
1.4.2 Transmission Media 11
1.5 Network Topology 15
1.5.1 Mesh 15
1.5.2 Tree 15
1.5.3 Bus 16
1.5.4 Star 17
1.5.5 Ring 18
1.6 Network Connectivity and Protocols 19
1.6.1 Open System Interconnection (OSI) Protocol Suite 20
1.6.2 Transport Control ProtocoVInternet Protocol (TCPIIP) Model . 22
1.7 Network Services 26
1.7.1 Connection Services 26
1.7.2 Network Switching Services 27
1.8 Network Connecting Devices 30
1.8.1 LAN Connecting Devices 30
1.8.2 Internetworking Devices 34
1.9 Network Technologies 39
1.9.1 LAN Technologies 39
1.9.2 WAN Technologies 42
1.9.3 Wireless LANs 45
1.10 Conclusion 46
1.1 1 References 46
1.12 Exercises 46
1.13 Advanced Exercises 47
2 . Understanding Network Security 49
2.1 What Is Network Security? 49
2.1.1 Physical Security 50
2.1.2 Pseudosecurity 52
2.2 What are we protecting? 53
2.2.1 Hardware 53
2.2.2 Software 53
2.3 Security Services 54
2.3.1 Access Control 54
2.3.2 Authentication 55
2.3.3 Confidentiality 57
2.3.4 Integrity 58
2.3.5 Non-repudiation 58
2.4 Security Standards 59
2.4.1 Security Standards Based on Type of Sewice/Industry 60
2.4.2 Security Standards Based on Size/Implementation 64
2.4.3 Security Standards Based on Interests 65
2.4.4 Best Practices in Security 67
2.5 Elements of Security 69
2.5.1 The Security Policy 69
2.5.2 Access Control 70
2.5.3 Strong Encryption Algorithms 70
2.5.4 Authentication Techniques 70
2.5.5 Auditing 72
2.6 References 72
2.7 Exercises 72
2.8 Advanced Exercises 73
Part 11: Security Challenges to Computer Networks
3 . Security Threats to Computer Networks 77
3.1 Introduction 77
3.2 Sources of Security Threats 79
3.2.1 Design Philosophy 79
3.2.2 Weaknesses in Network Infrastructure and Communication
Protocols 80
3.2.3 Rapid Growth of Cyberspace 84
3.2.4 The Growth of the Hacker Community 85
3.2.5 Vulnerability in Operating System Protocol 95
3.2.6 The Invisible Security Threat -The Insider Effect 95
3.2.7 Social Engineering 96
3.2.8 Physical Theft 97
3.3 Security Threat Motives 97
3.3.1 Terrorism 9 7
3.3.2 Military Espionage 9 8
3.3.3 Economic Espionage 9 8
3.3.4 Targeting the National Information Infrastructure 99
3.3.5 VendettaiRevenge 99
3.3.6 Hate (national origin, gender, and race) 100
3.3.7 Notoriety 100
3.3.8 Greed 100
3.3.9 Ignorance 100
3.4 Security Threat Management 100
3.4.1 Risk Assessment 101
3.4.2 Forensic Analysis 101
3.5 Security Threat Correlation 101
3.5.1 Threat Information Quality 102
3.6 Security Threat Awareness 103
3.7 References 104
3.8 Exercises 105
3.9 Advanced Exercises 106
4 . Computer Network Vulnerabilities 109
4.1 Definition 109
4.2 Sources of Vulnerabilities 109
4.2.1 Design Flaws 110
4.2.2 Poor Security Management 114
4.2.3 Incorrect Implementation 115
4.2.4 Internet Technology Vulnerability 117
4.2.5 Changing Nature of Hacker Technologies and Activities 120
4.2.6 Difficulty of Fixing Vulnerable Systems 122
4.2.7 Limits of Effectiveness of Reactive Solutions 122
4.2.8 Social Engineering 124
4.3 Vulnerability Assessment 126
4.3.1 Vulnerability Assessment Services 126
4.3.2 Advantages of Vulnerability Assessment Services 128
4.4 References 128
4.5 Exercises 129
4.6 Advanced Exercises 129
5 . Cyber Crimes and Hackers 131
5.1 Introduction 131
5.2 Cyber Crimes 132
5.2.1 Ways of Executing Cyber Crimes 133
5.2.2 Cyber Criminals 136
5.3 Hackers 137
5.3.1 History of Hacking 138
5.3.2 Types of Hackers 141
5.3.3 Hacker Motives 145
5.3.4 Hacking Topologies 149
5.3.5 Hackers' Tools of System Exploitation 153
5.3.6 Types of Attacks 157
5.4 Dealing with the Rising Tide of Cyber Crimes 158
5.4.1 Prevention 158
5.4.2 Detection 159
5.4.3 Recovery 159
5.5 Conclusion 160
5.6 References 160
5.7 Exercises 162
5.8 Advanced Exercises 162
6 . Hostile Scripts 163
6.1 Introduction 163
6.2 Introduction to the Common Gateway Interface (CGI) 164
6.3 CGI Scripts in a Three-Way Handshake 165
6.4 Server - CGI Interface 167
6.5 CGI Script Security Issues 168
6.6 Web Script Security Issues 170
6.7 Dealing with the Script Security Problems 170
6.8 Scripting Languages 171
6.8.1 Server-Side Scripting Languages 171
6.8.2 Client-Side Scripting Languages 173
6.9 References 175
6.10 Exercises 175
6.1 1 Advanced Exercises 175
7 . Security Assessment. Analysis. and Assurance 177
7.1 Introduction 177
7.2 System Security Policy 178
7.3 Building a Security Policy 181
7.3.1 Security Policy Access Rights Matrix 182
7.3.2 Policy and Procedures 185
7.4 Security Requirements Specification 189
7.5 Threat Identification 190
7.5.1 Human Factors 191
7.5.2 Natural Disasters 192
7.5.3 Infrastructure Failures 192
7.6 Threat Analysis 195
7.6.1 Approaches to Security Threat Analysis 196
7.7 Vulnerability Identification and Assessment 197
7.7.1 Hardware 197
7.7.2 Software 197
7.7.3 Humanware 199
