Keeping up with the latest developments in cyber security requires ongoing commitment, but without a firm foundation in the principles of computer security and digital forensics, those tasked with safeguarding private information can get lost in a turbulent and shifting sea. Providing such a foundation, Introduction to Security and Network Forensics covers the basic principles of intrusion detection systems, encryption, and authentication, as well as the key academic principles related to digital forensics.
Starting with an overview of general security concepts, it addresses hashing, digital certificates, enhanced software security, and network security. The text introduces the concepts of risk, threat analysis, and network forensics, and includes online access to an abundance of ancillary materials, including labs, Cisco challenges, test questions, and web-based videos. The author provides readers with access to a complete set of simulators for routers, switches, wireless access points (Cisco Aironet 1200), PIX/ASA firewalls (Version 6.x, 7.x and 8.x), Wireless LAN Controllers (WLC), Wireless ADUs, ASDMs, SDMs, Juniper, and much more, including:
- More than 3,700 unique Cisco challenges and 48,000 Cisco Configuration Challenge Elements
- 60,000 test questions, including for Certified Ethical Hacking and CISSP®
- 350 router labs, 180 switch labs, 160 PIX/ASA labs, and 80 Wireless labs
Rounding out coverage with a look into more advanced topics, including data hiding, obfuscation, web infrastructures, and cloud and grid computing, this book provides the fundamental understanding in computer security and digital forensics required to develop and implement effective safeguards against ever-evolving cyber security threats.
Along with this, the text includes a range of online lectures and related material, available at: http://asecuritybook.com.
Introduction to Security
Objectives
The Industrial and the Information Age
CIA and AAA
Protecting against Intruders
Users, Systems, and Data
Services, Role-Based Security, and Cloud Computing
Security and Forensic Computing
ISO 27002
Risks
Risk Management/Avoidance
Security Policies
Defi ning the Policy
Example Risks
Defense-in-Depth
Gateways and DMZ (Demilitarized Zones)
Layered Model and Security
Encryption and a Layered Approach to Defense
Software Tutorial—Data Packet Capture
Online Exercises
NetworkSims Exercises
Chapter Lecture
References
Intrusion Detection Systems
Objectives
Introduction
Types of Intrusion
Attack Patterns
Host/Network-Based Intrusion Detection
Placement of the IDS
SNORT
Example Rules
Running Snort
User, Machine, and Network Profiling
Honey Pots
In-Line and Out-of-Line IDSs
False and True
Customized Agent-Based IDS
Tutorial
Software Tutorial
Snort Tutorial
Online Exercises
NetworkSims Exercises
Chapter Lecture
References
Encryption
Objectives
Introduction
Simple Cipher Methods
Brute-Force Analysis
Public Key, Private Key, and Session Keys
Adding Salt
Private-Key Encryption
Encryption Classes
Public-Key Encryption
One-Way Hashing
Key Entropy
File Encryption
Tutorial
Software Tutorial
Web Page Exercises
Network Simulation Tutorial
Challenges
Online Exercises
NetworkSims Exercises
Chapter Lecture
Authentication, Hashing, and Digital Certificates
Objectives
Introduction
Methods of Authentication
Biometrics
Message Hash
Authenticating the Sender
Digital Certifi cates and PKI
HMAC (Hash Message Authentication Code)
Future of Authentication Systems—Kerberos
Email Encryption
Tutorial
Software Tutorial
Online Exercises
Web Page Exercises
NetworkSims Exercises
Chapter Lecture
Reference
Enhanced Software Security
Objectives
Introduction
Integrating Security into Applications
Good Practice
The Future of Software
.NET Environment—The Future of Security
Strengths of .NET
Global Assembly Cache (GAC)
Strong Names
NET Security Model
Integrating Security into Applications
Web Service Security
NET Framework 3.0 (WinFX)
Tutorial
Software Tutorial
Web Page Exercises
On-Line Exercises
NetworkSims Exercises
Chapter Lecture
References
Network Security Elements
Objectives
Introduction
Router (Packet Filtering) Firewalls
Network Address Translation
PIX/ASA Firewall
Proxy Servers
Tutorial
Web Page Exercises
Online Exercises
NetworkSims Exercises
Chapter Lecture
Introduction to Risk
Objectives
Introduction
Security Taxonomy
Threats
Service-Oriented Infrastructures
Security Policies
Defining the Policy
Tutorial
Windows Service Tutorial
Linux Service Tutorial
Threat Analysis
Objectives
Introduction
Intruder Detection
Vulnerably Analysis
Hping
Botnets
Phishing
Active Attacks
Inference
Affiliate Scams
Password Cracking Programs
Tutorial
Vulnerability Tutorial
SQL Injection Tutorial
Appendix
Network Forensics
Objectives
Introduction
The Key Protocols
Ethernet, IP, and TCP Headers
TCP Connection
ARP
SYN
Application Layer Analysis—FTP
ICMP
DNS
Port Scan
SYN Flood
Spoofed Addresses
Application Layer Analysis—HTTP
Network Logs on Hosts
Tripwire
Tutorial
Network Forensics Tutorial
Tripwire Tutorial
Data Hiding and Obfuscation
Objectives
Introduction
Obfuscation Using Encryption
Obfuscation through Tunneling
Covert Channels
Watermarking and Stenography
Hiding File Contents
References
Tutorial
Exercises
Web Infrastructures
Objectives
Introduction
Identity 2.0
SOAP over HTTP
LDAP
Authentication Infrastructures
802.1x Authentication Infrastructure
OpenID
Kerberos
WS-*
Access Control
Tutorial
Practical Work
Exercises
Activities
Secure Server Setup
Cloud/Grid Computing
Objectives
Introduction
Grid Computing
Cloud Computing
Amazon Web Services
Installing EC2 and S3 Command Tools
Activities
Index
Biography
Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University, UK. He currently leads the Centre for Distributed Computing and Security, along with leading the Scottish Centre of Excellence in Security and Cybercrime. He works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. Professor Buchanan has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing, including a widely-used network simulation package.
He has published over 25 academic books, and over 120 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including within law enforcement, health care, and finance. Along with this he has been involved in university start-ups and in generating novel methods within security and digital forensics.