Network Security Fundamentals [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Network Security Fundamentals [Electronic resources] - نسخه متنی

Gert De Laet, Gert Schauwers

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Foreword

Introduction

Part I. Introduction

Chapter 1. Network Security Overview

Defining Trust

Weaknesses and Vulnerabilities

Responsibilities for Network Security

Security Objectives

Conclusion

Q&A

Chapter 2. Understanding VulnerabilitiesThe Need for Security

Risk and Vulnerability

TCP/IP Suite Weaknesses

Buffer Overflows

Spoofing Techniques

Social Engineering

Conclusion

Q&A

Chapter 3. Understanding Defenses

Digital IDs

Intrusion Detection System

PC CardBased Solutions

Physical Security

Encrypted Login

Firewalls

Reusable Passwords

Antivirus Software

Encrypted Files

Biometrics

Conclusion

Q&A

Part II. Building Blocks

Chapter 4. Cryptography

Cryptography versus Cryptanalysis

Modern-Day Techniques

Conclusion

Q&A

Chapter 5. Security Policies

Defining a Security Policy?

Importance of a Security Policy

Development Process

Incident Handling Process

Security Wheel

Sample Security Policy

Conclusion

Q&A

Chapter 6. Secure Design

Network DesignPrinciples

Network DesignMethodology

Return on Investment

Physical Security Issues

Switches and Hubs

Conclusion

Q&A

Part III. Tools and Techniques

Chapter 7. Web Security

Hardening

Case Study

Conclusion

Q&A

Chapter 8. Router Security

Basic Router Security

Router Security to Protect the Network

CBAC

Case Study

Conclusion

Q&A

References in This Chapter

Chapter 9. Firewalls

Firewall Basics

Different Types of Firewalls

Enhancements for Firewalls

Case Study: Placing Filtering Routers and Firewalls

Summary

Q&A

Chapter 10. Intrusion Detection System Concepts

Introduction to Intrusion Detection

Host-Based IDSs

Network-Based IDSs

IDS Management CommunicationsMonitoring the Network

Sensor Maintenance

Case Study: Deployment of IDS Sensors in the Organization and Their Typical Placement

Conclusion

Q&A

Chapter 11. Remote Access

AAA Model

AAA Servers

Lock-and-Key Feature

Two-Factor Identification

Case Study: Configuring Secure Remote Access

Summary

Q&A

Chapter 12. Virtual Private Networks

Generic Routing Encapsulation Tunnels

IP Security

VPNs with IPSec

Case Study: Remote Access VPN

Conclusion

Q&A

Chapter 13. Public Key Infrastructure

Public Key Distribution

Trusted Third Party

PKI Topology

Enrollment Procedure

Revocation Procedure

Case Study: Creating Your Own CA

Conclusion

Q&A

Chapter 14. Wireless Security

Different WLAN Configurations

What Is a WLAN?

How Wireless Works

Risks of Open Wireless Ports

War-Driving and War-Chalking

SAFE WLAN Design Techniques and Considerations

Case Study: Adding Wireless Solutions to a Secure Network

Conclusion

Q&A

Chapter 15. Logging and Auditing

Logging

SYSLOG

Simple Network Management Protocol

Remote Monitoring

Service Assurance Agent

Case Study

Conclusion

Q&A

Part IV. Appendixes

Appendix A. SAFE Blueprint

Introduction to the SAFE Blueprint

SAFE Blueprint: Overview of the Architecture

Summary

References in This Appendix

Appendix B. SANS Policies

SANS Overview

SANS Initiatives and Programs

Security Policy Project

Is It a Policy, a Standard, or a Guideline?

References in This Appendix

Appendix C. NSA Guidelines

Security Guides

References in This Appendix

Appendix D. Answers to Chapter Q&A

Chapter 1 Q&A

Chapter 2 Q&A

Chapter 3 Q&A

Chapter 4 Q&A

Chapter 5 Q&A

Chapter 6 Q&A

Chapter 7 Q&A

Chapter 8 Q&A

Chapter 9 Q&A

Chapter 10 Q&A

Chapter 11 Q&A

Chapter 12 Q&A

Chapter 13 Q&A

Chapter 14 Q&A

Chapter 15 Q&A

Bibliography

Books

Website References

Index
توضیحات
افزودن یادداشت جدید

Digital IDs


A digital identity, or digital ID, is a means of proving your identity or that you have been granted permission to access information on network devices or services. The system or method behind digital IDs is similar to nonelectronic means of identification. For instance, entering a private dancing club requires an ID check of a membership card to validate your claim to have the right to enter the venue. Using a photo ID on the card prevents others from abusing the card and impersonating valid members of the club.

Digital IDs are often required for electronic bank transactions, secure e-mail transmissions, and online shopping.

