Network and System Security


This page intentionally left blank


Network and System Security
Editor
John R. Vacca

AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Syngress is an imprint of Elsevier


Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK
Network and System Security
#

2010 Elsevier Inc. All rights reserved.

Material in the work originally appeared in the Computer and Information Security Handbook, edited by John R. Vacca
(Elsevier, Inc. 2009).
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.
Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements
with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our

website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be
noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding,
changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any
information, methods, compounds, or experiments described herein. In using such information or methods they should be
mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any
injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or
operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Vacca, John R.
Network and system security / by John R. Vacca.
p. cm.
Includes bibliographical references and index.
ISBN 978-1-59749-535-6 (alk. paper)
1. Computer networks—Security measures. I. Title.
TK5105.59.V34 2010
005.8—dc22
2009052077
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-535-6
Printed in the United States of America
10 11 12 13 10 9 8 7 6 5

4


3

2

1

Elsevier Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”)
of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.
For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights;
email

For information on all Syngress publications visit our Web site at www.syngress.com


This book is dedicated to my wife Bee

v


This page intentionally left blank


Contents
Foreword ........................................................................................................XV
Acknowledgments ..........................................................................................XVII
About the Editor ............................................................................................XIX
List of Contributors ........................................................................................XXI
Introduction .................................................................................................XXIII
Chapter 1: Building a Secure Organization .......................................................... 1
1. Obstacles to Security............................................................................................... 1

Security Is Inconvenient.............................................................................................2
Computers Are Powerful and Complex ....................................................................2
Computer Users Are Unsophisticated........................................................................2
Computers Created Without a Thought to Security .................................................3
Current Trend Is to Share, Not Protect .....................................................................3
Data Accessible from Anywhere ...............................................................................4
Security Isn’t About Hardware and Software ...........................................................4
The Bad Guys Are Very Sophisticated .....................................................................5
Management Sees Security as a Drain on the Bottom Line ....................................5
2. Ten Steps to Building a Secure Organization........................................................ 6
A. Evaluate the Risks and Threats ............................................................................7
B. Beware of Common Misconceptions....................................................................9
C. Provide Security Training for IT Staff—Now and Forever ..............................11
D. Think “Outside the Box” ....................................................................................13
E. Train Employees: Develop a Culture of Security..............................................17
F. Identify and Utilize Built-In Security Features of the Operating
System and Applications.....................................................................................18
G. Monitor Systems..................................................................................................22
H. Hire a Third Party to Audit Security..................................................................25
I. Don’t Forget the Basics ......................................................................................26
J. Patch, Patch, Patch ..............................................................................................28

vii


viii Contents

Chapter 2: A Cryptography Primer................................................................... 33
1. What Is Cryptography? What Is Encryption? ...................................................... 34
How Is Cryptography Done? ...................................................................................34

2. Famous Cryptographic Devices ............................................................................ 35
The Lorenz Cipher ...................................................................................................35
Enigma ......................................................................................................................36
3. Ciphers ................................................................................................................... 37
The Substitution Cipher ...........................................................................................37
The Shift Cipher .......................................................................................................38
The Polyalphabetic Cipher.......................................................................................44
The Kasiski/Kerckhoff Method................................................................................46
4. Modern Cryptography ........................................................................................... 47
The Vernam Cipher (Stream Cipher) ......................................................................47
The One-Time Pad ...................................................................................................48
Cracking Ciphers ......................................................................................................49
Some Statistical Tests for Cryptographic Applications by Adrian Fleissig...........50
The XOR Cipher and Logical Operands.................................................................51
Block Ciphers ...........................................................................................................53
5. The Computer Age ................................................................................................ 54
Data Encryption Standard ........................................................................................55
Theory of Operation.................................................................................................55
Implementation .........................................................................................................56
Rivest, Shamir, and Adleman (RSA) ......................................................................57
Advanced Encryption Standard (AES or Rijndael) ................................................57

Chapter 3: Preventing System Intrusions ........................................................... 59
1. So, What Is an Intrusion? ................................................................................... 60
2. Sobering Numbers ............................................................................................... 60
3. Know Your Enemy: Hackers versus Crackers................................................... 61
4. Motives ................................................................................................................ 63
5. Tools of the Trade............................................................................................... 63
6. Bots ...................................................................................................................... 64
7. Symptoms of Intrusions ...................................................................................... 65

