1st Edition

Network and Application Security Fundamentals and Practices

By Debashis Ganguly Copyright 2012
166 Pages 39 B/W Illustrations
by CRC Press

168 Pages
by CRC Press

160 Pages
by CRC Press

To deal with security issues effectively, it is usually not sufficient to have knowledge of theories. Practical experience in dealing with these issues is essential. This book discusses the basic theories and also helps develop a practical outlook on the matter in a short and intriguing, manner. It provides readers with basic concepts and an awareness of industry standards and best practices. It... Read more

Network Security— Fundamentals and Practices
Network Security Fundamentals
Security Triangle (Three Fundamental Objectives of Network Security)—Confidentiality; Integrity; Availability
Security Threats—Classification of Network Threats; Confidentiality Attack; Integrity Attack; Availability Attack;
Understanding Security Measures
Cryptography and Network Security
Confidentiality with Symmetric Key Cryptography—Data Encryption Standard; Triple DES; Advanced Encryption
Standard; Key Distribution and Confidentiality
Public Key Cryptography and Message Authentication—Overview; RSA Public-Key Encryption Algorithm; Diffie-
Hellman Key Exchange; Elliptic Curve Architecture and Cryptography; Key Management
System-level Security
Firewall—Design Goals behind Firewall; Security Controls in Firewall; Design Limitations of Firewall; Firewall Types; Firewall Configuration
Intrusion Detection and Intrusion Prevention Systems—Overview; Intrusion Detection Systems; Intrusion Prevention System
Applications for Network Security
Kerberos—an Authentication Protocol—Overview; Implementation Mechanism; Analysis
X.509 Authentication Service
Electronic Mail Security
—Overview; Pretty Good Privacy as a Solution to E-mail Security
IP Security—Overview; Understanding the IPSec Architecture; IPSec Implementation; Security Association;
Authentication Header; Encapsulating Security Payload (ESP); IPSec Operation Modes; Key Management
Web Security—Overview; Web Security Threats; Overview of Security Threat Modelling and General Countermeasures;
Secure Socket Layer and Transport Layer Security

Application Security—Fundamentals and Practices
Application Level Attacks
Occurrences
Consequences
Attack Types
SQL Injection
—Overview; Consequences; Remediation
Cross Site Scripting (XSS)—Overview; Consequences; Remediation
XML-related Attacks—XML Entity Attacks; XML Injection; XPATH Injection; Remediation
Log Injection—Overview; Consequences; Remediation
Path Manipulation—Overview; Consequences; Remediation
HTTP Response Splitting—Overview; Consequences; Remediation
LDAP Injection—Overview; Consequences; Remediation
Command Injection—Overview; Consequences; Remediation
Buffer Overflow—Overview; Consequences; Remediation
Cross Site Request Forgery (CSRF)—Overview; Consequences; Remediation
Practical Software Security—ASP.Net and Java
ASP.Net Security Guidelines—Overview; Code Access Security (CAS); Windows CardSpace; MachineKey
Configuration; Authentication in .Net; Restricting Configuration Override
Java Security Guidelines—Java Security Model; Specifying Security Constraints
Securing Some Application—Specific Networks
Securing Storage Area Networks—Overview; Purpose behind SAN; SAN Design Components; SAN Security Issues;
Security Measures for SAN
Securing VOIP-enabled Networks—Overview; Why VoIP?; VoIP Design Components; VoIP Security Issues; Security Measures for VoIP

Biography

Debashis Ganguly