Third Edition

Network
Security and
Management

Brijendra Singh
NETWORK SECURITY
AND MANAGEMENT
THIRD EDITION

Brijendra Singh
Professor of Computer Science
Department of Computer Science
University of Lucknow
Lucknow

New Delhi-110001
2012
NETWORK SECURITY AND MANAGEMENT, Third Edition
Brijendra Singh

© 2012 by PHI Learning Private Limited, New Delhi. All rights reserved. No part of this book
may be reproduced in any form, by mimeograph or any other means, without permission in
writing from the publisher.

ISBN-978-81-203-4497-6

The export rights of this book are vested solely with the publisher.

Third Printing (Third Edition) ... ... January, 2012

Published by Asoke K. Ghosh, PHI Learning Private Limited, M-97, Connaught Circus,
New Delhi-110001 and Printed by Rajkamal Electric Press, Plot No. 2, Phase IV, HSIDC,
Kundli-131028, Sonepat, Haryana.
In loving memory of my parents
 C Contents

Preface ......................................................................................................................................... xv

1. Introduction .......................................................................................... 1–10

1.1 Why Network Security is Needed 2
1.2 Management Principles 3
1.3 Security Principles 4
1.4 Network Management 5
1.5 Security Attacks 6
1.5.1 Denial-of-Service (DoS) 7
1.5.2 Information Leakage 7
1.5.3 Regular File Access 7
1.5.4 Misinformation 7
1.5.5 Special File/Database Access 8
1.5.6 Remote Arbitrary Code Execution 8
1.5.7 Elevation of Privileges 8
1.6 Qualities of a Good Network 8
Review Questions 9

2. Organizational Policy and Security ................................................. 11–25

2.1 Security Policies, Standards and Guidelines 13
2.2 Information Policy 14
2.3 Security Policy 16
2.4 Physical Security 18
2.5 Social Engineering 19
2.6 Security Procedures 19
2.7 Building a Security Plan 20
2.7.1 Elements of Security Plan 22
2.7.2 Network Security Planning 22
2.8 Implementing a Security Policy 24
Review Questions 25
v
vi Contents

3. Security Infrastructure ...................................................................... 26–35

3.1 Infrastructure Components 27
3.1.1 Network Category 27
3.1.2 Platform Category 27
3.1.3 Physical Components 27
3.1.4 Process Category 28
3.2 Goals of Security Infrastructure 28
3.2.1 Data Confidentiality 28
3.2.2 Data Integrity 29
3.2.3 Data Availability 29
3.3 Design Guidelines 29
3.3.1 Authentication 30
3.3.2 Authorization 31
3.3.3 Accounting 31
3.3.4 Physical Access Controls 32
3.3.5 Logical Access Controls 32
3.4 Security Models 33
3.4.1 Bell–La Padula Confidentiality Model 33
3.4.2 Biba Integrity Model 33
3.4.3 Clark-Wilson Security Model 34
Review Questions 35

4. Cryptography ..................................................................................... 36–60

4.1 Terminology and Background 37
4.1.1 Encryption Algorithms 38
4.1.2 Cryptanalysis 39
4.2 Data Encryption Methods 40
4.2.1 Substitution Ciphers 40
4.2.2 Transposition Ciphers 41
4.3 Cryptographic Algorithms 41
4.4 Secret Key Cryptography 43
4.4.1 Stream Ciphers 43
4.4.2 Block Ciphers 44
4.4.3 Code-book Ciphers 48
4.5 Public Key Cryptography 49
4.5.1 Diffie-Hellman Algorithm 50
4.5.2 RSA Algorithm 51
4.6 Message Digest 52
4.7 Digital Signatures 53
4.8 Security Mechanisms 55
4.9 Speech Cryptography 56
4.9.1 Speech as a Signal 56
 Contents vii

4.9.2 Speech Coding Schemes 57

4.9.3 Speech Secrecy Systems 58
Review Questions 59

5. Network Fundamentals ..................................................................... 61–75

5.1 A Brief History 62
5.2 Computer Networks 63
5.2.1 Bus Topology 64
5.2.2 Star Topology 64
5.2.3 Ring Topology 65
5.2.4 Tree Topology 66
5.2.5 Mesh Topology (Fully Connected Topology) 66
5.2.6 Combined Topologies 67
5.3 Categories of Networks 67
5.3.1 Local Area Network (LAN) 68
5.3.2 Metropolitan Area Network (MAN) 69
5.3.3 Wide Area Network (WAN) 69
5.4 Open Systems and OSI Model 69
5.5 Transmission Control Protocol/Internet Protocol (TCP/IP) 72
5.5.1 Simple Mail Transfer Protocol (SMTP) 73
5.5.2 File Transfer Protocol (FTP) 73
5.5.3 TELNET (Terminal Network) 74
Review Questions 74