8. What Can You Do?............................................................................................. 66
Know Today’s Network Needs................................................................................68
Network Security Best Practices..............................................................................69
9. Security Policies .................................................................................................. 70
10. Risk Analysis....................................................................................................... 72
Vulnerability Testing................................................................................................72
Audits........................................................................................................................72
Recovery ...................................................................................................................73
11. Tools of Your Trade............................................................................................ 73
Firewalls....................................................................................................................74
Intrusion Prevention Systems...................................................................................74


Contents ix
Application Firewalls ...............................................................................................75
Access Control Systems ...........................................................................................76
Unified Threat Management ....................................................................................76
12. Controlling User Access ..................................................................................... 77
Authentication, Authorization, and Accounting......................................................77
What the User Knows ..............................................................................................77
What the User Has ...................................................................................................78
The User Is Authenticated, But Is She Authorized?...............................................79
Accounting................................................................................................................79
Keeping Current .......................................................................................................80
13. Conclusion ........................................................................................................... 80

Chapter 4: Guarding Against Network Intrusions............................................... 83
1. Traditional Reconnaissance and Attacks .............................................................. 83
2. Malicious Software................................................................................................ 88
Lures and “Pull” Attacks .........................................................................................91

3. Defense in Depth................................................................................................... 92
4. Preventive Measures.............................................................................................. 93
Access Control..........................................................................................................93
Vulnerability Testing and Patching .........................................................................94
Closing Ports.............................................................................................................95
Firewalls....................................................................................................................95
Antivirus and Antispyware Tools ............................................................................96
Spam Filtering ..........................................................................................................98
Honeypots .................................................................................................................99
Network Access Control ........................................................................................100
5. Intrusion Monitoring and Detection ................................................................... 101
Host-Based Monitoring ..........................................................................................102
Traffic Monitoring..................................................................................................102
Signature-Based Detection .....................................................................................103
Behavior Anomalies ...............................................................................................103
Intrusion Prevention Systems.................................................................................104
6. Reactive Measures............................................................................................... 104
Quarantine...............................................................................................................104
Traceback................................................................................................................105
7. Conclusions.......................................................................................................... 106

Chapter 5: Unix and Linux Security ................................................................ 109
1. Unix and Security................................................................................................ 109
The Aims of System Security................................................................................109
Achieving Unix Security........................................................................................110
2. Basic Unix Security............................................................................................. 111
Traditional Unix Systems.......................................................................................111
Standard File and Device Access Semantics ........................................................113



x Contents

4. Protecting User Accounts and Strengthening Authentication............................ 115
Establishing Secure Account Use ..........................................................................116
The Unix Login Process ........................................................................................116
Controlling Account Access ..................................................................................117
Noninteractive Access ............................................................................................118
Other Network Authentication Mechanisms .........................................................119
Risks of Trusted Hosts and Networks ...................................................................120
Replacing Telnet, rlogin, and FTP Servers and Clients with SSH ......................120
5. Reducing Exposure to Threats by Limiting Superuser Privileges .................... 121
Controlling Root Access ........................................................................................121
6. Safeguarding Vital Data by Securing Local and Network File Systems.......... 123
Directory Structure and Partitioning for Security .................................................124

Chapter 6: Eliminating the Security Weakness of Linux and UNIX Operating
Systems ....................................................................................... 127
1. Introduction to Linux and Unix.......................................................................... 127
What Is Unix? ........................................................................................................127
What Is Linux?.......................................................................................................129
System Architecture ...............................................................................................131
2. Hardening Linux and Unix ................................................................................. 134
Network Hardening ................................................................................................134
Host Hardening.......................................................................................................141
Systems Management Security ..............................................................................144
3. Proactive Defense for Linux and Unix............................................................... 145
Vulnerability Assessment.......................................................................................145
Incident Response Preparation...............................................................................146
Organizational Considerations ...............................................................................147


Chapter 7: Internet Security........................................................................... 149
1. Internet Protocol Architecture............................................................................. 149
Communications Architecture Basics....................................................................150
Getting More Specific ............................................................................................152
2. An Internet Threat Model ................................................................................... 161
The Dolev–Yao Adversary Model.........................................................................162
Layer Threats..........................................................................................................163
3. Defending Against Attacks on the Internet........................................................ 171
Layer Session Defenses..........................................................................................171
Session Startup Defenses .......................................................................................184
4. Conclusion ........................................................................................................... 191

