Network Defense and Countermeasures: Principles and Practices, 1st edition
Published by Pearson (June 29, 2018) © 2019
- William Easttom
eTextbook
- Anytime, anywhere learning with the Pearson+ app
- Easy-to-use search, navigation and notebook
- Simpler studying with flashcards
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
uCertify
- Includes the full Pearson e-text, pre- and post-assessments, quizzes, videos, and more
- Provides hands-on skills to bridge conceptual knowledge and real-world application
- Powerful student management tools yet easy to implement, customize, and manage
- The most up-to-date network defense text on the market
- Solid coverage of basic cryptography including its history, symmetric key systems, public/private key systems and digital signatures and certificates
- Covers oft-neglected subject areas such as defense strategies, forms of attacks, and policies related to network security
- Contains end-of-chapter exercises, projects, review questions, and plenty of real-world tips
The third edition of Network Defense & Countermeasures will be updated for changes that have occurred in the years since the 2nd edition. Issues such as firewalls, intrusion detection systems, and encryption will have minor updates. However, details regarding the types of attacks and counter measures will be significantly updated. The threat landscape has changed significantly since the second edition, and the third edition will reflect this. Forensics has also grown into an integral part of incident response, and accordingly the chapter on forensics will be significantly updated and expanded.
Updated for the many technology changes that have happened since the second edition was published in 2013. The book will provide students with basic security design fundamentals that help create systems that are worthy of being trusted. All examples of virus attacks and defense techniques will be updated to what is happening in 2017 including: o Password guessing /cracking
o Backdoors/ Trojans/ viruses/ wireless attackso Sniffing/spoofing/session hijacking
o Denial of service / distributed DOS/BOTso MAC spoofing / web app attacks / 0-day exploits
o Vulnerabilities that enable them
Chapter 1: Introduction to Network Security
Introduction
The Basics of a Network
   Basic Network Structure
   Data Packets
   IP Addresses
   Uniform Resource Locators
   MAC Addresses
   Protocols
Basic Network Utilities
   ipconfig
   ping
   tracert
   netstat
The OSI Model
What Does This Mean for Security?
Assessing Likely Threats to the Network
Classifications of Threats
   Malware
   Compromising System Security–Intrusions
   Denial of Service
Likely Attacks
Threat Assessment
Understanding Security Terminology
   Hacking Terminology
   Security Terminology
Choosing a Network Security Approach
   Perimeter Security Approach
   Layered Security Approach
   Hybrid Security Approach
Network Security and the Law
Using Security Resources
Summary
Chapter 2: Types of Attacks
Introduction
Understanding Denial of Service Attacks
   DoS in Action
   SYN Flood
   Smurf Attack
   Ping of Death
   UDP Flood
   ICMP Flood
   DHCP Starvation
   HTTP Post DoS
   PDoS
   Distributed Reflection Denial of Service
   DoS Tools
   Real-World Examples
   Defending Against DoS Attacks
Defending Against Buffer Overflow Attacks
Defending Against IP Spoofing
Defending Against Session Hijacking
Blocking Virus and Trojan Horse Attacks
   Viruses
   Types of Viruses
   Trojan Horses
Summary
Chapter 3: Fundamentals of Firewalls
Introduction
What Is a Firewall?
