ENGINEERING
INFORMATION
SECURITY
IEEE Press
445 Hoes Lane
Piscataway, NJ 08854
IEEE Press Editorial Board
Lajos Hanzo, Editor in Chief
R. Abari M. El-Hawary S. Nahavandi
J. Anderson B. M. Hammerli W. Reeve
F. Canavero M. Lanzerotti T. Samad
T. G. Croda O. Malik G. Zobrist
Kenneth Moore, Director of IEEE Book and Information Services (BIS)
IEEE PRESS SERIES ON INFORMATION & COMMUNICATION
NETWORKS SECURITY
SERIES EDITOR
Stamatios Kartalopoulos
Security of Information and Communication Networks
Stamatios Kartalopoulos
Engineering Information Security: The Application of Systems Engineering
Concepts to Achieve Information Assurance
Stuart Jacobs
ENGINEERING
INFORMATION SECURITY
The Application of Systems
Engineering Concepts to
Achieve Information
Assurance
Stuart Jacobs

Copyright Ó 2011 by Institute of Electrical and Electronics Engineers. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as
permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy
fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400,
fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission
should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken,
NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at />Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or completeness of
the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a
particular purpose. No warranty may be created or extended by sales representatives or written sales materials.
The advice and strategies contained herein may not be suitable for your situation. You should consult with a
professional whereappropriate. Neither thepublishernor authorshallbe liable for any loss ofprofit or any other
commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at
(317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic formats. For more information about Wiley products, visit our web site
at www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Jacobs, Stuart.
Engineering information security: The application of systems engineering concepts to achieve information
assurance / Stuart Jacobs.
p. cm.
ISBN 978-0-470-56512-4 (hardback)
1. Computer security. 2. Computer networks–Security measures. 3. Information technology–Security

measures. 4. Data protection. I. Title.
QA76.9.A25J325 2010
005.8–dc22
2010028408
oBook ISBN: 978-0-470-94791-3
ePDF ISBN: 978-0-470-94783-8
ePub ISBN: 978-1-118-00901-7
Printed in Singapore.
10987654321
This book is dedicated to my wife, Eileen, for her
patience with my spending so much time at the keyboard
rather than with her.

CONTENTS
Preface and Acknowledgments xxiii
1 WHAT IS SECURITY? 1
1.1 Introduction 1
1.2 The Subject of Security 2
1.2.1 Branches of Security 2
1.2.2 Defining Security by Function 5
1.2.2.1 Risk Avoidance 5
1.2.2.2 Deterrence 5
1.2.2.3 Prevention 6
1.2.2.4 Detection 7
1.2.2.5 Recovery 7
1.2.3 The Common Body of Knowledge (CBK) Security Domains 7
1.2.3.1 Access Control Systems and Methodology 8
1.2.3.2 Application and Systems Development Security 9
1.2.3.3 Business Continuity Planning and
Disaster Recovery Planning 10

1.2.3.4 Cryptography 10
1.2.3.5 Information Security and Risk Management 11
1.2.3.6 Legal, Regulations, Compliance, and Investigations 11
1.2.3.7 Operations Security 12
1.2.3.8 Physical Security 13
1.2.3.9 Security Architecture and Models 14
1.2.3.10 Telecommunications and Network Security 14
1.2.3.11 CBK Summary 15
1.3 A Twenty-First Ce ntury Tale 15
1.3.1 The Actors 15
1.3.1.1 Bob’s Story 15
1.3.1.2 Carol’s Story 16
1.3.1.3 Alice’s Story 17
vii
1.3.2 What Actually Occurred 17
1.3.3 How Could All This Have Been Prevented? 19
1.3.4 They Did Not Live Happily Ever After 20
1.4 Why are You Important to Computer Security? 21
1.4.1 What are the Threats to Your Computer? 22
1.4.2 As a User, What to Do? 23
1.5 End of the Beginning 23
1.6 Chapter Summary 25
1.7 Further Reading and Resources 26
1.8 Questions 26
1.9 Exercises 27
2 SYSTEMS ENGINEERING 29
2.1 So What Is Systems Engineering? 29
2.1.1 SIMILAR Systems Engineering Process 30
2.1.1.1 Stating the Problem 32
2.1.1.2 Investigate Alternatives and Model the System 33

