Network Defense and Countermeasures

Description

All you need to know about defending networks, in one book

·         Clearly explains concepts, terminology, challenges, tools, and skills

·         Covers key security standards and models for business and government

·         The perfect introduction for all network/computer security professionals and students

Welcome to today’s most useful and practical introduction to defending modern networks. Drawing on decades of experience, Chuck Easttom brings together updated coverage of all the concepts, terminology, techniques, and solutions you’ll need to be effective.

Easttom thoroughly introduces the core technologies of modern network security, including firewalls, intrusion-detection systems, and VPNs. Next, he shows how encryption can be used to safeguard data as it moves across networks.

You’ll learn how to harden operating systems, defend against malware and network attacks, establish robust security policies, and assess network security using industry-leading standards and models. You’ll also find thorough coverage of key issues such as physical security, forensics, and cyberterrorism.

Throughout, Easttom blends theory and application, helping you understand both what to do and why. In every chapter, quizzes, exercises, projects, and web resources deepen your understanding and help you use what you’ve learned–in the classroom and in your career.

Learn How To

·         Evaluate key network risks and dangers

·         Choose the right network security approach for your organization

·         Anticipate and counter widespread network attacks, including those based on “social engineering”

·         Successfully deploy and apply firewalls and intrusion detection systems

·         Secure network communication with virtual private networks

·         Protect data with cryptographic public/private key systems, digital signatures, and certificates

·         Defend against malware, including ransomware, Trojan horses, and spyware

·         Harden operating systems and keep their security up to date

·         Define and implement security policies that reduce risk

·         Explore leading security standards and models, including ISO and NIST standards

·         Prepare for an investigation if your network has been attacked

·     &nb

Chapter 1: Introduction to Network Security

Introduction

The Basics of a Network

    Basic Network Structure

    Data Packets

    IP Addresses

    Uniform Resource Locators

    MAC Addresses

    Protocols

Basic Network Utilities

    ipconfig

    ping

    tracert

    netstat

The OSI Model

What Does This Mean for Security?

Assessing Likely Threats to the Network

Classifications of Threats

    Malware

    Compromising System Security–Intrusions

    Denial of Service

Likely Attacks

Threat Assessment

Understanding Security Terminology

    Hacking Terminology

    Security Terminology

Choosing a Network Security Approach

    Perimeter Security Approach

    Layered Security Approach

    Hybrid Security Approach

Network Security and the Law

Using Security Resources

Summary

Chapter 2: Types of Attacks

Introduction

Understanding Denial of Service Attacks

    DoS in Action

    SYN Flood

    Smurf Attack

    Ping of Death

    UDP Flood

    ICMP Flood

    DHCP Starvation

    HTTP Post DoS

    PDoS

    Distributed Reflection Denial of Service

    DoS Tools

    Real-World Examples

    Defending Against DoS Attacks

Defending Against Buffer Overflow Attacks

Defending Against IP Spoofing

Defending Against Session Hijacking

Blocking Virus and Trojan Horse Attacks

    Viruses

    Types of Viruses

    Trojan Horses

Summary

Chapter 3: Fundamentals of Firewalls

Introduction

What Is a Firewall?