   Types of Firewalls
   Packet Filtering Firewall
   Stateful Packet Inspection
   Application Gateway
   Circuit Level Gateway
   Hybrid Firewalls
   Blacklisting/Whitelisting
Implementing Firewalls
   Host-Based
   Dual-Homed Hosts
   Router-Based Firewall
   Screened Hosts
Selecting and Using a Firewall
   Using a Firewall
Using Proxy Servers
   The WinGate Proxy Server
   NAT
Summary
Chapter 4: Firewall Practical Applications
Introduction
Using Single Machine Firewalls
Windows 10 Firewall
User Account Control
Linux Firewalls
   Iptables
   Symantec Norton Firewall
   McAfee Personal Firewall
Using Small Office/Home Office Firewalls
   SonicWALL
   D-Link DFL-2560 Office Firewall
Using Medium-Sized Network Firewalls
   Check Point Firewall
   Cisco Next-Generation Firewalls
Using Enterprise Firewalls
Summary
Chapter 5: Intrusion-Detection Systems
Introduction
Understanding IDS Concepts
   Preemptive Blocking
   Anomaly Detection
IDS Components and Processes
Understanding and Implementing IDSs
   Snort
   Cisco Intrusion-Detection and Prevention
Understanding and Implementing Honeypots
   Specter
   Symantec Decoy Server
   Intrusion Deflection
   Intrusion Deterrence
Summary
Chapter 6: Encryption Fundamentals
Introduction
The History of Encryption
   The Caesar Cipher
   ROT 13
   Atbash Cipher
   Multi-Alphabet Substitution
   Rail Fence
   Vigenère
   Enigma
   Binary Operations
Learning About Modern Encryption Methods
   Symmetric Encryption
   Key Stretching
   PRNG
   Public Key Encryption
   Digital Signatures
Identifying Good Encryption
Understanding Digital Signatures and Certificates
   Digital Certificates
   PGP Certificates
   MD5
   SHA
   RIPEMD
   HAVAL
Understanding and Using Decryption
Cracking Passwords
   John the Ripper
   Using Rainbow Tables
   Using Other Password Crackers
   General Cryptanalysis
Steganography
Steganalysis
Quantum Computing and Quantum Cryptography
Summary
Chapter 7: Virtual Private Networks
Introduction
Basic VPN Technology
Using VPN Protocols for VPN Encryption
   PPTP
   PPTP Authentication
   L2TP
   L2TP Authentication
   L2TP Compared to PPTP
IPSec
SSL/TLS
Implementing VPN Solutions
   Cisco Solutions
   Service Solutions
   Openswan
   Other Solutions
Summary
Chapter 8: Operating System Hardening
Introduction
Configuring Windows Properly
   Accounts, Users, Groups, and Passwords
   Setting Security Policies
   Registry Settings
   Services
   Encrypting File System
   Security Templates
Configuring Linux Properly
Patching the Operating System
Configuring Browsers
   Securing Browser Settings for Microsoft Internet Explorer
   Other Browsers
Summary
Chapter 9: Defending Against Virus Attacks
Introduction
Understanding Virus Attacks
   What Is a Virus?
   What Is a Worm?
   How a Virus Spreads
   The Virus Hoax
   Types of Viruses
Virus Scanners
   Virus Scanning Techniques
   Commercial Antivirus Software
Antivirus Policies and Procedures
Additional Methods for Defending Your System
What to Do If Your System Is Infected by a Virus
   Stopping the Spread of the Virus
   Removing the Virus
   Finding Out How the Infection Started
Summary
Chapter 10: Defending Against Trojan Horses, Spyware, and Adware
Introduction
Trojan Horses
   Identifying Trojan Horses
   Symptoms of a Trojan Horse
   Why So Many Trojan Horses?
