The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more. Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertiseComprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpointsPresents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions.;Title page -- Table of Contents -- Copyright -- Dedication -- Foreword -- Preface -- Organization of this Book -- Supplemental Materials -- Acknowledgments -- About the Editor -- Contributors -- Part I: Overview of System and Network Security: A Comprehensive Introduction -- Chapter 1. Building a Secure Organization -- 1 Obstacles to Security -- 2 Computers are Powerful and Complex -- 3 Current Trend is to Share, Not Protect -- 4 Security isn't about Hardware and Software -- 5 Ten Steps to Building a Secure Organization -- 6 Preparing for the Building of Security Control Assessments. 1 Building a Secure Organization 1 1. Obstacles to Security 1 Security Is Inconvenient 1 2. Computers are Powerful and Complex 1 Computer Users Are Unsophisticated 2 Computers Created Without a Thought to Security 2 3. Current Trend is to Share, Not Protect 2 Data Accessible from Anywhere 2 4. Security isn’t about Hardware and Software 4 The Bad Guys Are Very Sophisticated 4 Management Sees Security as a Drain on the Bottom Line 5 5. Ten Steps to Building a Secure Organization 6 Evaluate the Risks and Threats 6 Threats Based on the Infrastructure Model 6 Threats Based on the Business Itself 6 Threats Based on Industry 6 Global Threats 6 Beware of Common Misconceptions 7 Provide Security Training for IT Staff—Now and Forever 8 Think “Outside the Box” 9 DOXing 11 Train Employees: Develop a Culture of Security 11 Identify and Utilize Built-in Security Features of the Operating System and Applications 12 Monitor Systems 14 Hire a Third Party to Audit Security 15 Don’t Forget the Basics 17 Change Default Account Passwords 17 Use Robust Passwords 18 Close Unnecessary Ports 18 Patch, Patch, Patch 19 Use Administrator Accounts for Administrative Tasks 19 Restrict Physical Access 19 Don’t Forget Paper! 19 6. Preparing for the Building of Security Control Assessments 19 7. Summary 20 Chapter Review Questions/Exercises 21 True/False 21 Multiple Choice 21 Exercise 22 Problem 22 Hands-On Projects 22 Project 22 Case Projects 22 Problem 22 Optional Team Case Project 22 Problem 22 2 A Cryptography Primer 23 1 What is Cryptography? What is Encryption? 24 How Is Cryptography Done? 24 2 Famous Cryptographic Devices 24 The Lorenz Cipher 24 Enigma 24 3 Ciphers 25 The Substitution Cipher 25 The Shift Cipher 27 The Polyalphabetic Cipher 29 The Kasiski/Kerckhoff Method 30 4 Modern Cryptography 31 The Vernam Cipher 31 The One-Time Pad 32 Cracking Ciphers 34 The XOR Cipher and Logical Operands 34 Block Ciphers 35 5 The Computer Age 36 Data Encryption Standard 36 Theory of Operation 37 Implementation 37 Rivest, Shamir, and Adleman 38 Advanced Encryption Standard 38 Overview 38 The Basics of AES 39 6 How AES Works 39 Bytes 39 Math 40 In the Beginning 40 Rounds 41 7 Selecting Cryptography: the Process 42 8 Summary 43 Chapter Review Questions/Exercises 43 True/False 43 Multiple Choice 43 Exercise 44 Problem 44 Hands-On Projects 44 Project 44 Case Projects 44 Problem 44 Optional Team Case Project 44 Problem 44 3 Detecting System Intrusions 45 1. Introduction 45 2. Monitoring Key Files in the System 45 Files Integrity 45 3. Security Objectives 46 There Is Something Very Wrong Here 46 Additional Accounts on the System 47 Timestamps 47 Hidden Files and Directories 48 4. 0day Attacks 49 Attack Vectors 49 Vulnerability Window 49 Discovery 49 Protection 50 Ethics 50 5. Good Known State 50 Monitoring Running Processes in the System 51 Files with Weird Names 51 6. Rootkits 51 Kernel-Level Rootkits 52 Userland Rootkits 52 Rootkit Detection 52 7. Low Hanging Fruit 52 8. Antivirus Software 53 9. Homegrown Intrusion Detection 53 10. Full-Packet Capture Devices 53 Deployment 53 Centralized 54 Decentralized 54 Capacity 54 Features: Filtered versus Full-Packet Capture 54 Encrypted versus Unencrypted Storage 54 Sustained Capture Speed versus Peak Capture Speed 55 Permanent versus Overwritable Storage 55 Data Security 55 11. Out-of-Band Attack Vectors 55 12. Security Awareness Training 56 13. Data Correlation 56 14. SIEM 57 15. Other Weird Stuff on the System 57 16. Detection 58 17. Network-Based Detection of System Intrusions 58 18. Summary 59 Chapter Review Questions/Exercises 60 True/False 60 Multiple Choice 60 Exercise 60 Problem 60 Hands-On Projects 60 Project 60 Case Projects 60 Problem 60 Optional Team Case Project 60 Problem 60 References 60 4 Preventing System Intrusions 61 1. So, What is an Intrusion? 