7.7.4 Policies, Procedures, and Practices 200
7.8 Security Certification 201
7.8.1 Phases of a Certification Process 201
7.8.2 Benefits of Security Certification 202
7.9 Security Monitoring and Auditing 202
7.9.1 Monitoring Tools 203
7.9.2 Type of Data Gathered 204
7.9.3 Analyzed Information 204
7.9.4 Auditing 205
7.10 Products and Services 205
7.11 References 206
7.12 Exercises 206
7.13 Advanced Exercises 207
Part 111: Dealing with Network Security Challenges
8 . Access Control and Authorization 209
8.1 Definitions 209
8.2 Access Rights 210
8.2.1 Access Control Techniques and Technologies 212
8.3 Access Control Systems 218
8.3.1 Physical Access Control 218
8.3.2 Access Cards 2 1 8
8.3.3 Electronic Surveillance 219
8.3.4 Biometrics 220
8.3.5 Event Monitoring 223
8.4 Authorization 224
8.4.1 Authorization Mechanisms 225
8.5 Types of Authorization Systems 226
8.5.1 Centralized 226
8.5.2 Decentralized 2 2 7
8.5.3 Implicit 227
8.5.4 Explicit 227
8.6 Authorization Principles 228
8.6.1 Least Privileges 228
8.6.2 Separation of Duties 228
8.7 Authorization Granularity 229
8.7.1 Fine Grain Authorization 229
8.7.2 Coarse Grain Authorization 229
8.8 Web Access and Authorization 230
8.9 References 231
8.10 Exercises 231
8.1 1 Advanced Exercises 232
9 . Authentication 233
9.1 Definition 233
9.2 Multiple Factors and Effectiveness of Authentication 235
9.3 Authentication Elements 237
9.3.1 Person or Group Seeking Authentication 237
9.3.2 Distinguishing Characteristics for Authentication 237
9.3.3 The Authenticator 238
9.3.4 The Authentication Mechanism 238
9.3.5 Access Control Mechanism 239
9.4 Types of Authentication 239
9.4.1 Non-repudiable Authentication 239
9.4.2 Repudiable Authentication 241
9.5 Authentication Methods 241
9.5.1 Password Authentication 241
9.5.2 Public Key Authentication 245
9.5.3 Remote Authentication 249
9.5.4 Anonymous Authentication 251
9.5.5 Digital Signatures-Based Authentication 251
9.5.6 Wireless Authentication 252
9.6 Developing an Authentication Policy 252
9.7 References 254
9.8 Exercises 255
9.9 Advanced Exercises 255
10 . Cryptography 257
10.1 Definition 257
10.1.1 Block Ciphers 259
10.2 Symmetric Encryption 261
10.2.1 Symmetric Encryption Algorithms 262
10.2.2 Problems with Symmetric Encryption 264
10.3 Public Key Encryption 265
10.3.1 Public Key Encryption Algorithms 268
10.3.2 Problems with Public Key Encryption 268
10.3.3 Public Key Encryption Services 269
10.4 Enhancing Security: Combining Symmetric and Public Key
Encryptions 269
10.5 Key Management: Generation, Transportation, and Distribution 269
10.5.1 The Key Exchange Problem 270
10.5.2 Key Distribution Centers (KDCs) 271
10.5.3 Public Key Management 273
10.5.4 KeyEscrow 276
10.6 Public Key Infrastructure (Pa) 277
10.6.1 Certificates 277
10.6.2 Certificate Authority 278
10.6.3 Registration Authority (RA) 278
10.6.4 Lightweight Directory Access Protocols (LDAP) 278
10.6.5 Role of Cryptography in Communication 278
10.7 Hash Function 279
10.8 Digital Signatures 280
10.9 References 282
10.10 Exercises 283
10.1 1 Advanced Exercises 283
11 . Firewalls 285
11.1 Definition 285
1 1.2 Types of Firewalls 289
11.2.1 Packet Inspection Firewalls 289
11.2.2 Application Proxy Server: Filtering Based on
Known Services 295
11.2.3 Virtual Private Network (VPN) Firewalls 300
11.2.4 Small Office or Home (SOHO) Firewalls 301
1 1.2.5 NAT Firewalls 302
11.3 Configuration and Implementation of a Firewall 302
11.4 The Demilitarized Zone (DMZ) 304
11.4.1 Scalability and Increasing Security in a DMZ 306
11.5 Improving Security Through the Firewall 307
11.6 Firewall Forensics 309
11.7 Firewall Services and Limitations 309
1 1.7.1 Firewall Services 310
11.7.2 Limitations of Firewalls 310
1 1.8 References 311
1 1.9 Exercises 312
1 1.10 Advanced Exercises 312
12 . System Intrusion Detection and Prevention 315
12.1 Definition 315
12.2 Intrusion Detection 316
12.2.1 The System Intrusion Process 316
12.2.2 The Dangers of System Intrusions 318
12.3 Intrusion Detection Systems (IDSs) 319
12.3.1 Anomaly Detection 320
12.3.2 Misuse Detection 322
12.4 Types of Intrusion Detection Systems 323
12.4.1 Network-Based Intrusion Detection Systems (NIDSs) 323
12.4.2 Host-Based Intrusion Detection Systems (HIDSs) 330
12.4.3 The Hybrid Intrusion Detection System 332
12.5 The Changing Nature of IDS Tools 333
12.6 Other Types of Intrusion Detection Systems 333
12.6.1 System Integrity Verifiers (SIVs) 333
12.6.2 Log File Monitors (LFMs) 334
12.6.3 Honeypots 334
12.7 Response to System Intrusion 336
12.7.1 Incident Response Team 336
12.7.2 IDS Logs as Evidence 337
12.8 Challenges to Intrusion Detection Systems 337
12.8.1 Deploying IDS in Switched Environments 338
12.9 Implementing an Intrusion Detection System 339
