SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
Network Defense and Countermeasures:
Principles and Practices
Everything you need to know about modern network attacks and defense, in one book
Clearly explains core network security concepts, challenges, technologies, and skills
Thoroughly updated for the latest attacks and countermeasures
The perfect beginner’s guide for anyone interested in a network security career
Security is the IT industry’s hottest topic–and that’s where the hottest opportunities are, too. Organizations desperately need professionals who can help them safeguard against the most sophisticated attacks ever created–attacks from well-funded global criminal syndicates, and even governments.
Today, security begins with defending the organizational network. Network Defense and Countermeasures, Second Edition is today’s most complete, easy-to-understand introduction to modern network attacks and their effective defense.
From malware and DDoS attacks to firewalls and encryption, Chuck Easttom blends theoretical foundations with up-to-the-minute best-practice techniques. Starting with the absolute basics, he discusses crucial topics many security books overlook, including the emergence of network-based espionage and terrorism.
If you have a basic understanding of networks, that’s all the background you’ll need to succeed with this book: no math or advanced computer science is required. You’ll find projects, questions, exercises, case studies, links to expert resources, and a complete glossary–all designed to deepen your understanding and prepare you to defend real-world networks.
Chuck Easttom has worked in all aspects of IT, including network administration, software engineering, and IT management. For several years, he has taught IT topics in college and corporate environments, worked as an independent IT consultant, and served as an expert witness in court cases involving computers. He holds 28 industry certifications, including CISSP, ISSAP, Certified Ethical Hacker, Certified Hacking Forensics Investigator, EC Council Certified Security Administrator, and EC Council Certified Instructor. He served as subject matter expert for CompTIA in its development or revision of four certification tests, including Security+. He recently assisted the EC Council in developing its new advanced cryptography course. Easttom has authored 13 books on topics including computer security and crime.
Learn how to
n Understand essential network security concepts, challenges, and careers
n Learn how modern attacks work
n Discover how firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs) combine to protect modern networks
n Select the right security technologies for any network environment
n Use encryption to protect information
n Harden Windows and Linux systems and keep them patched
n Securely configure web browsers to resist attacks
n Defend against malware
n Define practical, enforceable security policies
n Use the “6 Ps” to assess technical and human aspects of system security
n Detect and fix system vulnerability
n Apply proven security standards and models, including Orange Book, Common Criteria, and Bell-LaPadula
n Ensure physical security and prepare for disaster recovery
n Know your enemy: learn basic hacking, and see how to counter it
n Understand standard forensic techniques and prepare for investigations of digital crime
Network Defense and Countermeasures: Assessing System Security
Download the sample pages (includes Chapter 12 and Index)
Pr>
Chapter 1: Introduction to Network Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Basics of a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
The OSI Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
What Does This Mean for Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Assessing Likely Threats to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Classifications of Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Likely Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Threat Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding Security Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Choosing a Network Security Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Network Security and the Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Using Security Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 2: Types of Attacks 38
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Understanding Denial of Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Defending Against Buffer Overflow Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Defending Against IP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Defending Against Session Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Blocking Virus and Trojan Horse Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Chapter 3: Fundamentals of Firewalls 72
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
What Is a Firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Implementing Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Selecting and Using a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Using Proxy Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 4: Firewall Practical Applications 96
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Using Single Machine Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Windows 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Linux Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Using Small Office/Home Office Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Using Medium-Sized Network Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Using Enterprise Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Chapter 5: Intrusion-Detection Systems 122
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Understanding IDS Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Understanding and Implementing IDS Systems . . . . . . . . . . . . . . . . . . . . . . . 126
Understanding and Implementing Honey Pots . . . . . . . . . . . . . . . . . . . . . . . . 130
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 6: Encryption Fundamentals 142
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
The History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Learning About Modern Encryption Methods . . . . . . . . . . . . . . . . . . . . . . . . . 148
Identifying Good Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Understanding Digital Signatures and Certificates . . . . . . . . . . . . . . . . . . . . . 155
Understanding and Using Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Cracking Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Steganalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Exploring the Future of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Chapter 7: Virtual Private Networks 170
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Basic VPN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Using VPN Protocols for VPN Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Implementing VPN Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Chapter 8: Operating System Hardening 192
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Configuring Windows Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Configuring Linux Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Patching the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Configuring Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Chapter 9: Defending Against Virus Attacks 228
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Understanding Virus Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Antivirus Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Additional Methods for Defending Your System . . . . . . . . . . . . . . . . . . . . . . . 249
What to Do If Your System Is Infected by a Virus . . . . . . . . . . . . . . . . . . . . . . 249
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Chapter 10: Defending Against Trojan Horses, Spyware, and Adware 258
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Spyware and Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Chapter 11: Security Policies 280
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Defining System Administration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Defining Developmental Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Chapter 12: Assessing System Security 302
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Evaluating the Security Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Making the Initial Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Probing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Security Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Chapter 13: Security Standards 338
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Using the Orange Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Using the Rainbow Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Using the Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Using Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
U.S. Federal Regulations, Guidelines, and Standards . . . . . . . . . . . . . . . . . . 356
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Chapter 14: Physical Security and Disaster Recovery 366
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Ensuring Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Chapter 15: Techniques Used by Attackers 376
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Preparing to Hack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
The Attack Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Chapter 16: Introduction to Forensics 396
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
General Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
FBI Forensics Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Gathering Evidence from a Cell Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Forensic Tools to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Chapter 17: Cyber Terrorism 414
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Defending Against Computer-Based Espionage . . . . . . . . . . . . . . . . . . . . . . . 415
Defending Against Computer-Based Terrorism . . . . . . . . . . . . . . . . . . . . . . . . 421
Choosing Defense Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Appendix A: References 440
Glossary 444
Index 454