Chapter 8: The Botnet Problem...................................................................... 193
1. Introduction.......................................................................................................... 193
2. Botnet Overview.................................................................................................. 194
Origins of Botnets ..................................................................................................195
Botnet Topologies and Protocols...........................................................................195


Contents xi

3. Typical Bot Life Cycle ....................................................................................... 198
4. The Botnet Business Model ................................................................................ 200
5. Botnet Defense .................................................................................................... 201
Detecting and Removing Individual Bots .............................................................201
Detecting C&C Traffic...........................................................................................202
Detecting and Neutralizing the C&C Servers .......................................................203
Attacking Encrypted C&C Channels.....................................................................204
Locating and Identifying the Botmaster................................................................205
6. Botmaster Traceback ........................................................................................... 207

Traceback Challenges.............................................................................................208
Traceback Beyond the Internet ..............................................................................210
7. Summary .............................................................................................................. 213

Chapter 9: Intranet Security .......................................................................... 217
1. Plugging the Gaps: Network Access Control and Access Control ................. 222
2. Measuring Risk: Audits..................................................................................... 223
3. Guardian at the Gate: Authentication and Encryption..................................... 225
4. Wireless Network Security ............................................................................... 226
5. Shielding the Wire: Network Protection .......................................................... 228
6. Weakest Link in Security: User Training ........................................................ 231
7. Documenting the Network: Change Management ........................................... 231
8. Rehearse the Inevitable: Disaster Recovery ..................................................... 233
9. Controlling Hazards: Physical and Environmental Protection ........................ 236
10. Know Your Users: Personnel Security ............................................................. 238
11. Protecting Data Flow: Information and System Integrity................................ 239
12. Security Assessments ........................................................................................ 240
13. Risk Assessments .............................................................................................. 241
14. Conclusion ......................................................................................................... 242
Chapter 10: Local Area Network Security ....................................................... 245
1. Identify Network Threats .................................................................................. 246
2.
3.
4.
5.
6.
7.
8.
9.
10.

11.

Disruptive................................................................................................................246
Unauthorized Access ..............................................................................................247
Establish Network Access Controls.................................................................. 247
Risk Assessment ................................................................................................ 248
Listing Network Resources ............................................................................... 248
Threats ............................................................................................................... 249
Security Policies ................................................................................................ 249
The Incident-Handling Process ......................................................................... 250
Secure Design through Network Access Controls ........................................... 251
Intrusion Detection System Defined................................................................. 252
Network-Based IDS: Scope and Limitations ................................................... 253
A Practical Illustration of NIDS ....................................................................... 254
UDP Attacks ...........................................................................................................254
TCP SYN (Half-Open) Scanning...........................................................................254
Some Not-So-Robust Features of NIDS................................................................259


xii Contents

12. Firewalls............................................................................................................. 259
Firewall Security Policy.........................................................................................260
Configuration Script for sf Router.........................................................................262
13. Dynamic NAT Configuration ........................................................................... 262
14. The Perimeter .................................................................................................... 263
15. Access List Details ............................................................................................ 264
16. Types of Firewalls............................................................................................. 265
17. Packet Filtering: IP Filtering Routers............................................................... 266
18. Application-Layer Firewalls: Proxy Servers .................................................... 266

19. Stateful Inspection Firewalls............................................................................. 266
20. Network-Based IDS Complements Firewalls................................................... 266
21. Monitor and Analyze System Activities........................................................... 267
Analysis Levels ......................................................................................................268
22. Signature Analysis............................................................................................. 268
23. Statistical Analysis ............................................................................................ 269
24. Signature Algorithms......................................................................................... 269
Pattern Matching ....................................................................................................269
Stateful Pattern Matching.......................................................................................270
Protocol Decode-Based Analysis...........................................................................271
Heuristic-Based Analysis .......................................................................................272
Anomaly-Based Analysis .......................................................................................272

Chapter 11: Wireless Network Security .......................................................... 275
1. Cellular Networks................................................................................................ 276
2.
3.

4.

5.

