Network Security Essentials

Preface

• What’s New in the Sixth Edition
• Objectives
• Support of ACM/IEEE Computer Science Curricula 2013
• Plan of the Text
• Projects and other Student Exercises
• Relationship to Cryptography and Network Security
• Acknowledgments

Introduction

• Computer Security Concepts
• The OSI Security Architecture
• Security Attacks
• Security Services
• Security Mechanisms
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• A Model for Network Security
• Standards
• Review Questions, and Problems

Symmetric Encryption and Message Confidentiality

• Symmetric Encryption Principles
• Symmetric Block Encryption Algorithms
• Random and Pseudorandom Numbers
• Stream Ciphers and RC4
• Cipher Block Modes of Operation
• Review Questions, and Problems

Public-Key Cryptography and Message Authentication

• Approaches to Message Authentication
• Secure Hash Functions
• Message Authentication Codes
• Public-Key Cryptography Principles
• Public-Key Cryptography Algorithms
• Digital Signatures
• Review Questions, and Problems

Key Distribution and User Authentication

• Remote User Authentication Principles
• Symmetric Key Distribution Using Symmetric Encryption
• Kerberos
• Key Distribution Using Asymmetric Encryption
• X.509 Certificates
• Public-Key Infrastructure
• Federated Identity Management
• Review Questions, and Problems

Network Access Control and Cloud Security

• Network Access Control
• Extensible Authentication Protocol
• IEEE 802.1X Port-Based Network Access Control
• Cloud Computing
• Cloud Security Risks and Countermeasures
• Data Protection in the Cloud
• Cloud Security as a Service
• Addressing Cloud Computing Security Concerns
• Review Questions, and Problems

Transport-Level Security

• Web Security Considerations
• Transport Layer Security
• HTTPS
• Secure Shell (SSH)
• Review Questions, and Problems

Wireless Network Security

• Wireless Security
• Mobile Device Security
• IEEE 802.11 Wireless LAN Overview
• IEEE 802.11i Wireless LAN Security
• Review Questions, and Problems

Electronic Mail Security

• Internet Mail Architecture
• E-mail Formats
• E-mail Threats and Comprehensive E-mail Security
• S/MIME
• Pretty Good Privacy
• DNSSEC
• DNS-Based Authentication of Named Entities
• Sender Policy Framework
• Domainkeys Identified Mail
• Domain-Based Message Authentication, Reporting, and Conformance
• Review Questions, and Problems

IP Security

• Ip Security Overview
• Ip Security Policy
• Encapsulating Security Payload
• Combining Security Associations
• Internet Key Exchange
• Cryptographic Suites
• Review Questions, And Problems

Malicious Software

• Types of Malicious Software (Malware)
• Advanced Persistent Threat
• Propagation—Infected Content—Viruses
• Propagation—Vulnerability Exploit—Worms
• Propagation—Social Engineering—Spam e-mail, Trojans
• Payload—System Corruption
• Payload—Attack Agent—Zombie, Bots
• Payload—Information Theft—Keyloggers, Phishing, Spyware
• Payload—Stealthing—Backdoors, Rootkits
• Countermeasures
• Distributed Denial of Service Attacks
• Review Questions, and Problems

Intruders

• Intruders
• Intrusion Detection
• Password Management
• Review Questions, and Problems

Firewalls

• The Need for Firewalls
• Firewall Characteristics and Access Policy
• Types of Firewalls
• Firewall Basing
• Firewall Location and Configurations
• Review Questions, and Problems

Network Management Security

• Basic Concepts of SNMP
• SNMPv1 Community Facility
• SNMPv3
• Recommended Reading
• References
• Review Questions, and Problems

Legal and Ethical Aspects

• Cybercrime and Computer Crime
• Intellectual Property
• Privacy
• Ethical Issues
• Recommended Reading
• References
• Review Questions, and Problems

SHA-3

• The Origins of SHA-3
• Evaluation Criteria for SHA-3
• The Sponge Construction
• The SHA-3 Iteration Function f
• Recommended Reading and Referencess
• Review Questions, and Problems

Appendix A: Some Aspects of Number Theory

• Prime and Relatively Prime Numbers
• Modular Arithmetic

Appendix B: Projects for Teaching Network Security

• Research Projects
• Hacking Project
• Programming Projects
• Laboratory Exercises
• Practical Security Assessments
• Firewall Projects
• Case Studies
• Writing Assignments
• Reading/Report Assignments

Appendix C: Standards and Standard-Setting Organizations

• The Importance of Standards
• Internet Standards and the Internet Society
• The National Institute of Standards and Technology
• The International Telecommunication Union
• The International Organization for Standardization
• Significant Security Standards and Documents

Appendix D: TCP/IP and OSI

• Protocols And Protocol Architectures
• The TCP/IP Protocol Architecture
• The Role Of An Internet Protocol
• IPV4
• IPV6
• The OSI Protocol Architecture

Appendix E: Pseudorandom Number Generation

• Prng Requirements
• Pseudorandom Number Generation Using a Block Cipher
• Pseudorandom Number Generation Using Hash Functions and MACs

Appendix F: Kerberos Encryption Techniques

• Password-To-Key Transformation
• Propagating Cipher Block Chaining Mode

Appendix G: Data Compression Using ZIP

• Compression Algorithm
• Decompression Algorithm

Appendix H: PGP

• Notation
• Operational Description
• Cryptographic Keys And Key Rings
• Public-Key Management
• Pgp Random Number Generation

Appendix I: The International Reference Alphabet

Appendix J: The Base Rate Fallacy

• Conditional Probability and Independence
• Bayes’ Theorem
• The Base-Rate Fallacy Demonstrated
• References

Appendix K: Radix-64 Conversion

References