Att net iss mcafee free download

2

Contents 1. Cover Page 2. Title Page 3. Copyright Page 4. Contents at a Glance 5. Contents 6. About This E-Book 7. Preface 8. About the Author 9. Dedication

10. Acknowledgments 11. About the Technical Reviewers 12. We Want to Hear from You! 13. Reader Services 14. Chapter 1: Introduction to Network Security

1. Introduction 2. The Basics of a Network

1. Basic Network Structure 2. Data Packets 3. IP Addresses 4. Uniform Resource Locators 5. MAC Addresses 6. Protocols

3. Basic Network Utilities

3

1. ipconfig 2. ping 3. tracert 4. netstat

4. The OSI Model 5. What Does This Mean for Security? 6. Assessing Likely Threats to the Network 7. Classifications of Threats

1. Malware 2. Compromising System Security—Intrusions 3. Denial of Service

8. Likely Attacks 9. Threat Assessment

10. Understanding Security Terminology

1. Hacking Terminology 2. Security Terminology

11. Choosing a Network Security Approach

1. Perimeter Security Approach 2. Layered Security Approach 3. Hybrid Security Approach

12. Network Security and the Law 13. Using Security Resources 14. Summary

15. Chapter 2: Types of Attacks

4

1. Introduction 2. Understanding Denial of Service Attacks

1. DoS in Action 2. SYN Flood 3. Smurf Attack 4. Ping of Death 5. UDP Flood 6. ICMP Flood 7. DHCP Starvation 8. HTTP Post DoS 9. PDoS

10. Distributed Reflection Denial of Service 11. DoS Tools 12. Real-World Examples 13. Defending Against DoS Attacks

3. Defending Against Buffer Overflow Attacks 4. Defending Against IP Spoofing 5. Defending Against Session Hijacking 6. Blocking Virus and Trojan Horse Attacks

1. Viruses 2. Types of Viruses 3. Trojan Horses

7. Summary

16. Chapter 3: Fundamentals of Firewalls

1. Introduction 2. What Is a Firewall?

5

1. Types of Firewalls 2. Packet Filtering Firewall 3. Stateful Packet Inspection 4. Application Gateway 5. Circuit Level Gateway 6. Hybrid Firewalls 7. Blacklisting/Whitelisting

3. Implementing Firewalls

1. Host-Based 2. Dual-Homed Hosts 3. Router-Based Firewall 4. Screened Hosts

4. Selecting and Using a Firewall

1. Using a Firewall

5. Using Proxy Servers

1. The WinGate Proxy Server 2. NAT

6. Summary

17. Chapter 4: Firewall Practical Applications

1. Introduction 2. Using Single Machine Firewalls 3. Windows 10 Firewall 4. User Account Control

6

5. Linux Firewalls

1. Iptables 2. Symantec Norton Firewall 3. McAfee Personal Firewall

6. Using Small Office/Home Office Firewalls

1. SonicWALL 2. D-Link DFL-2560 Office Firewall

7. Using Medium-Sized Network Firewalls

1. Check Point Firewall 2. Cisco Next-Generation Firewalls

8. Using Enterprise Firewalls 9. Summary

18. Chapter 5: Intrusion-Detection Systems

1. Introduction 2. Understanding IDS Concepts

1. Preemptive Blocking 2. Anomaly Detection

3. IDS Components and Processes 4. Understanding and Implementing IDSs

1. Snort 2. Cisco Intrusion-Detection and Prevention

7

5. Understanding and Implementing Honeypots

1. Specter 2. Symantec Decoy Server 3. Intrusion Deflection 4. Intrusion Deterrence

6. Summary

19. Chapter 6: Encryption Fundamentals

1. Introduction 2. The History of Encryption

1. The Caesar Cipher 2. ROT 13 3. Atbash Cipher 4. Multi-Alphabet Substitution 5. Rail Fence 6. Vigenère 7. Enigma 8. Binary Operations

3. Learning About Modern Encryption Methods

1. Symmetric Encryption 2. Key Stretching 3. PRNG 4. Public Key Encryption 5. Digital Signatures

4. Identifying Good Encryption 5. Understanding Digital Signatures and Certificates

8

1. Digital Certificates 2. PGP Certificates 3. MD5 4. SHA 5. RIPEMD 6. HAVAL

6. Understanding and Using Decryption 7. Cracking Passwords

1. John the Ripper 2. Using Rainbow Tables 3. Using Other Password Crackers 4. General Cryptanalysis

8. Steganography 9. Steganalysis

10. Quantum Computing and Quantum Cryptography 11. Summary

20. Chapter 7: Virtual Private Networks

1. Introduction 2. Basic VPN Technology 3. Using VPN Protocols for VPN Encryption

1. PPTP 2. PPTP Authentication 3. L2TP 4. L2TP Authentication 5. L2TP Compared to PPTP

4. IPSec

9

5. SSL/TLS 6. Implementing VPN Solutions

1. Cisco Solutions 2. Service Solutions 3. Openswan 4. Other Solutions

7. Summary

21. Chapter 8: Operating System Hardening

1. Introduction 2. Configuring Windows Properly

1. Accounts, Users, Groups, and Passwords 2. Setting Security Policies 3. Registry Settings 4. Services 5. Encrypting File System 6. Security Templates