Cellular Telephone Networks ................................................................................277
802.11 Wireless LANs ...........................................................................................278
Wireless Ad Hoc Networks ................................................................................ 279
Wireless Sensor Networks .....................................................................................279
Mesh Networks.......................................................................................................280
Security Protocols................................................................................................ 280
Wired Equivalent Privacy ......................................................................................281
WPA and WPA2 ....................................................................................................282

SPINS: Security Protocols for Sensor Networks ..................................................283
Secure Routing .................................................................................................... 286
SEAD ......................................................................................................................286
Ariadne....................................................................................................................288
ARAN .....................................................................................................................288
SLSP .......................................................................................................................289
Key Establishment............................................................................................... 290
Bootstrapping..........................................................................................................290
Key Management....................................................................................................292

Chapter 12: Cellular Network Security ........................................................... 299
1. Introduction.......................................................................................................... 299
2. Overview of Cellular Networks .......................................................................... 300


Contents xiii

3.

4.

5.

6.

Overall Cellular Network Architecture .................................................................301
Core Network Organization ...................................................................................302
Call Delivery Service .............................................................................................304
The State of the Art of Cellular Network Security ........................................... 305
Security in the Radio Access Network..................................................................305

Security in Core Network ......................................................................................306
Security Implications of Internet Connectivity .....................................................308
Security Implications of PSTN Connectivity ........................................................309
Cellular Network Attack Taxonomy .................................................................. 309
Abstract Model .......................................................................................................310
Abstract Model Findings........................................................................................310
Three-Dimensional Attack Taxonomy...................................................................315
Cellular Network Vulnerability Analysis ........................................................... 317
Cellular Network Vulnerability Assessment Toolkit ............................................319
Advanced Cellular Network Vulnerability Assessment Toolkit...........................323
Cellular Network Vulnerability Assessment Toolkit for Evaluation ...................326
Discussion ............................................................................................................ 329

Chapter 13: Radio Frequency Identification Security......................................... 333
1. Radio Frequency Identification Introduction...................................................... 333
RFID System Architecture .....................................................................................333
RFID Standards ......................................................................................................336
RFID Applications..................................................................................................338
2. RFID Challenges ................................................................................................. 339
Counterfeiting .........................................................................................................340
Sniffing ...................................................................................................................340
Tracking ..................................................................................................................340
Denial of Service....................................................................................................341
Other Issues ............................................................................................................342
Comparison of All Challenges...............................................................................345
3. RFID Protections ................................................................................................. 346
Basic RFID System ................................................................................................347
RFID System Using Symmetric-Key Cryptography.............................................349
RFID System Using Public-Key Cryptography ....................................................353


Index ............................................................................................................ 361


This page intentionally left blank


Foreword
Everyone wants to be connected. The use of computer networks has become almost
universal. Where you find a computer you now generally find a network. However, without
security, electronic communications hold little value and computer networks present
significant security challenges, including protecting against network attacks, establishing
physical control, and preventing unauthorized access. Security professionals and application
developers, along with IT and network staff in all types of organizations, all need to do their
part in assuring that network and system security issues are addressed.
This book provides an extensive analysis of network and system security practices,
procedures, and technologies. Design issues and architectures are also expertly covered. But
this book goes beyond theory and analysis to explain numerous implementation issues. This
book is written for people that need to cut through the confusion about network security and
get down to adoption and deployment. The book starts with the basic concepts and takes
readers through all of the necessary learning steps to enable them to effectively secure
computer networks and information systems.
Michael Erbschloe
Computer & Network Security Consultant

xv


This page intentionally left blank



Acknowledgements
There are many people whose efforts on this book have contributed to its successful
completion. I owe each a debt of gratitude and want to take this opportunity to offer my
sincere thanks.
A very special thanks to my Senior Acquisitions Editor, Rick Adams, without whose
continued interest and support would not have made this book possible. Associate Editor,
David Bevans, who provided staunch support and encouragement when it was most needed.
Thanks to my project manager, Andre Cuello; Copyeditor, Melissa Revell, whose fine
editorial work has been invaluable. Thanks also to my marketing manager, Andrea Dierna,
whose efforts on this book have been greatly appreciated. Finally, thanks to all of the other
people at Syngress (an imprint of Morgan Kaufmann Publishers/Elsevier Science &
Technology Books), whose many talents and skills are essential to a finished book.
Thanks to my wife, Bee Vacca, for her love, her help, and her understanding of my long work
hours. Also, a very very special thanks to Michael Erbschloe for writing the foreword.
Finally, I wish to thank all the following authors who contributed chapters that were
necessary for the completion of this book: John R. Mallery, Scott R. Ellis, Michael A. West,
Tom Chen, Patrick J. Walsh, Gerald Beuchelt, Mario Santana, Jesse Walker, Xinyuan Wang,
Daniel Ramsbrock, Xuxian Jiang, Bill Mansoor, Pramod Pandya, Chunming Rong, Prof.
Erdal Cayirci, Gansen Zhao, Laing Yan, Peng Liu, Thomas F. LaPorta and Kameswari
Kotapati.

