Computer Network Security
www.dbeBooks.com - An Ebook Library
Computer Network Security
Joseph
Migga Rizza
University of Tennessee-Chattanooga
Chattanooga, TN,
U.
S.A.
Joseph Migga Kizza
Department of Computer Science
3 14B
EMCS, University of Tennessee-Chattanooga
6 15
McCallie Avenue
Chattanooga
TN
37403
Library of Congress Cataloging-in-Publication Data
Kizza, Joseph Migga
Computer Network Security
/Joseph Migga Kizza
p.cm.
Includes bibliographical references and index.
ISBN: 0-387-20473-3
(HC)
/
e-ISBN: 0-387-25228-2 (eBK) Printed on acid-free paper.
ISBN-1
3:
978-03872-0473-4

O
2005 Springer Science+Business Media, Inc.
All rights reserved. This work may not be translated or copied in whole or in part without
the written permission of the publisher (Springer SciencetBusiness Media, Inc.,
233
Spring
Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or
scholarly analysis. Use in connection with any form of information storage and retrieval,
electronic adaptation, computer software, or by similar or dissimilar methodology now
know or hereafter developed is forbidden.
The use in this publication of trade names, trademarks, service marks and similar terms,
even if the are not identified as such, is not to be taken as an expression of opinion as to
whether or not they are subject to proprietary rights.
Printed in the United States of America.
987654321
SPIN
109495
1
1
(HC)
/
1
1403890
(eBK)
To
My
Fair Ladies: Immaculate, Josephine, and Florence
Contents
Preface


xix
Part
I:
Understanding Computer Network Security
1
.
Computer Network Fundamentals

3

1.1 Introduction 3
1.2 Computer Network Models

4
1.3 Computer Network Types

5
1.3.1
Local Area Network (LANs)

5
1.3.2
Wide Area Networks (WANs)

6
1.3.3
Metropolitan Area Networks (MANS)

7
1.4

Data Communication Media Technology

8
1.4.1 Transmission Technology

8
1.4.2 Transmission Media

11

1.5 Network Topology 15

1.5.1 Mesh 15

1.5.2 Tree 15
1.5.3 Bus

16

1.5.4 Star 17

1.5.5 Ring 18
1.6 Network Connectivity and Protocols

19

1.6.1 Open System Interconnection (OSI) Protocol Suite 20
1.6.2 Transport Control ProtocoVInternet Protocol (TCPIIP) Model
.
22


1.7 Network Services 26

1.7.1 Connection Services 26
1.7.2 Network Switching Services

27
1.8 Network Connecting Devices

30
1.8.1
LAN Connecting Devices

30
1.8.2 Internetworking Devices

34
1.9 Network Technologies

39
1.9.1 LAN Technologies

39

1.9.2 WAN Technologies 42
1.9.3 Wireless LANs

45

1.10 Conclusion 46


1.1 1 References 46

vlll
Computer
Network
Security
1.12 Exercises

46
1.13 Advanced Exercises

47
2
.
Understanding Network Security

49
2.1 What Is Network Security?

49
2.1.1 Physical Security

50
2.1.2 Pseudosecurity

52
2.2 What are we protecting?