    Types of Firewalls

    Packet Filtering Firewall

    Stateful Packet Inspection

    Application Gateway

    Circuit Level Gateway

    Hybrid Firewalls

    Blacklisting/Whitelisting

Implementing Firewalls

    Host-Based

    Dual-Homed Hosts

    Router-Based Firewall

    Screened Hosts

Selecting and Using a Firewall

    Using a Firewall

Using Proxy Servers

    The WinGate Proxy Server

    NAT

Summary

Chapter 4: Firewall Practical Applications

Introduction

Using Single Machine Firewalls

Windows 10 Firewall

User Account Control

Linux Firewalls

    Iptables

    Symantec Norton Firewall

    McAfee Personal Firewall

Using Small Office/Home Office Firewalls

    SonicWALL

    D-Link DFL-2560 Office Firewall

Using Medium-Sized Network Firewalls

    Check Point Firewall

    Cisco Next-Generation Firewalls

Using Enterprise Firewalls

Summary

Chapter 5: Intrusion-Detection Systems

Introduction

Understanding IDS Concepts

    Preemptive Blocking

    Anomaly Detection

IDS Components and Processes

Understanding and Implementing IDSs

    Snort

    Cisco Intrusion-Detection and Prevention

Understanding and Implementing Honeypots

    Specter

    Symantec Decoy Server

    Intrusion Deflection

    Intrusion Deterrence

Summary

Chapter 6: Encryption Fundamentals

Introduction

The History of Encryption

    The Caesar Cipher

    ROT 13

    Atbash Cipher

    Multi-Alphabet Substitution

    Rail Fence

    Vigenère

    Enigma

    Binary Operations

Learning About Modern Encryption Methods

    Symmetric Encryption

    Key Stretching

    PRNG

    Public Key Encryption

    Digital Signatures

Identifying Good Encryption

Understanding Digital Signatures and Certificates

    Digital Certificates

    PGP Certificates

    MD5

    SHA

    RIPEMD

    HAVAL

Understanding and Using Decryption

Cracking Passwords

    John the Ripper

    Using Rainbow Tables

    Using Other Password Crackers

    General Cryptanalysis

Steganography

Steganalysis

Quantum Computing and Quantum Cryptography

Summary

Chapter 7: Virtual Private Networks

Introduction

Basic VPN Technology

Using VPN Protocols for VPN Encryption

    PPTP

    PPTP Authentication

    L2TP

    L2TP Authentication

    L2TP Compared to PPTP

IPSec

SSL/TLS

Implementing VPN Solutions

    Cisco Solutions

    Service Solutions

    Openswan

    Other Solutions

Summary

Chapter 8: Operating System Hardening

Introduction

Configuring Windows Properly

    Accounts, Users, Groups, and Passwords

    Setting Security Policies

    Registry Settings

    Services

    Encrypting File System

    Security Templates

Configuring Linux Properly

Patching the Operating System

Configuring Browsers

    Securing Browser Settings for Microsoft Internet Explorer

    Other Browsers

Summary

Chapter 9: Defending Against Virus Attacks

Introduction

Understanding Virus Attacks

    What Is a Virus?

    What Is a Worm?

    How a Virus Spreads

    The Virus Hoax

    Types of Viruses

Virus Scanners

    Virus Scanning Techniques

    Commercial Antivirus Software

Antivirus Policies and Procedures

Additional Methods for Defending Your System

What to Do If Your System Is Infected by a Virus

    Stopping the Spread of the Virus

    Removing the Virus

    Finding Out How the Infection Started

Summary

Chapter 10: Defending Against Trojan Horses, Spyware, and Adware

Introduction

Trojan Horses

    Identifying Trojan Horses

    Symptoms of a Trojan Horse

    Why So Many Trojan Horses?

    Preventing Trojan Horses

Spyware and Adware

    Identifying Spyware and Adware

    Anti-Spyware

    Anti-Spyware Policies

Summary

Chapter 11: Security Policies

Introduction

Defining User Policies

    Passwords

    Internet Use Policy

    E-mail Attachments

    Software Installation and Removal

    Instant Messaging

    Desktop Configuration

    Final Thoughts on User Policies

Defining System Administration Policies

    New Employees

    Leaving Employees

    Change Requests

    Security Breaches

Defining Access Control

Defining Developmental Policies

Summary

Chapter 12: Assessing System Security

Introduction

Risk Assessment Concepts

Evaluating the Security Risk

Conducting the Initial Assessment

    Patches

    Ports

    Protect

    Physical

Probing the Network

    NetCop

    NetBrute

    Cerberus

    Port Scanner for Unix: SATAN

    SAINT

    Nessus

    NetStat Live

    Active Ports

    Other Port Scanners

    Microsoft Baseline Security Analyzer

    NSAuditor

    NMAP

Vulnerabilities

    CVE

    NIST

    OWASP

McCumber Cube

    Goals

    Information States

    Safeguards

Security Documentation

    Physical Security Documentation

    Policy and Personnel Documentation

    Probe Documents

    Network Protection Documents

Summary

Chapter 13: Security Standards

Introduction

COBIT

ISO Standards

NIST Standards

    NIST SP 800-14

    NIST SP 800-35

    NIST SP 800-30 Rev. 1

U.S. DoD Standards

Using the Orange Book

    D – Minimal Protection

    C – Discretionary Protection

    B – Mandatory Protection

    A – Verified Protection

Using the Rainbow Series

Using the Common Criteria

Using Security Models

    Bell-LaPadula Model

    Biba Integrity Model

    Clark-Wilson Model

    Chinese Wall Model

    State Machine Model

U.S. Federal Regulations, Guidelines, and Standards

    The Health Insurance Portability & Accountability Act of 1996 (HIPAA)

