1st Edition
Network and Application Security Fundamentals and Practices
To deal with security issues effectively, it is usually not sufficient to have knowledge of theories. Practical experience in dealing with these issues is essential. This book discusses the basic theories and also helps develop a practical outlook on the matter in a short and intriguing, manner. It provides readers with basic concepts and an awareness of industry standards and best practices. It answers questions such as "How do I know which cryptographic approach to be followed?", "How do I set a firewall?", "How do I secure specific network layers or application?", "How do I fight against application level attacks?", "How should I code securely?"
Network Security— Fundamentals and Practices
Network Security Fundamentals
Security Triangle (Three Fundamental Objectives of Network Security)—Confidentiality; Integrity; Availability
Security Threats—Classification of Network Threats; Confidentiality Attack; Integrity Attack; Availability Attack;
Understanding Security Measures
Cryptography and Network Security
Confidentiality with Symmetric Key Cryptography—Data Encryption Standard; Triple DES; Advanced Encryption
Standard; Key Distribution and Confidentiality
Public Key Cryptography and Message Authentication—Overview; RSA Public-Key Encryption Algorithm; Diffie-
Hellman Key Exchange; Elliptic Curve Architecture and Cryptography; Key Management
System-level Security
Firewall—Design Goals behind Firewall; Security Controls in Firewall; Design Limitations of Firewall; Firewall Types; Firewall Configuration
Intrusion Detection and Intrusion Prevention Systems—Overview; Intrusion Detection Systems; Intrusion Prevention System
Applications for Network Security
Kerberos—an Authentication Protocol—Overview; Implementation Mechanism; Analysis
X.509 Authentication Service
Electronic Mail Security—Overview; Pretty Good Privacy as a Solution to E-mail Security
IP Security—Overview; Understanding the IPSec Architecture; IPSec Implementation; Security Association;
Authentication Header; Encapsulating Security Payload (ESP); IPSec Operation Modes; Key Management
Web Security—Overview; Web Security Threats; Overview of Security Threat Modelling and General Countermeasures;
Secure Socket Layer and Transport Layer Security
Application Security—Fundamentals and Practices
Application Level Attacks
Occurrences
Consequences
Attack Types
SQL Injection—Overview; Consequences; Remediation
Cross Site Scripting (XSS)—Overview; Consequences; Remediation
XML-related Attacks—XML Entity Attacks; XML Injection; XPATH Injection; Remediation
Log Injection—Overview; Consequences; Remediation
Path Manipulation—Overview; Consequences; Remediation
HTTP Response Splitting—Overview; Consequences; Remediation
LDAP Injection—Overview; Consequences; Remediation
Command Injection—Overview; Consequences; Remediation
Buffer Overflow—Overview; Consequences; Remediation
Cross Site Request Forgery (CSRF)—Overview; Consequences; Remediation
Practical Software Security—ASP.Net and Java
ASP.Net Security Guidelines—Overview; Code Access Security (CAS); Windows CardSpace; MachineKey
Configuration; Authentication in .Net; Restricting Configuration Override
Java Security Guidelines—Java Security Model; Specifying Security Constraints
Securing Some Application—Specific Networks
Securing Storage Area Networks—Overview; Purpose behind SAN; SAN Design Components; SAN Security Issues;
Security Measures for SAN
Securing VOIP-enabled Networks—Overview; Why VoIP?; VoIP Design Components; VoIP Security Issues; Security Measures for VoIP
Biography
Debashis Ganguly