Introduction to Security and Network Forensics: 1st Edition (Hardback) book cover

Introduction to Security and Network Forensics

1st Edition

By William J. Buchanan

Auerbach Publications

502 pages | 307 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849335686
pub: 2011-06-06
SAVE ~$17.79
$88.95
$71.16
x


FREE Standard Shipping!

Description

Keeping up with the latest developments in cyber security requires ongoing commitment, but without a firm foundation in the principles of computer security and digital forensics, those tasked with safeguarding private information can get lost in a turbulent and shifting sea. Providing such a foundation, Introduction to Security and Network Forensics covers the basic principles of intrusion detection systems, encryption, and authentication, as well as the key academic principles related to digital forensics.

Starting with an overview of general security concepts, it addresses hashing, digital certificates, enhanced software security, and network security. The text introduces the concepts of risk, threat analysis, and network forensics, and includes online access to an abundance of ancillary materials, including labs, Cisco challenges, test questions, and web-based videos. The author provides readers with access to a complete set of simulators for routers, switches, wireless access points (Cisco Aironet 1200), PIX/ASA firewalls (Version 6.x, 7.x and 8.x), Wireless LAN Controllers (WLC), Wireless ADUs, ASDMs, SDMs, Juniper, and much more, including:

  • More than 3,700 unique Cisco challenges and 48,000 Cisco Configuration Challenge Elements
  • 60,000 test questions, including for Certified Ethical Hacking and CISSP®
  • 350 router labs, 180 switch labs, 160 PIX/ASA labs, and 80 Wireless labs

Rounding out coverage with a look into more advanced topics, including data hiding, obfuscation, web infrastructures, and cloud and grid computing, this book provides the fundamental understanding in computer security and digital forensics required to develop and implement effective safeguards against ever-evolving cyber security threats.

Along with this, the text includes a range of online lectures and related material, available at: http://asecuritybook.com.

Table of Contents

Introduction to Security

Objectives

The Industrial and the Information Age

CIA and AAA

Protecting against Intruders

Users, Systems, and Data

Services, Role-Based Security, and Cloud Computing

Security and Forensic Computing

ISO 27002

Risks

Risk Management/Avoidance

Security Policies

Defi ning the Policy

Example Risks

Defense-in-Depth

Gateways and DMZ (Demilitarized Zones)

Layered Model and Security

Encryption and a Layered Approach to Defense

Software Tutorial—Data Packet Capture

Online Exercises

NetworkSims Exercises

Chapter Lecture

References

Intrusion Detection Systems

Objectives

Introduction

Types of Intrusion

Attack Patterns

Host/Network-Based Intrusion Detection

Placement of the IDS

SNORT

Example Rules

Running Snort

User, Machine, and Network Profiling

Honey Pots

In-Line and Out-of-Line IDSs

False and True

Customized Agent-Based IDS

Tutorial

Software Tutorial

Snort Tutorial

Online Exercises

NetworkSims Exercises

Chapter Lecture

References

Encryption

Objectives

Introduction

Simple Cipher Methods

Brute-Force Analysis

Public Key, Private Key, and Session Keys

Adding Salt

Private-Key Encryption

Encryption Classes

Public-Key Encryption

One-Way Hashing

Key Entropy

File Encryption

Tutorial

Software Tutorial

Web Page Exercises

Network Simulation Tutorial

Challenges

Online Exercises

NetworkSims Exercises

Chapter Lecture

Authentication, Hashing, and Digital Certificates

Objectives

Introduction

Methods of Authentication

Biometrics

Message Hash

Authenticating the Sender

Digital Certifi cates and PKI

HMAC (Hash Message Authentication Code)

Future of Authentication Systems—Kerberos

Email Encryption

Tutorial

Software Tutorial

Online Exercises

Web Page Exercises

NetworkSims Exercises

Chapter Lecture

Reference

Enhanced Software Security

Objectives

Introduction

Integrating Security into Applications

Good Practice

The Future of Software

.NET Environment—The Future of Security

Strengths of .NET

Global Assembly Cache (GAC)

Strong Names

NET Security Model

Integrating Security into Applications

Web Service Security

NET Framework 3.0 (WinFX)

Tutorial

Software Tutorial

Web Page Exercises

On-Line Exercises

NetworkSims Exercises

Chapter Lecture

References

Network Security Elements

Objectives

Introduction

Router (Packet Filtering) Firewalls

Network Address Translation

PIX/ASA Firewall

Proxy Servers

Tutorial

Web Page Exercises

Online Exercises

NetworkSims Exercises

Chapter Lecture

Introduction to Risk

Objectives

Introduction

Security Taxonomy

Threats

Service-Oriented Infrastructures

Security Policies

Defining the Policy

Tutorial

Windows Service Tutorial

Linux Service Tutorial

Threat Analysis

Objectives

Introduction

Intruder Detection

Vulnerably Analysis

Hping

Botnets

Phishing

Active Attacks

Inference

Affiliate Scams

Password Cracking Programs

Tutorial

Vulnerability Tutorial

SQL Injection Tutorial

Appendix

Network Forensics

Objectives

Introduction

The Key Protocols

Ethernet, IP, and TCP Headers

TCP Connection

ARP

SYN

Application Layer Analysis—FTP

ICMP

DNS

Port Scan

SYN Flood

Spoofed Addresses

Application Layer Analysis—HTTP

Network Logs on Hosts

Tripwire

Tutorial

Network Forensics Tutorial

Tripwire Tutorial

Data Hiding and Obfuscation

Objectives

Introduction

Obfuscation Using Encryption

Obfuscation through Tunneling

Covert Channels

Watermarking and Stenography

Hiding File Contents

References

Tutorial

Exercises

Web Infrastructures

Objectives

Introduction

Identity 2.0

SOAP over HTTP

LDAP

Authentication Infrastructures

802.1x Authentication Infrastructure

OpenID

Kerberos

WS-*

Access Control

Tutorial

Practical Work

Exercises

Activities

Secure Server Setup

Cloud/Grid Computing

Objectives

Introduction

Grid Computing

Cloud Computing

Amazon Web Services

Installing EC2 and S3 Command Tools

Activities

Index

About the Author

Author

Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University, UK. He currently leads the Centre for Distributed Computing and Security, along with leading the Scottish Centre of Excellence in Security and Cybercrime. He works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. Professor Buchanan has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing, including a widely-used network simulation package.

He has published over 25 academic books, and over 120 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including within law enforcement, health care, and finance. Along with this he has been involved in university start-ups and in generating novel methods within security and digital forensics.

Subject Categories

BISAC Subject Codes/Headings:
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General
LAW041000
LAW / Forensic Science