2.1.1.3 Develop/Integrate 34
2.1.1.4 Launch the System 35
2.1.1.5 Assess Performance 36
2.1.1.6 Re-evaluate 36
2.1.2 Another Systems Engineering View 36
2.1.3 Process Variations 37
2.2 Process Management 37
2.2.1 ISO 9000 Processes and Procedures 39
2.2.2 Capability Maturity Model (CMM) 41
2.3 Organization Environments 44
2.3.1 Economic, Legal, and Political Contexts 44
2.3.1.1 Regulations/Legislation 45
2.3.1.2 Market-Based Regulations 47
2.3.1.3 Technology Evolution 48
2.3.1.4 Customer Demands and Expectations 49
2.3.1.5 Legal Liability 49
2.3.1.6 Competition 49
2.3.1.7 Terrorism and Cyber Crime 49
2.3.2 Business/Organizational Types 50
2.3.2.1 Commercial 51
viii CONTENTS
2.3.2.2 Residential 51
2.3.2.3 Governments 52
2.3.2.4 Nongovernmental Organizations (NGOs) 54
2.3.3 National Critical Infrastructure 54
2.4 Chapter Summary 56
2.5 Further Reading and Resources 57
2.6 Questions 57
2.7 Exercises 58
3 FOUNDATION CONCEPTS 59

3.1 Security Concepts and Goals 60
3.1.1 Subjects and Objects 61
3.1.2 What Is Trust? 61
3.1.3 Domains, Security, and Trust 62
3.1.4 Security Goals/Objectives 63
3.1.5 X.800 Security Services 65
3.1.5.1 Authentication 65
3.1.5.2 Access Control 66
3.1.5.3 Confidentiality 66
3.1.5.4 Data Integrity 66
3.1.5.5 Non-Repudiation 67
3.1.6 A Modern Definition of Security Services 67
3.1.6.1 Authentication 68
3.1.6.2 Authorization 68
3.1.6.3 Integrity 68
3.1.6.4 Availability 69
3.1.6.5 Accountability 71
3.1.6.6 Privacy as a Security Service 72
3.1.6.7 Service Mapping and Application of Services 72
3.2 Role of Cryptology in Information Security 79
3.2.1 Cryptographic Hash Algorithms 80
3.2.2 Encryption Algorithms 82
3.2.2.1 Symmetric Encryption 82
3.2.2.2 Asymmetric Encryption 87
3.2.2.3 Encryption Algorithm Performance 90
3.2.3 Cryptanalysis and Other Key Issues 95
3.2.3.1 Cryptanalysis 95
CONTENTS ix
3.2.3.2 Key Randomness 98
3.2.3.3 Key Protection 100

3.2.4 Key Management 100
3.2.4.1 Diffie–Hellmann Key Distribution 102
3.2.5 Cryptographic Authentication 104
3.2.5.1 Challenge-Response Technique 105
3.2.5.2 Message Authentication Code Technique 108
3.2.5.3 Digital Signature Authentication Technique 110
3.3 Key Management Revisited 111
3.4 Chapter Summary 113
3.5 Further Reading and Resources 113
3.6 Questions 114
3.7 Exercises 117
4 AUTHENTICATION OF SUBJECTS 119
4.1 Authentication Systems 119
4.1.1 Kerberos-Based Authentication 120
4.1.2 Public-Key Infrastru cture 124
4.1.2.1 X.509 Digital Certificates 125
4.1.2.2 Certificate Authority Hierarchies 126
4.1.2.3 Certificate Generation Requests 133
4.1.2.4 PKI Component Deployment 136
4.1.2.5 Digital Certificate Revocation and
Status Verification 138
4.1.2.6 Certificate Verification 138
4.1.3 Remote Authentication Dial-in User Service 141
4.1.4 Diameter 145
4.1.5 Secure Electronic Transactions (SET) 146
4.1.6 Authentication Systems Summary 150
4.2 Human Authentication 150
4.2.1 What the Subject Has Factor 151
4.2.2 What the Subject Knows Factor 151
4.2.3 What the Subject Is Factor 153

