Network Security Essentials

所需积分/C币:14 2014-04-25 17:05:56 3.88MB PDF

Network Security Essentials .pdf英文版
Vice President and editorial director. ecs: Managing Editor: Scott Disanno Marcia. Horton Production Manager: Wanda rockwell Editor in Chief, Computer Science: michael Art Director: Jayne Conte Hirsch Cover desi Kensela Executive Editor: Tracy Dunkelberger Cover Art: Shutterstock Assistant Editor: Melinda Haggerty Art Editor: Greg Dulles Editorial assistant: Allison michael Copyright C 2011 Pearson Education, Inc, publishing as [Prentice Hall, 1 Lake Street, Upper Saddle River, NJ 07458]. All rights reserved. Manufactured in the United States of America. This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc, Permissions Department, imprint permissions address Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps Library of Congress Cataloging-in-Publication Data 1098765432 Prentice hall is an imprint of PEARSON ISBN 10 0-13-610805-9 ISBN13:978-0-13-610805-4 To Antigone never lg never borin always a Sage This page intentionally left blank CoNTENTS Preface ix about the author xiv Chapter 1 Introduction 1 1.1 Computer security Concepts 3 1.2 The osi Security architecture 8 Security attacks 9 Security services 13 1.5 16 1.6 A Model for network Security 19 Standards 21 1.8 Outline of this book 21 Recommended Reading 22 1.10 Internet and Web resources 23 1.11 Key Terms, Review Questions, and Problems 25 PART ONE CRYPTOGRAPHY 27 Chapter 2 Symmetric Encryption and Message Confidentiality 27 2.1 Symmetric Encryption Principles 28 2.2 Symmetric Block Encryption Algorithms 34 2.3 Random and Pseudorandom Numbers 42 2.4 Stream Ciphers and rC4 45 2.5 Cipher block modes of Operation 50 Recommended reading and Web Sites 55 Key Terms, Review Questions, and Problems 56 Chapter 3 Public-Key Cryptography and Message Authentication 61 3.1 Approaches to Message Authentication 62 3.2 Secure hash Functions 67 Message authentication Codes 73 3. 4 Public-Key Cryptography Principles 79 3.5 Public-Key Cryptography Algorithms 83 3.6 Digital Signatures 90 3.7 Recommended reading and Web sites 90 3. 8 Key Terms, Review Questions, and Problems 91 PART TWO NETWORK SECURITY APPLICATIONS 97 Chapter 4 Key Distribution and User Authentication 97 4.1 Symmetric Key Distribution Using Symmetric Encryption 98 Kerberos 99 4.3 Key Distribution Using Asymmetric Encryption 114 4.4 X509 Certificates 116 4.5 Public-Key Infrastructure 124 V1 CONTENTS 4.6 Federated Identity Management 126 4.7 Recommended reading and eb sites 132 4.8 Key Terms, Review Questions, and Problems 133 Chapter 5 Transport-Level Security 139 Web Security Considerations 140 5.2 Socket l nd t t Layer security 143 5.3 Transport layer security 156 Https 160 5.5 Secure Shell(SSH)162 Recommended reading and Web Sites 173 Key Terms, Review Questions, and Problems 173 Chapter 6 Wireless Network Security 175 6.1 IEEE 802 1 1 Wireless lan Overview 177 IEEE 802 1 1i Wireless LAN Security 183 Wireless application Protocol Overview 197 Wireless Transport Layer Security 204 6.5 WAP End-to-End Security 214 6 Recommended Reading and Web Sites 217 6.7 Key Terms, Review Questions, and Problems 218 Chapter 7 Electronic Mail Security 221 7.1 Pretty good privacy 222 7.2 S/ MIME 241 7.3 DomainKeys Identified Mail 257 7.4 Recommended reading and Web sites 264 7.5 Key terms, Review Questions, and Problems 265 Appendix 7A Radix-64 Conversion 266 Chapter 8 IP Security 269 8.1 IP Security overview 270 8.2 IP Security Policy 276 8.3 Encapsulating Security Payload 281 8.4 Combining Security Associations 288 8.5 Internet Key Exchange 292 8.6 Cryptographic Suites 301 Recommended reading and Web sites 302 8.8 Key Terms, Review Questions. and Problems 303 PART THREE SYSTEM SECURITY 305 Chapter 9 Intruders 305 9.1 Intruders 307 9.2 Intrusion detection 3 12 9.3 Password Management 323 Recommended reading and Web sites 333 9.5 Key Terms, Review Questions, and Problems 334 A dix 9A The Base-Rate Fallacy 337 CONTENTS V11 Chapter 10 Malicious Software 340 10.1 Types of Malicious Software 341 10.2 Viruses 346 10.3 Virus countermeasures 35 1 10.4 Worms 356 10.5 Distributed Denial of service Attacks 365 10.6 Recommended Reading and Web sites 370 10.7 Key Terms, Review Questions, and Problems 37 1 Chapter 11 Firewalls 374 11.1 The Need for firewalls 375 11.2 Firewall Characteristics 376 11. 