12.10 Intrusion Prevention Systems (IPS) 339
12.10.1 Network-Based Intrusion Prevention Systems (NIPSs) 340
12.10.2 Host-Based Intrusion Prevention Systems (HIPSs) 341
12.1 1 Intrusion Detection Tools 343
12.12 References 344
12.13 Exercises 345
12.14 Advanced Exercises 346
13 Computer and Network Forensics 347
13.1 Definition 3 4 7
13.2 Computer Forensics 349
13.2.1 History of Computer Forensics 349
13.2.2 Elements of Computer Forensics 350
13.2.3 Investigative Procedures 3 5 2
13.2.4 Analysis of Evidence 360
13.3 Network Forensics 367
13.3.1 Intrusion Analysis 368
13.3.2 Damage Assessment 374
13.4 Forensics Tools 374
13.4.1 Computer Forensics Tools 375
13.4.2 Network Forensics Tools 3 8 1
13.5 References 383
13.6 Exercises 384
13.7 Advanced Exercises 384
14 . Virus and Content Filtering 387
14.1 Definition 387
14.2 Scanning. Filtering. and Blocking 387
14.2.1 Content Scanning 388
14.2.2 Inclusion Filtering 389
14.2.3 Exclusion Filtering 389
14.2.4 Other Types of Content Filtering 390
14.2.5 Location of Content Filters 391
14.3 Virus Filtering 393
14.3.1 Viruses 393
14.4 Content Filtering 402
14.4.1 Application Level Filtering 402
14.4.2 Packet Level Filtering and Blocking 404
14.4.3 Filtered Material 406
14.5 Spam 407
14.6 References 409
14.7 Exercises 410
14.8 Advanced Exercises 410
15 . Security Evaluations of Computer Products 411
15.1 Introduction 411
15.2 Security Standards and Criteria 412
15.3 The Product Security Evaluation Process 412
15.3.1 Purpose of Evaluation 413
15.3.2 Criteria 413
15.3.3 Process of Evaluation 414
15.3.4 Structure of Evaluation 415
15.3.5 Outcomes/Benefits 416
15.4 Computer Products Evaluation Standards 416
15.5 Major Evaluation Criteria 417
15.5.1 TheOrangeBook 417
15.5.2 U.S. Federal Criteria 420
15.5.3 Information Technology Security Evaluation Criteria (ITSEC) 421
15.5.4 The Trusted Network Interpretation (TNI): The Red Book . 421
15.5.5 Common Criteria (CC) 422
15.6 Does Evaluation Mean Security? 422
15.7 References 422
15.8 Exercises 423
15.9 Advanced Exercises 423
16 . Computer Network Security Protocols and Standards ... 425
16.1 Introduction 425
16.2 Application Level Security 426
16.2.1 Pretty Good Privacy (PGP) 426
16.2.2 Secure/Multipurpose Internet Mail Extension (SIMIME) ... 429
16.2.3 Secure-H?TP (S-HTTP) 430
16.2.4 Hypertext Transfer Protocol over Secure Socket Layer
( m s ) 434
16.2.5 Secure Electronic Transactions (SET) 435
16.2.6 Kerberos 437
16.3 Security in the Transport Layer 440
16.3.1 Secure Socket Layer (SSL) 441
16.3.2 Transport Layer Security (TLS) 444
16.4 Security in the Network Layer 446
16.4.1 Internet Protocol Security (IPSec) 446
16.4.2 Virtual Private Networks (VPNs) 451
16.5 Security in the Link Layer and over LANS 456
16.5.1 Point-to-Point Protocol (PPP) 456
16.5.2 Remote Authentication Dial-In User Service (RADIUS) 457
16.5.3 Terminal Access Controller Access Control System
(TACACS+ ) 459
16.6 References 460
16.7 Exercises 460
16.8 Advanced Exercises 461
17 . Security in Wireless Networks and Devices 463
17.1 Introduction 463
17.2 Cellular Wireless Communication Network Infrastructure 464
17.2.1 Development of Cellular Technology 467
17.2.2 Limited and Fixed Wireless Communication Networks ...... 472
17.3 Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi) 474
17.3.1 WLAN (Wi-Fi) Technology 475
......... 17.3.2 Mobile IP and Wireless Application Protocol (WAP) 475
17.4 Standards for Wireless Networks 478
17.4.1 The IEEE 802.1 1 480
17.4.2 Bluetooth 480
17.5 Security in Wireless Networks 482
17.5.1 WLANs Security Concerns 483
17.5.2 Best Practices for Wi-Fi Security Problems 489
17.5.3 Hope on the Horizon for WEP 491
17.6 References 491
17.7 Exercises 492
17.8 Advanced Exercises 493
18 . Other Efforts to Secure Information and
Computer Networks 495
18.1 Introduction 495
18.2 Legislation 496
18.3 Regulation 496
18.4 Self-Regulation 497
18.4.1 Hardware-Based Self-Regulation 497
18.4.2 Software-Based Self-Regulation 498
18.5 Education 499
18.5.1 Focused Education 500
18.5.2 Mass Education 500
18.6 Reporting Centers 501
18.7 Market Forces 502
18.8 Activism 502
18.8.1 Advocacy 502
18.8.2 Hotlines 503
18.9 References 503
18.10 Exercises 5 0 4
18.1 1 Advanced Exercises 505
19 . Looking Ahead . Security Beyond Computer Networks 507
19.1 Introduction 507
19.2 Collective Security Initiatives and Best Practices 508
19.2.1 The U.S. National Strategy to Secure Cyberspace ............... 508
19.2.2 Council of Europe Convention on Cyber Crime .................. 509
19.3 References 510
Part IV: Projects
20 . Projects 513
20.1 Introduction 513
20.2 Part I: WeeklyEiiweekly Laboratory Assignments 513
20.3 Part 11: Semester Projects 5 17
20.4 Part 111: Research Projects 524
Index 529