4.2.4 Where the Subject Is Factor 153
4.2.5 Combinations of Factors 153
4.2.6 Example Detailed Security Requirem ents
for Identification and Authentication 154
x CONTENTS
4.2.7 Proxies for Humans 156
4.2.7.1 Operating Systems 156
4.2.7.2 User Agents 157
4.2.7.3 Single Sign-On (SSO) 157
4.2.7.4 Identity Management (IdM) 159
4.3 Chapter Summary 163
4.4 Further Reading and Resources 163
4.5 Questions 164
4.6 Exercises 166
5 SECURITY SYSTEM S ENGINEERING 167
5.1 Security Policy Development 168
5.2 Senior Management Oversight and Involvement 168
5.3 Security Process Management and Standards 168
5.3.1 ISO 27002 170
5.3.1.1 Establishing Organizational Security Policy
(Section 5) 170
5.3.1.2 Organizational Security Infrastructure (Section 6) 171
5.3.1.3 Asset Classification and Control (Section 7) 173
5.3.1.4 Personnel Security (Section 8) 174
5.3.1.5 Physical and Environmental Security (Section 9) 176
5.3.1.6 Communications and Operations Management
(Section 10) 177
5.3.1.7 Access Controls (Section 11) 178
5.3.1.8 Information Systems Acquisition, Development, and
Maintenance (Section 12) 179

5.3.1.9 Information Security Incident Management
(Section 13) 180
5.3.1.10 Business Continuity Management (Section 14) 181
5.3.1.11 Compliance (Section 15) 181
5.3.1.12 ISO 27002 Summar y 183
5.3.2 ISO 27001 183
5.3.3 An Enterprise Security Policy Example 185
5.4 Information Security Systems Engineering Methodology 185
5.4.1 Existing Asset Inventory and Classification 187
5.4.1.1 Physical Assets 187
5.4.1.2 Logical Assets 188
5.4.1.3 Conceptual Assets 188
CONTENTS xi
5.4.2 Vulnerabilities, Threats, and Risk 189
5.4.2.1 Asset Vulnerabilities 190
5.4.2.2 Organization Threat Profile(s) 200
5.4.3 Risk Management 210
5.4.3.1 Risk Mitigation 211
5.4.3.2 Risk Assignment 218
5.5 Requirements Analysis and Decomposition 218
5.6 Access Control Concepts 221
5.6.1 Subjects, Objects, and Access Operations 222
5.6.2 Access Control Structures 223
5.6.3 Access Control Lists 223
5.6.4 Capability Lists 224
5.6.5 Administrative Tasks in Access Control Methods 225
5.6.5.1 Groups and Permissions 225
5.6.5.2 Protection Rings 226
5.6.6 Role-Based Access Control (RBAC) 227
5.7 Security Modeling and Security-Related Standards 228