NOTE

The International Telecommunications Union (ITU-T), formerly known as CCITT, is a multinational union that provides standards for telecommunication equipment. The ITU-T X.509 standard for digital certificates (digital IDs) is one of those telecommunications standards. Digital certificates are used in a broad range of applications, including web services, e-mail services, and banking applications. The standard applies to a wide range of environments.

As stated previously, a digital ID is a means of proving that you have been granted permission to access information on network devices or services. To better understand the concept, let's examine the process of online shopping for a book from Cisco Press. Before the customer can trust the vendor, Cisco Press in this case, some sort of authentication needs to occur. The authentication occurs during the establishment of a connection. When the customer places an order, the customer's workstation web browser requests the certificate of the server. The certificate provides a form of authentication for the identity of the web server and also can serve as a way to guarantee that valid content is provided on the server.

The certificates combine the digital IDs and a set of keys to encrypt and validate the connection. These certificates are issued by a certification authority (CA) and are signed with the CA's private key. A CA is an organization that is trusted by both parties participating in a transaction. The role of the CA is to guarantee the identity of each party participating in the transaction.

Figure 3-1 shows the details contained within a digital certificate.

Figure 3-1. Certificate or Digital ID

[View full size image]

The section at the left side on Figure 3-1 contains general information about the signature. The details of the certificate are displayed on the right side of the figure.

This digital ID is issued by Thawte Personal Basic CA. (Thawte Personal Basic is used here just as an example of a CA. It has no correlation with the Cisco Press website.) This signature is intended to prove the validity of the server's identity to a remote computer and can also be used to protect e-mail messages. The certificate ensures that the software is protected against alterations after publication. Typically, to check the parameters of a digital ID, a user can click the Details tab on the certificate. The parameters of the digital ID can include the following:

  • Version number: V3

  • Serial number: 00

  • Signature algorithm: MD5RSA

  • Name of the issuer: Thawte Personal Basic CA

  • Expiration date: Friday, January 01, 2021

  • Owner's name: Thawte Personal Basic CA

  • Owner's public key: RSA (1024 bits)


All these fields are in compliance with the ITU-T X.509 specifications.

Let's go back to the book-ordering process through the Cisco Press website. The online user connects to the Cisco Press website using Internet Explorer. To start sending protected (encrypted) information, the web browser must obtain the proper certificate and be set up to use this certificate. From the moment the user visits the Cisco Press secure website, the Cisco Press web server automatically sends its certificate. Note that secure URLs add an

s to

http to become

https . Figure 3-2 displays the certificate that is received from the server.

Figure 3-2. Secure Website

[View full size image]

Once the exchange is successfully completed, the web browser displays a lock icon on the status bar of the application to indicate that a secure channel is established. This certificate guarantees the identity of the remote computer for the user. The certificate was issued by Secure Server Certification Authority for order.superlibrary.com and is valid until November 26, 2004.

Three types of certificates are available:

  • Personal digital ID or personal certificate

  • Server digital ID or website certificate

  • Developers' digital ID


Software developers use developers' IDs. Internet Explorer and Netscape use only personal digital IDs and server digital IDs.

Personal certificates are used for sending personal information over the Internet to a website, whereby the web server requires verification of the user's identity. Personal certificates are most commonly used for the exchange of e-mails by individual users. Once the personal certificate is installed, the digital ID is bound to your e-mail address and can be used to digitally sign your e-mail and receive encrypted e-mails. Personal certificates are not seen during communication, which makes the process transparent to the user.

Website certificates enable and state that a specific web server is operating in a secure and authentic way. A web server ID or certificate unambiguously identifies and authenticates the web server and guarantees the encryption of any information passed between the web server and the individual user. For instance, when sending your personal information (credit card details) to an online store, it is a good idea to first check the certificate of the store to ensure that your information is protected while in transit.

The different digital ID services, whether they take the form of a personal certificate or a website certificate, use key encryption techniques with two keys, namely a public key and a private key. Figure 3-3 illustrates the mechanism behind this encryption technique.

Figure 3-3. Digital ID Functionality

[View full size image]

Only the public key is exchanged between the sender and receiver. Before actual transmission starts between two hosts, the sending host forwards its certificate, providing the public key, so the receiver can send encrypted data or information back. The information that is received back can be decrypted using the private key. The private key has two main functions. First, it makes a digital ID or signature unique, and second, it decrypts information in combination with the corresponding public key.

Let's take a closer look at this process by examining the steps shown in Figure 3-3.


Step 1.

The online user passes credit card information through a hashing algorithm to produce the message digest (MD5). The message digest is then encrypted using the private key.

Note

A message digest is a function that takes arbitrary-sized input data (referred to as a

message ) and generates a fixed-size output, called a

digest (or hash).

Step 2.

At this point, the signed data is sent to the web server.

Step 3.

The server uses the same algorithm to create a message digest, decrypts the signature using the public key (added to the signature), and compares the two message digests. When the two message digests are equal, identity is checked and secure transmission can occur.


This process is covered in greater detail in Chapter 13, "Public Key Infrastructure."


/ 196