Introduction to Security and Network Forensics

Description

Keeping abreast of the latest developments in cyber security requires ongoing commitment, but without a firm foundation in the principles in computer security and digital forensics, those tasked with safeguarding our most private information will be lost in a turbulent and shifting sea. Providing such an introductory text, Introduction to Security and Network Forensics covers the basic principles of intrusion detection systems, encryption, and authentication, as well as the key academic principles related to digital forensics.

Starting with an overview of general security concepts, it addresses hashing, digital certificates, enhanced software security, and network security. The text introduces the concepts of risk, threat analysis, and network forensics, and includes online access to an abundance of ancillary materials, including labs, Cisco challenges, test questions, and web-based videos. The author provides readers with access to a complete set of simulators for routers, switches, wireless access points (Cisco Aironet 1200), PIX/ASA firewalls (Version 6.x, 7.x and 8.x), Wireless LAN Controllers (WLC), Wireless ADUs, ASDMs, SDMs, Juniper, and much more, including:

• More than 3,700 unique Cisco challenges and 48,000 Cisco Configuration Challenge Elements
• 60,000 test questions, including for Certified Ethical Hacking and CISSP®
• 350 router labs, 180 switch labs, 160 PIX/ASA labs, and 80 Wireless labs

Rounding out coverage with a look into more advanced topics, including data hiding, obfuscation, web infrastructures, and cloud and grid computing, this book provides the fundamental understanding in computer security and digital forensics required to develop and implement effective safeguards against ever-evolving cyber security threats.

Along with this, the text includes a range of online lectures and related material, available at: http://asecuritybook.com

Features

• Explains the basics of cyber security and digital forensics
• Covers general concepts in security as well as intrusion detection systems, encryption, and authentication
• Addresses specific issues such as hashing and digital certificates, enhanced software security, and network security
• Discusses data hiding, obfuscation, web infrastructures, and cloud and grid computing
• Provides online access to thousands of test questions, hundreds of labs, hours of web-based video, and a set of simulators

Table of Contents

Introduction to Security

• Objectives
• The Industrial and the Information Age
• CIA and AAA
• Protecting against Intruders
• Users, Systems, and Data
• Services, Role-Based Security, and Cloud Computing
• Security and Forensic Computing
• ISO 27002
• Risks
• Risk Management/Avoidance
• Security Policies
• Defi ning the Policy
• Example Risks
• Defense-in-Depth
• Gateways and DMZ (Demilitarized Zones)
• Layered Model and Security
• Encryption and a Layered Approach to Defense
• Software Tutorial—Data Packet Capture
• Online Exercises
• NetworkSims Exercises
• Chapter Lecture
• References

Intrusion Detection Systems

• Objectives
• Introduction
• Types of Intrusion
• Attack Patterns
• Host/Network-Based Intrusion Detection
• Placement of the IDS
• SNORT
• Example Rules
• Running Snort
• User, Machine, and Network Profiling
• Honey Pots
• In-Line and Out-of-Line IDSs
• False and True
• Customized Agent-Based IDS
• Tutorial
• Software Tutorial
• Snort Tutorial
• Online Exercises
• NetworkSims Exercises
• Chapter Lecture
• References

Encryption

• Objectives
• Introduction
• Simple Cipher Methods
• Brute-Force Analysis
• Public Key, Private Key, and Session Keys
• Adding Salt
• Private-Key Encryption
• Encryption Classes
• Public-Key Encryption
• One-Way Hashing
• Key Entropy
• File Encryption
• Tutorial
• Software Tutorial
• Web Page Exercises
• Network Simulation Tutorial
• Challenges
• Online Exercises
• NetworkSims Exercises
• Chapter Lecture

Authentication, Hashing, and Digital Certificates

• Objectives
• Introduction
• Methods of Authentication
• Biometrics
• Message Hash
• Authenticating the Sender
• Digital Certifi cates and PKI
• HMAC (Hash Message Authentication Code)
• Future of Authentication Systems—Kerberos
• Email Encryption
• Tutorial
• Software Tutorial
• Online Exercises
• Web Page Exercises
• NetworkSims Exercises
• Chapter Lecture
• Reference

Enhanced Software Security

• Objectives
• Introduction
• Integrating Security into Applications
• Good Practice
• The Future of Software
• .NET Environment—The Future of Security
• Strengths of .NET
• Global Assembly Cache (GAC)
• Strong Names
• NET Security Model
• Integrating Security into Applications
• Web Service Security
• NET Framework 3.0 (WinFX)
• Tutorial
• Software Tutorial
• Web Page Exercises
• On-Line Exercises
• NetworkSims Exercises
• Chapter Lecture
• References

Network Security Elements

• Objectives
• Introduction
• Router (Packet Filtering) Firewalls
• Network Address Translation
• PIX/ASA Firewall
• Proxy Servers
• Tutorial
• Web Page Exercises
• Online Exercises
• NetworkSims Exercises
• Chapter Lecture

Introduction to Risk

• Objectives
• Introduction
• Security Taxonomy
• Threats
• Service-Oriented Infrastructures
• Security Policies
• Defining the Policy
• Tutorial
• Windows Service Tutorial
• Linux Service Tutorial

Threat Analysis

• Objectives
• Introduction
• Intruder Detection
• Vulnerably Analysis
• Hping
• Botnets
• Phishing
• Active Attacks
• Inference
• Affiliate Scams
• Password Cracking Programs
• Tutorial
• Vulnerability Tutorial
• SQL Injection Tutorial
• Appendix

Network Forensics

• Objectives
• Introduction
• The Key Protocols
• Ethernet, IP, and TCP Headers
• TCP Connection
• ARP
• SYN
• Application Layer Analysis—FTP
• ICMP
• DNS
• Port Scan
• SYN Flood
• Spoofed Addresses
• Application Layer Analysis—HTTP
• Network Logs on Hosts
• Tripwire
• Tutorial
• Network Forensics Tutorial
• Tripwire Tutorial

Data Hiding and Obfuscation

• Objectives
• Introduction
• Obfuscation Using Encryption
• Obfuscation through Tunneling
• Covert Channels
• Watermarking and Stenography
• Hiding File Contents
• References
• Tutorial
• Exercises

Web Infrastructures

• Objectives
• Introduction
• Identity 2.0
• SOAP over HTTP
• LDAP
• Authentication Infrastructures
• 802.1x Authentication Infrastructure
• OpenID
• Kerberos
• WS-*
• Access Control
• Tutorial
• Practical Work
• Exercises
• Activities
• Secure Server Setup

Cloud/Grid Computing

• Objectives
• Introduction
• Grid Computing
• Cloud Computing
• Amazon Web Services
• Installing EC2 and S3 Command Tools
• Activities

Index

Author

Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University, UK. He currently leads the Centre for Distributed Computing and Security, along with leading the Scottish Centre of Excellence in Security and Cybercrime. He works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. Professor Buchanan has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing, including a widely-used network simulation package.

He has published over 25 academic books, and over 120 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including within law enforcement, health care, and finance. Along with this he has been involved in university start-ups and in generating novel methods within security and digital forensics.