ebook img

Network Security PDF

333 Pages·2004·5.756 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Network Security

4374FM.fm Page i Tuesday, August 10, 2004 8:16 PM Network Security Foundations 4374FM.fm Page ii Tuesday, August 10, 2004 8:16 PM 4374FM.fm Page iii Tuesday, August 10, 2004 8:16 PM Network Security Foundations Matthew Strebe San Francisco ◆ London 4374FM.fm Page iv Tuesday, August 10, 2004 8:16 PM Associate Publisher: Neil Edde Acquisitions and Developmental Editor: Maureen Adams Production Editor: Elizabeth Campbell Technical Editor: Donald Fuller Copyeditor: Judy Flynn Compositor: Laurie Stewart, Happenstance Type-o-Rama Proofreaders: Laurie O’Connell, Nancy Riddiough Indexer: Nancy Guenther Book Designer: Judy Fung Cover Design: Ingalls + Associates Cover Photo: Jerry Driendl, Taxi Copyright © 2004 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. An earlier version of this book was published under the title Network Security Jumpstart © 2002 SYBEX Inc. Library of Congress Card Number: 2004109315 ISBN: 0-7821-4374-1 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. Screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 4374FM.fm Page v Tuesday, August 10, 2004 8:16 PM To Kira Rayleigh Strebe Kira Lyra Loo, I love you 4374FM.fm Page vi Tuesday, August 10, 2004 8:16 PM Acknowledgments My wife does an amazing job of handling our life, our house, and our kids so that I can run a business and write books. Without her, none of my books would have been written. I’d like to thank Seanna for prying off and losing the keycaps of the non-critical laptop, Nathan for only losing the ball out of the trackball twice during the production of this book, and Kira for not being able to walk yet and for not choking on the keycap she found under the couch. I’d like to thank Maureen Adams, who is my friend more than my editor, for suggesting this title and steering it through the process. Elizabeth Campbell did an expert job managing the flurry of e-mail that constitutes the modern writing process, and did so with an infectious enthusiasm that made the process easy. Judy Flynn expanded the acronyms, excised the jargon (well, some of it, anyway), clarified the odd constructions, and corrected the capitalization (or standardized it, at least). Without her, this book would have been much harder to understand. Thanks also to the CD team of Dan Mummert and Kevin Ly for their work on the companion CD. 4374FM.fm Page vii Tuesday, August 10, 2004 8:16 PM Contents Introduction xv Chapter 1 Security Principles 1 Why Computers Aren’t Secure . . . . . . . . . . . . . . . . . . . . . . 2 The History of Computer Security . . . . . . . . . . . . . . . . . . . 4 –1945 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1945–1955 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1955–1965 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1965–1975 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1975–1985 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1985–1995 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1995–2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2005– . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Chain of Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Chapter 2 Understanding Hacking 19 What Is Hacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Types of Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Security Experts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Underemployed Adult Hackers . . . . . . . . . . . . . . . . . . 21 Ideological Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Criminal Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Corporate Spies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Disgruntled Employees . . . . . . . . . . . . . . . . . . . . . . . . 24 Vectors That Hackers Exploit . . . . . . . . . . . . . . . . . . . . . 24 Direct Intrusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Dial-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4374FM.fm Page viii Tuesday, August 10, 2004 8:16 PM viii Contents Hacking Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Target Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . 29 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Chapter 3 Encryption and Authentication 39 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Secret Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 41 One-Way Functions (Hashes) . . . . . . . . . . . . . . . . . . . 41 Public Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 43 Hybrid Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . 44 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Password Authentication . . . . . . . . . . . . . . . . . . . . . . . 45 Session Authentication . . . . . . . . . . . . . . . . . . . . . . . . 47 Public Key Authentication . . . . . . . . . . . . . . . . . . . . . . 48 Certificate-Based Authentication . . . . . . . . . . . . . . . . . 49 Biometric Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 50 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Chapter 4 Managing Security 53 Developing a Security Policy . . . . . . . . . . . . . . . . . . . . . . 