5.7.1 Confidentiality Policies and Integrity Policies 228
5.7.2 Bell–LaPadula Model 230
5.7.3 Harrison–Ruzzo–Ullman Extensions to BLP 231
5.7.4 Chinese Wall Model 231
5.7.5 Biba Model 232
5.7.6 Clark–Wilson Model 232
5.7.7 Security Model Summary 235
5.7.8 Security Standards 235
5.7.8.1 Public-Key Cryptography Standards 236
5.7.8.2 Third-Generation Partnership Project 236
5.7.8.3 Third-Generation Partnership Project 2 238
5.7.8.4 Alliance for Telecommunications Industry Solutions 238
5.7.8.5 Cable Television Laboratories, Inc. 239
5.7.8.6 European Telecommunications Standards Institute 239
5.7.8.7 International Organization for Standardization 239
5.7.8.8 ITU Telecommunication Standardization Sector 239
5.7.8.9 Internet Engineering Task Force 240
5.7.8.10 Object Management Group 240
5.7.8.11 Organization for the Advancement of Structured
Information Standards 241
5.7.8.12 Parlay Group 241
5.7.8.13 TeleManagement Forum 241
xii CONTENTS
5.7.8.14 World Wide Web Consortium 241
5.8 Chapter Summary 242
5.9 Questions 243
5.10 Exercises 246
6 TRADITIONAL NETWORK CONCEPTS 249
6.1 Networking Architectur es 249
6.1.1 OSI Network Model 250

6.1.2 Internet Network Model 252
6.2 Types of Networks 254
6.2.1 Local Area Network (LAN) 255
6.2.2 Wireless LAN (WLAN) 256
6.2.3 Metropolitan Area Networks (MAN) 256
6.2.4 Wide Area Networks (WAN) 257
6.2.5 The Internet 259
6.3 Network Protocols 259
6.3.1 Layer 1—Physical 260
6.3.2 Layer 2—Data Link Protocols 260
6.3.2.1 Ethernet 261
6.3.2.2 Virtual Ethernets 262
6.3.2.3 Wireless Networking 264
6.3.2.4 MultiProtocol Label Switching 265
6.3.2.5 Asynchronous Transfer Mode and Frame Relay 267
6.3.2.6 Digital Subscriber Lines 268
6.3.2.7 Optical Networking 269
6.3.2.8 Security in Data Link Layer Protocols 273
6.3.3 Layer 3—Internetworking Layer Protocols 276
6.3.3.1 Address Resolution Protocol 277
6.3.3.2 IP Version 4 278
6.3.3.3 Internet Control Management Protocol 283
6.3.3.4 IPv4 Fragmentation and Related Attacks 285
6.3.3.5 IP Version 6 287
6.3.3.6 Security in Internetworking Layer Protocols 290
6.3.3.7 Example Detailed Security Requirements
for Layer 3 292
6.3.4 Layer 4—Transport 292
6.3.4.1 Transmission Control Protocol 292
CONTENTS xiii

6.3.4.2 User Datagram Protocol 294
6.3.4.3 Stream Control Transmission Protocol 297
6.3.4.4 Open Shortest Path First 298
6.3.4.5 Security in Transport Layer Protocols 300
6.3.4.6 Example Detailed Security Requirements
for Layer 4 302
6.3.5 Layer 5—User Application Protocols 302
6.3.5.1 Initial Internet User Application Protocols 303
6.3.5.2 HyperText Transfer Protocol 303
6.3.5.3 X Windows 305
6.3.5.4 eXtensible Markup Language 305
6.3.5.5 Security in User Application Protocols 308
6.3.5.6 Example Detailed Security Requirements
for Layer 5 User Application Protocols 308
6.3.6 Layer 5—Signaling and Control Application Protocols 310
6.3.6.1 MPLS Signaling Protocols 310
6.3.6.2 Border Gateway Protocol 312
6.3.6.3 Mobile IP Routing 312
6.3.6.4 Dynamic Host Configuration Protocol 316
6.3.6.5 Network Time Protocols 318
6.3.6.6 Domain Name System 319
6.3.6.7 Lightweight Directory Access Protocol 320
6.3.6.8 Active Directory 321
6.3.6.9 Security in Signaling and Control Application
Protocols 323
6.3.6.10 Example Detailed Security Requirements for Layer 5
Signaling and Control Application Protocols 323
6.3.7 Layer 5—Management Application Protocols 323
6.3.7.1 Simple Network Management Protocol 327
6.3.7.2 Customer Premise Equipment WAN