   Preventing Trojan Horses
Spyware and Adware
   Identifying Spyware and Adware
   Anti-Spyware
   Anti-Spyware Policies
Summary
Chapter 11: Security Policies
Introduction
Defining User Policies
   Passwords
   Internet Use Policy
   E-mail Attachments
   Software Installation and Removal
   Instant Messaging
   Desktop Configuration
   Final Thoughts on User Policies
Defining System Administration Policies
   New Employees
   Leaving Employees
   Change Requests
   Security Breaches
Defining Access Control
Defining Developmental Policies
Summary
Chapter 12: Assessing System Security
Introduction
Risk Assessment Concepts
Evaluating the Security Risk
Conducting the Initial Assessment
   Patches
   Ports
   Protect
   Physical
Probing the Network
   NetCop
   NetBrute
   Cerberus
   Port Scanner for Unix: SATAN
   SAINT
   Nessus
   NetStat Live
   Active Ports
   Other Port Scanners
   Microsoft Baseline Security Analyzer
   NSAuditor
   NMAP
Vulnerabilities
   CVE
   NIST
   OWASP
McCumber Cube
   Goals
   Information States
   Safeguards
Security Documentation
   Physical Security Documentation
   Policy and Personnel Documentation
   Probe Documents
   Network Protection Documents
Summary
Chapter 13: Security Standards
Introduction
COBIT
ISO Standards
NIST Standards
   NIST SP 800-14
   NIST SP 800-35
   NIST SP 800-30 Rev. 1
U.S. DoD Standards
Using the Orange Book
   D - Minimal Protection
   C - Discretionary Protection
   B - Mandatory Protection
   A - Verified Protection
Using the Rainbow Series
Using the Common Criteria
Using Security Models
   Bell-LaPadula Model
   Biba Integrity Model
   Clark-Wilson Model
   Chinese Wall Model
   State Machine Model
U.S. Federal Regulations, Guidelines, and Standards
   The Health Insurance Portability & Accountability Act of 1996 (HIPAA)
   HITECH
   Sarbanes-Oxley (SOX)
   Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030
   Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029
   General Data Protection Regulation (GDPR)
   PCI DSS
Summary
Chapter 14: Physical Security and Disaster Recovery
Introduction
Physical Security
   Equipment Security
   Securing Building Access
   Monitoring
   Fire Protection
   General Premises Security
Disaster Recovery
   Disaster Recovery Plan
   Business Continuity Plan
   Determining Impact on Business
   Testing Disaster Recovery
   Disaster Recovery Related Standards
Ensuring Fault Tolerance
Summary
Chapter 15: Techniques Used by Attackers
Introduction
Preparing to Hack
   Passively Searching for Information
   Active Scanning
   NSAuditor
   Enumerating
   Nmap
   Shodan.io
   Manual Scanning
The Attack Phase
   Physical Access Attacks
   Remote Access Attacks
Wi-Fi Hacking
Summary
Chapter 16: Introduction to Forensics
Introduction
General Forensics Guidelines
   EU Evidence Gathering
   Scientific Working Group on Digital Evidence
   U.S. Secret Service Forensics Guidelines
   Don’t Touch the Suspect Drive
   Leave a Document Trail
   Secure the Evidence
FBI Forensics Guidelines
Finding Evidence on the PC
   In the Browser
   In System Logs
   Recovering Deleted Files
   Operating System Utilities
   The Windows Registry
Gathering Evidence from a Cell Phone
   Logical Acquisition
   Physical Acquisition
   Chip-off and JTAG
   Cellular Networks
   Cell Phone Terms
Forensic Tools to Use
   AccessData Forensic Toolkit
   EnCase
   The Sleuth Kit
   OSForensics
Forensic Science
To Certify or Not to Certify?
Summary
Chapter 17: Cyber Terrorism
Introduction
Defending Against Computer-Based Espionage
Defending Against Computer-Based Terrorism
   Economic Attack
   Compromising Defense
   General Attacks
   China Eagle Union
Choosing Defense Strategies
   Defending Against Information Warfare
   Propaganda
   Information Control
   Actual Cases
   Packet Sniffers
Summary
Appendix A: Answers
Glossary
Â
9780789759962Â Â TOCÂ Â 3/21/2018
Â
Chuck Easttom is a computer scientist, author, and inventor. He has authored 25 other books on programming, Web development, security, and Linux. He has also authored dozens of research papers on a wide range of computer science and cyber security topics. He is an inventor with 13 computer science patents. Chuck holds more than 40 different industry certifications. He also is a frequent presenter/speaker at computer and cyber security conferences such as Defcon, ISC2 Security Congress, Secure World, IEEE workshops, and more.
You can reach Chuck at his website (www.chuckeasttom.com) or by e-mail at chuck@chuckeasttom.com.
Need help? Get in touch