Windows Server 2008 Security Resource Kit

2008-06-08 23:39:42

May 2008 Edition

Contents at a Glance
Part I Windows Security Fundamentals
1 Subjects, Users, and Other Actors . . . .. . . . .. . . . . . . . . . . . .3
2 Authenticators and Authentication Protocols . . . . . . . . . . . . . . . 17
3 Objects: The Stuff You Want. . . . . . . . . . . . . . . . . . . . . . . 55
4 Understanding User Account Control (UAC) . . . . . . . . . . . . . . . . 91
5 Firewall and Network Access Protection . . . . . . . . . . . . . . . . . 115
6 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
7 Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
8 Auditing. . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . 213
Part II Implementing Identity and Access (IDA) Control
Using Active Directory
9 Designing Active Directory Domain Services for Security.. .. . . . . . . 241
10 Implementing Active Directory Certificate Services. . . . . . . . . . . 265
Part III Common Security Scenarios
11 Securing Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . 285
12 Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
13 Securing the Network . . . . . . . . . . . . . . . . . . . . . . . . . 341
14 Securing the Branch Office. . . . . . . . . . . . . . . . . . . . . . . 369
15 Small Business Considerations . . . . . . . . . . . . . . . . . . . . . 391
16 Securing Server Applications . . . . . . . . . .. . . . . . . . . . . . 431
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

How to Cheat at Managing Information Security

2008-06-02 15:27:29

Editorial Reviews

Product Description
This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks. These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non-technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory. Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to:

Design the organization chart of his new security organization
Design and implement policies and strategies
Navigate his way through jargon filled meetings
Understand the design flaws of his E-commerce and DMZ infrastructure

Preface

Sometimes I’m asked why I wrote this book, and my answer can be summed
up by a very simple story.While I worked for a large audit firm, I was phoned
up by an auditor I vaguely knew.“Hi, I have an interview for the position of
security manager next week,” he said with obvious enthusiasm.“I know it’s got
a lot to do with passwords and hackers, but can you give me more details?”
He must have thought I hung up by mistake because he phoned back—
twice!
This book isn’t the most comprehensive security text ever written, but I
think it contains many of the things you need to understand to be a good IT
security manager. It’s exactly the kind of book my auditing chum would never
buy.
—Mark Osborne
2006