53

2.2.1 Hardware

53
2.2.2 Software

53
2.3 Security Services

54
2.3.1 Access Control

54
2.3.2 Authentication

55
2.3.3 Confidentiality

57
2.3.4 Integrity

58
2.3.5 Non-repudiation

58
2.4 Security Standards

59
2.4.1 Security Standards Based on Type of Sewice/Industry

60


2.4.2 Security Standards Based on Size/Implementation 64
2.4.3 Security Standards Based on Interests

65
2.4.4 Best Practices in Security

67
2.5 Elements of Security

69
2.5.1 The Security Policy

69
2.5.2 Access Control

70
2.5.3 Strong Encryption Algorithms

70
2.5.4 Authentication Techniques

70
2.5.5 Auditing

72
2.6 References

72
2.7 Exercises


72
2.8 Advanced Exercises

73
Part
11:
Security Challenges to Computer Networks
3 .
Security Threats to Computer Networks

77
3.1 Introduction

77
3.2 Sources of Security Threats

79
3.2.1 Design Philosophy

79
3.2.2 Weaknesses in Network Infrastructure and Communication
Protocols

80
Table
of Contents
ix

3.2.3 Rapid Growth of Cyberspace 84

3.2.4 The Growth of the Hacker Community

85

3.2.5 Vulnerability in Operating System Protocol 95

3.2.6 The Invisible Security Threat -The Insider Effect 95

3.2.7 Social Engineering 96
3.2.8 Physical Theft

97
3.3 Security Threat Motives

97

3.3.1 Terrorism 97

3.3.2 Military Espionage 98

3.3.3 Economic Espionage 98

3.3.4 Targeting the National Information Infrastructure 99

3.3.5 VendettaiRevenge 99

3.3.6 Hate (national origin, gender, and race) 100

3.3.7 Notoriety 100


3.3.8 Greed 100

3.3.9 Ignorance 100

3.4 Security Threat Management 100

3.4.1 Risk Assessment 101

3.4.2 Forensic Analysis 101

3.5 Security Threat Correlation 101

3.5.1 Threat Information Quality 102

3.6 Security Threat Awareness 103
3.7 References

104

3.8 Exercises 105

3.9 Advanced Exercises 106
4
.
Computer Network Vulnerabilities

109

4.1 Definition 109


4.2 Sources of Vulnerabilities 109

4.2.1 Design Flaws 110

4.2.2 Poor Security Management 114

4.2.3 Incorrect Implementation 115

4.2.4 Internet Technology Vulnerability 117

4.2.5 Changing Nature of Hacker Technologies and Activities 120

4.2.6 Difficulty of Fixing Vulnerable Systems 122

4.2.7 Limits of Effectiveness of Reactive Solutions 122

4.2.8 Social Engineering 124

4.3 Vulnerability Assessment 126

4.3.1 Vulnerability Assessment Services 126

4.3.2 Advantages of Vulnerability Assessment Services 128
4.4 References

128

4.5 Exercises 129

4.6 Advanced Exercises 129

x
Computer Network Security

5
.
Cyber Crimes and Hackers
131
5.1 Introduction

131
5.2 Cyber Crimes

132
5.2.1 Ways of Executing Cyber Crimes

133
5.2.2 Cyber Criminals

136
5.3 Hackers

137
5.3.1 History of Hacking

138
5.3.2 Types of Hackers

141
5.3.3 Hacker Motives


145
5.3.4 Hacking Topologies

149

5.3.5 Hackers' Tools of System Exploitation 153
5.3.6 Types of Attacks

157
5.4 Dealing with the Rising Tide of Cyber Crimes

158
5.4.1 Prevention

158
5.4.2 Detection

159
5.4.3 Recovery

159
5.5 Conclusion

160
5.6 References

160
5.7 Exercises

162

5.8 Advanced Exercises

162
6
.
Hostile Scripts

163
6.1 Introduction

163
6.2 Introduction to the Common Gateway Interface (CGI)