62 2. Sobering Numbers 62 3. Know Your Enemy: Hackers versus Crackers 63 4. Motives 64 5. The Crackers’ Tools of the Trade 64 Our “Unsecured” Wireless World 65 6. Bots 65 7. Symptoms of Intrusions 66 8. What Can You Do? 67 Know Today’s Network Needs 68 Network Security Best Practices 69 9. Security Policies 69 10. Risk Analysis 70 Vulnerability Testing 70 Audits 70 Recovery 70 11. Tools of Your Trade 71 Intrusion Detection Systems 71 Firewalls 71 Intrusion Prevention Systems 71 Application Firewalls 72 Access Control Systems 72 Unified Threat Management 73 12. Controlling User Access 73 Authentication, Authorization, and Accounting 73 What the User Knows 73 What the User Has 73 Tokens 73 Time Synchronous 74 Event Synchronous 74 Challenge-Response 74 The User is Authenticated, but is She/He Authorized? 74 Accounting 74 Keeping Current 74 13. Intrusion Prevention Capabilities 75 14. Summary 75 Chapter Review Questions/Exercises 76 True/False 76 Multiple Choice 76 Exercise 76 Problem 76 Hands-On Projects 77 Project 77 Case Projects 77 Problem 77 Optional Team Case Project 77 Problem 77 5 Guarding Against Network Intrusions 78 1 Traditional Reconnaissance and Attacks 78 2 Malicious Software 81 Lures and “Pull” Attacks 82 3 Defense in Depth 83 4 Preventive Measures 84 Access Control 84 Vulnerability Testing and Patching 84 Closing Ports 84 Firewalls 85 Antivirus and Antispyware Tools 85 Spam Filtering 86 Honeypots 87 Network Access Control 87 5 Intrusion Monitoring and Detection 88 Host-Based Monitoring 89 Traffic Monitoring 89 Signature-Based Detection 89 Behavior Anomalies 89 Intrusion Prevention Systems 90 6 Reactive Measures 90 Quarantine 90 Traceback 90 7 Network-Based Intrusion Protection 91 8 Summary 91 Chapter Review Questions/Exercises 91 True/False 91 Multiple Choice 92 Exercise 92 Problem 92 Hands-On Projects 92 Project 92 Case Projects 92 Problem 92 Optional Team Case Project 92 Problem 92 6 Securing Cloud Computing Systems 93 1 Cloud Computing Essentials: Examining the Cloud Layers 93 Analyzing Cloud Options in Depth 93 Public 93 Private 94 Virtual Private 94 Hybrid 94 Establishing Cloud Security Fundamentals 94 Policy and Organizational Risks 94 Lock-in 94 Loss of Governance 95 Compliance Challenges 95 Loss of Business Reputation Due to Co-tenant Activities 95 Cloud Service Termination or Failure 95 Cloud Provider Acquisition 95 Supply Chain Failure 95 Technical Risks 95 Resource Exhaustion 95 Resource Segregation Failure 95 Abuse of High Privilege Roles 95 Management Interface Compromise 96 Intercepting Data in Transit, Data Leakage 96 Insecure Deletion of Data 96 Distributed Denial of Dervice 96 Economic Denial of Service 96 Encryption and Key Management 96 Undertaking Malicious Probes or Scans 96 Compromise of the Service Engine 96 Customer Requirements and Cloud Environment Conflicts 96 Legal Risks 96 Subpoena and e-discovery 96 Varying Jurisdiction 97 Data Protection 97 Licensing 97 General Risks 97 Network Failures 97 Privilege Escalation 97 Social Engineering 97 Loss or Compromise of Operational and Security Logs or Audit Trails 97 Backup Loss 97 Unauthorized Physical Access and Theft of Equipment 97 Natural Disasters 98 Other Cloud Security Concepts 98 Incident Response 98 Virtualization 98 Determining When Security Goals Require a Private Cloud 98 2 Software as a Service 99 Centralizing Information with SaaS to Increase Data Security 99 Implementing and Managing User Authentication and Authorization 99 Permission and Password Protection 99 Negotiating Security Requirements with Vendors 100 Identifying Needed Security Measures 100 Establishing a Service Level Agreement 100 Ensuring SLAs Meet Organizational Security Requirements 100 3 Platform as a Service 100 Restricting Network Access Through Security Groups 