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
Chapter 1 The Security Organization . . . . . . . . . . . . . . . 1
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Where to Put the Security Team . . . . . . . . . . . . . . . . . . .2
Where Should Security Sit?
Below the IT Director Report . . . . . . . . . . . . . . . . . . . .3
Pros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Cons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Where Should Security Sit? Below the Head of Audit . . .5
Pros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Cons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Where Should Security Sit? Below the CEO, CTO, or CFO 6
Pros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Cons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Your Mission—If You Choose to Accept It . . . . . . . . . . . . . .7
Role of the Security Function: What’s in a Job? . . . . . . . . . . .7
Incident Management and Investigations . . . . . . . . . . . . .8
Legal and Regulatory Considerations . . . . . . . . . . . . . . . .9
Policy, Standards, and Baselines Development . . . . . . . . .10
Business Consultancy . . . . . . . . . . . . . . . . . . . . . . . . . .10
Architecture and Research . . . . . . . . . . . . . . . . . . . . . . .11
Assessments and Audits . . . . . . . . . . . . . . . . . . . . . . . . .11
Operational Security . . . . . . . . . . . . . . . . . . . . . . . . . . .12
The Hybrid Security Team: Back to Organizational Studies 12
Making Friends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
The Board . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Internal Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Legal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Help Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
System Development . . . . . . . . . . . . . . . . . . . . . . . .16
Tech Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
What Makes a Good CISO? . . . . . . . . . . . . . . . . . . . . . . . .17
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Chapter 2 The Information Security Policy . . . . . . . . . . 19
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Policy, Strategy, and Standards: Business Theory . . . . . . . . . .21
Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Tactics and Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Operations: Standards and Procedures . . . . . . . . . . . . . . .24
Back to Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
The Security Strategy and the Security Planning Process . . .25
Security Organization . . . . . . . . . . . . . . . . . . . . . . . .28
Security Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Security Policy Revisited . . . . . . . . . . . . . . . . . . . . . . . . . .30
Policy Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
What Do I Need to Set a Policy On? . . . . . . . . . . . .33
Template,Toolkit, or Bespoke? . . . . . . . . . . . . . . . . . .34
So Why Haven’t I Just Told You How to Write a Good
Information Security Policy? . . . . . . . . . . . . . . . . . . .35
Security Standards Revisited . . . . . . . . . . . . . . . . . . . . . . . .36
Compliance and Enforcement . . . . . . . . . . . . . . . . . . . . . . .37
Information Security Awareness:The Carrot . . . . . . . . . .38
Active Enforcement:The Stick . . . . . . . . . . . . . . . . . . . .40
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . .40
Automated Audit Compliance . . . . . . . . . . . . . . . . . .40
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Chapter 3 Jargon, Principles, and Concepts . . . . . . . . . 49
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
CIA: Confidentiality, Integrity, and Availability . . . . . . . . . . .51
Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Nonrepudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
When Is CIA Used? . . . . . . . . . . . . . . . . . . . . . . . . .54
The Vulnerability Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Types of Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Protective Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Detective Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Recovery Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Administrative Control . . . . . . . . . . . . . . . . . . . . . . . . .58
Segregation of Duties . . . . . . . . . . . . . . . . . . . . . . . .58
Job Rotation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Types of Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . .59
Quantitative Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Qualitative Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
How It Really Works: Strengths and Weaknesses . . . . . . .61
So What Now? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
AAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Types of Authentication . . . . . . . . . . . . . . . . . . . . . .64
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
AAA in Real Life . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Other Concepts You Need to Know . . . . . . . . . . . . . . . . . .66
Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Defense in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Failure Stance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Security through Obscurity . . . . . . . . . . . . . . . . . . . . . .67
Generic Types of Attack . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Network Enumeration and Discovery . . . . . . . . . . . . . .67
Message Interception . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Message Injection/Address Spoofing . . . . . . . . . . . . . . .68
Session Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Message Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Brute-Force Attacks on Authenticated Services . . . . . . . .69
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Chapter 4 Information Security Laws and Regulations 71
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
U.K. Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Computer Misuse Act 1990 . . . . . . . . . . . . . . . . . . . . . .73
How Does This Law Affect a Security Officer? . . . . .75
The Data Protection Act 1998 . . . . . . . . . . . . . . . . . . .75
How Does This Law Affect a Security Officer? . . . . .76
Other U.K. Acts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
The Human Rights Act 1998 . . . . . . . . . . . . . . . . . .77
The Regulation of Investigatory Powers Act 2000 . . .78
The Telecommunications (Lawful Business Practice)
(Interception of Communications) Regulations 2000 79
The Freedom of Information Act 2000 . . . . . . . . . .80
Audit Investigation and
Community Enterprise Act 2005 . . . . . . . . . . . . . . . .80
Official Secrets Act . . . . . . . . . . . . . . . . . . . . . . . . . .80
U.S. Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
California SB 1386 . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Sarbanes-Oxley 2002 . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Section 201 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Section 302 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Section 404 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Gramm-Leach-Bliley Act (GLBA) . . . . . . . . . . . . . . . . .84
Health Insurance Portability
and Accountability Act (HIPAA) . . . . . . . . . . . . . . . . . .85
USA Patriot Act 2001 . . . . . . . . . . . . . . . . . . . . . . . . .85
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Chapter 5 Information Security Standards and Audits. 87
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
BS 7799 and ISO 17799 . . . . . . . . . . . . . . . . . . . . . . . .89
A Canned History of BS 7799 . . . . . . . . . . . . . . . . .90
History of BS 7799, Part 2 . . . . . . . . . . . . . . . . . . . .92
PDCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
ISO/IEC 27001:2005: What Now for BS 7799? . . . . . . . . .98
PAS 56 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
What Is PAS 56? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
The Stages of the BCM Life Cycle . . . . . . . . . . . . . . .100
Stage 1: Initiate the BCM Project . . . . . . . . . . . . . .100
Stage 2: Understand the Business . . . . . . . . . . . . . . .100
Stage 3: Define BCM Strategies . . . . . . . . . . . . . . . .100
Stage 4: Produce a BCM Plan . . . . . . . . . . . . . . . . .101
Stage 5: Instill a BCM Culture . . . . . . . . . . . . . . . .101
Stage 6: Practice, Maintain, and Audit . . . . . . . . . . .101
FIPS 140-2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Should I Bother with FIPS 140-2? . . . . . . . . . . . . . . . .102
What Are the Levels? . . . . . . . . . . . . . . . . . . . . . . . . . .102
Common Criteria Certification . . . . . . . . . . . . . . . . . . . . .103
Other CC Jargon . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
The Security Target . . . . . . . . . . . . . . . . . . . . . . . .103
Protection Profile . . . . . . . . . . . . . . . . . . . . . . . . .103
Evaluation Assurance Level . . . . . . . . . . . . . . . . . . .103
Types of Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Computer Audit as Part of the Financial Audit . . . . . . .104
Section 39 Banking Audit . . . . . . . . . . . . . . . . . . . . . .105
SAS 70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Other Types of Audits . . . . . . . . . . . . . . . . . . . . . . . . .107
Tips for Managing Audits . . . . . . . . . . . . . . . . . . . . . .108
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Chapter 6 Interviews, Bosses, and Staff . . . . . . . . . . 111
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Interviews as the Interviewee . . . . . . . . . . . . . . . . . . . .112
Interview 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Interview 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Interview 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Interview 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Preinterview Questionnaires . . . . . . . . . . . . . . . . . . . .117
Interviews as the Interviewer . . . . . . . . . . . . . . . . . . . .119
Interview 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Interview 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Bosses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Runner-up for the Worst Boss in the World . . . . . . . . .120
Worst Boss in the World . . . . . . . . . . . . . . . . . . . . . . .120
Worst Employees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
Chapter 7 Infrastructure Security . . . . . . . . . . . . . . . . 123
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Network Perimeter Security . . . . . . . . . . . . . . . . . . . .124
The Corporate Firewall . . . . . . . . . . . . . . . . . . . . . . . .126
Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
E-mail Protection . . . . . . . . . . . . . . . . . . . . . . . . . .128
