ebook img

Network security : know it all PDF

363 Pages·2008·5.443 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Network security : know it all

Network Security Know It All Network Security Know It All James Joshi James D. McCabe Saurabh Bagchi Lionel M. Ni Bruce S. Davie Larry L. Peterson Adrian Farrel Rajiv Ramaswami Bingrui Foo Kumar N. Sivarajan Vijay K. Garg Eugene H. Spafford Matthew W. Glause George Varghese Gaspar Modelo-Howard Yu-Sung Wu Prashant Krishnamurthy Pei Zheng Pete Loshin AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Morgan Kaufmann is an imprint of Elsevier Contents About the Authors .................................................................................................ix CHAPTER 1 Network Security Overview ........................................1 1.1 Cryptographic Tools. .....................................................................2 1.2 Key Predistribution .....................................................................12 1.3 Authentication Protocols ............................................................17 1.4 Secure Systems ...........................................................................25 1.5 Firewalls ......................................................................................38 1.6 Conclusion ..................................................................................42 Further Reading .................................................................................44 CHAPTER 2 Network Attacks ......................................................47 2.1 Introduction ................................................................................47 2.2 Network Attacks and Security Issues ..........................................47 2.3 Protection and Prevention ..........................................................54 2.4 Detection ....................................................................................61 2.5 Assessment and Response ..........................................................62 2.6 Conclusion ..................................................................................63 References .........................................................................................63 CHAPTER 3 Security and Privacy Architecture ............................65 3.1 Objectives ...................................................................................65 3.2 Background .................................................................................66 3.3 Developing a Security and Privacy Plan .....................................67 3.4 Security and Privacy Administration ...........................................68 3.5 Security and Privacy Mechanisms ...............................................72 3.6 Architectural Considerations ......................................................80 3.7 Conclusion ..................................................................................85 CHAPTER 4 Network Security Algorithms ....................................87 4.1 Searching for Multiple Strings in Packet Payloads ......................89 4.2 Approximate String Matching. ....................................................93 4.3 IP Traceback via Probabilistic Marking .......................................95 4.4 IP Traceback via Logging ............................................................99 4.5 Detecting Worms ......................................................................102 4.6 Conclusion ................................................................................105 v vi Contents CHAPTER 5 Concepts in IP Security ........................................107 5.1 The Need for Security ............................................................108 5.2 Choosing Where to Apply Security .........................................110 5.3 Components of Security Models ............................................114 5.4 IPsec .......................................................................................118 5.5 Transport-Layer Security .........................................................125 5.6 Securing the Hypertext Transfer Protocol ..............................132 5.7 Hashing and Encryption: Algorithms and Keys ......................133 5.8 Exchanging Keys ....................................................................140 Further Reading ...............................................................................146 CHAPTER 6 IP Security in Practice .........................................149 6.1 IP Security Issues ....................................................................150 6.2 Security Goals .........................................................................152 6.3 Encryption and Authentication Algorithms ............................155 6.4 IPsec: The Protocols ...............................................................160 6.5 IP and IPsec ............................................................................162 6.6 Implementing and Deploying IPsec .......................................172 6.7 Conclusion .............................................................................173 CHAPTER 7 Security in Wireless Systems ...............................175 7.1 Introduction ...........................................................................175 7.2 Security and Privacy Needs of a Wireless System ...................177 7.3 Required Features for a Secured Wireless Communications System ....................................................................................185 7.4 Methods of Providing Privacy and Security in Wireless Systems ...................................................................................185 7.5 Wireless Security and Standards .............................................187 7.6 IEEE 802.11 Security ..............................................................187 7.7 Security in North American Cellular/PCS Systems .................189 7.8 Security in GSM, GPRS, and UMTS ..........................................193 7.9 Data Security ..........................................................................198 