Management Protocol 329
6.3.7.3 Remote Monitoring 329
6.3.7.4 Security in Management Application Protocols 329
6.3.7.5 Example Detailed Security Requirements for
Layer 5 Management Application Protocols 331
6.4 Chapter Summary 332
6.5 Further Reading and Resources 332
6.6 Questions 332
6.7 Exercises 334
xiv CONTENTS
7 NEXT-GENERATION NETWORKS 335
7.1 Framework and Topology of the NGN 336
7.1.1 Functional Entities and Groups 336
7.1.2 Domains 337
7.1.2.1 Customer Domain 338
7.1.2.2 SP Access Domain 338
7.1.2.3 SP Core/Services Domain 338
7.1.3 Interfaces 338
7.1.4 Protocol Layers, Functional Planes, and Interfaces 340
7.2 The NGN Functional Reference Model 343
7.2.1 Strata 344
7.2.2 Management Functional Group 344
7.2.3 Application Functional Group 345
7.2.4 The Transport Stratum 345
7.2.5 The Service Stratum 348
7.2.6 The Service Stratum and the IP Multimedia
Subsystem (IMS) 349
7.3 Relationship between NGN Transport and Service Domai ns 351
7.4 Enterprise Role Model 353
7.5 Security Allocation within the NGN Transport

Stratum Example 356
7.6 Converged Network Management (TMN and eTOM) 357
7.7 General Network Security Architectures 364
7.7.1 The ITU-T X.800 Generic Architecture 365
7.7.2 The Security Frameworks (X.810-X.816) 366
7.7.3 The ITU-T X.805 Approach to Security 366
7.8 Chapter Summary 368
7.9 Further Reading and Resources 368
7.10 Exercises 370
8 GENERAL COMPUTER SECURITY ARCHITECTURE 371
8.1 The Hardware Protects the Softwa re 372
8.1.1 Processor States and Status 373
8.1.1.1 Protection on the Motorola 68000 373
8.1.1.2 Protection on the Intel 80386/80486 374
CONTENTS xv
8.1.2 Memory Management 374
8.1.2.1 Fence 375
8.1.2.2 Relocation 375
8.1.2.3 Base/Bounds Registers 376
8.1.2.4 Segmentation 378
8.1.2.5 Pagin g 380
8.1.2.6 Combining Segmentation and
Paging (Virtual Memory) 381
8.1.3 Interruption of Processor Activity 382
8.1.4 Hardware Encryption 383
8.1.4.1 Hardware Securit y Modules 383
8.1.4.2 Hardware Acceleration Cards 384
8.1.4.3 Hardware Acceleration USB Devices 385
8.1.4.4 Smartcards 385
8.2 The Software Protects Information 386

8.3 Element Security Architecture Description 388
8.3.1 The Kernel 391
8.3.2 Security Contexts 392
8.3.3 Security-Critical Functions 394
8.3.3.1 Security Policy Decision Function (SPDF) 394
8.3.3.2 Authentication Function 395
8.3.3.3 Audit Function 395
8.3.3.4 Process Scheduling Function 396
8.3.3.5 Device Management Functions and
Device Controllers 396
8.3.4 Security-Related Functions 397
8.4 Operating System (OS) Structure 397
8.4.1 Security Management Function 399
8.4.2 Networking Subsystem Function 399
8.5 Security Mechanisms for Deployed Operating Systems (OSs) 399
8.5.1 General Purpose (GP) OSs 400
8.5.1.1 Hardware Mechani sms for GP OS Usage 400
8.5.1.2 Software Functional Entities for General
Purpose (GP) OS Contexts 400
8.5.2 Minimized General Purpose Operating Systems 402
8.5.2.1 Hardware Mechani sms for
Minimized GP OS Usage 413
8.5.2.2 Software Mechanisms for
Minimized GP OS Usage 413
xvi CONTENTS
8.5.3 Embedded (“Real-Time”) Operating Systems 413
8.5.3.1 Hardware Mechani sms for Embedded OS Usage 413
8.5.3.2 Software Mechanisms for Embedded OS Usage 415
8.5.4 Basic Input–Output Systems (BIOS) 415
8.5.4.1 Hardware Mechani sms for BIOS Usage 415