Browser Content Control and Logging . . . . . . . . . .130
Web and FTP Server . . . . . . . . . . . . . . . . . . . . . . .131
Remote Access DMZ . . . . . . . . . . . . . . . . . . . . . . . . .131
Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Remote Access Design Options . . . . . . . . . . . . . . . .132
E-commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Just Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Chapter 8 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
What Is a Firewall, and What Does It Do? . . . . . . . . . .144
Why Do We Need Firewalls? . . . . . . . . . . . . . . . . . . . .146
Firewall Structure and Design . . . . . . . . . . . . . . . . . . . . . .147
Firewall Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Screening Routers . . . . . . . . . . . . . . . . . . . . . . . . .148
Application-Level Gateways or Proxies . . . . . . . . . .148
Circuit-Level Gateways . . . . . . . . . . . . . . . . . . . . . .149
The Stateful Inspection Firewall . . . . . . . . . . . . . . .149
So What Are the Features You Want from a Firewall? . .151
Stateful Rule Base . . . . . . . . . . . . . . . . . . . . . . . . .151
NAT/PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Antispoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Advanced Logging . . . . . . . . . . . . . . . . . . . . . . . . .155
User-Authenticated Traffic . . . . . . . . . . . . . . . . . . .155
IPSec Termination . . . . . . . . . . . . . . . . . . . . . . . . .156
Ability to Define Your Own Protocols . . . . . . . . . . .156
Time-Based Rules . . . . . . . . . . . . . . . . . . . . . . . . .157
Other Types of Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . .157
Stealth Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Virtualized Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . .158
Commercial Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
The Cisco PIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Adaptive Security Algorithm . . . . . . . . . . . . . . . . .159
Cut-Through Proxy . . . . . . . . . . . . . . . . . . . . . . .161
Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163
Check Point FireWall-1 . . . . . . . . . . . . . . . . . . . . . . . .164
How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
The Gory Details . . . . . . . . . . . . . . . . . . . . . . . . . .167
Security Policy: Global Policies . . . . . . . . . . . . . . . .170
SYNDefender . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Antispoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Chapter 9 Intrusion Detection Systems: Theory . . . . . 175
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Why Bother with an IDS? . . . . . . . . . . . . . . . . . . . . . . . . .178
Problems with Host-Based IDSes . . . . . . . . . . . . . . . . .179
Whether to Use a
HIDS or Not? That Is the Question . . . . . . . . . . . .179
And Is It A Bad Thing? . . . . . . . . . . . . . . . . . . . . . .180
NIDS in Your Hair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Detection Flaws . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Dropped Packets . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Fragment Reassembly . . . . . . . . . . . . . . . . . . . . . . .183
Packet Grepping versus
Protocol Analysis, or Just Not Working Right . . . . .184
Lazy Rule Structure . . . . . . . . . . . . . . . . . . . . . . . .188
Poor Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
SSL and Encryption . . . . . . . . . . . . . . . . . . . . . . . .190
Asymmetric Routing . . . . . . . . . . . . . . . . . . . . . . .192
Poor Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Signature Analysis . . . . . . . . . . . . . . . . . . . . . . . . . .193
Anomalous Traffic Detection . . . . . . . . . . . . . . . . . .195
For the Technically Minded . . . . . . . . . . . . . . . . . . . . . . . .199
Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
RealSecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Chapter 10 Intrusion Detection Systems: In Practice 205
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
Introduction:Tricks,Tips, and Techniques . . . . . . . . . . . . . .206
Deploying a NIDS: Stealth Mode . . . . . . . . . . . . . . . . .206
Spanning Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Tap Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Failover Monitoring . . . . . . . . . . . . . . . . . . . . . . . .210
Aggregating Different Flows . . . . . . . . . . . . . . . . . .211
Asymmetric Routing . . . . . . . . . . . . . . . . . . . . . . . . . .212
IDS Deployment Methodology . . . . . . . . . . . . . . . . . . . . .213
The Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Step 1: Planning Sensor
Position and Assigning Positional Risk . . . . . . . . . . . . .217
Sensor 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
Step 2: Establish Monitoring Policy and Attack Gravity 219
Step 3: Reaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Step 4: Further Action: IPS . . . . . . . . . . . . . . . . . . . . .223
Firewalls, Master Blocking, and Inline IPSes . . . . . . .223
Host Detectors . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Application Interface . . . . . . . . . . . . . . . . . . . . . . . .224
Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Information Management . . . . . . . . . . . . . . . . . . . . . . . .225
Log Management . . . . . . . . . . . . . . . . . . . . . . . . . . . .225
Console Management . . . . . . . . . . . . . . . . . . . . . . . . .226
Logical Access Controls . . . . . . . . . . . . . . . . . . . . . .226
Incident Response and Crisis Management . . . . . . . . . . . .227
Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Containment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Eradication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
Other Valuable Tips . . . . . . . . . . . . . . . . . . . . . . . . . .230
Test and Tune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Tune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Reduce False Positives . . . . . . . . . . . . . . . . . . . . . .231
Reduce False Negatives . . . . . . . . . . . . . . . . . . . . .232
Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Technical Testing . . . . . . . . . . . . . . . . . . . . . . . . . . .232
Covert Penetration Testing . . . . . . . . . . . . . . . . . . .233
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Chapter 11 Intrusion Prevention and Protection . . . . 235
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
What Is an IPS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Active Response: What Can an IPS Do? . . . . . . . . . . . . . .238
A Quick Tour of IPS Implementations . . . . . . . . . . . . . . . .239
Traditional IDSes with Active Response . . . . . . . . . . . .240
In-Line Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
General In-Line IPSes . . . . . . . . . . . . . . . . . . . . . . .242
DDoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Application Firewall . . . . . . . . . . . . . . . . . . . . . . . .243
Deception Technology . . . . . . . . . . . . . . . . . . . . . . . . .245
Why Would I Want One? . . . . . . . . . . . . . . . . . . . .245
Extended Host OS Protection . . . . . . . . . . . . . . . . . . .246
Why Would I Want One? . . . . . . . . . . . . . . . . . . . .246
Example Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . .247
Dealing with DDoS Attacks . . . . . . . . . . . . . . . . . . . . .247
How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . .247
Scrubbing and Cleansing:The Cisco Guard . . . . . . .249
An Open Source In-Line IDS/IPS: Hogwash . . . . . . . .250
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Chapter 12 Network Penetration Testing . . . . . . . . . . 255
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257
Types of Penetration Testing . . . . . . . . . . . . . . . . . . . . . . .258
Network Penetration Test . . . . . . . . . . . . . . . . . . . . . . .258
Application Penetration Test . . . . . . . . . . . . . . . . . . . .258
Periodic Network Vulnerability Assessment . . . . . . . . . .258
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Network Penetration Testing . . . . . . . . . . . . . . . . . . . . . .259
An Internet Testing Process . . . . . . . . . . . . . . . . . . . . .259
Test Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Passive Research . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Network Enumeration and OS Fingerprinting . . . . .262
Host Enumeration . . . . . . . . . . . . . . . . . . . . . . . . .262
Vulnerability Scanning . . . . . . . . . . . . . . . . . . . . . .265
Scenario Analysis . . . . . . . . . . . . . . . . . . . . . . . . . .266
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269
Internal Penetration Testing . . . . . . . . . . . . . . . . . . . . .270
Application Penetration Testing . . . . . . . . . . . . . . . . . .270
Application Pen Test
Versus Application System Testing . . . . . . . . . . . . . .270
Controls and the Paperwork You Need . . . . . . . . . . . . . . .274
Indemnity and Legal Protection . . . . . . . . . . . . . . . . . .274
Scope and Planning . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Success Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Escalation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . .276
What’s the Difference between a Pen Test and Hacking? . . .276
Who Is the Hacker? . . . . . . . . . . . . . . . . . . . . . . . . . .276
The Digital Blagger: Hacking for Profit . . . . . . . . .277
Hacktivists:The Digital Moral Outrage . . . . . . . . . .277
White Hats:The Digital Whistleblowers . . . . . . . . . .278
Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
The End of the Story . . . . . . . . . . . . . . . . . . . . . . .279
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
Chapter 13 Application Security
Flaws and Application Testing . . . . . . . . . . . . . . . . . . . 281
Anecdote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
The Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Configuration Management . . . . . . . . . . . . . . . . . . . . . . .284
Unvalidated Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Cross-Site Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . .288
SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Command Injection . . . . . . . . . . . . . . . . . . . . . . . . . .294
Bad Identity Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
Forceful Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
URL Parameter Tampering . . . . . . . . . . . . . . . . . . . . .297
Insecure Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Fixing Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .298
Qwik Fix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
For the More Technically Minded . . . . . . . . . . . . . . . . . . .299
Does It Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Defend I.T.: Security by Example