    HITECH

    Sarbanes-Oxley (SOX)

    Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030

    Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029

    General Data Protection Regulation (GDPR)

    PCI DSS

Summary

Chapter 14: Physical Security and Disaster Recovery

Introduction

Physical Security

    Equipment Security

    Securing Building Access

    Monitoring

    Fire Protection

    General Premises Security

Disaster Recovery

    Disaster Recovery Plan

    Business Continuity Plan

    Determining Impact on Business

    Testing Disaster Recovery

    Disaster Recovery Related Standards

Ensuring Fault Tolerance

Summary

Chapter 15: Techniques Used by Attackers

Introduction

Preparing to Hack

    Passively Searching for Information

    Active Scanning

    NSAuditor

    Enumerating

    Nmap

    Shodan.io

    Manual Scanning

The Attack Phase

    Physical Access Attacks

    Remote Access Attacks

Wi-Fi Hacking

Summary

Chapter 16: Introduction to Forensics

Introduction

General Forensics Guidelines

    EU Evidence Gathering

    Scientific Working Group on Digital Evidence

    U.S. Secret Service Forensics Guidelines

    Don’t Touch the Suspect Drive

    Leave a Document Trail

    Secure the Evidence

FBI Forensics Guidelines

Finding Evidence on the PC

    In the Browser

    In System Logs

    Recovering Deleted Files

    Operating System Utilities

    The Windows Registry

Gathering Evidence from a Cell Phone

    Logical Acquisition

    Physical Acquisition

    Chip-off and JTAG

    Cellular Networks

    Cell Phone Terms

Forensic Tools to Use

    AccessData Forensic Toolkit

    EnCase

    The Sleuth Kit

    OSForensics

Forensic Science

To Certify or Not to Certify?

Summary

Chapter 17: Cyber Terrorism

Introduction

Defending Against Computer-Based Espionage

Defending Against Computer-Based Terrorism

    Economic Attack

    Compromising Defense

    General Attacks

    China Eagle Union

Choosing Defense Strategies

    Defending Against Information Warfare

    Propaganda

    Information Control

    Actual Cases

    Packet Sniffers

Summary

Appendix A: Answers

Glossary

9780789759962   TOC   3/21/2018

Chuck Easttom is a computer scientist, author, and inventor. He has authored 25 other books on programming, Web development, security, and Linux. He has also authored dozens of research papers on a wide range of computer science and cyber security topics. He is an inventor with 13 computer science patents. Chuck holds more than 40 different industry certifications. He also is a frequent presenter/speaker at computer and cyber security conferences such as Defcon, ISC2 Security Congress, Secure World, IEEE workshops, and more.

You can reach Chuck at his website (www.chuckeasttom.com) or by e-mail at chuck@chuckeasttom.com.

The most up-to-date network defense text on the market

• Solid coverage of basic cryptography including its history, symmetric key systems, public/private key systems and digital signatures and certificates
• Covers oft-neglected subject areas such as defense strategies, forms of attacks, and policies related to network security
• Contains end-of-chapter exercises, projects, review questions, and plenty of real-world tips

The third edition of Network Defense & Countermeasures will be updated for changes that have occurred in the years since the 2nd edition.  Issues such as firewalls, intrusion detection systems, and encryption will have minor updates. However, details regarding the types of attacks and counter measures will be significantly updated.  The threat landscape has changed significantly since the second edition, and the third edition will reflect this.  Forensics has also grown into an integral part of incident response, and accordingly the chapter on forensics will be significantly updated and expanded.

Updated for the many technology changes that have happened since the second edition was published in 2013. The book will provide students with basic security design fundamentals that help create systems that are worthy of being trusted.  All examples of virus attacks and defense techniques will be updated to what is happening in 2017 including:
o Password guessing /cracking
o Backdoors/ Trojans/ viruses/ wireless attacks
o Sniffing/spoofing/session hijacking
o Denial of service /  distributed DOS/BOTs
o MAC spoofing / web app attacks / 0-day exploits
o Vulnerabilities that enable them

Additional information