Table Of Content

Cybersecurity Chapman & Hall/CRC Textbooks in Computing Series Editors John Impagliazzo Andrew McGettrick Pascal Hitzler, Markus Krötzsch, and Sebastian Rudolph, Foundations of Semantic Web Technologies Henrik Bærbak Christensen, Flexible, Reliable Software: Using Patterns and Agile Development John S. Conery, Explorations in Computing: An Introduction to Computer Science Lisa C. Kaczmarczyk, Computers and Society: Computing for Good Mark Johnson, A Concise Introduction to Programming in Python Paul Anderson, Web 2.0 and Beyond: Principles and Technologies Henry Walker, The Tao of Computing, Second Edition Ted Herman, A Functional Start to Computing with Python Mark Johnson, A Concise Introduction to Data Structures Using Java David D. Riley and Kenny A. Hunt, Computational Thinking for the Modern Problem Solver Bill Manaris and Andrew R. Brown, Making Music with Computers: Creative Programming in Python John S. Conery, Explorations in Computing: An Introduction to Computer Science and Python Programming Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Programming Efrem G. Mallach, Information Systems: What Every Business Student Needs to Know Iztok Fajfar, Start Programming Using HTML, CSS, and JavaScript Mark C. Lewis and Lisa L. Lacher, Introduction to Programming and Problem-Solving Using Scala, Sec- ond Edition Aharon Yadin, Computer Systems Architecture Mark C. Lewis and Lisa L. Lacher, Object-Orientation, Abstraction, and Data Structures Using Scala, Second Edition Henry M. Walker, Teaching Computing: A Practitioner’s Perspective Efrem G. Mallach, Information Systems:What Every Business Student Needs to Know, Second Edition Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Pro- gramming, Second Edition Henrique M. D. Santos, Cybersecurity: A Practical Engineering Approach For more information about this series please visit: https://www.routledge.com/Chapman--HallCRC-Textbooks-in-Computing/book-series/ CANDHTEXCOMSER Cybersecurity A Practical Engineering Approach Henrique M. D. Santos First edition published 2022 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2022 Henrique M. D. Santos Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowl- edged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including pho- tocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging‑in‑Publication Data Names: Santos, Henrique, 1960- author. Title: Cybersecurity : a practical engineering approach / Henrique M. D. Santos. Description: First edition. | Boca Raton : CRC Press, 2022. | Series: Chapman & Hall/CRC textbooks in computing | Includes bibliographical references and index. Identifiers: LCCN 2021049495 | ISBN 9780367252427 (hbk) | ISBN 9781032211305 (pbk) | ISBN 9780429286742 (ebk) Subjects: LCSH: Computer networks--Security measures. | Computer security. Classification: LCC TK5105.59 .S2595 2022 | DDC 005.8--dc23/eng/20220103 LC record available at https://lccn.loc.gov/2021049495 ISBN: 978-0-367-25242-7 (hbk) ISBN: 978-1-032-21130-5 (pbk) ISBN: 978-0-429-28674-2 (ebk) DOI: 10.1201/9780429286742 Typeset in Computer Modern by KnowledgeWorks Global Ltd. Publisher’s note: This book has been prepared from camera-ready copy provided by the authors. Access the Support Material: https://hsantos.dsi.uminho.pt/cybersecengbook-crc To my wife and my sons (extending to the daughters they have chosen and the grandsons that delight me). To my parents Contents List of Figures xiii List of Tables xv Foreword xvii Preface xix Contributors xxv Chapter 1(cid:4) Cybersecurity Fundamentals 1 1.1 SUMMARY 1 1.2 INTRODUCTION 2 1.