3. Configuring Linux Properly 4. Patching the Operating System 5. Configuring Browsers

1. Securing Browser Settings for Microsoft Internet Explorer

2. Other Browsers

6. Summary

10

22. Chapter 9: Defending Against Virus Attacks

1. Introduction 2. Understanding Virus Attacks

1. What Is a Virus? 2. What Is a Worm? 3. How a Virus Spreads 4. The Virus Hoax 5. Types of Viruses

3. Virus Scanners

1. Virus Scanning Techniques 2. Commercial Antivirus Software

4. Antivirus Policies and Procedures 5. Additional Methods for Defending Your System 6. What to Do If Your System Is Infected by a Virus

1. Stopping the Spread of the Virus 2. Removing the Virus 3. Finding Out How the Infection Started

7. Summary

23. Chapter 10: Defending Against Trojan Horses, Spyware, and Adware

1. Introduction 2. Trojan Horses

1. Identifying Trojan Horses

11

2. Symptoms of a Trojan Horse 3. Why So Many Trojan Horses? 4. Preventing Trojan Horses

3. Spyware and Adware

1. Identifying Spyware and Adware 2. Anti-Spyware 3. Anti-Spyware Policies

4. Summary

24. Chapter 11: Security Policies

1. Introduction 2. Defining User Policies

1. Passwords 2. Internet Use Policy 3. E-mail Attachments 4. Software Installation and Removal 5. Instant Messaging 6. Desktop Configuration 7. Final Thoughts on User Policies

3. Defining System Administration Policies

1. New Employees 2. Leaving Employees 3. Change Requests 4. Security Breaches

12

4. Defining Access Control 5. Defining Developmental Policies 6. Summary

25. Chapter 12: Assessing System Security

1. Introduction 2. Risk Assessment Concepts 3. Evaluating the Security Risk 4. Conducting the Initial Assessment

1. Patches 2. Ports 3. Protect 4. Physical

5. Probing the Network

1. NetCop 2. NetBrute 3. Cerberus 4. Port Scanner for Unix: SATAN 5. SAINT 6. Nessus 7. NetStat Live 8. Active Ports 9. Other Port Scanners

10. Microsoft Baseline Security Analyzer 11. NSAuditor 12. NMAP

6. Vulnerabilities

13

1. CVE 2. NIST 3. OWASP

7. McCumber Cube

1. Goals 2. Information States 3. Safeguards

8. Security Documentation

1. Physical Security Documentation 2. Policy and Personnel Documentation 3. Probe Documents 4. Network Protection Documents

9. Summary

26. Chapter 13: Security Standards

1. Introduction 2. COBIT 3. ISO Standards 4. NIST Standards

1. NIST SP 800-14 2. NIST SP 800-35 3. NIST SP 800-30 Rev. 1

5. U.S. DoD Standards 6. Using the Orange Book

14

1. D - Minimal Protection 2. C - Discretionary Protection 3. B - Mandatory Protection 4. A - Verified Protection

7. Using the Rainbow Series 8. Using the Common Criteria 9. Using Security Models

1. Bell-LaPadula Model 2. Biba Integrity Model 3. Clark-Wilson Model 4. Chinese Wall Model 5. State Machine Model

10. U.S. Federal Regulations, Guidelines, and Standards

1. The Health Insurance Portability & Accountability Act of 1996 (HIPAA)

2. HITECH 3. Sarbanes-Oxley (SOX) 4. Computer Fraud and Abuse Act (CFAA): 18

U.S. Code § 1030 5. Fraud and Related Activity in Connection

with Access Devices: 18 U.S. Code § 1029 6. General Data Protection Regulation (GDPR) 7. PCI DSS

11. Summary

27. Chapter 14: Physical Security and Disaster Recovery

1. Introduction

15

2. Physical Security

1. Equipment Security 2. Securing Building Access 3. Monitoring 4. Fire Protection 5. General Premises Security

3. Disaster Recovery

1. Disaster Recovery Plan 2. Business Continuity Plan 3. Determining Impact on Business 4. Testing Disaster Recovery 5. Disaster Recovery Related Standards

4. Ensuring Fault Tolerance 5. Summary

28. Chapter 15: Techniques Used by Attackers

1. Introduction 2. Preparing to Hack

1. Passively Searching for Information 2. Active Scanning 3. NSAuditor 4. Enumerating 5. Nmap 6. Shodan.io 7. Manual Scanning

3. The Attack Phase

16

1. Physical Access Attacks 2. Remote Access Attacks

4. Wi-Fi Hacking 5. Summary

29. Chapter 16: Introduction to Forensics

1. Introduction 2. General Forensics Guidelines

1. EU Evidence Gathering 2. Scientific Working Group on Digital

Evidence 3. U.S. Secret Service Forensics Guidelines 4. Don’t Touch the Suspect Drive 5. Leave a Document Trail 6. Secure the Evidence