164
6.3 CGI Scripts in a Three-Way Handshake

165
6.4 Server
-
CGI Interface

167
6.5 CGI Script Security Issues

168
6.6 Web Script Security Issues

170
6.7 Dealing with the Script Security Problems


170
6.8 Scripting Languages

171
6.8.1 Server-Side Scripting Languages

171
6.8.2 Client-Side Scripting Languages

173
6.9 References

175
6.10 Exercises

175
6.1 1 Advanced Exercises

175
7
.
Security Assessment. Analysis. and Assurance

177
7.1 Introduction

177
7.2 System Security Policy

178

7.3 Building a Security Policy

181
Table of Contents
xi

7.3.1 Security Policy Access Rights Matrix 182

7.3.2 Policy and Procedures 185
7.4 Security Requirements Specification

189

7.5 Threat Identification 190

7.5.1 Human Factors 191
7.5.2 Natural Disasters

192

7.5.3 Infrastructure Failures 192

7.6 Threat Analysis 195

7.6.1 Approaches to Security Threat Analysis 196

7.7 Vulnerability Identification and Assessment
197
7.7.1 Hardware


197
7.7.2 Software

197
7.7.3 Humanware

199
7.7.4 Policies, Procedures, and Practices

200

7.8 Security Certification 201

7.8.1 Phases of a Certification Process 201

7.8.2 Benefits of Security Certification 202

7.9 Security Monitoring and Auditing
202

7.9.1 Monitoring Tools 203

7.9.2 Type of Data Gathered 204
7.9.3 Analyzed Information

204

7.9.4 Auditing 205

7.10 Products and Services 205

7.11 References

206

7.12 Exercises 206

7.13 Advanced Exercises 207
Part
111:
Dealing with Network Security Challenges
8
.
Access Control and Authorization
209

8.1 Definitions 209
8.2 Access Rights

210
8.2.1
Access Control Techniques and Technologies

212

8.3 Access Control Systems 218
8.3.1
Physical Access Control

218


8.3.2 Access Cards 218

8.3.3 Electronic Surveillance 219

8.3.4 Biometrics 220

8.3.5 Event Monitoring 223
8.4 Authorization

224
8.4.1 Authorization Mechanisms

225

8.5 Types of Authorization Systems 226

8.5.1 Centralized 226
xii
Computer Network Security

8.5.2 Decentralized 227

8.5.3 Implicit 227

8.5.4 Explicit 227

8.6 Authorization Principles 228
8.6.1 Least Privileges

228


8.6.2 Separation of Duties 228

8.7 Authorization Granularity 229

8.7.1 Fine Grain Authorization 229

8.7.2 Coarse Grain Authorization 229

8.8 Web Access and Authorization 230

8.9 References 231

8.10 Exercises 231

8.1 1 Advanced Exercises 232
9
.
Authentication

233

9.1 Definition 233
9.2 Multiple Factors
and
Effectiveness of Authentication

235

9.3 Authentication Elements 237


9.3.1 Person or Group Seeking Authentication 237
9.3.2 Distinguishing Characteristics for Authentication

237

9.3.3 The Authenticator 238

9.3.4 The Authentication Mechanism 238

9.3.5 Access Control Mechanism 239

9.4 Types of Authentication 239

9.4.1 Non-repudiable Authentication 239

9.4.2 Repudiable Authentication 241

9.5 Authentication Methods 241

9.5.1 Password Authentication 241
9.5.2 Public Key Authentication

245

9.5.3 Remote Authentication 249

9.5.4 Anonymous Authentication 251

9.5.5 Digital Signatures-Based Authentication 251


9.5.6 Wireless Authentication 252

9.6 Developing an Authentication Policy
252
9.7 References

254

9.8 Exercises 255

9.9 Advanced Exercises 255
10
.
Cryptography

257
10.1 Definition

257

10.1.1 Block Ciphers 259
Table
of
Contents
xiii
10.2 Symmetric Encryption

261
10.2.1

Symmetric Encryption Algorithms

262
10.2.2
Problems with Symmetric Encryption

264
10.3 Public Key Encryption

265
10.3.1
Public Key Encryption Algorithms

268
10.3.2 Problems with Public Key Encryption

268
10.3.3 Public Key Encryption Services

269
10.4 Enhancing Security: Combining Symmetric and Public Key
Encryptions

269

10.5 Key Management: Generation, Transportation, and Distribution
269
10.5.1
The Key Exchange Problem


270
10.5.2
Key Distribution Centers (KDCs)

271
10.5.3
Public Key Management

273
10.5.4 KeyEscrow

276
10.6 Public Key Infrastructure
(Pa)

277
10.6.1 Certificates

277
10.6.2 Certificate Authority

278
10.6.3 Registration Authority
(RA)

278
10.6.4 Lightweight Directory Access Protocols (LDAP)