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 5 1.4 INFORMATIONSECURITYMODELBASEDONISO/IEC27001 6 1.4.1 Main Information Security Properties 8 1.4.2 Resource or Asset 9 1.4.3 Security Events and Incidents 9 1.4.4 Threats 10 1.4.5 Attack 10 1.4.6 Vulnerability 11 1.4.7 Security Controls 13 1.4.8 Cybersecurity Risk 13 1.4.9 InfoSec Model Implementation 14 1.5 RISKASSESSMENTBASIS 15 1.5.1 Risk Analysis 16 1.5.2 Risk Evaluation 17 1.6 SECURITYCONTROLS 18 1.7 EXERCISES 22 1.8 INFORMATIONSECURITYEVALUATION 25 1.8.1 Security Metrics and Measurements 26 vii viii (cid:4) Contents 1.8.1.1 The Effect of Maturity 28 1.8.1.2 Details about Metrics 30 1.9 CYBERSECURITYLABREQUIREMENTSANDIMPLEMENTATION 34 1.9.1 Host Machine 35 1.9.2 Virtualization Platform 36 1.9.3 Network Issues 38 1.9.4 External Interface and Integration Issues 40 Chapter 2(cid:4) Access Control Techniques 45 2.1 SUMMARY 45 2.2 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 46 2.3 ACCESSCONTROLFUNDAMENTALS 47 2.3.1 Basic Components 48 2.4 ACCESSCONTROLMODELS 53 2.4.1 Specification Languages 55 2.4.2 Bell-Lapadula Model 56 2.4.3 Biba Model 57 2.4.4 Clark-Wilson Model 58 2.4.5 Chinese Wall Model 59 2.4.6 Lattices for Multilevel Models 60 2.5 NETWORKACCESSCONTROL 62 2.5.1 RADIUS 63 2.5.2 TACACS+ 64 2.5.3 802.1X Authentication 65 2.5.4 Kerberos 66 2.6 EXERCISES 67 2.7 AUTHENTICATIONMODALITIES 69 2.7.1 Knowledge-Based 70 2.7.2 Token-Based 73 2.7.3 ID-Based (Biometrics) 74 2.7.4 Multimodal Authentication 78 2.8 IDENTITYMANAGEMENT 79 2.8.1 A Framework for IdM in Cyberspace 79 Contents (cid:4) ix Chapter 3(cid:4) Basic Cryptography Operations 87 3.1 SUMMARY 87 3.2 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 88 3.3 CONCEPTSANDTERMINOLOGY 89 3.3.1 Key-Based Algorithms 90 3.3.1.1 Symmetric Key Algorithms 90 3.3.1.2 Public-Key Algorithms 93 3.3.1.3 Attack Types 97 3.3.2 Hash Functions 98 3.3.3 Digital Signatures 99 3.3.4 Key Management Issues 101 3.3.5 Email Security Protocols 106 3.3.6 Public-Key Infrastructures (PKI) 107 3.4 PKITOOLS 109 3.5 EXERCISES 110 3.5.1 Basic Tasks 111 3.5.2 Advanced Tasks 125 Chapter 4(cid:4) Internet and Web Communication Models 131 4.1 SUMMARY 131 4.2 COMPUTERNETWORKFUNDAMENTALS 132 4.2.1 Link Level 133 4.2.2 Network Level 135 4.2.2.1 ICMP Protocol 140 4.2.2.2 Security Issues at the Link Level 141 4.2.3 Transport Level 142 4.2.3.1 TCP 142 4.2.3.2 UDP 143 4.2.3.3 Security Issues at the Transport Level 144 4.2.4 Application Level 146 4.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 151 4.4 NETWORKANALYSISTOOLS 152 4.5 NETWORKTRAFFICANOMALYSIGNS 159 4.6 ANALYSISSTRATEGY 160 4.7 EXERCISES 163 x (cid:4) Contents Chapter 5(cid:4) Synthesis of Perimeter Security Technologies 171 5.1 SUMMARY 171 5.2 PRELIMINARYCONSIDERATIONS 172 5.2.1 Defense in Depth 172 5.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 177 5.4 FIREWALLS 178 5.4.1 Netfilter/Iptables – Where It All Begins 179 5.4.2 Iptables – Looking into the Future 185 5.4.3 Firewall Types 185 5.5 EXERCISE–FIREWALL 188 5.5.1 Summary of Tasks 189 5.5.2 Basic Tasks 189 5.5.3 Advanced Tasks 195 5.6 INTRUSIONDETECTIONSYSTEMS(IDS) 202 5.6.1 IDS Types 204 5.6.2 IDS Evaluation 206 5.7 EXERCISE–INTRUSIONDETECTION 210 5.7.1 Summary of Tasks 211 5.7.2 Basic Tasks 211 5.7.3 Advanced Tasks 218 5.7.4 Recommended Complementary Tasks 224 5.8 NETWORKANDTRANSPORTSECURITYPROTOCOLS 240 5.8.1 VPNs 241 5.8.2 TLS/SSL 247 5.8.3 SSH 249 5.8.4 IPSec 251 5.9 EXERCISE–SECURITYPROTOCOLS 254 Chapter 6(cid:4) Anatomy of Network and Computer Attacks 261 6.1 SUMMARY 261 6.2 INTRODUCTIONTOPENTEST 261 6.2.1 Types of Pentest 264 6.2.2 Pentest Limitations 265 6.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 266

ebook img

Cybersecurity: A Practical Engineering Approach PDF

340 Pages·2022·11.407 MB·English
by  Henrique M. D. Santos
#Computers #Security