7.10 Air Interface Support for Authentication Methods .................206 7.11 Summary of Security in Current Wireless Systems .................207 7.12 Conclusion .............................................................................210 References .......................................................................................210 CHAPTER 8 Mobile Security and Privacy .................................211 8.1 Security Primer .......................................................................212 8.2 Cellular Network Security ......................................................231 8.3 Wireless LAN Security ............................................................237 8.4 Bluetooth Security ..................................................................245 Contents vii 8.5 Ad Hoc Network Security .......................................................248 8.6 Mobile Privacy ........................................................................253 8.7 Conclusion .............................................................................258 Further Reading ...............................................................................259 References .......................................................................................260 CHAPTER 9 Optical Network Survivability ...............................263 9.1 Basic Concepts .......................................................................265 9.2 Protection in SONET/SDH ......................................................269 9.3 Protection in IP Networks ......................................................282 9.4 Why Optical Layer Protection ................................................283 9.5 Optical Layer Protection Schemes ..........................................291 9.6 Interworking between Layers. ................................................304 9.7 Conclusion .............................................................................305 Further Reading ...............................................................................306 References .......................................................................................306 CHAPTER 10 Intrusion Response Systems: A Survey ..................309 10.1 Introduction ...........................................................................309 10.2 Static Decision-Making Systems ..............................................312 10.3 Dynamic Decision-Making Systems ........................................317 10.4 Intrusion Tolerance through Diverse Replicas .......................327 10.5 Responses to Specifi c Kinds of Attacks ..................................331 10.6 Benchmarking Intrusion Response Systems ...........................335 10.7 Thoughts on Evolution of IRS Technology .............................338 10.8 Conclusion .............................................................................339 References .......................................................................................340 Index ..................................................................................................................343 This page intentionally left blank About the Authors Saurabh Bagchi (Chapter 10) is an assistant professor in the School of Electrical and Computer Engineering at Purdue University, West Lafayette, Indiana. He is a fac- ulty fellow of the Cyber Center and has a courtesy appointment in the Department of Computer Science at Purdue University. He received his M.S. and Ph.D. from the University of Illinois at Urbana–Champaign in 1998 and 2001, respectively. At Purdue, he leads the Dependable Computing Systems Lab (DCSL), where he and a group of wildly enthusiastic students try to make and break distributed systems for the good of the world. His work is supported by NSF, Indiana 21st Century Research and Technology Fund, Avaya, and Purdue Research Foundation, with equipment grants from Intel and Motorola. His papers have been runner-ups for best paper in HPDC (2006), DSN (2005), and MTTS (2005). He has been an Organizing Committee member and Program Committee member for the Dependable Systems and Networks Conference (DSN) and the Symposium on Reliable Distributed Systems (SRDS). He also contributed to I nformation Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. Bruce S. Davie (Chapter 1) joined Cisco Systems in 1995, where he is a Cisco Fellow. For many years, he led the team of architects responsible for Multiprotocol Label Switching and IP Quality of Service. He recently joined the Video and Content Networking Business Unit in the Service Provider group. He has 20 years of networking and communications industry experience and has written numer- ous books, RFCs, journal articles, and conference papers on IP networking. He is also an active participant in both the Internet Engineering Task Force and the Internet Research Task Force. Prior to joining Cisco, he was director of internet- working research and chief scientist at Bell Communications Research. Bruce holds a Ph.D. in computer science from Edinburgh University and is a visiting lecturer at M.I.T. His research interests include routing, measurement, quality of service, transport protocols, and overlay networks. He is also a co-author of Computer Networks: A Systems Approach, published by Elsevier, 2007. Adrian Farrel (Chapter 5) has over two decades of experience designing and developing communications protocol software. As Old Dog Consulting, he is an industry-leading freelance consultant on MPLS, GMPLS, and Internet routing, for- merly working as MPLS Architect for Data Connection Ltd., and as director of Protocol Development for Movaz Networks, Inc. He is active within the Internet Engineering Task Force, where he is co-chair of the CCAMP working group responsible for GMPLS, the Path Computation Element (PCE) working group, and the Layer One VPN (L1VPN) working group. Adrian has co-authored and contrib- uted to numerous Internet drafts and RFCs on MPLS, GMPLS, and related tech- nologies. He is also the author of The Internet and Its Protocols: A Comparative Approach, published by Elsevier, 