3 Types of Firewalls 378 11.4 Firewall Basing 385 11.5 Firewall Location and Configurations 388 11.6 Recommended Reading and Web Site 393 11.7 Key Terms, Review Questions, and Problems 394 aPPendices 398 Appendix a Some Aspects of Number Theory 398 A 1 Prime and relatively Prime Numbers 399 A.2 Modular arithmetic 401 ppendix B A1 Projects for Teaching Network Security 403 B.1 Research Projects 404 B.2 Hacking project 405 B.3 Programming Projects 405 B 4 Laboratory Exercises 406 B.5 Practical Security Assessments 406 B.6 Writing Assignments 406 B.7 Reading/Report Assignments 407 Index 408 ONLINE CHAPTERS Chapter 12 Network Management Security 12.1 Basic Concepts of SNMP 12.2 SNMPv1 Community facility 12.3 SNMPV3 12.4 Recommended reading and eb sites 12.5 Key Terms, Review Questions, and Problems Chapter 13 Legal and Ethical Aspects 13.1 Cybercrime and Computer Crime 13.2 Intellectual Property 13.3 Privacy 13.4 Ethical issues 13.5 Recommended Reading and Web Sites V111 CONTENTS 13.6 Key Terms, Review Questions, and Problems ONLINE APPENDICES ppendix c Standards and Standards-Setting Organizations C.1 The Importance of Standards Internet Standards and the Internet society C.3 National Institute of Standards and Technology ppendix D TCP/IP and OSI D.1 Protocols and protocol architectures D.2 The TCP/IP Protocol architecture D.3 The role of an internet protocol D.4 IPv4 D.5 D.6 The osi protocol architecture Appendix E Pseudorandom Number Generation E.1 PRNG Requirements E2 PRNG USing a Block Cipher E.3 PRNG USing a hash Function or Message authentication Code ppendix F Kerberos Encryption Techniques F.1 Password-to-Key transformation F2 Propagating Cipher Block Chaining Mode Appendix G Data Compression Using ZIP G.1 Compression algorithm G.2 Decompression algorithm Appendix h PGP Random Number Generation p H.1 True random Numbers H.2 Pseudorandom numbers ppendix The International Reference Alphabet Glossary References PREFACE The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at the perfect butterfly effect. If you will permit me What does it matter, Jeeves, at a time like this? Do you realize that Mr. Little's domestic happiness is hanging in the scale? There is no time. sir, at which ties do not matter Very Good, Jeeves!PG. Wodehouse In this age of universal electronic connectivity, of viruses and hackers, of electronic eaves- dropping and electronic fraud, there is indeed no time at which security does not matter. Two trends have come together to make the topic of this book of vital interest. First, the explosiv growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communi cated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attackS. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security OBJECTIVES It is the purpose of this book to provide a practical survey of network security applications and standards. The emphasis is on applications that are widely used on the Internet and for corpo rate networks, and on standards(especially Internet standards) that have been widely deployed INTENDED AUDIENCE This book is intended for both an academic and a professional audience. as a textbook, it is intended as a one-semester undergraduate course on network security for computer science, computer engineering, and electrical engineering majors It covers the material in IAS2 Security Mechanisms, a core area in the Information Technology body of knowledge; and NET4 Security, another core area in the Information Technology body of knowledge. These subject areas are part of the Draft ACM/IEEE Computer Society Computing Curricula 2005 The book also serves as a basic reference volume and is suitable for self-study PLAN OF THE BOOK The book is organized in three parts: Part One. Cryptography: A concise survey of the cryptographic algorithms and protocols underlying network security applications, including encryption, hash functions, digital signatures, and key exchange


关注 私信 TA的资源