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cybersecurity: A Practical Engineering Approach

Cybersecurity Chapman & Hall/CRC Textbooks in Computing Series Editors John Impagliazzo Andrew McGettrick Pascal Hitzler, Markus Krötzsch, and Sebastian Rudolph, Foundations of Semantic Web Technologies Henrik Bærbak Christensen, Flexible, Reliable Software: Using Patterns and Agile Development John S. Conery, Explorations in Computing: An Introduction to Computer Science Lisa C. Kaczmarczyk, Computers and Society: Computing for Good Mark Johnson, A Concise Introduction to Programming in Python Paul Anderson, Web 2.0 and Beyond: Principles and Technologies Henry Walker, The Tao of Computing, Second Edition Ted Herman, A Functional Start to Computing with Python Mark Johnson, A Concise Introduction to Data Structures Using Java David D. Riley and Kenny A. Hunt, Computational Thinking for the Modern Problem Solver Bill Manaris and Andrew R. Brown, Making Music with Computers: Creative Programming in Python John S. Conery, Explorations in Computing: An Introduction to Computer Science and Python Programming Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Programming Efrem G. Mallach, Information Systems: What Every Business Student Needs to Know Iztok Fajfar, Start Programming Using HTML, CSS, and JavaScript Mark C. Lewis and Lisa L. Lacher, Introduction to Programming and Problem-Solving Using Scala, Sec- ond Edition Aharon Yadin, Computer Systems Architecture Mark C. Lewis and Lisa L. Lacher, Object-Orientation, Abstraction, and Data Structures Using Scala, Second Edition Henry M. Walker, Teaching Computing: A Practitioner’s Perspective Efrem G. Mallach, Information Systems:What Every Business Student Needs to Know, Second Edition Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Pro- gramming, Second Edition Henrique M. D. Santos, Cybersecurity: A Practical Engineering Approach For more information about this series please visit: https://www.routledge.com/Chapman--HallCRC-Textbooks-in-Computing/book-series/ CANDHTEXCOMSER Cybersecurity A Practical Engineering Approach Henrique M. D. Santos First edition published 2022 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2022 Henrique M. D. Santos Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowl- edged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including pho- tocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging‑in‑Publication Data Names: Santos, Henrique, 1960- author. Title: Cybersecurity : a practical engineering approach / Henrique M. D. Santos. Description: First edition. | Boca Raton : CRC Press, 2022. | Series: Chapman & Hall/CRC textbooks in computing | Includes bibliographical references and index. Identifiers: LCCN 2021049495 | ISBN 9780367252427 (hbk) | ISBN 9781032211305 (pbk) | ISBN 9780429286742 (ebk) Subjects: LCSH: Computer networks--Security measures. | Computer security. Classification: LCC TK5105.59 .S2595 2022 | DDC 005.8--dc23/eng/20220103 LC record available at https://lccn.loc.gov/2021049495 ISBN: 978-0-367-25242-7 (hbk) ISBN: 978-1-032-21130-5 (pbk) ISBN: 978-0-429-28674-2 (ebk) DOI: 10.1201/9780429286742 Typeset in Computer Modern by KnowledgeWorks Global Ltd. Publisher’s note: This book has been prepared from camera-ready copy provided by the authors. Access the Support Material: https://hsantos.dsi.uminho.pt/cybersecengbook-crc To my wife and my sons (extending to the daughters they have chosen and the grandsons that delight me). To my parents Contents List of Figures xiii List of Tables xv Foreword xvii Preface xix Contributors xxv Chapter 1(cid:4) Cybersecurity Fundamentals 1 1.1 SUMMARY 1 1.2 INTRODUCTION 2 1.