8.5.4.2 Software Mechanisms for BIOS Usage 421
8.6 Chapter Summary 421
8.7 Further Reading and Resources 425
8.8 Questions 425
8.9 Exercises 426
9 COMPUTER SOFTWARE SECURITY 427
9.1 Specific Operating Systems (OSs) 427
9.1.1 Unix and Linux Security 428
9.1.1.1 Login and User Accounts 428
9.1.1.2 Group Accounts 429
9.1.1.3 Set User ID (setuid) and Set Group ID (setgid) 429
9.1.1.4 Access Control 430
9.1.1.5 Audit Logs and Intrusion Detection 433
9.1.1.6 TCP Wrappers 435
9.1.2 Solaris Operating System and Role-Based Access Controls 436
9.1.3 Windows OSs 438
9.1.3.1 Users and Groups 438
9.1.3.2 Access Control Model 439
9.1.3.3 Access Tokens 440
9.1.3.4 Access Control Lists 440
9.1.3.5 Access Control Entries 441
9.1.3.6 Access Rights and Access Masks 442
9.1.3.7 Security Identifiers 443
9.1.3.8 The Registry 444
9.1.3.9 Domains and Trust Relationships 446
9.1.3.10 Active Directory 448
9.1.3.11 More on Trust Relationships 451
9.1.3.12 Identification and Authentication 454
9.1.3.13 Windows Server 2003—Role-Based
Access Control (RBAC ) 454

9.1.4 Embedded OSs 457
CONTENTS xvii
9.2 Applications 459
9.2.1 Application Security Issues 460
9.2.1.1 Buffer Overflows 460
9.2.1.2 Exception Handling, Bounds Checking,
and Shared Libraries 461
9.2.2 Malicious Software (Malware) 462
9.2.2.1 Viruses 463
9.2.2.2 Worms 464
9.2.2.3 Trojan Horses, Rootkits, and Backdoors 466
9.2.2.4 Spyware and Botnets 469
9.2.2.5 Linux, Unix and Mac OS X Malware 470
9.2.3 Anti-malware Appli cations 470
9.2.3.1 Malware and Spyware Scanners 471
9.2.3.2 Host-Based Firewalls 472
9.2.3.3 Modification Scanners 472
9.2.3.4 Host-Based Intrusion Detection 473
9.3 Example Detailed Security Requirements for Specific Operating
Systems and Applications 474
9.4 Chapter Summary 476
9.5 Further Reading and Resources 477
9.6 Questions 477
9.7 Exercises 478
10 SECURITY SYSTEMS DESIGN—DESIGNING NETWORK SECURITY 479
10.1 Introduction 479
10.2 Security Design for Protocol Layer 1 482
10.2.1 Wired and Optical Media 482
10.2.1.1 Link-Bulk Encryption 482
10.2.1.2 Dial-back Modems 484

10.2.2 Wireless Media 484
10.2.2.1 Fast Frequency Hopping 485
10.3 Layer 2—Data Link Security Mechanisms 485
10.3.1 IEEE 802.1x 486
10.3.2 IEEE 802.1ae 488
10.3.3 IEEE 802.11 WPA and 802.11i 490
10.3.4 Example Detailed Security Requirements for
Layer 2 Protocols 492
xviii CONTENTS
10.4 Security Design for Protocol Layer 3 493
10.4.1 IP Security (IPsec) 493
10.4.1.1 IPsec Architecture 494
10.4.1.2 IPsec Key Management and Key Exchange 500
10.4.1.3 IKE Operation 500
10.4.1.4 IPsec Security Associations (SAs) 505
10.4.1.5 Combining Security Associations 505
10.4.1.6 IPsec Authentication Header (AH) Transform 507
10.4.1.7 The IPsec Encapsulating Security Payload (ESP)
Transform 508
10.4.1.8 The Various ESP Transforms 509
10.4.1.9 IPsec Processing 510
10.4.1.10 IPsec Policy Management 510
10.4.1.11 IPsec and Network Address Translation 514
10.4.1.12 Example Detailed Security
Requirements for IPsec 518
10.4.1.13 IPsec Implementation Availability 520
10.4.1.14 IPsec and Fault-Tolerant Network Designs 521
10.4.1.15 IPsec and PKI 522
10.4.1.16 IPsec Summary and Observations 522
10.5 IP Packet Authorization and Access Control 525