3. FBI Forensics Guidelines 4. Finding Evidence on the PC

1. In the Browser 2. In System Logs 3. Recovering Deleted Files 4. Operating System Utilities 5. The Windows Registry

5. Gathering Evidence from a Cell Phone

1. Logical Acquisition 2. Physical Acquisition 3. Chip-off and JTAG

17

4. Cellular Networks 5. Cell Phone Terms

6. Forensic Tools to Use

1. AccessData Forensic Toolkit 2. EnCase 3. The Sleuth Kit 4. OSForensics

7. Forensic Science 8. To Certify or Not to Certify? 9. Summary

30. Chapter 17: Cyber Terrorism

1. Introduction 2. Defending Against Computer-Based Espionage 3. Defending Against Computer-Based Terrorism

1. Economic Attack 2. Compromising Defense 3. General Attacks 4. China Eagle Union

4. Choosing Defense Strategies

1. Defending Against Information Warfare 2. Propaganda 3. Information Control 4. Actual Cases 5. Packet Sniffers

18

5. Summary

31. Appendix A: Answers 32. Glossary 33. Index

1. i 2. ii 3. iii 4. iv 5. v 6. vi 7. vii 8. viii 9. ix

10. x 11. xi 12. xii 13. xiii 14. xiv 15. xv 16. xvi 17. xvii 18. xviii 19. xix 20. xx 21. xxi 22. 1 23. 2 24. 3 25. 4 26. 5 27. 6

19

28. 7 29. 8 30. 9 31. 10 32. 11 33. 12 34. 13 35. 14 36. 15 37. 16 38. 17 39. 18 40. 19 41. 20 42. 21 43. 22 44. 23 45. 24 46. 25 47. 26 48. 27 49. 28 50. 29 51. 30 52. 31 53. 32 54. 33 55. 34 56. 35 57. 36 58. 37 59. 38 60. 39 61. 40

20

62. 41 63. 42 64. 43 65. 44 66. 45 67. 46 68. 47 69. 48 70. 49 71. 50 72. 51 73. 52 74. 53 75. 54 76. 55 77. 56 78. 57 79. 58 80. 59 81. 60 82. 61 83. 62 84. 63 85. 64 86. 65 87. 66 88. 67 89. 68 90. 69 91. 70 92. 71 93. 72 94. 73 95. 74

21

96. 75 97. 76 98. 77 99. 78

100. 79 101. 80 102. 81 103. 82 104. 83 105. 84 106. 85 107. 86 108. 87 109. 88 110. 89 111. 90 112. 91 113. 92 114. 93 115. 94 116. 95 117. 96 118. 97 119. 98 120. 99 121. 100 122. 101 123. 102 124. 103 125. 104 126. 105 127. 106 128. 107 129. 108

22

130. 109 131. 110 132. 111 133. 112 134. 113 135. 114 136. 115 137. 116 138. 117 139. 118 140. 119 141. 120 142. 121 143. 122 144. 123 145. 124 146. 125 147. 126 148. 127 149. 128 150. 129 151. 130 152. 131 153. 132 154. 133 155. 134 156. 135 157. 136 158. 137 159. 138 160. 139 161. 140 162. 141 163. 142

23

164. 143 165. 144 166. 145 167. 146 168. 147 169. 148 170. 149 171. 150 172. 151 173. 152 174. 153 175. 154 176. 155 177. 156 178. 157 179. 158 180. 159 181. 160 182. 161 183. 162 184. 163 185. 164 186. 165 187. 166 188. 167 189. 168 190. 169 191. 170 192. 171 193. 172 194. 173 195. 174 196. 175 197. 176

24

198. 177 199. 178 200. 179 201. 180 202. 181 203. 182 204. 183 205. 184 206. 185 207. 186 208. 187 209. 188 210. 189 211. 190 212. 191 213. 192 214. 193 215. 194 216. 195 217. 196 218. 197 219. 198 220. 199 221. 200 222. 201 223. 202 224. 203 225. 204 226. 205 227. 206 228. 207 229. 208 230. 209 231. 210

25

232. 211 233. 212 234. 213 235. 214 236. 215 237. 216 238. 217 239. 218 240. 219 241. 220 242. 221 243. 222 244. 223 245. 224 246. 225 247. 226 248. 227 249. 228 250. 229 251. 230 252. 231 253. 232 254. 233 255. 234 256. 235 257. 236 258. 237 259. 238 260. 239 261. 240 262. 241 263. 242 264. 243 265. 244

26

266. 245 267. 246 268. 247 269. 248 270. 249 271. 250 272. 251 273. 252 274. 253 275. 254 276. 255 277. 256 278. 257 279. 258 280. 259 281. 260 282. 261 283. 262 284. 263 285. 264 286. 265 287. 266 288. 267 289. 268 290. 269 291. 270 292. 271 293. 272 294. 273 295. 274 296. 275 297. 276 298. 277 299. 278

27

300. 279 301. 280 302. 281 303. 282 304. 283 305. 284 306. 285 307. 286 308. 287 309. 288 310. 289 311. 290 312. 291 313. 292 314. 293 315. 294 316. 295 317. 296 318. 297 319. 298 320. 299 321. 300 322. 301 323. 302 324. 303 325. 304 326. 305 327. 306 328. 307 329. 308 330. 309 331. 310 332. 311 333. 312