2008-05-27 14:32:25

"Ajay and Scott take an interesting approach in filling Defend I.T. with case studies and using them to demonstrate important security principles. This approach works well and is particularly valuable in the security space, where companies and consultants are often hesitant to discuss true security incidents for potential embarrassment and confidentiality reasons. Defend I.T. is full of engaging stories and is a good read."
-Fyodor, author of the Nmap Security Scanner and Insecure.Org

"Defend I.T. answers reader demand for scenario-driven examples. Security professionals will be able to look at these case studies and relate them to their own experiences. That sets this book apart."
-Lance Hayden, Cisco Systems

"This is an exciting book! It's like reading several mysteries at once from different viewpoints, with the added benefit of learning forensic procedures along the way. Readers will benefit from the procedures, and the entertaining presentation is a real plus."
-Elizabeth Zinkann, Equilink Consulting

The battle between IT professionals and those who use the Internet for destructive purposes is raging-and there is no end in sight. Reports of computer crime and incidents from the CERT Coordination Center at Carnegie Mellon University more than double each year and are expected to rise. Meanwhile, viruses and worms continue to take down organizations for days.

Defend I.T.: Security by Example draws on detailed war stories to identify what was done right and what was done wrong in actual computer-security attacks, giving you the opportunity to benefit from real experiences. Approaches to securing systems and networks vary widely from industry to industry and organization to organization. By examining a variety of real-life incidents companies are too embarrassed to publicly share, the authors explain what could have been done differently to avoid the losses incurred--whether creating a different process for incident response or having better security countermeasures in place to begin with.

Inside, you'll find in-depth case studies in a variety of categories:

Basic Hacking: Blackhat bootcamp, including mapping a network, exploiting vulnerable architecture, and launching denial-of-service attacks

Current Methods: The latest in malicious deeds, including attacks on wireless networks, viruses and worms, and compromised Web servers

Additional Items on the Plate: Often overlooked security measures such as developing a security policy, intrusion-detection systems, disaster recovery, and government regulations

Old School: Classic means of compromising networks-war dialing and social engineering

Forensics: How to investigate industrial espionage, financial fraud, and network intrusion

Aimed at both information-security professionals and network administrators, Defend I.T. shows you how to tap the best computer-security practices and industry standards to deter attacks and better defend networks.

Preface
What does a cyber security professional do? This is a question often posed by individuals who have heard a lot about security—especially the need to secure their electronic assets—but who are not entirely clear on what is involved. Cyber security involves a variety of things. Although we, the cyber security professionals, understand the various aspects of our jobs, it is often difficult to explain to people outside the profession (even our spouses) what exactly we do, and what exactly needs to be done to secure electronic assets.

The details of many professions are difficult to describe, so examples often offer the best means of explanation. Security is no different. In this book we hope to provide some insight into cyber security by using case studies to describe what a cyber security professional does.