100 Configuring Platform-Specific User Access Control 101 Integrating with Cloud Authentication and Authorization Systems 101 Compartmentalizing Access to Protect Data Confidentiality 101 Securing Data in Motion and Data at Rest 102 Identifying Your Security Perimeter 102 Techniques for Recovering Critical Data 102 Basic Backup and Restore 103 References 119 7 Fault Tolerance and Resilience in Cloud Computing Environments 120 1 Introduction 120 2 Cloud Computing Fault Model 121 Cloud Computing Architecture 121 Failure Behavior of Servers 121 Failure Behavior of the Network 122 3 Basic Concepts on Fault Tolerance 123 4 Different Levels of Fault Tolerance in Cloud Computing 125 5 Fault Tolerance against Crash Failures in Cloud Computing 126 6 Fault Tolerance against Byzantine Failures in Cloud Computing 127 7 Fault Tolerance as a Service in Cloud Computing 129 8 Summary 134 Chapter Review Questions/Exercises 134 True/False 134 Multiple Choice 134 Exercise 135 Problem 135 Hands-On Projects 135 Project 135 Case Projects 135 Problem 135 Optional Team Case Project 135 Problem 135 Acknowledgments 135 References 135 8 Securing Web Applications, Services, and Servers 137 1 Setting the Stage 137 Defining Threats to Your Web Assets 137 Surveying the Legal Landscape and Privacy Issues 137 Web Services Overview 138 2 Basic Security for HTTP Applications and Services 138 Basic Authentication 139 Transport Layer Security 139 Server Authentication 139 Mutual Authentication 140 Application to REST Services 140 GSS-API Negotiated Security 140 3 Basic Security for SOAP Services 140 WS-Security Overview 141 Protocol Design 141 Usage of WS-Security 142 Authentication with WSS 142 WS-I Security Profile 143 Example for a WSDL for WS-Security 143 4 Identity Management and Web Services 143 Background 143 Security Assertion Markup Language 143 SAML Token Types 145 SAML Protocol 145 Using SAML Tokens with WS-* 146 WS-Trust Architecture 146 Building Federations with WS-Federation 146 Advanced HTTP Security 146 OAuth Overview and Use Cases 147 OpenID Connect 147 5 Authorization Patterns 148 Access Control Models 148 XACML Overview 148 XACML and SAML for ABAC and RBAC 149 6 Security Considerations 149 Avoiding Common Errors 149 OWASP Top 10 149 SANS Top 20 150 Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers 150 Critical Control 4: Continuous Vulnerability Assessment and Remediation 150 Critical Control 6: Application Software Security 151 Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps 151 Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 151 Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services 151 Critical Control 13: Boundary Defense 151 Critical Control 19: Secure Network Engineering 151 Critical Control 20: Penetration Tests and Red Team Exercises 151 Other Resources 151 Testing and Vulnerability Assessment 152 Testing Strategy 152 Vulnerability Assessment Tools 152 7 Challenges 154 8 Summary 154 Chapter Review Questions/Exercises 156 True/False 156 Multiple Choice 156 Exercise 156 Problem 156 Hands-On Projects 156 Project 156 Case Projects 157 Problem 157 Optional Team Case Project 157 Problem 157 9 Unix and Linux Security 158 1 Unix and Security 158 The Aims of System Security 158 Authentication 158 Authorization 158 Availability 158 Integrity 159 Confidentiality 159 2 Basic Unix Security Overview 159 Traditional Unix Systems 159 Kernel Space versus User Land 159 Semantics of User Space Security 160 Standard File and Device Access Semantics 160 Read, Write, Execute 161 Special Permissions 161 Set-ID Bit 161 Sticky Bit 161 Mandatory Locking 161 Permissions on Directories 161 Read and Write 161 Execute 161 SetID 161 Other File Systems 161 Discretionary Versus Mandatory Access Control 162 3 Achieving Unix Security 162 System Patching 162 Locking Down the System 163 Minimizing User Privileges 163 Detecting Intrusions with Audits and Logs 163 4 Protecting User Accounts and Strengthening Authentication 163 Establishing Secure Account Use 163 The Unix Login Process 163 Controlling Account Access 164 The Local Files 164 Network Information System 164 Using PAMs to Modify AuthN 164 Noninteractive Access 165 Other Network Authentication Mechanisms 165 Risks of