28

334. 313 335. 314 336. 315 337. 316 338. 317 339. 318 340. 319 341. 320 342. 321 343. 322 344. 323 345. 324 346. 325 347. 326 348. 327 349. 328 350. 329 351. 330 352. 331 353. 332 354. 333 355. 334 356. 335 357. 336 358. 337 359. 338 360. 339 361. 340 362. 341 363. 342 364. 343 365. 344 366. 345 367. 346

29

368. 347 369. 348 370. 349 371. 350 372. 351 373. 352 374. 353 375. 354 376. 355 377. 356 378. 357 379. 358 380. 359 381. 360 382. 361 383. 362 384. 363 385. 364 386. 365 387. 366 388. 367 389. 368 390. 369 391. 370 392. 371 393. 372 394. 373 395. 374 396. 375 397. 376 398. 377 399. 378 400. 379 401. 380

30

402. 381 403. 382 404. 383 405. 384 406. 385 407. 386 408. 387 409. 388 410. 389 411. 390 412. 391 413. 392 414. 393 415. 394 416. 395 417. 396 418. 397 419. 398 420. 399 421. 400 422. 401 423. 402 424. 403 425. 404 426. 405 427. 406 428. 407 429. 408 430. 409 431. 410 432. 411 433. 412 434. 413 435. 414

31

436. 415 437. 416 438. 417 439. 418 440. 419 441. 420 442. 421 443. 422 444. 423 445. 424 446. 425 447. 426 448. 427 449. 428 450. 429 451. 430 452. 431 453. 432 454. 433 455. 434 456. 435 457. 436 458. 437 459. 438 460. 439 461. 440 462. 441 463. 442 464. 443 465. 444 466. 445 467. 446 468. 447 469. 448

32

470. 449 471. 450 472. 451 473. 452 474. 453 475. 454 476. 455 477. 456 478. 457 479. 458 480. 459 481. 460 482. 461 483. 462 484. 463 485. 464 486. 465 487. 466 488. 467 489. 468 490. 469 491. 470 492. 471 493. 472 494. 473 495. 474 496. 475 497. 476 498. 477 499. 478 500. 479 501. 480 502. 481 503. 482

33

504. 483 505. 484 506. 485 507. 486 508. 487 509. 488 510. 489 511. 490 512. 491 513. 492 514. 493 515. 494 516. 495 517. 496 518. 497 519. 498 520. 499 521. 500 522. 501 523. 502 524. 503 525. 504 526. 505 527. 506 528. 507 529. 508 530. 509 531. 510 532. 511 533. 512 534. 513 535. 514 536. 515 537. 516

34

538. 517 539. 518 540. 519 541. 520 542. 521 543. 522 544. 523 545. 524

35

About This E-Book EPUB is an open, industry-standard format for e- books. However, support for EPUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site.

Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the e-book in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code

36

image” link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.

37

Network Defense and Countermeasures Principles and Practices

Third Edition

Chuck Easttom

800 East 96th Street, Indianapolis, Indiana 46240 USA

38

Network Defense and Countermeasures Copyright © 2018 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-13: 978-0-7897-5996-2

ISBN-10: 0-7897-5996-9

Library of Congress Control Number: 2018933854

Printed in the United States of America

1 18

Trademarks

39

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published as part of the services for any purpose. All such documents and related graphics are provided “as is” without warranty of any kind. Microsoft and/ or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of

40

information available from the services.

The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time. Partial screenshots may be viewed in full within the software version specified.

Microsoft® and Windows® are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. Screenshots and icons reprinted with permission from the Microsoft Corporation. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the

41

information contained in this book.

Special Sales

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419.

For government sales inquiries, please contact governmentsales@pearsoned.com.

For questions about sales outside the U.S., please contact intlcs@pearson.com.

Editor-in-Chief

Mark Taub

Product Line Manager

Brett Bartow

Executive Editor

Mary Beth Ray

Development Editor

Ellie C. Bru

Managing Editor

mailto:corpsales@pearsoned.com
mailto:governmentsales@pearsoned.com
mailto:intlcs@pearson.com
42

Sandra Schroeder

Senior Project Editor

Tonya Simpson

Copy Editor

Bill McManus

Indexer

Erika Millen

Proofreader

Abigail Manheim

Technical Editors

Akhil Behl Steve Kalman

Publishing Coordinator

Vanessa Evans

Cover Designer

Chuti Prasertsith

Compositor

codemantra

43

Contents at a Glance Preface

1 Introduction to Network Security

2 Types of Attacks

3 Fundamentals of Firewalls

4 Firewall Practical Applications

5 Intrusion-Detection Systems

6 Encryption Fundamentals

7 Virtual Private Networks

8 Operating System Hardening

9 Defending Against Virus Attacks

10 Defending against Trojan Horses, Spyware, and Adware

11 Security Policies

12 Assessing System Security

13 Security Standards

14 Physical Security and Disaster Recovery

15 Techniques Used by Attackers

16 Introduction to Forensics

44

17 Cyber Terrorism

Appendix A: Answers

Glossary

Index

45

Table of Contents Chapter 1: Introduction to Network

Security

Introduction

The Basics of a Network

Basic Network Structure

Data Packets

IP Addresses

Uniform Resource Locators

MAC Addresses

Protocols

Basic Network Utilities

ipconfig

ping

tracert

netstat

The OSI Model

What Does This Mean for Security?