10.5.1 Network and Host Packet-Filtering 525
10.5.2 The De-militarized Zone 530
10.5.3 Application-Level Gateways 532
10.5.4 Deep-Packet Inspection (DPI) 534
10.5.5 Example Detailed Security Requirements
for Packet-Filtering 537
10.6 Chapter Summary 538
10.7 Further Reading and Resources 538
10.8 Questions 539
10.9 Exercises 541
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 543
11.1 Layer 4—Transport Security Protocols 543
11.1.1 TLS, DTLS, and SSL 544
11.1.1.1 TLS Session Establishment 546
11.1.1.2 TLS Operational Activities 549
11.1.1.3 TLS and SSL Security Items 549
CONTENTS xix
11.1.2 Secure Shell (SSH) 551
11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 551
11.1.4 Example Detailed Security Requirements
for TLS, SSL, and DTLS 552
11.2 Layer 5—User Service Application Protocols 553
11.2.1 Email 554
11.2.1.1 Pretty Good Privacy (PGP) 554
11.2.1.2 Secure/Multipurpose Internet Mail
Extensions (S/MIME) 556
11.2.1.3 S/MIME and OpenPGP Differences 558
11.2.2 World Wide Web (Web) and Identity Management 558
11.2.2.1 eXtensible Markup Language Security (XML) 560
11.2.2.2 Service-Oriented Architecture (SOA) 561

11.2.2.3 Web Services 563
11.2.2.4 SOAP 564
11.2.2.5 Security Assertion Markup Language (SAML) 564
11.2.3 Voice over Internet Protocol (VoIP) 566
11.2.3.1 VoIP Signaling Security 569
11.2.3.2 Real-Time Protocol 570
11.2.3.3 VoIP Media Security 572
11.2.3.4 VoIP Session Boarder Control 573
11.2.3.5 VoIP Device Security 573
11.2.3.6 Example Detailed Security Requirements
for VoIP 573
11.2.4 DNS Security Extensions 576
11.2.5 Instant Messaging and Chat 578
11.2.6 Peer-to-Peer Applications 587
11.2.7 Ad hoc Networks 588
11.2.8 Java 590
11.2.8.1 Basic Concepts 591
11.2.8.2 Java 2 Cryptographic Architecture 592
11.2.9 .NET 594
11.2.9.1 Role-Based Security 594
11.2.9.2 Web Application Security 594
11.2.9.3 Evidence-Based Security 594
11.2.9.4 Cryptography Available in .Net 595
11.2.10 Common Object Request Broker Architecture (CORBA) 595
11.2.11 Distributed Computing Environment 597
11.2.12 Dynamic Host Configuration Protocol Security 601
xx CONTENTS
11.3 Chapter Summary 603
11.4 Further Reading and Resources 603
11.5 Questions 604