Trusted Hosts and Networks 166 Replacing Telnet, Rlogin, and FTP Servers and Clients with SSH 166 5 Limiting Superuser Privileges 166 Configuring Secure Terminals 167 Gaining Root Privileges with su 167 Using Groups Instead of Root 167 Using the sudo 167 6 Securing Local and Network File Systems 167 Directory Structure and Partitioning for Security 167 Employing Read-Only Partitions 167 Finding Special Files 167 Ownership and Access Permissions 167 Locate SetID Files 167 Locate Suspicious Files and Directories 169 7 Network Configuration 169 Basic Network Setup 169 Detecting and Disabling Standard UNIX Services 170 Host-Based Firewall 170 Restricting Remote Administrative Access 170 Consoles and Terminals on Restricted Networks 171 Dedicated Administrative Networks 171 8 Improving the Security of Linux and Unix Systems 171 9 Additional Resources 171 Useful Tools 171 Webmin 172 nmap 173 10 Eliminating the Security Weakness of Linux and Unix Operating Systems 175 1 Introduction to Linux and Unix 175 What is Unix? 175 History 175 Unix Is a Brand 175 Unix Is a Specification 175 Lineage 175 What is Linux? 176 Most Popular Unix-like OS 176 Linux Is a Kernel 176 Linux is a Community 176 Linux Is Distributions 176 Linux Standard Base 176 A Word of Warning 178 System Architecture 178 Kernel 178 File System 179 Users and Groups 179 Permissions 179 Processes 179 2 Hardening Linux and Unix 179 Network Hardening 179 Minimizing Attack Surface 180 Eliminate Unnecessary Services 180 Securely Configure Necessary Services 180 Host-based 181 Chroot and Other Jails 181 Access Control 182 Strong Authentication 182 Two-Factor Authentication 182 PKI 182 Dedicated Service Accounts 183 Additional Controls 183 Encrypted Communications 183 Log Analysis 183 IDS/IPS 184 Host Hardening 184 Permissions 184 Administrative Accounts 184 Groups 184 File System Attributes and ACLs 184 Intrusion Detection 184 Audit Trails 184 File Changes 185 Specialized Hardening 185 GRSec/PAX 185 SELinux 185 Systems Management Security 185 Account Management 185 Patching 186 Backups 186 3 Proactive Defense for Linux and Unix 186 Vulnerability Assessment 186 Network-based Assessment 186 Host-based Assessment 187 Incident Response Preparation 187 Predefined Roles and Contact List 187 Simple Message for End Users 187 Blue Team/Red Team Exercises 187 Organizational Considerations 187 Separation of Duties 187 Forced Vacations 187 4 Summary 188 Chapter Review Questions/Exercises 188 11 Internet Security 189 1 Internet Protocol Architecture 189 Communications Architecture Basics 190 Getting More Specific 191 The PHY Layer 191 The MAC Layer 191 The Network Layer 192 The Transport Layer 193 The Sockets Layer 194 Address Resolution Protocol 194 Dynamic Host Configuration Protocol 194 Domain Naming Service 195 Internet Control Message Protocol 195 Routing 195 Applications 196 2 An Internet Threat Model 196 The Dolev–Yao Adversary Model 196 Layer Threats 197 Eavesdropping 197 Forgeries 197 Replay 199 Delay and Rushing 199 Reorder 200 Message Deletion 200 Summary 201 3 Defending against Attacks on the internet 201 Layer Session Defenses 201 Defending against Eavesdropping 202 Independence of Keys 203 Limited Output 203 Key Size 204 Mode of Operation 204 Defending against Forgeries and Replays 205 Independence of Authentication Keys 207 No Reuse of Replay Counter Values with a Key 207 Key Size 208 Message Authentication Code Tag Size 208 Session Start-up Defenses 209 Mutual Authentication 209 Key Secrecy 209 Session State Consistency 210 Mutual Authentication 210 A Symmetric Key Mutual Authentication Method 210 An Asymmetric Key Mutual Authentication Method 211 A Caveat 211 Key Establishment 212 State Consistency 213 4 Internet Security Checklist 213 5 Summary 213 Chapter Review Questions/Exercises 214 True/False 214 Multiple Choice 214 Exercise 214 Problem 214 Hands-On Projects 214 Project 214 Case Projects 214 Problem 214 Optional Team Case Project 214 Problem 214 12 The Botnet Problem 215 1 Introduction 215 2 Botnet Overview 216 Origins of Botnets 216 Botnet Topologies and Protocols 216 Centralized 216 Peer-To-Peer 217 3 Typical Bot Life Cycle 218 4 The Botnet Business Model 219 5 Botnet Defense 220 Detecting and Removing