Assessing Likely Threats to the Network

Classifications of Threats

Malware

46

Compromising System Security— Intrusions

Denial of Service

Likely Attacks

Threat Assessment

Understanding Security Terminology

Hacking Terminology

Security Terminology

Choosing a Network Security Approach

Perimeter Security Approach

Layered Security Approach

Hybrid Security Approach

Network Security and the Law

Using Security Resources

Summary

Chapter 2: Types of Attacks

Introduction

Understanding Denial of Service Attacks

DoS in Action

SYN Flood

Smurf Attack

Ping of Death

UDP Flood

47

ICMP Flood

DHCP Starvation

HTTP Post DoS

PDoS

Distributed Reflection Denial of Service

DoS Tools

Real-World Examples

Defending Against DoS Attacks

Defending Against Buffer Overflow Attacks

Defending Against IP Spoofing

Defending Against Session Hijacking

Blocking Virus and Trojan Horse Attacks

Viruses

Types of Viruses

Trojan Horses

Summary

Chapter 3: Fundamentals of Firewalls

Introduction

What Is a Firewall?

Types of Firewalls

Packet Filtering Firewall

Stateful Packet Inspection

Application Gateway

48

Circuit Level Gateway

Hybrid Firewalls

Blacklisting/Whitelisting

Implementing Firewalls

Host-Based

Dual-Homed Hosts

Router-Based Firewall

Screened Hosts

Selecting and Using a Firewall

Using a Firewall

Using Proxy Servers

The WinGate Proxy Server

NAT

Summary

Chapter 4: Firewall Practical Applications

Introduction

Using Single Machine Firewalls

Windows 10 Firewall

User Account Control

Linux Firewalls

Iptables

Symantec Norton Firewall

McAfee Personal Firewall

49

Using Small Office/Home Office Firewalls

SonicWALL

D-Link DFL-2560 Office Firewall

Using Medium-Sized Network Firewalls

Check Point Firewall

Cisco Next-Generation Firewalls

Using Enterprise Firewalls

Summary

Chapter 5: Intrusion-Detection Systems

Introduction

Understanding IDS Concepts

Preemptive Blocking

Anomaly Detection

IDS Components and Processes

Understanding and Implementing IDSs

Snort

Cisco Intrusion-Detection and Prevention

Understanding and Implementing Honeypots

Specter

Symantec Decoy Server

Intrusion Deflection

Intrusion Deterrence

50

Summary

Chapter 6: Encryption Fundamentals

Introduction

The History of Encryption

The Caesar Cipher

ROT 13

Atbash Cipher

Multi-Alphabet Substitution

Rail Fence

Vigenère

Enigma

Binary Operations

Learning About Modern Encryption Methods

Symmetric Encryption

Key Stretching

PRNG

Public Key Encryption

Digital Signatures

Identifying Good Encryption

Understanding Digital Signatures and Certificates

Digital Certificates

PGP Certificates

MD5

51

SHA

RIPEMD

HAVAL

Understanding and Using Decryption

Cracking Passwords

John the Ripper

Using Rainbow Tables

Using Other Password Crackers

General Cryptanalysis

Steganography

Steganalysis

Quantum Computing and Quantum Cryptography

Summary

Chapter 7: Virtual Private Networks

Introduction

Basic VPN Technology

Using VPN Protocols for VPN Encryption

PPTP

PPTP Authentication

L2TP

L2TP Authentication

L2TP Compared to PPTP

IPSec

52

SSL/TLS

Implementing VPN Solutions

Cisco Solutions

Service Solutions

Openswan

Other Solutions

Summary

Chapter 8: Operating System Hardening

Introduction

Configuring Windows Properly

Accounts, Users, Groups, and Passwords

Setting Security Policies

Registry Settings

Services

Encrypting File System

Security Templates

Configuring Linux Properly

Patching the Operating System

Configuring Browsers

Securing Browser Settings for Microsoft Internet Explorer

Other Browsers

53

Summary

Chapter 9: Defending Against Virus Attacks

Introduction

Understanding Virus Attacks

What Is a Virus?

What Is a Worm?

How a Virus Spreads

The Virus Hoax

Types of Viruses

Virus Scanners

Virus Scanning Techniques

Commercial Antivirus Software

Antivirus Policies and Procedures

Additional Methods for Defending Your System

What to Do If Your System Is Infected by a Virus

Stopping the Spread of the Virus

Removing the Virus

Finding Out How the Infection Started

Summary

Chapter 10: Defending Against Trojan Horses, Spyware, and Adware

Introduction

Trojan Horses

54

Identifying Trojan Horses

Symptoms of a Trojan Horse

Why So Many Trojan Horses?