278
10.6.5 Role of Cryptography in Communication


278
10.7 Hash Function

279
10.8 Digital Signatures

280
10.9 References

282
10.10 Exercises

283
10.1 1 Advanced Exercises

283
11
.
Firewalls

285
11.1 Definition

285
1 1.2 Types of Firewalls

289
11.2.1
Packet Inspection Firewalls


289
11.2.2 Application Proxy Server: Filtering Based on
Known Services

295
11.2.3 Virtual Private Network (VPN) Firewalls

300
11.2.4
Small Office or Home (SOHO) Firewalls

301
1 1.2.5
NAT Firewalls

302
11.3 Configuration and Implementation of a Firewall

302
11.4 The Demilitarized Zone (DMZ)

304
11.4.1
Scalability and Increasing Security in a DMZ

306
11.5 Improving Security Through the Firewall

307

11.6 Firewall Forensics

309
11.7 Firewall Services and Limitations

309
1 1.7.1 Firewall Services

3 10
11.7.2 Limitations of Firewalls

310
1 1.8 References

3 11
1 1.9 Exercises

3
12
xiv
Computer Network Security

1 1.10 Advanced Exercises 312

12
.
System Intrusion Detection and Prevention
315

12.1 Definition 315

12.2 Intrusion Detection

316

12.2.1 The System Intrusion Process 316

12.2.2 The Dangers of System Intrusions 318

12.3 Intrusion Detection Systems (IDSs)
319
12.3.1 Anomaly Detection

320
12.3.2 Misuse Detection

322

12.4 Types of Intrusion Detection Systems
323

12.4.1 Network-Based Intrusion Detection Systems (NIDSs) 323

12.4.2 Host-Based Intrusion Detection Systems (HIDSs) 330

12.4.3 The Hybrid Intrusion Detection System 332

12.5 The Changing Nature of IDS Tools
333

12.6 Other Types of Intrusion Detection Systems

333
12.6.1
System Integrity Verifiers (SIVs)

333

12.6.2 Log File Monitors (LFMs) 334
12.6.3 Honeypots

334

12.7 Response to System Intrusion
336

12.7.1 Incident Response Team 336
12.7.2 IDS Logs as Evidence

337
12.8 Challenges to Intrusion Detection Systems

337

12.8.1 Deploying IDS in Switched Environments 338
12.9 Implementing an Intrusion Detection System

339
12.10 Intrusion Prevention Systems (IPS)