xvii


This page intentionally left blank


About the Editor
John Vacca is an information technology consultant and best selling
author based in Pomeroy, Ohio. Since 1982, John has authored 65

books. Some of his most recent books include: Computer And
Information Security Handbook (Morgan Kaufman 2009);
Biometric Technologies and Verification Systems (Elsevier 2007);
Practical Internet Security (Springer 2006); Optical Networking
Best Practices Handbook (Wiley-Interscience 2006); Guide to
Wireless Network Security (Springer 2006); Computer Forensics:
Computer Crime Scene Investigation, 2nd Edition (Charles River
Media 2005); Firewalls: Jumpstart for Network And Systems
Administrators (Elsevier 2004); Public Key Infrastructure: Building Trusted Applications
and Web Services (Auerbach 2004); Identity Theft (Prentice Hall\PTR 2002); The World’s 20
Greatest Unsolved Problems (Pearson Education 2004); and more than 600 articles in the
areas of advanced storage, computer security and aerospace technology. John was also a
configuration management specialist, computer specialist, and the computer security official
(CSO) for NASA’s space station program(Freedom) and the International Space Station
Program, from 1988 until his early retirement from NASA in 1995.

xix


This page intentionally left blank


Contributors
Michael Erbschloe (FOREWORD), Teaches Information Security courses at Webster University in
St. Louis, Missouri.
John R. Mallery (CHAPTER 1), BKD, LLP, Twelve Wyandotte Plaza, 120 West 12th Street, Suite
1200, Kansas City, Missouri 64105-1936
Scott R. Ellis (CHAPTER 2), Forensics and Litigation Technology, RGL Forensics, 33 N. Dearborn
Street, Suite 1310, Chicago IL, 60602
Michael A. West (CHAPTER 3), Independent Technical Writer, 636 Fig Tree Lane, Martinez,

California 94553
Tom Chen (CHAPTER 4), Swansea University, Singleton Park, Swansea SA2 8PP, Wales, UK
Patrick J. Walsh (CHAPTER 4), eSoft Inc., 295 Interlocken Blvd., Suite 500, Broomfield,
Colorado 80021
Gerald Beuchelt (CHAPTER 5), Independent Security Consultant, 13 Highland Way, Burlington,
MA 01803
Mario Santana (CHAPTER 6), Terremark, 3200 Main St, Dallas, TX. 75226
Jesse Walker (CHAPTER 7), Intel Corporation, 2211 NE 25th Avenue, Hillboro, OR 97124
Xinyuan Wang (CHAPTER 8), Department of Computer Science, George Mason University, 4400
University Drive, MSN 4A4, Fairfax, VA 22030
Daniel Ramsbrock (Co-Author) (CHAPTER 8), Department of Computer Science, George Mason
University, 4400 University Drive, MSN 4A4, Fairfax, VA 22030
Xuxian Jiang (Co-Author) (CHAPTER 8), Department of Computer Science, North Carolina State
University, 890 Oval Drive, Campus Box 8206, Raleigh, NC 27695-8206
Bill Mansoor (CHAPTER 9), Information Systems Audit and Control Association (ISACA), 95
Bloomfield Lane, Rancho Santa Margarita, CA 92688-8741
Pramod Pandya (CHAPTER 10), Department of Information Systems and Decision Sciences,
California State University, Fullerton, CA 92834
Chunming Rong (CHAPTER(S) 11, 13), Professor, Ph.D., Chair of Computer Science Section,
Faculty of Science and Technology, University of Stavanger, N-4036 Stavanger, NORWAY
Prof. Erdal Cayirci (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036
Stavanger, NORWAY
Gansen Zhao (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036 Stavanger,
NORWAY

xxi


xxii Contributors
Laing Yan (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036 Stavanger,