Preventing Trojan Horses

Spyware and Adware

Identifying Spyware and Adware

Anti-Spyware

Anti-Spyware Policies

Summary

Chapter 11: Security Policies

Introduction

Defining User Policies

Passwords

Internet Use Policy

E-mail Attachments

Software Installation and Removal

Instant Messaging

Desktop Configuration

Final Thoughts on User Policies

Defining System Administration Policies

New Employees

Leaving Employees

Change Requests

55

Security Breaches

Defining Access Control

Defining Developmental Policies

Summary

Chapter 12: Assessing System Security

Introduction

Risk Assessment Concepts

Evaluating the Security Risk

Conducting the Initial Assessment

Patches

Ports

Protect

Physical

Probing the Network

NetCop

NetBrute

Cerberus

Port Scanner for Unix: SATAN

SAINT

Nessus

NetStat Live

Active Ports

Other Port Scanners

56

Microsoft Baseline Security Analyzer

NSAuditor

NMAP

Vulnerabilities

CVE

NIST

OWASP

McCumber Cube

Goals

Information States

Safeguards

Security Documentation

Physical Security Documentation

Policy and Personnel Documentation

Probe Documents

Network Protection Documents

Summary

Chapter 13: Security Standards

Introduction

COBIT

ISO Standards

NIST Standards

NIST SP 800-14

57

NIST SP 800-35

NIST SP 800-30 Rev. 1

U.S. DoD Standards

Using the Orange Book

D - Minimal Protection

C - Discretionary Protection

B - Mandatory Protection

A - Verified Protection

Using the Rainbow Series

Using the Common Criteria

Using Security Models

Bell-LaPadula Model

Biba Integrity Model

Clark-Wilson Model

Chinese Wall Model

State Machine Model

U.S. Federal Regulations, Guidelines, and Standards

The Health Insurance Portability & Accountability Act of 1996 (HIPAA)

HITECH

Sarbanes-Oxley (SOX)

Computer Fraud and Abuse Act

58

(CFAA): 18 U.S. Code § 1030

Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029

General Data Protection Regulation (GDPR)

PCI DSS

Summary

Chapter 14: Physical Security and Disaster Recovery

Introduction

Physical Security

Equipment Security

Securing Building Access

Monitoring

Fire Protection

General Premises Security

Disaster Recovery

Disaster Recovery Plan

Business Continuity Plan

Determining Impact on Business

Testing Disaster Recovery

Disaster Recovery Related Standards

59

Ensuring Fault Tolerance

Summary

Chapter 15: Techniques Used by Attackers

Introduction

Preparing to Hack

Passively Searching for Information

Active Scanning

NSAuditor

Enumerating

Nmap

Shodan.io

Manual Scanning

The Attack Phase

Physical Access Attacks

Remote Access Attacks

Wi-Fi Hacking

Summary

Chapter 16: Introduction to Forensics

Introduction

General Forensics Guidelines

EU Evidence Gathering

Scientific Working Group on Digital Evidence

60

U.S. Secret Service Forensics Guidelines

Don’t Touch the Suspect Drive

Leave a Document Trail

Secure the Evidence

FBI Forensics Guidelines

Finding Evidence on the PC

In the Browser

In System Logs

Recovering Deleted Files

Operating System Utilities

The Windows Registry

Gathering Evidence from a Cell Phone

Logical Acquisition

Physical Acquisition

Chip-off and JTAG

Cellular Networks

Cell Phone Terms

Forensic Tools to Use

AccessData Forensic Toolkit

EnCase

The Sleuth Kit

OSForensics

61

Forensic Science

To Certify or Not to Certify?

Summary

Chapter 17: Cyber Terrorism

Introduction

Defending Against Computer-Based Espionage

Defending Against Computer-Based Terrorism

Economic Attack

Compromising Defense

General Attacks

China Eagle Union

Choosing Defense Strategies

Defending Against Information Warfare

Propaganda

Information Control

Actual Cases

Packet Sniffers

Summary

Appendix A: Answers

Glossary

Index

62

Preface The hottest topic in the IT industry today is computer security. The news is replete with stories of hacking, viruses, and identity theft. The cornerstone of security is defending the organizational network. Network Defense and Countermeasures: Principles and Practices offers a comprehensive overview of network defense. It introduces students to network security threats and methods for defending the network. Three entire chapters are devoted to firewalls and intrusion-detection systems. There is also a chapter providing a basic introduction to encryption. Combining information on the threats to networks, the devices and technologies used to ensure security, as well as concepts such as encryption provides students with a solid, broad- based approach to network defense.

This book provides a blend of theoretical foundations and practical applications. Each chapter ends with multiple choice questions and exercises, and most chapters also have projects. Students who successfully complete this textbook,

63

including the end of chapter material, should have a solid understanding of network security. Throughout the book the student is directed to additional resources that can augment the material presented in the chapter.

Audience

This book is designed primarily as a textbook for students who have a basic understanding of how networks operate, including basic terminology, protocols, and devices. Students do not need to have an extensive math background or more than introductory computer courses.