339


12.10.1 Network-Based Intrusion Prevention Systems (NIPSs)
340

12.10.2 Host-Based Intrusion Prevention Systems (HIPSs)
341

12.1 1 Intrusion Detection Tools
343

12.12 References 344

12.13 Exercises 345

12.14 Advanced Exercises 346

.
13
Computer and Network Forensics
347

13.1 Definition 347

13.2 Computer Forensics 349

13.2.1 History of Computer Forensics 349

13.2.2 Elements of Computer Forensics 350

13.2.3 Investigative Procedures 352


13.2.4 Analysis of Evidence 360

13.3 Network Forensics 367

13.3.1 Intrusion Analysis 368
Table
of
Contents
xv
13.3.2 Damage Assessment

374
13.4 Forensics Tools

374
13.4.1
Computer Forensics Tools

375

13.4.2 Network Forensics Tools 381

13.5 References 383
13.6 Exercises

384

13.7 Advanced Exercises 384
14
.

Virus and Content Filtering

387
14.1 Definition

387
14.2 Scanning. Filtering. and Blocking

387
14.2.1 Content Scanning

388

14.2.2 Inclusion Filtering 389

14.2.3 Exclusion Filtering 389
14.2.4 Other Types of Content Filtering

390

14.2.5 Location of Content Filters 391
14.3 Virus Filtering

393
14.3.1 Viruses

393

14.4 Content Filtering 402


14.4.1 Application Level Filtering 402
14.4.2 Packet Level Filtering and Blocking

404

14.4.3 Filtered Material 406
14.5 Spam

407

14.6 References 409

14.7 Exercises 410

14.8 Advanced Exercises 410
15
.
Security Evaluations of Computer Products

411
15.1 Introduction

411

15.2 Security Standards and Criteria
412
15.3 The Product Security Evaluation Process

412


15.3.1 Purpose of Evaluation 413
15.3.2 Criteria

413

15.3.3 Process of Evaluation 414

15.3.4 Structure of Evaluation 415

15.3.5 Outcomes/Benefits 416

15.4 Computer Products Evaluation Standards
416

15.5 Major Evaluation Criteria 417
15.5.1 TheOrangeBook

417

15.5.2 U.S. Federal Criteria 420
15.5.3 Information Technology Security Evaluation

Criteria (ITSEC) 421
xvi
Computer Network Security
15.5.4 The Trusted Network Interpretation
(TNI):
The Red Book
.
421

15.5.5 Common Criteria (CC)

422
15.6 Does Evaluation Mean Security?

422
15.7 References

422
15.8 Exercises

423
15.9 Advanced Exercises

423
16
.
Computer Network Security Protocols and Standards

425
16.1 Introduction

425
16.2 Application Level Security

426
16.2.1 Pretty Good Privacy (PGP)

426
16.2.2

Secure/Multipurpose Internet Mail Extension (SIMIME)

429
16.2.3 Secure-H?TP (S-HTTP)

430
16.2.4 Hypertext Transfer Protocol over Secure Socket Layer
(ms)

434

16.2.5 Secure Electronic Transactions (SET) 435
16.2.6 Kerberos

437
16.3 Security in the Transport Layer

440
16.3.1 Secure Socket Layer (SSL)

441
16.3.2 Transport Layer Security (TLS)

444
16.4 Security in the Network Layer

446
16.4.1 Internet Protocol Security (IPSec)

446

16.4.2 Virtual Private Networks (VPNs)

451
16.5 Security in the Link Layer and over LANS

456
16.5.1 Point-to-Point Protocol (PPP)

456
16.5.2 Remote Authentication Dial-In User Service (RADIUS)

457
16.5.3 Terminal Access Controller Access Control System
(TACACS+
)

459
16.6 References

460
16.7 Exercises

460
16.8 Advanced Exercises

461
17
.
Security in Wireless Networks and Devices


463
17.1 Introduction

463

17.2 Cellular Wireless Communication Network Infrastructure 464

17.2.1 Development of Cellular Technology 467
17.2.2 Limited and Fixed Wireless Communication Networks

472

17.3 Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi) 474
17.3.1
WLAN (Wi-Fi) Technology

475

17.3.2 Mobile
IP
and Wireless Application Protocol (WAP) 475
17.4 Standards for Wireless Networks

478
17.4.1 The
IEEE
802.1 1

480
17.4.2 Bluetooth


480
Table
of
Contents
xvii

17.5 Security in Wireless Networks
482

17.5.1 WLANs Security Concerns 483
17.5.2 Best Practices for Wi-Fi Security Problems

489

17.5.3 Hope on the Horizon for WEP 491
17.6 References

491
17.7 Exercises

492
17.8 Advanced Exercises

493
18 .
Other Efforts to Secure Information and
Computer Networks

495

18.1 Introduction

495

18.2 Legislation 496

18.3 Regulation 496
18.4 Self-Regulation

497
18.4.1 Hardware-Based Self-Regulation

497

18.4.2 Software-Based Self-Regulation 498

18.5 Education 499

18.5.1 Focused Education 500

18.5.2 Mass Education 500

18.6 Reporting Centers 501

18.7 Market Forces 502
18.8 Activism

502

18.8.1 Advocacy 502

18.8.2 Hotlines

503

18.9 References 503

18.10 Exercises 504

18.1 1 Advanced Exercises 505
19
.
Looking Ahead
.
Security Beyond Computer Networks
507
19.1 Introduction