6. Hardware and Software Security ................................................... 76–110

6.1 Hardware Security 78
6.2 Smart Card 79
6.3 Biometrics 79
6.4 Virtual Private Networks (VPNs) 81
6.4.1 Types of VPNs 81
6.4.2 Virtual Private Network Software 84
6.5 Operating Systems 87
6.5.1 A Bit of History 88
6.5.2 Trusted Operating Systems 89
6.5.3 Security Breaches 90
6.6 Kerberos 92
6.7 Public Key Infrastructure (PKI) 94
6.8 Pretty Good Privacy (PGP) 95
6.9 Security Protocols 97
6.9.1 Secure Socket Layer 97
6.9.2 Transport Layer Security 98
6.9.3 IPSec 100
6.9.4 S/MIME (Secure/Multipurpose Internet Mail Extension) 103
viii Contents

6.10 Software Security 105

6.10.1 Reliability, Safety, and Security 107
Review Questions 109

7. Database Security .......................................................................... 111–129

7.1 Introduction to Databases 111
7.2 Characteristics of Database Approach 112
7.3 Database Security Issues 114
7.3.1 Security Requirements 116
7.4 Database Security 119
7.4.1 Server Security 119
7.4.2 User-Authentication Security 120
7.4.3 Session Security 121
7.5 Vendor-specific Security 122
7.5.1 Oracle 122
7.5.2 Sybase 122
7.5.3 Microsoft 122
7.5.4 Netscape 123
7.6 Database Backup and Recovery 123
7.7 Data Warehouse Control and Security 125
7.7.1 Identifying the Data 125
7.7.2 Classifying the Data 126
7.7.3 Quantifying the Data 126
7.7.4 Identifying Data Vulnerabilities 126
7.7.5 Identifying Protective Measures and Their Cost 127
7.7.6 Selective Cost-Effective Security Measures 127
7.7.7 Evaluating the Effectiveness of Security Measures 127
Review Questions 128

8. Information Systems Security ...................................................... 130–143

8.1 Distributed Systems Security 131
8.2 Distributed Computing Environment 131
8.3 System Vulnerability and Abuse 133
8.3.1 Internet Vulnerabilities 134
8.3.2 Malicious Software: Viruses, Worms, Trojan Horses, and Spyware 134
8.3.3 Hackers, Spoofing, and Sniffing 135
8.3.4 Denial of Service Attacks 136
8.3.5 Internal Threats: Employees 136
8.3.6 Software Vulnerability 136
8.4 Management Framework of Security and Control 137
8.4.1 Role of Auditing in the Control Process 138
8.4.2 Technology and Tools for Safeguarding Information Resources 139
 Contents ix

8.5 E-Commerce Security 139

8.5.1 Security Services and Protocols 140
8.5.2 E-security Versus E-thieves 142
Review Questions 143

9. Intrusion Detection Systems ........................................................ 144–171

9.1 What is not an IDS? 146
9.2 Infrastructure of IDS 148
9.3 Classification of IDS 149
9.4 Host-Based IDS 150
9.5 Network-Based IDS 151
9.6 Anomaly Vs Signature Detection 153
9.6.1 Normal Behavior Patterns—Anomaly Detection 153
9.6.2 Misbehavior Signatures—Signature Detection 154
9.6.3 Parameter Pattern Matching 155
9.7 Manage an IDS 156
9.8 Intrusion Detection Tools 156
9.8.1 System Intrusion Detection 156
9.8.2 Network Intrusion Detection (NID) 157
9.8.3 Freeware Intrusion Detection Tools 157
9.8.4 Host-Based Intrusion Detection 164
9.8.5 Linux Intrusion Detection System (LIDS) 169
9.9 IDS Products and Vendors 170
Review Questions 170

10. Network Security ........................................................................... 172–199

10.1 Fundamental Concepts 173
10.1.1 Objectives 173
10.1.2 Assets 173
10.1.3 Threats 174
10.1.4 Vulnerability 174
10.1.5 Safeguards 176
10.1.6 Attack 177
10.2 Identification and Authentication 177
10.2.1 Proof by Knowledge 177
10.2.2 Proof by Possession 178
10.2.3 Proof by Property 178
10.2.4 Strong Authentication 179
10.3 Access Control 179
10.3.1 Identity-Based Policies 179
10.3.2 Rule-Based Policy 180
 Network Security And Management

30%
OFF

Publisher : PHI Learning ISBN : 978812034 4 976 Author : SINGH, BRIJENDRA

Type the URL : http://www.kopykitab.com/product/7533

Get this eBook