Overview of the Book

This book will walk you through the intricacies of defending your network against attacks. It begins with a brief introduction to the field of network security in Chapter 1, “Introduction to Network Security.” Chapter 2, “Types of Attacks,” explains the threats to a network—including denial of service attacks, buffer overflow attacks, and viruses.

Chapter 3, “Fundamentals of Firewalls,” Chapter 4,

64

“Firewall Practical Applications,” Chapter 5, “Intrusion-Detection Systems,” and Chapter 7, “Virtual Private Networks,” give details on various security technologies including firewalls, intrusion-detection systems, and VPNs. These items are the core of any network’s security, so a significant portion of this book is devoted to ensuring the reader fully understands both the concepts behind them and the practical applications. In every case, practical direction for selecting appropriate technology for a given network is included.

Chapter 6, “Encryption Fundamentals,” provides a solid introduction to encryption. This topic is critical because ultimately computer systems are simply devices for storing, transmitting, and manipulating data. No matter how secure the network is, if the data it transmits is not secure then there is a significant danger.

Chapter 8, “Operating System Hardening,” teaches operating system hardening. Chapter 9, “Defending Against Virus Attacks,” and Chapter 10, “Defending Against Trojan Horses, Spyware, and Adware,” give the reader specific defense strategies and techniques to guard against the

65

most common network dangers. Chapter 11, “Security Policies,” gives readers an introduction to security policies.

Chapter 12, “Assessing System Security,” teaches the reader how to do an assessment of a network’s security. This includes guidelines for examining policies as well as an overview of network assessment tools. Chapter 13, “Security Standards,” gives an overview of common security standards such as the Orange Book and the Common Criteria. This chapter also discusses various security models such as Bell-LaPadula. Chapter 14, “Physical Security and Disaster Recovery,” examines the often-overlooked topic of physical security as well as disaster recovery, which is a key part of network security.

Chapter 15, “Techniques Used by Attackers,” provides the tools necessary to “know your enemy,” by examining basic hacking techniques and tools as well as strategies for mitigating hacker attacks. Chapter 16, “Introduction to Forensics,” helps you understand basic forensics principles in order to properly prepare for investigation if you or your company become the victim of a computer crime. Chapter 17, “Cyber Terrorism,” discusses

66

computer-based espionage and terrorism, two topics of growing concern for the computer security community but often overlooked in textbooks.

67

About the Author Chuck Easttom is a computer scientist, author, and inventor. He has authored 25 other books on programming, Web development, security, and Linux. He has also authored dozens of research papers on a wide range of computer science and cyber security topics. He is an inventor with 13 computer science patents. Chuck holds more than 40 different industry certifications. He also is a frequent presenter/speaker at computer and cyber security conferences such as Defcon, ISC2 Security Congress, Secure World, IEEE workshops, and more.

You can reach Chuck at his website (www.chuckeasttom.com) or by e-mail at chuck@chuckeasttom.com.

http://www.chuckeasttom.com
mailto:chuck@chuckeasttom.com
68

Dedication This book is dedicated to all the people working in the computer security field, diligently working to

make computer networks safer.

69

Acknowledgments While only one name goes on the cover of this book, it is hardly the work of just one person. I would like to take this opportunity to thank a few of the people involved. First of all, the editing staff at Pearson worked extremely hard on this book. Without them this project would simply not be possible. I would also like to thank my wife, Teresa, for all her support while working on this book. She is always very supportive in all my endeavors, a one-woman support team!

70

About the Technical Reviewers Akhil Behl, CCIE No. 19564, is a passionate IT executive with key focus on cloud and security. He has more than 15 years of experience in the IT industry working in several leadership, advisory, consultancy, and business development profiles with various organizations. His technology and business specialization includes cloud, security, infrastructure, data center, and business communication technologies.

Akhil has authored multiple titles on security and business communication technologies. He has contributed as technical editor for a number of books on network and information security. He has published several research papers in national and international journals, including IEEE Xplore, and presented at various IEEE conferences, as well as other prominent ICT, security, and telecom events.

Akhil also holds CCSK, CHFI, PMP, ITIL, VCP, TOGAF, CEH, ISM, and several other industry certifications. He has bachelor’s in technology

71

degree and an MBA.

Steve Kalman is both an attorney and a professional security expert. He holds the following credentials from (ISC)2 for whom he worked as an authorized instructor: CISSP, CCFP- US, CSSLP, ISSMP, ISSAP, HCISPP, SSCP. Steve has been author or technical editor for more than 20 Pearson/Cisco Press books.

72

We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we're doing right, what we could do better, what areas you'd like to see us publish in, and any other words of wisdom you're willing to pass our way.

We welcome your comments. You can email or write to let us know what you did or didn't like about this book—as well as what we can do to make our books better.

Please note that we cannot help you with technical problems related to the topic of this book.

When you write, please be sure to include this book’s title and author as well as your name and email address. We will carefully review your comments and share them with the author and editors who worked on the book.

