1st Edition

Network and Application Security
Fundamentals and Practices





ISBN 9781578087556
Published November 11, 2011 by CRC Press
160 Pages 39 B/W Illustrations

USD $99.95

Prices & shipping based on shipping country


Preview

Book Description

To deal with security issues effectively, knowledge of theories alone is not sufficient. Practical experience is essential. Helpful for beginners and industry practitioners, this book develops a concrete outlook, providing readers with basic concepts and an awareness of industry standards and best practices. Chapters address cryptography and network security, system-level security, and applications for network security. The book also examines application level attacks, practical software security, and securing application-specific networks.

Ganguly Debashis speaks about Network and Application Security

Table of Contents

Network Security— Fundamentals and Practices
Network Security Fundamentals
Security Triangle (Three Fundamental Objectives of Network Security)—Confidentiality; Integrity; Availability
Security Threats—Classification of Network Threats; Confidentiality Attack; Integrity Attack; Availability Attack;
Understanding Security Measures
Cryptography and Network Security
Confidentiality with Symmetric Key Cryptography—Data Encryption Standard; Triple DES; Advanced Encryption
Standard; Key Distribution and Confidentiality
Public Key Cryptography and Message Authentication—Overview; RSA Public-Key Encryption Algorithm; Diffie-
Hellman Key Exchange; Elliptic Curve Architecture and Cryptography; Key Management
System-level Security
Firewall—Design Goals behind Firewall; Security Controls in Firewall; Design Limitations of Firewall; Firewall Types; Firewall Configuration
Intrusion Detection and Intrusion Prevention Systems—Overview; Intrusion Detection Systems; Intrusion Prevention System
Applications for Network Security
Kerberos—an Authentication Protocol—Overview; Implementation Mechanism; Analysis
X.509 Authentication Service
Electronic Mail Security
—Overview; Pretty Good Privacy as a Solution to E-mail Security
IP Security—Overview; Understanding the IPSec Architecture; IPSec Implementation; Security Association;
Authentication Header; Encapsulating Security Payload (ESP); IPSec Operation Modes; Key Management
Web Security—Overview; Web Security Threats; Overview of Security Threat Modelling and General Countermeasures;
Secure Socket Layer and Transport Layer Security

Application Security—Fundamentals and Practices
Application Level Attacks
Occurrences
Consequences
Attack Types
SQL Injection
—Overview; Consequences; Remediation
Cross Site Scripting (XSS)—Overview; Consequences; Remediation
XML-related Attacks—XML Entity Attacks; XML Injection; XPATH Injection; Remediation
Log Injection—Overview; Consequences; Remediation
Path Manipulation—Overview; Consequences; Remediation
HTTP Response Splitting—Overview; Consequences; Remediation
LDAP Injection—Overview; Consequences; Remediation
Command Injection—Overview; Consequences; Remediation
Buffer Overflow—Overview; Consequences; Remediation
Cross Site Request Forgery (CSRF)—Overview; Consequences; Remediation
Practical Software Security—ASP.Net and Java
ASP.Net Security Guidelines—Overview; Code Access Security (CAS); Windows CardSpace; MachineKey
Configuration; Authentication in .Net; Restricting Configuration Override
Java Security Guidelines—Java Security Model; Specifying Security Constraints
Securing Some Application—Specific Networks
Securing Storage Area Networks—Overview; Purpose behind SAN; SAN Design Components; SAN Security Issues;
Security Measures for SAN
Securing VOIP-enabled Networks—Overview; Why VoIP?; VoIP Design Components; VoIP Security Issues; Security Measures for VoIP

...
View More