507

19.2 Collective Security Initiatives and Best Practices
508
19.2.1
The U.S. National Strategy to Secure Cyberspace

508
19.2.2
Council of Europe Convention on Cyber Crime

509
19.3 References


510
xviii
Part
IV:
Projects
Computer Network Security
20
.
Projects

513
20.1 Introduction

513
20.2 Part
I:
WeeklyEiiweekly Laboratory Assignments

513
20.3 Part
11:
Semester Projects

5
17
20.4 Part
111:
Research Projects


524
Index

529
Preface
The frequency of computer network attacks and the subsequent
sensational news reporting have alerted the public to the vulnerability
of computer networks and the dangers of not only using them but also
of depending on them. In addition, such activities and reports have put
society in a state of constant fear always expecting the next big one and
what it would involve, and forced people to focus on security issues.
The greatest fear among professionals however, is that of a public with
a hundred percent total dependency on computers and computer
networks becoming desensitized, having reached a level where they are
almost immune, where they no longer care about such
fears. If this
ever happens, we the professionals, and society in general, as creators
of these networks, will have failed to ensure their security.
Unfortunately, there are already signs that this is beginning to
happen. We are steamrolling at full speed into total dependency on
computers and computer networks, yet despite the multiplicity of
sometimes confusing security solutions and best practices on the
market, numerous security experts and proclaimed good intentions of
implementation of these solutions, there is no one agreed on approach
to the network security problem. In fact, if the current computer
ownership, use, and dependency on computers and computer network
keep on track, the number of such attacks is likewise going to keep
rising at probably the same rate if not higher. Likewise the national
critical infrastructures will become more intertwined than they are now,
making the security of these systems a great priority for national and

individual security.
The picture we have painted here of total dependency worries many,
especially those in the security community. Without a doubt security
professionals are more worried about computer system security and
information security than the average computer user because they are
the people in the trenches on the forefront of the system security battle,
just as soldiers in a war might worry more about the prospects of a
successful outcome than would the general civilian population. They
are worried more because they know that whatever quantity of
resources we have as a society, we are not likely to achieve perfect
security because security is a continuous process based on a changing
technology. As the technology changes, security parameters, needs,
requirements, and standards change.We are playing a catch up game
whose outcome is uncertain and probably un-winnable.There are
several reasons for this.
First, the overwhelming number of computer network
vulnerabilities are software based resulting from either application or
Computer Network Security
system software. As anyone with a first course in software engineering
will tell you, it is impossible to test out all bugs in a software product
with billions of possible outcomes based on just a few inputs. So unlike
other branches of product engineering such as car and airplane
manufacturing, where one can test all possible outcomes from any given
inputs, it is impossible to do this in software. This results in an
unknown number of bugs in every software product. Yet the role of
software as the engine that drives these networks is undisputable and
growth of the software industry is only in its infancy.
Second, there is more computer proliferation and dependence on
computers and computer networks. As more people join cyberspace,
more system attacks are likely. This is evidenced in the recent spree of

cyber attacks. The rate of cyber vandalism both reported and unreported
is on the rise. Organized attacks such as "Solar Sunrise" on Defense
Department computers in February 1998, and computer viruses such as
Melissa, "I LOVE" and the "Blaster" and "Sobig" worms are
increasing. According to Carnegie Mellon University's CERT
Coordination Center, a federally funded emergency response team, the
number of security incidents handled by CERT was on the rise from
1,334 in 1993 to 82,094 by the end of 2002.
Third, it is extremely difficult to find a suitable security solution
although there are thousands of them, some very good and others not
worth mentioning. In the last several years, as security issues and
frequent system attacks have hit the news, there has been a tremendous
response from security firms and individuals to develop security
solutions and security best practices. However, as the number of
security solutions skyrocketed so did the confusion among security
experts on the best solutions for given situations.
Fourth, as in the case of security solutions, there has been an
oversupply of security experts, which is good in a situation where we
have more security problems on the rise. However, the more security
experts you get, the more diverse their answers become on security
issues. It is almost impossible to find two security experts agreeing on
the same security issues. This, together with the last concern, create a
sea of confusion.
When all these factors are put in place, the picture we get is a
gloomy one. It indicates, even in light of massive efforts
since
September 11, 2001, and the numerous security solutions and security
experts, that we still have a poor state of cyberspace security, and
that the cyberspace resources are as vulnerable as ever, if not more so.
For example, the cyberspace infrastructure and communication

