Preface ix
About the Author oh
Chapter 1 Introduction 1
1.1 Computer Security Concepts 3
1.2 The OSI SecurityArchitecture 8
y Architecture 8
1.3 SecuritV Attacks 9
Y Attacks 9
1.4 SecuritV Services 13
; services 13
1.5 Securing Mechanisms 16
Y IAechanisms 16
1.6 A Model for Network Security 19
y 19
1.7 Standards 21
1.8 Outline of This Book 21
1.9 Recommended Reading 22
o -
1.10 Internet andWeb Resources 23
1.11 Key Terms, Review Questions, and Problems 25
y lerms, Review Questions, and Problems 25
Pm OWn C~TOG~~ 27
Chapter 2 Symmetric Encryption and Message Confidentiality 27
2.1 SVmmetric EncrVption Principles 28
ymmetrlc Encryption Principles 28
2.2 Symmetric Block Encryption Algorithms 34
ymmetrlc Block Encryption Algorithms 34
2.3 Random and Pseudorandom Numbers 42
2.4 Stream Ciphers and AC4 45
2.5 Cipher Block Modes of operation 50
2.6 Recommended Reading andWeb Sites 55
s andWeb Sites 55
2.7 KevTerms. Review Ouestions, and Problems 56
j, Review Questions, and Problems 56
Chapter 3 Public-Key Cryptography and Message Authentication 61
pier 3 Public-Key Cryptography and Message Authentication 61
3.1 Approaches to Message Authentication 62
pproaches to Message Authentication 62
3.2 Secure Hash Functions 67
3.3 Message Authentication Codes 73
o
3.4 Public--Key Cryptography Principles 79
j i ptography Principles 79
3.5 Public--KeV Cryptography Algorithms 83
Y,ptography Algorithms 83
3.6 Digital SiZnatures 90
.ital Signatures 90
3.7 Recommended ReadinZ andWeb Sites 90
o andWeb Sites 90
3.8 Key Terms, Review Questions, and Problems 91
Y lerms, Review Questions, and Problems 91
~ ~ wu~ax SEC~TY MPLXCAf1ONS 97
Chapter 4 Key Distribution and User Authentication 97
pier 4 Key Distribution and User Authentication 97
4.1 Symmetric Key Distribution UsinZ Symmetric Encryption 98
j y Distribution Using Symmetric Encryption 98
4.2 Kerberos 99
4.3 Key Distribution Using AsVmmetric Encryption 114
Y o Asymmetric Encryption 114
4.4 X.509 Certificates 116
4.5 Public--Key infrastructure 124
y infrastructure 124
v
.
yi CONTENTS
4.6 Federated ldentitV Management 126
j 5
4.7 Recommended ReadinZ andWeb Sites 132
o and Web Sites 132
4.8 Key Terms, Review Questions, and Problems 133
y lerms, Review Questions, and Problems 133
Chapter 5 Transport-Level Security 139
e
5.1 Web Security Considerations 140
y Considerations 140
5.2 Secure Socket Layer and Transport Layer Security 143
yer and Transport Layer Security 143
5.3 Transport Layer Security 156
5.4 HTTPS 160
5.5 Secure Shell (SSH) 162
5.6 Recommended Reading andWeb Sites 173
s andWeb Sites 173
5.7 Key Terms, Review Questions, and Problems 173
Y lerms, Review Questions, and Problems 173
Chanter 6 Wireless Network Security 175
pier 6 Wireless Network Security 175
6.1 IEEE 802.11 Wireless LAN Overview 177
6.2 IEEE 802.lliWireless LAN Security 183
y 183
6.3 Wireless Application Protocol Overview 197
pplication Protocol Overview 197
6.4 Wireless Transport Layer Security 204
r yer Security 204
6.5 WAP End--to--End Security 214
y 214
6.6 Recommended ReadinZ andWeb Sites 217
o andWeb Sites 217
6.7 Key Terms, Review Questions, and Problems 218
y lerms, Review Questions, and Problems 218
Chapter 7 Electronic Mail Security 221
pier 7 Electronic Mail Security 221
7.1 Pretty Good Privacy 222
y y --
7.2 S/MIME 241
7.3 DomainKevs identified Mail 257
j
7.4 Recommended ReadinZ andWeb Sites 264
o andWeb Sites 264
7.5 Key Terms, Review Questions, and Problems 265
y lerms, Review Questions, and Problems 265
Appendix 7A Radix--64 Conversion 266
ppendix 7A Radix--64 Conversion 266
Chapter & lP Security 269
pier & lP Security 269
8.1 lP SecuritV Overview 270
j
8.2 lP SecuritV Policy 276
j j
8.3 Encapsulating Security Payload 281
8'4 CombininZ SecuritV Associations 288
o security Associations 288
8.5 Internet Key Exchange 292
Y exchange 292
8.6 Cryptographic Suites 301
j ptographic Suites 301
8.7 Recommended Reading andWeb Sites 302
b andWeb Sites 302
8.8 KevTerms, Review Questions, and Problems 303
j, Review Questions, and Problems 303
~ T~ SYSTEM SEC~TY 305
Chapter 9 Intruders 305
9.1 Intruders 307
9.2 Intrusion Detection 312
9.3 Password Management 323
5
9.4 Recommended ReadinZ andWeb Sites 333
o andWeb Sites 333
9.5 KevTerms, Review Questions, and Problems 334
Y -, Review Questions, and Problems 334
Appendix gA The Base--Rate Fallacy 337
t pendix gA The Base--Rate Fallacy 337
..