Individual Bots 220 Detecting C&C Traffic 220 Detecting and Neutralizing the C&C Servers 221 Attacking Encrypted C&C Channels 222 Locating and Identifying the Botmaster 224 6 Botmaster Traceback 224 Traceback Challenges 225 Stepping Stones 225 Multiple Protocols 225 Low-Latency Anonymous Network 225 Encryption 226 Low-Traffic Volume 226 Traceback Beyond the Internet 226 7 Preventing Botnets 227 8 Summary 228 Chapter Review Questions/Exercises 228 True/False 228 Multiple Choice 229 Exercise 230 Problem 230 Hands-On Projects 230 Project 230 Case Projects 230 Problem 230 Optional Team Case Project 230 Problem 230 13 Intranet Security 231 1 Smartphones and Tablets in the Intranet 234 2 Security Considerations 237 3 Plugging the Gaps: NAC and Access Control 239 4 Measuring Risk: Audits 240 5 Guardian at the Gate: Authentication and Encryption 242 6 Wireless Network Security 242 7 Shielding the Wire: Network Protection 243 8 Weakest Link in Security: User Training 245 9 Documenting the Network: Change Management 245 10 Rehearse the Inevitable: Disaster Recovery 246 11 Controlling Hazards: Physical and Environmental Protection 248 12 Know Your Users: Personnel Security 249 13 Protecting Data Flow: Information and System Integrity 250 14 Security Assessments 250 15 Risk Assessments 251 16 Intranet Security Implementation Process Checklist 252 17 Summary 252 Chapter Review Questions/Exercises 252 True/False 252 Multiple Choice 252 Exercise 253 Problem 253 Hands-On Projects 253 Project 253 Case Projects 253 Problem 253 Optional Team Case Project 253 Problem 253 14 Local Area Network Security 254 1 Identify Network Threats 255 Disruptive 255 Unauthorized Access 255 2 Establish Network Access Controls 255 3 Risk Assessment 256 4 Listing Network Resources 256 5 Threats 256 6 Security Policies 256 7 The Incident-Handling Process 257 8 Secure Design Through Network Access Controls 257 9 IDS Defined 258 10 Nids: Scope and Limitations 258 11 A Practical Illustration of NIDS 259 UDP Attacks 259 TCP SYN 259 Some Not-So-Robust Features of NIDS 260 12 Firewalls 261 Firewall Security Policy 262 Configuration Script for sf Router 265 13 Dynamic NAT Configuration 265 14 The Perimeter 265 15 Access List Details 266 16 Types of Firewalls 267 17 Packet Filtering: IP Filtering Routers 267 18 Application-Layer Firewalls: Proxy Servers 267 19 Stateful Inspection Firewalls 268 20 Nids Complements Firewalls 268 21 Monitor and Analyze System Activities 268 Analysis Levels 268 22 Signature Analysis 269 23 Statistical Analysis 269 24 Signature Algorithms 269 Pattern Matching 269 Stateful Pattern Matching 269 Protocol Decode-based Analysis 270 Heuristic-based Analysis 270 Anomaly-based Analysis 271 25 Local Area Network Security Countermeasures Implementation Checklist 272 26 Summary 272 Chapter Review Questions/Exercises 273 True/False 273 Multiple Choice 273 Exercise 273 Problem 273 Hands-On Projects 273 Project 273 Case Projects 273 Problem 273 Optional Team Case Project 274 Problem 274 15 Wireless Network Security 275 1 Cellular Networks 276 Cellular Telephone Networks 276 802.11 Wireless LANs 276 2 Wireless Ad hoc Networks 277 Wireless Sensor Networks 277 Wireless Multimedia Sensor Networks 277 Internet of Things 278 Mesh Networks 278 3 Security Protocols 278 4 WEP 278 WPA and WPA2 279 WPA 279 WPA2 280 SPINS: Security Protocols for Sensor Networks 280 SNEP 280 μT̿SLA 281 5 Secure Routing 281 SEAD 281 Ariadne 282 6 ARAN 283 7 SLSP 283 8 Key Establishment 284 Bootstrapping 284 Bootstrapping in Wireless Ad Hoc Networks 284 Bootstrapping in Wireless Sensor Networks 284 Key Management 285 Classification 285 Contributory Schemes 285 Diffie-hellman Key Exchange 285 9 ING 285 Hypercube and Octopus 286 Distributed Schemes 286 Partially Distributed Threshold CA Scheme 286 Self-organized Key Management 286 Self-Healing Session Key Distribution 287 10 Management Countermeasures 287 11 Summary 288 Chapter Review Questions/Exercises 288 True/False 288 Multiple Choice 289 Exercise 289 Problem 289 Hands-On Projects 289 Project 289 Case Projects 289 Problem 289 Optional Team Case Project 289 Problem 289 References 289 16 Wireless Sensor Network Security 291 1 Introduction to the Wireless Sensor Network 