Network and Application Security: Fundamentals and Practices, 1st Edition (Paperback) book cover

Network and Application Security

Fundamentals and Practices, 1st Edition

By Debashis Ganguly

CRC Press

160 pages | 39 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9781578087556
pub: 2011-11-11
SAVE ~$19.19
$95.95
$76.76
x
Hardback: 9781138453609
pub: 2017-07-27
SAVE ~$41.00
$205.00
$164.00
x
eBook (VitalSource) : 9780429067488
pub: 2011-11-11
from $45.98


FREE Standard Shipping!

Description

To deal with security issues effectively, knowledge of theories alone is not sufficient. Practical experience is essential. Helpful for beginners and industry practitioners, this book develops a concrete outlook, providing readers with basic concepts and an awareness of industry standards and best practices. Chapters address cryptography and network security, system-level security, and applications for network security. The book also examines application level attacks, practical software security, and securing application-specific networks.

Ganguly Debashis speaks about Network and Application Security

Table of Contents

Network Security— Fundamentals and Practices

Network Security Fundamentals

Security Triangle (Three Fundamental Objectives of Network Security)—Confidentiality; Integrity; Availability

Security Threats—Classification of Network Threats; Confidentiality Attack; Integrity Attack; Availability Attack;

Understanding Security Measures

Cryptography and Network Security

Confidentiality with Symmetric Key Cryptography—Data Encryption Standard; Triple DES; Advanced Encryption

Standard; Key Distribution and Confidentiality

Public Key Cryptography and Message Authentication—Overview; RSA Public-Key Encryption Algorithm; Diffie-

Hellman Key Exchange; Elliptic Curve Architecture and Cryptography; Key Management

System-level Security

Firewall—Design Goals behind Firewall; Security Controls in Firewall; Design Limitations of Firewall; Firewall Types; Firewall Configuration

Intrusion Detection and Intrusion Prevention Systems—Overview; Intrusion Detection Systems; Intrusion Prevention System

Applications for Network Security

Kerberos—an Authentication Protocol—Overview; Implementation Mechanism; Analysis

X.509 Authentication Service

Electronic Mail Security—Overview; Pretty Good Privacy as a Solution to E-mail Security

IP Security—Overview; Understanding the IPSec Architecture; IPSec Implementation; Security Association;

Authentication Header; Encapsulating Security Payload (ESP); IPSec Operation Modes; Key Management

Web Security—Overview; Web Security Threats; Overview of Security Threat Modelling and General Countermeasures;

Secure Socket Layer and Transport Layer Security

Application Security—Fundamentals and Practices

Application Level Attacks

Occurrences

Consequences

Attack Types

SQL Injection—Overview; Consequences; Remediation

Cross Site Scripting (XSS)—Overview; Consequences; Remediation

XML-related Attacks—XML Entity Attacks; XML Injection; XPATH Injection; Remediation

Log Injection—Overview; Consequences; Remediation

Path Manipulation—Overview; Consequences; Remediation

HTTP Response Splitting—Overview; Consequences; Remediation

LDAP Injection—Overview; Consequences; Remediation

Command Injection—Overview; Consequences; Remediation

Buffer Overflow—Overview; Consequences; Remediation

Cross Site Request Forgery (CSRF)—Overview; Consequences; Remediation

Practical Software Security—ASP.Net and Java

ASP.Net Security Guidelines—Overview; Code Access Security (CAS); Windows CardSpace; MachineKey

Configuration; Authentication in .Net; Restricting Configuration Override

Java Security Guidelines—Java Security Model; Specifying Security Constraints

Securing Some Application—Specific Networks

Securing Storage Area Networks—Overview; Purpose behind SAN; SAN Design Components; SAN Security Issues;

Security Measures for SAN

Securing VOIP-enabled Networks—Overview; Why VoIP?; VoIP Design Components; VoIP Security Issues; Security Measures for VoIP

Subject Categories

BISAC Subject Codes/Headings:
COM043000
COMPUTERS / Networking / General
COM053000
COMPUTERS / Security / General