protocols are still inherently weak; there are no plans to educate the
average user in cyberspace to know the computer network
infrastructure, its weaknesses and vulnerabilities and how to fix them,
while our dependency on computers has not abetted; in fact it is on the
Preface
xxi
rise. Although we have a multitude of solutions, these solutions are for
already known vulnerabilities. Security history has shown us that
hackers do not always use existing scripts. Brand new attack scripts are
likely to continue, yet the only known remedy mechanisms and
solutions to the problem are patching loopholes after an attack has
occurred. Finally, although there are efforts to streamline reporting,
much of the effort is still voluntary.
More efforts and massive awareness, therefore, are needed to bring
the public to where they can be active participants in the fight for
cyberspace security. Although there has been more movement in
security awareness since the September
11,
2001
attacks on America,
thanks to the Department of Homeland Security and the President's
Critical Infrastructure Initiative, our task of educating the public and
enlisting their help is just beginning.
This book, a massive and comprehensive volume, is intended to
bring maximum awareness of cyberspace security, in general and
computer network security
,
in particular, and to suggest ways to deal
with the security situation. It does this comprehensively in four parts
and twenty chapters. Part I gives the reader an understanding of the

working of and the security situation of computer networks. Part I1
builds on this knowledge and exposes the reader to the prevailing
security situation based on a constant security threat. It surveys several
security threats. Part 111, the largest, forms the core of the book and
presents to the reader most of the best practices and solutions that are
currently in use. Part IV is for projects. In addition to the solutions,
several products and services are given for each security solution
under discussion.
In summary the book attempts to achieve the following objectives:
1
Educate the public about computer security in general
terms and computer network security in particular,
with reference to the Internet,
2
Alert the public to the magnitude of computer
network vulnerabilities, weaknesses, and loopholes
inherent in the computer network infrastructure
3
Bring to the public attention effective security best
practices and solutions, expert opinions on those
solutions, and the possibility of ad-hoc solutions
4
Look at the roles legislation, regulation, and
enforcement play in computer network security
efforts
5
Finally, initiate a debate on the future of cyberspace
security where it is still lacking.
Computer Network Security
Since the book covers a wide variety of security topics, solutions,

and best practices, it is intended to be both a teaching and a reference
tool for all interested in learning about computer network security
issues and available techniques to prevent cyber attacks. The depth
and thorough discussion and analysis of most of the computer network
security issues, together with the discussion of security solutions given,
makes the book a unique reference source of ideas for computer
network security personnel, network security policy makers, and
those reading for leisure. In addition the book provokes the reader by
raising valid legislative, legal, social, and ethical security issues
including the increasingly diminishing line between individual privacy
and the need for collective and individual security.
The book targets college students in computer science, information
science, technology studies, library sciences, engineering, and to a
lesser extent students in the arts and sciences who are interested in
information technology. In addition, students in information
management sciences will find the book particularly helpful.
Practitioners, especially those working in information-intensive areas,
will likewise find the book a good reference source. It will also be
valuable to those interested in any aspect of cyberspace security and
those simply wanting to become cyberspace literate.
Joseph Migga Kizza
Chattanooga, Tennessee
Part
I
Understanding Computer Network
Security
Computer Network
Fundamentals
1.1
Introduction

The basic ideas in all communications is that there must be three
ingredients for the communication to be effective. First there must be
two entities, dubbed a sender and a receiver. These two must have
something they need to share. Second, there must be a medium through
which the sharable item is channeled. This is the transmission medium.
Finally, there must be an agreed on set of communication rules or
protocols. These three apply in every category or structure of
communication.
In this chapter we are going to focus on these three components
in a computer network. But what is a computer network? A computer
network is a distributed system consisting of loosely coupled computers
and other devices. Any two of these devices, which we will from now
on refer to as
network elements
or
transmitting elements,
without loss
of generality, can communicate with each other through a
communications medium. In order for these connected devices to be
considered a communicating network, there must be a set of
communicating rules or protocols each device in the network must
follow to communicate with another in the network. The resulting
combination consisting of hardware and software is a computer
communication network, or computer network in short. Figure
1.1
shows a computer network.
The hardware component is made of network elements consisting
of a collection of nodes that include the end systems commonly called
hosts, intermediate switching elements that include hubs, bridges,
routers, and gateways that, without loss of generality, we will call