291 WSN Architecture and Protocol Stack 291 Application Layer 291 Middleware 292 Transport Layer 292 Network Layer 292 Data Link Layer 292 Physical Layer 292 Mobility Plane 293 Power Plane 293 Task Management Plane 293 Vulnerabilities and Attacks on WSN 293 Passive Attack 293 Active Attack 293 2 Threats to Privacy 294 Reconnaissance 294 Eavesdropping 294 Threats to Control 294 Man-in-the-Middle Attack 294 Radio Interference 294 Injection Attack 294 Replay Attack 294 Byzantine Attack 294 Sybil Attack 295 Sinkhole Attack 295 Threats to Availability 295 Denial of Service 295 HELLO Flood Attack 295 Jamming 296 Collision 296 Node Compromise 296 Attacks Specific to WSN 296 Attacks on Beaconing Protocol 296 Attacks on Geographic- and Energy-Aware Routing 297 Security in WSN Using a Layered Approach 297 Security Measures in the Physical Layer 297 Security Measures in the Data Link Layer 298 3 Security Measures for WSN 298 Authentication 298 Lightweight Private Key Infrastructure 299 Key Management in WSN 299 Symmetric Key Algorithms 300 Fully Pairwise-Shared Keys 300 Trusted Server Mechanisms 300 λ-Secure n×n Key-Establishment Schemes 300 Random Key-Predistribution Schemes 300 Basic Random Key-Predistribution Scheme 301 Phase I: Key Predistribution 301 Phase II: Shared-Key Discovery 301 Phase III: Path-Key Establishment 301 q-Composite Scheme 301 Random Pairwise Key Scheme 303 Multispace Key Schemes 303 Deterministic Key-Predistribution Schemes 304 Public Key Algorithms 304 4 Secure Routing in WSN 304 5 Routing Classifications in WSN 304 Datacentric Communication 304 Location Information 305 Network Layering and In-Network Processing 305 Path Redundancy 306 Quality of Service 306 References 311 17 Cellular Network Security 313 1 Introduction 313 2 Overview of Cellular Networks 313 Overall Cellular Network Architecture 314 Core Network Organization 314 Call Delivery Service 315 3 The State of the Art of Cellular Network Security 316 Security in the Radio Access Network 316 Security in Core Network 317 Security Implications of Internet Connectivity 318 Security Implications of PSTN Connectivity 318 4 Cellular Network Attack Taxonomy 318 Abstract Model 319 Abstract Model Findings 320 Interactions 320 Sample Cascading Attack 320 Cross-Infrastructure Cyber Cascading Attacks 321 Isolating Vulnerabilities 321 5 Cellular Network Vulnerability Analysis 324 Cellular Network Vulnerability Assessment Toolkit 325 Cascading Effect Detection Rules 325 Attack Graph 325 Condition Nodes 325 Action Nodes 326 Goal Nodes 326 Edges 326 Trees 327 Attack Scenario Derivation 327 End-User effect 327 Origin of Attack 327 Attack Propagation and Side Effects 327 Example Attack Scenario 327 Advanced Cellular Network Vulnerability Assessment Toolkit 328 Network Dependency Model 328 Infection Propagation 329 Alerting Attack 329 Cellular Network Vulnerability Assessment Toolkit for Evaluation 329 Boolean Probabilities 329 Attack Graph Marking 329 Hotspots 330 Coverage Measurement Formulas 331 6 Summary 331 Chapter Review Questions/Exercises 332 True/False 332 Multiple Choice 332 Exercise 332 Problem 332 Hands-On Projects 332 Project 332 Case Projects 332 Problem 332 Optional Team Case Project 333 Problem 333 References 333 18 RFID Security 334 1 RFID Introduction 334 RFID System Architecture 334 Tags 334 RFID Readers 335 Back-End Database 336 RFID Standards 336 RFID Applications 337 2 RFID Challenges 338 Counterfeiting 338 Sniffing 338 Tracking 338 Other Issues 339 Spoofing 339 Repudiation 340 Insert Attacks 340 Replay Attacks 340 Physical Attacks 340 Viruses 340 Social Issues 340 Comparison of All Challenges 341 3 RFID Protections 342 Basic RFID System 342 RFID System Using Symmetric-Key Cryptography 343 Using the Symmetric Key to Provide Authentication and Privacy 343 Other Symmetric-Key Cryptography-based Approaches 344 RFID System using Public-Key Cryptography 345 Authentication with Public-Key Cryptography 345 Identity-Based Cryptography Used in the RFID Networks 346 4 Summary 348 Chapter Review Questions/Exercises 348 True/False 348 Multiple Choice 348 Exercise 348 Problem 348 Hands-On Projects 349 Project 349 Case Projects 349 Problem 349 Optional Team Case Project 349 Problem 349 References 