54 Creating a Policy Requirements Outline . . . . . . . . . . . 54 Security Policy Best Practices . . . . . . . . . . . . . . . . . . . . 58 Implementing Security Policy . . . . . . . . . . . . . . . . . . . . . . 63 Applying Automated Policy . . . . . . . . . . . . . . . . . . . . . 64 Human Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Updating the Security Policy . . . . . . . . . . . . . . . . . . . . . . 67 The Security Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Chapter 5 Border Security 71 Principles of Border Security . . . . . . . . . . . . . . . . . . . . . . 72 Understanding Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . 74 Fundamental Firewall Functions . . . . . . . . . . . . . . . . . 74 Firewall Privacy Services . . . . . . . . . . . . . . . . . . . . . . . 82 Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . 83 Other Border Services . . . . . . . . . . . . . . . . . . . . . . . . . 83 4374FM.fm Page ix Tuesday, August 10, 2004 8:16 PM Contents ix Selecting a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Chapter 6 Virtual Private Networks 87 Virtual Private Networking Explained . . . . . . . . . . . . . . . 88 IP Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Cryptographic Authentication . . . . . . . . . . . . . . . . . . . 89 Data Payload Encryption . . . . . . . . . . . . . . . . . . . . . . . 90 Characteristics of VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Common VPN Implementations . . . . . . . . . . . . . . . . . . . 91 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 PPP/SSL or PPP/SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 95 VPN Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Chapter 7 Securing Remote and Home Users 101 The Remote Security Problem . . . . . . . . . . . . . . . . . . . . 102 Virtual Private Security Holes . . . . . . . . . . . . . . . . . . 102 Laptops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Protecting Remote Machines . . . . . . . . . . . . . . . . . . . . . 103 VPN Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Data Protection and Reliability . . . . . . . . . . . . . . . . . 106 Backups and Archiving . . . . . . . . . . . . . . . . . . . . . . . 106 Protecting against Remote Users . . . . . . . . . . . . . . . . . . 107 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Chapter 8 Malware and Virus Protection 111 Understanding Malware . . . . . . . . . . . . . . . . . . . . . . . . . 112 Understanding Viruses . . . . . . . . . . . . . . . . . . . . . . . . 112 Virus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Natural Immunity . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Active Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Understanding Worms and Trojan Horses . . . . . . . . . . . 119 Protecting Against Worms . . . . . . . . . . . . . . . . . . . . . 121 Implementing Virus Protection . . . . . . . . . . . . . . . . . . . . 121 4374FM.fm Page x Tuesday, August 10, 2004 8:16 PM x Contents Client Virus Protection . . . . . . . . . . . . . . . . . . . . . . . 122 Server-Based Virus Protection . . . . . . . . . . . . . . . . . . 123 E-Mail Gateway Virus Protection . . . . . . . . . . . . . . . 124 Firewall-Based Virus Protection . . . . . . . . . . . . . . . . . 124 Enterprise Virus Protection . . . . . . . . . . . . . . . . . . . . 125 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Chapter 9 Creating Fault Tolerance 127 Causes for Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Human Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Routine Failure Events . . . . . . . . . . . . . . . . . . . . . . . 128 Crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Environmental Events . . . . . . . . . . . . . . . . . . . . . . . . 132 Fault Tolerance Measures . . . . . . . . . . . . . . . . . . . . . . . 133 Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Uninterruptible Power Supplies (UPSs) and Power Generators . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Redundant Array of Independent Disks (RAID) . . . . 139 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Border Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Offsite Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Deployment Testing . . . . . . . . . . . . . . . . . . . . . . . . . 142 Circuit Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Clustered Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Chapter 10 Windows Security 149 Windows Local Security . . . . . . . . . . . . . . . . . . . . . . . . 150 Security Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Resource Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Objects and Permissions . . . . . . . . . . . . . . . . . . . . . . 154 NTFS File System Permissions . . . . . . . . . . . . . . . . . . 157 Encrypting File System (EFS) . . . . . . . . . . . . . . . . . . . 158 Windows Network Security . . . . . . . . . . . . . . . . . . . . . . 159 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Kerberos Authentication and Domain Security . . . . . 160 Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.