11.6 Exercises 605
12 SECURING MANAGEMENT AND MANAGING SECURITY 607
12.1 Securing Management Applications 607
12.1.1 Management Roots 607
12.1.2 The Telecommunications Management Network 608
12.1.2.1 Telecommunications Management Network
Structure 609
12.1.2.2 Element, Network Management Systems,
and Operations Systems 610
12.1.3 TMN Security 614
12.1.4 Management of Security Mechanisms 616
12.1.4.1 EMS Security Needs 617
12.1.4.2 NMS Security Additions 618
12.1.4.3 Selected OS/EMS Security Services 618
12.1.5 A Security Management Framework 619
12.1.6 Example Detailed Security Requirements
for Management Applications 621
12.2 Operation, Administration, Maintenance, and Decommissioning 625
12.2.1 Operational Security Mechanisms 625
12.2.1.1 Separation of Duties and Roles 625
12.2.1.2 Operational Guidelines, Procedures 627
12.2.1.3 Independent Auditing and Review 628
12.2.1.4 Human Resources and Legal Aspects 629
12.2.1.5 Accountability 629
12.2.1.6 Documentation 629
12.2.1.7 Acceptance Testing, Field Testing, and
Operational Readiness 630
12.2.2 Operations Security 631
12.2.2.1 Third-Party Access 631
12.2.2.2 Security Event Response and Forensics 632

12.2.2.3 Senior Security Management Mechanisms 633
12.2.2.4 Operational Reviews 634
12.2.2.5 Accreditation and Certification 634
CONTENTS xxi
12.2.2.6 Life-cycle Review 637
12.2.2.7 Withdrawal from Service 638
12.2.3 Operations Compliance 641
12.2.3.1 Example Security Tools 643
12.2.3.2 Penetration Testing 645
12.3 Systems Implementation or Procurement 647
12.3.1 Development 648
12.3.1.1 CMMI and IO S-9001 Processes 648
12.3.1.2 Coding 648
12.3.1.3 Testing 649
12.3.2 Procurement 649
12.3.2.1 Requests for Information/Proposals
(RFIs/RFPs) 649
12.3.2.2 Standards Compliance 655
12.3.2.3 Acceptance Testing and Review 655
12.4 Chapter Summary 657
12.5 Further Reading and Resources 657
12.6 Questions 657
12.7 Exercises 659
Appendix A: State Privacy Laws as of 2010 on CD
Appendix B: Example Company Security Policy on CD
Appendix C: Example Generic Security Requirements on CD
Appendix D: Significant Standards and Recommendations
Related to Networking and Security on CD
Appendix E: Detailed Security Requirements on CD
Appendix F: RFP Securi ty Analysis of ABC Proposal on CD

Appendix G: Security Statement of Work on CD
About the Author 661
Index 663
xxii CONTENTS
PREFACE AND
ACKNOWLEDGMENTS
APPROACH
This book focuses on information security (information assurance) from the viewpoint of
how to control access to information in a system atic manner. Many books on security
primarily cover specific security mechanisms such as authentication protocols, encryp-
tion algorithms, and security related protocols. Other books on security are use case
oriented, providing specific contexts for discussing vulnerabilities, threats, and counter-
measures. Few books on security consider the planning, operations, and management
aspects of protecting information. Unlike these other books that focus on security
mechanisms, threats, and vulnerabilities, this book presents a methodology for addres-
sing securityconcerns in any organization. The methodology is based on aset of concepts
called systems engineering that are designed to methodologically examine, analyze, and
document objectives and the functional and performance capabilities (requirements) that
need exist to achieve the stated goals. Systems engineering concepts provide:
.
a framework for developing capabilitiesand solutions thatensure compliance with
the aforementioned requirements;
.
traceability starting at objectives, progressing through requirements development,
solution design/development/procurement into, and during, operation and ad-
ministration; and
.
support for compliance evaluation of deployed systems and how these systems are
used.
Another critical aspect of the systems methodology is the necessity to consider all

aspects of a system, not just the technical components. All information processing
infrastructures (networks and computing devices) exist within a context defined by:
.
how the deploying organization operates,
.
what the deploying organization provides as services or products,
.
who competes with the deploying organization,
.
what legal and regulatory burdens the deploying organization has to accommo-
date, and
.
who may target the deploying organization with the intent of personal or financial
gain, political advantage, or ideological objectives.
Over time the technologies used for the processing, storage, and communicating of
information have changed dramatically and rapidly. By presenting a systems engineering
xxiii