349 19 Optical Network Security 351 1 Optical Networks 351 Fiber 351 Refraction of Light 351 Refractive Index 352 Total Internal Reflection 352 Single Mode Versus Multimode 353 Layers Within Sites 353 2 Securing Optical Networks 354 Techniques 354 Fourier Analysis 354 Statement of the Equation 354 3 Identifying Vulnerabilities 355 Signal Intelligence 355 Access to Equipment 356 4 Corrective Actions 356 Securing Equipment 356 Encryption 356 5 Summary 357 Chapter Review Questions/Exercises 357 True/False 357 Multiple Choice 357 Exercise 358 Problem 358 Hands-On Projects 358 Project 358 Case Projects 358 Problem 358 Optional Team Case Project 358 Problem 358 References 358 20 Optical Wireless Security 359 1 Optical Wireless Systems Overview 359 History 359 Today 359 Theory of Operation 359 2 Deployment Architectures 360 Mesh 360 Ring 360 Point to Point 361 3 High Bandwidth 361 4 Low Cost 361 5 Implementation 361 6 Surface Area 361 7 Summary 363 Chapter Review Questions/Exercises 363 True/False 363 Multiple Choice 363 Exercise 364 Problem 364 Hands-On Projects 364 Project 364 Case Projects 364 Problem 364 Optional Team Case Project 364 Problem 364 21 Information Security Essentials for IT Managers: Protecting Mission-Critical Systems 365 1 Information Security Essentials for it Managers, Overview 365 Scope of Information Security Management 365 CISSP Ten Domains of Information Security 365 What is a Threat? 366 Common Attacks 368 Impact of Security Breaches 368 2 Protecting Mission-Critical Systems 371 Information Assurance 371 Information Risk Management 372 Administrative, Technical, and Physical Controls 372 Risk Analysis 372 Defense in Depth 373 Contingency Planning 373 An Incident Response 373 Business Continuity Planning 375 3 Information Security from the Ground Up 375 Physical Security 376 Facility Requirements 376 Administrative, Technical, and Physical Controls 377 Data Security 377 Data Classification 377 Access Control Models 377 Systems and Network Security 378 Host-Based Security 378 Network-Based Security 379 Intrusion Detection 379 Intrusion Prevention 380 Business Communications Security 380 General Rules for Self-Protection 381 Handling Protection Resources 381 Rules for Mobile IT Systems 381 Operation on Open Networks 381 Additional Business Communications Guidelines 382 Wireless Security 382 Access Control 383 Confidentiality 383 Integrity 383 Availability 384 Enhancing Security Controls 384 Web and Application Security 385 Web Security 386 Application Security 386 Security Policies and Procedures 387 Security Employee Training and Awareness 387 The Ten Commandments of SETA 388 4 Security Monitoring and Effectiveness 388 Security Monitoring Mechanisms 389 Incidence Response and Forensic Investigations 390 Validating Security Effectiveness 390 Vulnerability Assessments and Penetration Tests 391 5 Summary 391 Chapter Review Questions/Exercises 392 True/False 392 Multiple Choice 392 Exercise 393 Problem 393 Hands-On Projects 393 Project 393 Case Projects 393 Problem 393 Optional Team Case Project 393 Problem 393 22 Security Management Systems 394 1 Security Management System Standards 394 2 Training Requirements 394 3 Principles of Information Security 395 4 Roles and Responsibilities of Personnel 395 5 Security Policies 395 6 Security Controls 396 7 Network Access 396 8 Risk Assessment 396 9 Incident Response 396 10 Summary 398 Chapter Review Questions/Exercises 398 True/False 398 Multiple Choice 398 Exercise 398 Problem 398 Hands-On Projects 398 Project 398 Case Projects 399 Problem 399 Optional Team Case Project 399 Problem 399 23 Policy-driven System Management 400 1 Introduction 400 2 Security and Policy-based Management 400 System Architecture and Security Management 400 The Promise of Policy-based Management 401 Policy Basics 402 Policy Hierarchy and Refinement 403 Policy Organization and Conflicts 404 Policy Distribution 404 Generic Policy Architecture 405 Autonomic Computing 406 Accreditation 406 3 Classification and Languages 406 Security Objectives 412 Security Principles 413 Access Control Models 414 4 Controls for Enforcing Security Policies in Distributed Systems 415 Criteria for Control Selection 416 Firewall Technologies 417 