CONmeNTS viI
Chapter 10 Malicious Software 340
pier 10 Malicious Software 340
10.1 Types of Malicious Software 341
ypes of Malicious Software 341
10.2 Viruses 346
10.3 Virus Countermeasures 351
10.4 Worms 356
10.5 Distributed Denial of Service Attacks 365
10.6 Recommended Reading andWeb Sites 370
o
10.7 Key Terms, Review Questions, and Problems 371
, -, Review Questions, and Problems 371
chapter 11 Fins 374
11.1 The Need for Firewalls 375
11.2 Firewail Characteristics 376
11.3 Types of Firewalls 378
ypes of Firewalls 378
11.4 Firewall BasinZ 385
o J85
11.5 Firewall Location and Configurations 388
o
11.6 Recommended ReadinZ andWeb Site 393
b andWeb Site 393
11.7 Key Terms, Review Questions, and Problems 394
y lerms, Review Questions, and Problems 394
Anreim1CES 398
APpendix A Some Aspects of Number Theory 398
A.1 Prime and Relatively Prime Numbers 399
j
A.2 ModularArithmetic 401
APpendix B Projects for Teaching Network Security 403
B.1 Research Projects 404
J
B.2 Hacking Project 405
o
B.3 Programming Projects 405
.ramming Projects 405
B.4 Laboratory Exercises 406
y Lxerclses 406
B.5 Practical SecuritV Assessments 406
7
B.6 WritingAssignments 406
s, xsslgnments 406
B.7 ReadinZ/ReDort Assianments 407
./ Report Assignments 407
Index 408
O~ C~TERS
Chapter 12 Network Management Security
pier 12 Network Management Security
12.1 Basic Concepts of SNMP
pts of SNMP
12.2 SNMPvi CommunitV FacilitV
Y racllity
12.3 SNMPv3
12'4 Recommended ReadinZ andWeb Sites
o andWeb Sites
12.5 Key Terms, Review Questions, and Problems
y lerms, Review Questions, and Problems
Chapter 13 Legal and Ethical Aspects
pier 13 Legal and Ethical Aspects
13.1 Cvbercrime and Commuter Crime
y bercrlme and Computer Crime
13.2 Intellectual ProDertV
perly
13.3 PriVacy
7
13.4 Ethical Issues
13.5 Recommended Reading andWeb Sites
o and Web Sites
...
viII CONTENTS
13.6 Key Terms, Review Questions, and Problems
, -, Review Questions, and Problems
O~ AnPErm1CES
Appendix C Standards and Standards-Setting Organizations
C.1 The Importance of Standards
C.2 Internet Standards and the internet SocietV
y
C.3 National institute of Standards and Technology
by
APpendix D TCP/IP and OSI
D.1 Protocols and Protocol Architectures
D.2 The TCP/IP Protocol Architecture
D.3 The Role of an internet Protocol
D.4 IPv4
D.5 IPv6
D.6 The OSI Protocol Architecture
APpendix E Pseudorandom Number Generation
E.1 PRNG Requirements
E.2 PANG Using a Block CiDher
o a Block Cipher
E.3 PANG UsinZ a Hash Function or MessaZe Authentication Code
ac a Hash Function or Message Authentication Code
APpendix F Kerberos Encryption Techniques
EI Password--to--Key Transformation
y lransformation
EZ Propagating Cipher Block Chaining Mode
pagating Cipher Block Chaining Mode
Appendix G Data Compression Using ZIP
G.1 Compression Algorithm
G.2 Decompression Algorithm
pression Algorithm
Appendix H PGP Random Number Generation
H.1 True Random Numbers
H.2 Pseudorandom Numbers
Appendix I The international Reference Alphabet
Glossary