NORWAY
Kameswari Kotapati (CHAPTER 12), Department of Computer Science and Engineering, The
Pennsylvania State University, University Park, PA 16802
Peng Liu (CHAPTER 12), College of Information Sciences and Technology, The Pennsylvania
State University, University Park, PA 16802
Thomas F. LaPorta (CHAPTER 12), Department of Computer Science and Engineering, The
Pennsylvania State University, University Park, PA 16802
Chunming Rong (CHAPTER(S) 11, 13), Professor, Ph.D., Chair of Computer Science Section,
Faculty of Science and Technology, University of Stavanger, N-4036 Stavanger, NORWAY
Prof. Erdal Cayirci (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036
Stavanger, NORWAY
Gansen Zhao (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036 Stavanger,
NORWAY
Laing Yan (Co-Author) (CHAPTER(S) 11, 13), University of Stavanger, N-4036 Stavanger,
NORWAY


Introduction
Organizations today are linking their systems across enterprise-wide networks and virtual
private networks (VPNs), as well as increasing their exposure to customers, competitors,
browsers and hackers on the Internet.
According to industry analysts, NAC is now the "Holy Grail" of network security, but NAC
isn’t the sole contributor to the booming security market. According to industry analysts,
hackers are inventing new ways to attack corporate networks, and vendors are just as quickly
devising ways to protect against them. Those innovations will continue to push the security
market higher.
First, there’s a real need for enterprise-class security for handheld devices, especially wireless
client devices, such as Wi-Fi VoIP handsets. Second, as the next step in perimeter security,
network IPS is beginning to make the transition from niche security technology to core
network infrastructure. And, finally, enterprises are fed up with viruses, spyware and

malware, and are willing to make significant investments to put a stop to them. Industry
analysts have identified the following trends in the burgeoning security market:
•
•
•
•

Software, hardware appliances and security routers are the preferred security for most
respondents and will continue to be through 2010. Secure routers show the most growth.
Fifty percent of respondents have purchased wireless LAN security products, while
31% said they will buy or are considering buying WLAN security.
The need to block viruses and the fear of hackers are prompting respondents to buy
security products and services en masse.
Increased service reliability is the most important payback respondents expect from
managed security service. Respondents also thought organizations should focus on
core competencies, have access to more advanced technology and have access to better
expertise.

In this book, you will learn how to analyze risks to your networks and the steps needed to
select and deploy the appropriate countermeasures to reduce your exposure to physical and
network threats. This book will enhance the skills and knowledge of practitioners and IT
professionals who need to identify and counter some fundamental security risks and

xxiii


xxiv Introduction
requirements. Practitioners and IT professionals will learn some advanced network security
skills pertaining to network threat identification and prevention. They will also examine
Internet security threats and measures (audit trails IP sniffing/spoofing etc. . . .) and learn how

to implement advanced security policies and procedures. In addition, in this book, you will
also learn how to:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.

Secure UNIX and Linux systems from internal and external threats
Establish authenticated access to local and remote resources

Avoid potential security loopholes by limiting super user privileges
Protect UNIX file systems
Configure tools and utilities to minimize exposure and detect intrusions
Tackle security problems by swapping out insecure software components
Add tools and services to increase security
Create, document and test continuity arrangements for your organization
Perform a risk assessment and Business Impact Assessment (BIA) to identify
vulnerabilities
Select and deploy an alternate site for continuity of mission-critical activities
Identify appropriate strategies to recover the infrastructure and processes
Test and maintain an effective recovery plan in a rapidly changing technology
environment
Detect and respond to vulnerabilities that put your organization at risk using scanners
Employ real-world exploits and evaluate their effect on your systems
Analyze the results of vulnerability scans
Assess vulnerability alerts and advisories
Build a firewall to protect your network
Install and configure proxy-based and stateful-filtering firewalls
Provide access to HTTP and FTP services on the Internet
Implement publicly accessible servers without compromising security
Protect internal IP addresses with NAT and deploy a secure DNS architecture
Identify security threats to your data and IT infrastructure
Recognize appropriate technology to deploy against these threats
Adapt your organization’s information security policy to operational requirements and
assess compliance
Effectively communicate information security issues

In addition, you will also gain the skills needed to secure your UNIX and Linux platforms.
You will learn to use tools and utilities to assess vulnerabilities, detect configurations that
threaten information assurance and provide effective access controls.

You will also learn to identify vulnerabilities and implement appropriate countermeasures to
prevent and mitigate threats to your mission-critical processes. You will learn techniques for