We hope that this collection of case studies will serve as a tour of many of the issues that cyber security professionals face, not only in their careers but in their day-to-day lives.

One of the goals of this book, then, is to explain what we do; but there are other, more critical goals as well. Our primary aim is to provide practical examples of the types of issues that security professionals must be prepared to face in the execution of their duties.

Contents

Copyright
Preface
How the Book Is Structured
Format of the Case Studies
Audience
Acknowledgments
About the Authors
Primary Authors
Contributing Authors
Introduction
Disclaimers
Part I: Basic Hacking
Chapter 1. Getting to Know the Enemy: Nmap the Target Network
Section 1.1. Network Architecture
Section 1.2. Port Scans
Section 1.3. OS Identification
Section 1.4. Partial Picture
Section 1.5. Hiding
Section 1.6. Lessons Learned
Chapter 2. Home Architecture
Section 2.1. Introduction
Section 2.2. Background
Section 2.3. The Incident
Section 2.4. Incident Reconstruction
Section 2.5. Repercussions
Section 2.6. Aspen's Response
Section 2.7. Lessons Learned
Chapter 3. No Service for You!
Section 3.1. The Discovery
Section 3.2. The Response
Section 3.3. The Process
Section 3.4. Lessons Learned
Section 3.5. References
Part II: Current Methods
Chapter 4. Look, Ma, No Wires!
Section 4.1. Introduction
Section 4.2. Background
Section 4.3. The Project
Section 4.4. Existing Security
Section 4.5. Recommendations
Section 4.6. The End State
Chapter 5. Virus Outbreak I
Section 5.1. Introduction
Section 5.2. How Did You Get In?
Section 5.3. How Much Have We Lost?
Section 5.4. Lessons Learned
Chapter 6. Virus Outbreak II: The Worm
Section 6.1. Introduction
Section 6.2. Background
Section 6.3. The Worm Infection
Section 6.4. Lessons Learned
Chapter 7. Changing Face
Section 7.1. Introduction
Section 7.2. The Assessment
Section 7.3. Lessons Learned
Part III: Additional Items on the Plate
Chapter 8. Protecting Borders: Perimeter Defense with an IDS
Section 8.1. Background
Section 8.2. The Company
Section 8.3. Developing Requirements
Section 8.4. Market Research
Section 8.5. Pilot Testing
Section 8.6. Implementation on Production
Section 8.7. Implementation Follow-up
Section 8.8. Lessons Learned
Chapter 9. Disaster All Around
Section 9.1. Introduction
Section 9.2. Disaster Strikes
Section 9.3. Analyzing the Incident
Section 9.4. The Solution
Section 9.5. Lessons Learned
Chapter 10. Security Is the Best Policy
Section 10.1. Introduction
Section 10.2. The Company
Section 10.3. The Call
Section 10.4. You Have a Policy . . . Now What?
Chapter 11. HIPAA: Security by Regulation
Section 11.1. Introduction
Section 11.2. The Assessment
Section 11.3. Analysis
Section 11.4. Consequences
Section 11.5. The Solution
Section 11.6. Conclusion
Part IV: Old School
Chapter 12. A War-Dialing Attack
Section 12.1. War Dialing
Section 12.2. The Attack
Section 12.3. Lessons Learned
Chapter 13. A Low-Tech Path into the High-Tech World
Section 13.1. Introduction
Section 13.2. Doing Your Homework
Section 13.3. The Hack
Section 13.4. The Fallout
Section 13.5. Lessons Learned
Part V: Computer Forensics
Chapter 14. Industrial Espionage
Section 14.1. Spies All around Us
Section 14.2. The Investigation
Section 14.3. Lessons Learned
Section 14.4. Intellectual Asset Protection
Section 14.5. Chain of Custody
Section 14.6. Federal Guidelines of Computer Evidence Admissibility
Chapter 15. Executive Fraud
Section 15.1. Introduction: The Whistle-Blower
Section 15.2. Preparation
Section 15.3. Evidence Collection and Chain of Custody
Section 15.4. Drive Imaging
Section 15.5. Review of the Logical File Structure
Section 15.6. Review of Unallocated Space and File Slack
Section 15.7. Smoking Gun
Section 15.8. Reporting
Section 15.9. Lessons Learned
Chapter 16. Cyber Extortion
Section 16.1. Introduction
Section 16.2. To Press or Not to Press Charges
Section 16.3. The Investigation
Section 16.4. Lessons Learned
Section 16.5. What Would Be Done Differently Today?
Conclusion
Further Investigations
Public Key Infrastructure
Identity Management
Single Sign-On
Biometrics
Secure Architecture
Firewalls and VPNs
The Home User
Identity Theft
Keeping Up with the Latest Trends
Recommended Reading
General Topics
Nmap
Secure Architecture
Denial of Service
Wireless
Viruses
Web Security
Intrusion Detection Systems
Disaster Recovery
Security Policy
HIPAA
War Dialing
Social Engineering
Computer Forensics
Public Key Infrastructure
Identity Management
Biometrics
Firewalls and VPNs
Home Security
Identify Theft

网络安全_计算机网络通信，安全_计算机类_最新资料_得益网

黑客VS网管 大作战

华夏黑客同盟VIP会员班2008下半年精华视频合集

snort源码分析

Cryptography and Security Services Mechanisms and Applications

sniiffer高手系列1

sniffer高手系列5(完成)

sniffer高手系列4

sniffer高手系列3

网络安全技术与反黑

光纤熔接

<超级容易学电脑——系统优化、病毒防治与防黑防黑>视频教程

Google Hacking for Penetration Testers, Volume 2

Computer Network Security

Windows Server 2008 Security Resource Kit

How to Cheat at Managing Information Security

Defend I.T.: Security by Example

黑客VS网管大作战