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 5 1.4 INFORMATIONSECURITYMODELBASEDONISO/IEC27001 6 1.4.1 Main Information Security Properties 8 1.4.2 Resource or Asset 9 1.4.3 Security Events and Incidents 9 1.4.4 Threats 10 1.4.5 Attack 10 1.4.6 Vulnerability 11 1.4.7 Security Controls 13 1.4.8 Cybersecurity Risk 13 1.4.9 InfoSec Model Implementation 14 1.5 RISKASSESSMENTBASIS 15 1.5.1 Risk Analysis 16 1.5.2 Risk Evaluation 17 1.6 SECURITYCONTROLS 18 1.7 EXERCISES 22 1.8 INFORMATIONSECURITYEVALUATION 25 1.8.1 Security Metrics and Measurements 26 vii viii (cid:4) Contents 1.8.1.1 The Effect of Maturity 28 1.8.1.2 Details about Metrics 30 1.9 CYBERSECURITYLABREQUIREMENTSANDIMPLEMENTATION 34 1.9.1 Host Machine 35 1.9.2 Virtualization Platform 36 1.9.3 Network Issues 38 1.9.4 External Interface and Integration Issues 40 Chapter 2(cid:4) Access Control Techniques 45 2.1 SUMMARY 45 2.2 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 46 2.3 ACCESSCONTROLFUNDAMENTALS 47 2.3.1 Basic Components 48 2.4 ACCESSCONTROLMODELS 53 2.4.1 Specification Languages 55 2.4.2 Bell-Lapadula Model 56 2.4.3 Biba Model 57 2.4.4 Clark-Wilson Model 58 2.4.5 Chinese Wall Model 59 2.4.6 Lattices for Multilevel Models 60 2.5 NETWORKACCESSCONTROL 62 2.5.1 RADIUS 63 2.5.2 TACACS+ 64 2.5.3 802.1X Authentication 65 2.5.4 Kerberos 66 2.6 EXERCISES 67 2.7 AUTHENTICATIONMODALITIES 69 2.7.1 Knowledge-Based 70 2.7.2 Token-Based 73 2.7.3 ID-Based (Biometrics) 74 2.7.4 Multimodal Authentication 78 2.8 IDENTITYMANAGEMENT 79 2.8.1 A Framework for IdM in Cyberspace 79 Contents (cid:4) ix Chapter 3(cid:4) Basic Cryptography Operations 87 3.1 SUMMARY 87 3.2 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 88 3.3 CONCEPTSANDTERMINOLOGY 89 3.3.1 Key-Based Algorithms 90 3.3.1.1 Symmetric Key Algorithms 90 3.3.1.2 Public-Key Algorithms 93 3.3.1.3 Attack Types 97 3.3.2 Hash Functions 98 3.3.3 Digital Signatures 99 3.3.4 Key Management Issues 101 3.3.5 Email Security Protocols 106 3.3.6 Public-Key Infrastructures (PKI) 107 3.4 PKITOOLS 109 3.5 EXERCISES 110 3.5.1 Basic Tasks 111 3.5.2 Advanced Tasks 125 Chapter 4(cid:4) Internet and Web Communication Models 131 4.1 SUMMARY 131 4.2 COMPUTERNETWORKFUNDAMENTALS 132 4.2.1 Link Level 133 4.2.2 Network Level 135 4.2.2.1 ICMP Protocol 140 4.2.2.2 Security Issues at the Link Level 141 4.2.3 Transport Level 142 4.2.3.1 TCP 142 4.2.3.2 UDP 143 4.2.3.3 Security Issues at the Transport Level 144 4.2.4 Application Level 146 4.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 151 4.4 NETWORKANALYSISTOOLS 152 4.5 NETWORKTRAFFICANOMALYSIGNS 159 4.6 ANALYSISSTRATEGY 160 4.7 EXERCISES 163 x (cid:4) Contents Chapter 5(cid:4) Synthesis of Perimeter Security Technologies 171 5.1 SUMMARY 171 5.2 PRELIMINARYCONSIDERATIONS 172 5.2.1 Defense in Depth 172 5.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 177 5.4 FIREWALLS 178 5.4.1 Netfilter/Iptables – Where It All Begins 179 5.4.2 Iptables – Looking into the Future 185 5.4.3 Firewall Types 185 5.5 EXERCISE–FIREWALL 188 5.5.1 Summary of Tasks 189 5.5.2 Basic Tasks 189 5.5.3 Advanced Tasks 195 5.6 INTRUSIONDETECTIONSYSTEMS(IDS) 202 5.6.1 IDS Types 204 5.6.2 IDS Evaluation 206 5.7 EXERCISE–INTRUSIONDETECTION 210 5.7.1 Summary of Tasks 211 5.7.2 Basic Tasks 211 5.7.3 Advanced Tasks 218 5.7.4 Recommended Complementary Tasks 224 5.8 NETWORKANDTRANSPORTSECURITYPROTOCOLS 240 5.8.1 VPNs 241 5.8.2 TLS/SSL 247 5.8.3 SSH 249 5.8.4 IPSec 251 5.9 EXERCISE–SECURITYPROTOCOLS 254 Chapter 6(cid:4) Anatomy of Network and Computer Attacks 261 6.1 SUMMARY 261 6.2 INTRODUCTIONTOPENTEST 261 6.2.1 Types of Pentest 264 6.2.2 Pentest Limitations 265 6.3 PROBLEMSTATEMENTANDCHAPTEREXERCISEDESCRIPTION 266

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users