network elements.
Network elements may own resources individually, that is locally,
or globally. Network software consists of all application programs
and network protocols that are used to synchronize, coordinate, and
bring about the sharing and exchange of data among the network
elements. Network software also makes the sharing of expensive
resources in the network possible. Network elements, network software,
and users all work together so that individual users get to exchange
messages and
share resources on other systems that are not readily
Computer Network Security
available locally. The network elements, together with their resources,
may be of diverse hardware technologies and the software may be as
different as possible, but the whole combination must work together in
unison.
Laptop computer Work tation
B
IB
compatible
r
Laser printer
Laptop computer
Figure
1.1
A
Computer Network
Internetworking technology enables multiple, diverse underlying
hardware technologies, and different software regimes to interconnect
heterogeneous networks and bring them to communicate smoothly. The
smooth working of any computer communication network is achieved

through the low-level mechanisms provided by the network elements
and high-level communication facilities provided by the software
running on the communicating elements. Before we discuss the working
of these networks, let us first look at the different types of networks.
1.2
Computer Network Models
There are several configuration models that form a computer
network. The most common of these are the centralized and distributed
models. In a centralized model, several computers and devices are
interconnected and can talk to each other. However, there is only one
central computer, called the master, through which all correspondence
must go. Dependent computers, called surrogates, may have reduced
local resources, like memory, and sharable global resources are
controlled by the master at the center. Unlike the centralized model,
however, the distributed network consists of loosely coupled computers
interconnected by a communication network consisting of connecting
Computer Network Fundamentals
5
elements and communication channels. The computers themselves may
own their resources locally or may request resources from a remote
computer. These computers are known by
a
string of names, including
host, client, or node. If a host has resources that other hosts need, then
that host is known as a serve. Communication and sharing of resources
are not controlled by the central computer but are arranged between
any two communicating elements in the network. Figure
1.2
(a) and (b)
show a centralized network model and a distributed network model

respectively.
/
\
\
Surrogate Printer
Surrogate
Computer
*rogate Laptop Surrogate Compl
Figure
1.2
(a) A Centralized Network Model
1.3
Computer Network Types
Computer networks come in different sizes. Each network is a
cluster of network elements and their resources. The size of the cluster
determines the network type. There are, in general, two main network
types: the local area network (LAN) and a wide area network (WAN).
1.3.1
Local
Area
Network
(LAN)
A
computer network with two or more computers or clusters of
network and their resources connected by a communication medium
sharing communication protocols, and confined in a small geographical
area such as a building floor, a building, or a few adjacent buildings, is
called a local area network (LAN). The advantage of a LAN is that all
network elements are close together so the communication links
maintain a higher speed of data movement. Also, because of the

Computer Network Security
proximity of the communicating elements, high-cost and quality
communicating elements can be used to deliver better service and high
reliability. Figure
1.3
shows a LAN network.
Computer
1
/
Mac II
Laptop computer
Figure
1.2
(b)
A
Distributed Network Model
1.3.2
Wide Area Networks (WANs)
A
wide area network (WAN), on the other hand, is a network made
up of one or more clusters of network elements and their resources but
instead of being confined to a small area, the elements of the clusters or
the clusters themselves are scattered over a wide geographical area like
in a region of a country, or across the whole country, several countries,
or the entire globe like the Internet for example. Some advantages of a
WAN include distributing services to a wider community and
availability of a wide array of both hardware and software resources
that may not be available in a LAN. However, because of the large
geographical areas covered by WANs, communication media are slow
and often unreliable. Figure

1.4
shows a WAN network.