Channel and Message Protection Technologies 419 5 Products and Technologies 421 SAP Access Control 421 Microsoft Group Policy 421 CISCO 422 XACML 423 SELinux 424 6 Research Projects 425 Ponder 425 PoSecCo 426 System and Security Model 426 Requirements Engineering 428 Policy Specification and Harmonization 428 Policy Refinement and Optimization 429 Configuration Validation and Audit 429 7 Summary 430 Chapter Review Questions/Exercises 431 True/False 431 Multiple Choice 431 Exercise 431 Problem 431 Hands-On Projects 431 Project 431 Case Projects 431 Problem 431 Optional Team Case Project 431 Problem 431 Acknowledgments 431 References 432 24 Information Technology Security Management 434 1 Information Security Management Standards 434 Federal Information Security Management Act 434 International Standards Organization 434 2 Other Organizations Involved in Standards 435 3 Information Technology Security Aspects 435 Security Policies and Procedures 435 Security Organization Structure 437 End User 437 Exec Part I: Overview of System and Network Security: A Comprehensive Introduction 1. Building a Secure Organization 2. A Cryptography Primer 3. Detecting System Intrusions 4. Preventing System Intrusions 5. Guarding Against Network Intrusions 6. Securing Cloud Computing Systems 7. Fault Tolerance and Resilience in Cloud Computing Environments 8. Securing Web Applications, Services, and Servers 9. Unix and Linux Security 10. Eliminating the Security Weakness of Linux and Unix Operating Systems 11. Internet Security 12. The Botnet Problem 13. Intranet Security 14. Local Area Network Security 15. Wireless Network Security 16. Wireless Sensor Network Security 17. Cellular Network Security 18. RFID Security 19. Optical Network Security 20. Optical Wireless Security Part II: Managing Information Security 21. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems 22. Security Management Systems 23. Policy-driven System Management 24. Information Technology Security Management 25. Online Identity and User Management Services 26. Intrusion Prevention and Detection Systems 27. TCP/IP Packet Analysis 28. The Enemy 29. Firewalls 30. Penetration Testing 31. What is Vulnerability Assessment? 32. Security Metrics: An Introduction and Literature Review Part III: Cyber, Network, And Systems Forensics Security And Assurance 33. Cyber Forensics 34. Cyber Forensics and Incident Response 35. Securing e-Discovery 36. Network Forensics Part IV: Encryption Technology 37. Data Encryption 38. Satellite Encryption 39. Public Key Infrastructur 40. Password-based Authenticated Key Establishment Protocols 41. Instant-Messaging Security Part V: Privacy And Access Management 42. Privacy on the Internet 43. Privacy-Enhancing Technologies 44. Personal Privacy Policies 45. Detection of Conflicts in Security Policies 46. Supporting User Privacy Preferences in Digital Interactions 47. Privacy and Security in Environmental Monitoring Systems: Issues and Solutions 48. Virtual Private Networkse 49. Identity Theft 50. VoIP Security Part VI: Storage Security 51. SAN Security 52. Storage Area Networking Security Devices 53. Risk Management Part VII: Physical Security 54. Physical Security Essentials 55. Disaster Recovery 56. Biometrics 57. Homeland Security 58. Cyber Warfare 59. System Security 60. Securing the Infrastructure 61. Access Controls 62. Assessments and Audits 63. Fundamentals of Cryptography Part IX: Advanced Security 64. Security Through Diversity 65. Online e-Reputation Management Services 66. Content Filtering 67. Data Loss Protection 68. Satellite Cyber Attack Search and Destroy 69. Verifiable Voting Systems 70. Advanced Data Encryption Part X: Appendices Appendix A. Configuring Authentication Service on Microsoft Windows 7 Appendix B. Security Management and Resiliency Appendix C. List of Top Information and Network Security Implementation and Deployment Companies Appendix D. List of Security Products Appendix E. List of Security Standards Appendix F. List of Miscellaneous Security Resources Appendix G. Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security Appendix H. Configuring Wireless Internet Security Remote Access Appendix I. Frequently Asked Questions Appendix J. Case Studies