2004. ix x About the Authors Bingrui Foo (Chapter 10) is a Ph.D. student in the School of Electrical and Computer Engineering at Purdue University in West Lafayette, Indiana. Presently, he is involved in two research projects: one in the fi eld of network security, spe- cifi cally the design of intrusion-tolerant systems and automated response mecha- nisms, and one in the fi eld of statistical modeling, which consists of extending mixture models by adding hierarchal structure to images and videos. His papers have appeared in DSN and ACSAC. He also contributed to Information Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. Vijay K. Garg (Chapter 7) has been a professor in the Electrical and Computer Engineering Department at the University of Illinois at Chicago since 1999, where he teaches graduate courses in Wireless Communications and Networking. Dr. Garg was a Distinguished Member of Technical Staff at the Lucent Technologies Bell Labs in Naperville, Illinois, from 1985 to 2001. He received his Ph.D. from the Illinois Institute of Technologies, Chicago, Illinois, in 1973, and he received an M.S. from the University of California at Berkeley, California, in 1966. Dr. Garg has co-authored several technical books, including fi ve in wireless communications. He is a fellow of ASCE and ASME, and a senior member of IEEE. Dr. Garg is a registered professional engineer in the states of Maine and Illinois. He is an academic member of the Russian Academy of Transport. Dr. Garg was a feature editor of Wireless/PCS Series in I EEE Communication Magazine from 1996 to 2001. He is also the author ofWireless Communications & Networking, published by Elsevier, 2007. Matthew W. Glause (Chapter 10) Center for Education and Research in Information Assurance and Security (CERIAS), Dependable Computing Systems Laboratory, School of Electrical and Computer Engineering, Purdue University. He also contributed to Information Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. Gaspar Modelo-Howard (Chapter 10) is a Ph.D. student in the Department of Electrical and Computer Engineering and a member of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, West Lafayette, Indiana. He came to Purdue after spending seven years as an infor- mation security offi cer for the Panama Canal Authority and fi ve years as a college professor for network security courses. His current research interests include machine-learning techniques for intrusion response and the convergence between security and dependability. He has an M.S. in information security from Royal Holloway, University of London, and a B.S. in electrical engineering from Universidad Tecnologica de Panama. He also contributed to Information Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. James Joshi (Chapter 2) is an assistant professor in the School of Information Sciences at the University of Pittsburgh, Pennsylvania. He is a cofounder and the director of the Laboratory of Education and Research on Security Assured About the Authors xi Information Systems (LERSAIS). At Pitt, he teaches several information assurance (IA) courses and coordinates the IA program. His research interests include access control models, security and privacy of distributed multimedia systems, trust man- agement, and information survivability. His research has been supported by the National Science Foundation, and he is a recipient of the NSF-CAREER award in 2006. He received his M.S. in computer science and a Ph.D. in electrical and com- puter engineering from Purdue University, West Lafayette, Indiana, in 1998 and 2003, respectively. He is also a co-author of I nformation Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. Prashant Krishnamurthy (Chapter 2) is an associate professor with the graduate program in Telecommunications and Networking at the University of Pittsburgh, Pennsylvania. At Pitt, he regularly teaches courses on wireless commu- nication systems and networks, cryptography, and network security. His research interests are wireless network security, wireless data networks, position loca- tion in indoor wireless networks, and radio channel modeling for indoor wire- less networks. His research has been funded by the National Science Foundation and the National Institute of Standards and Technology. He is the co-author of the books Principles of Wireless Networks: A Unifi ed Approach and Physical Layer of Communication Systems (Prentice Hall; 1st edition, December 11, 2001). He served as the chair of the IEEE Communications Society, Pittsburgh Chapter, from 2000 to 2005. He obtained his Ph.D. in 1999 from Worcester Polytechnic Institute, Worcester, Massachusetts. He is also a co-author of I nformation Assurance: Dependability and Security in Networked Systems, published by Elsevier, 2007. Pete Loshin (Chapter 6) writes and consults about Internet protocols and open source network technologies. Formerly on the staff of B YTE Magazine, Information Security Magazine, and other publications, his work appears regu- larly in leading trade publications and websites, including C PU,Computerworld,PC Magazine, EarthWeb, Internet.com, and CNN. He is also the author of I Pv6: Theory, Protocol, and Practice, published by Elsevier, 2003. James D. McCabe (Chapter 3) was an advisor on networking to NASA and the Department of Commerce OCIOs. He is the recipient of multiple NASA awards and holds patents in supercomputer network research. He has been architect- ing, designing, and deploying high-performance networks for over 20 years. He also consults, teaches, and writes about network analysis, architecture, and design. McCabe holds degrees in chemical engineering and physics from Georgia Institute of Technology and Georgia State University. He is also the author of Network Analysis, Architecture, and Design, published by Elsevier, 2007. Lionel M. Ni (Chapter 8) is a professor and head of the Computer Science Department at the Hong Kong University of Science and Technology. Dr. Ni earned his Ph.D. in electrical and computer engineering from Purdue University,

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.