Email: feedback@pearsonitcertification.com

Mail: Pearson IT Certification

mailto:feedback@pearsonitcertification.com
73

ATTN: Reader Feedback 800 East 96th Street Indianapolis, IN 46240 USA

74

Reader Services Register your copy of Network Defense and Countermeasures at www.pearsonitcertification.com for convenient access to downloads, updates, and corrections as they become available. To start the registration process, go to www.pearsonitcertification.com/register and log in or create an account*. Enter the product ISBN 9780789759962 and click Submit. When the process is complete, you will find any available bonus content under Registered Products.

*Be sure to check the box that you would like to hear from us to receive exclusive discounts on future editions of this product.

http://www.pearsonitcertification.com
http://www.pearsonitcertification.com/register
75

Chapter 1

Introduction to Network Security

CHAPTER OBJECTIVES

After reading this chapter and completing the exercises, you will be able to do the following:

Identify the most common dangers to networks.

Understand basic networking.

Employ basic security terminology.

Find the best approach to network security for your organization.

Evaluate the legal issues that will affect your work as a network administrator.

76

Use resources available for network security.

INTRODUCTION Finding a week without some major security breach in the news is difficult. University web servers hacked, government computers hacked, banks’ data compromised, health information exposed—the list goes on. It also seems as if each year brings more focus to this issue. Finding anyone in any industrialized nation who had not heard of things such as websites being hacked and identities stolen would be difficult.

More venues for training also exist now. Many universities offer Information Assurance degrees from the bachelor’s level up through the doctoral level. A plethora of industry certification training programs are available, including the CISSP, EC Council’s CEH, Mile2 Security, SANS, and CompTIA’s Security+. There are also now a number of universities offering degrees in cyber security, including distance learning degrees.

Despite this attention from the media and the opportunities to acquire security training, far too many computer professionals—including a

77

surprising number of network administrators—do not have a clear understanding of the type of threats to which network systems are exposed, or which ones are most likely to actually occur. Mainstream media focuses attention on the most dramatic computer security breaches rather than giving an accurate picture of the most plausible threat scenarios.

This chapter looks at the threats posed to networks, defines basic security terminology, and lays the foundation for concepts covered in the chapters that follow. The steps required to ensure the integrity and security of your network are methodical and, for the most part, already outlined. By the time you complete this book, you will be able to identify the most common attacks, explain how they are perpetrated in order to prevent them, and understand how to secure your data transmissions.

THE BASICS OF A NETWORK Before diving into how to protect your network, exploring what networks are would probably be a good idea. For many readers this section will be a review, but for some it might be new material.

78

Whether this is a review for you, or new information, having a thorough understanding of basic networking before attempting to study network security is critical. Also, be aware this is just a brief introduction to basic networking concepts. Many more details are not explored in this section.

A network is simply a way for machines/computers to communicate. At the physical level, it consists of all the machines you want to connect and the devices you use to connect them. Individual machines are connected either with a physical connection (a category 5 cable going into a network interface card, or NIC) or wirelessly. To connect multiple machines together, each machine must connect to a hub or switch, and then those hubs/switches must connect together. In larger networks, each subnetwork is connected to the others by a router. We look at many attacks in this book (including several in Chapter 2, “Types of Attacks”) that focus on the devices that connect machines together on a network (that is, routers, hubs, and switches). If you find this chapter is not enough, this resource might assist you: http://compnetworking.about.com/od/basicnetworkingconcepts/Networking_Basics_Key_Concepts_in_Computer_Networking.htm

http://compnetworking.about.com/od/basicnetworkingconcepts/Networking_Basics_Key_Concepts_in_Computer_Networking.htm
79

Basic Network Structure

Some connection point(s) must exist between your network and the outside world. A barrier is set up between that network and the Internet, usually in the form of a firewall. Many attacks discussed in this book work to overcome the firewall and get into the network.

The real essence of networks is communication— allowing one machine to communicate with another. However, every avenue of communication is also an avenue of attack. The first step in understanding how to defend a network is having a detailed understanding of how computers communicate over a network.

The previously mentioned network interface cards, switches, routers, hubs, and firewalls are the fundamental physical pieces of a network. The way they are connected and the format they use for communication is the network architecture.

Data Packets

After you have established a connection with the network (whether it is physical or wireless), you need to send data. The first part is to identify

80

where you want to send it. We will start off discussing IP version 4 addresses; we will look at IPv6 a bit later in this chapter. All computers (as well as routers) have an IP address that is a series of four numbers between 0 and 255 and separated by periods, such as 192.0.0.5 (note that this is an IPv4 address). The second part is to format the data for transmission. All data is ultimately in binary form (1s and 0s). This binary data is put into packets, all less than about 65,000 bytes. The first few bytes are the header. That header tells where the packet is going, where it came from, and how many more packets are coming as part of this transmission. There is actually more than one header, but for now, we will just discuss the header as a single entity. Some attacks that we will study (IP spoofing, for example) try to change the header of packets to give false information. Other methods of attack simply try to intercept packets and read the content (thus compromising the data).

A packet can have multiple headers. In fact, most packets will have at least three headers. The IP header has information such as IP addresses for the source and destination, as well as what protocol the packet is. The TCP header has

81

information such as port number. The Ethernet header has information such as the MAC address for the source and destination. If a packet is encrypted with Transport Layer Security (TLS), it will also have a TLS header.

IP Addresses

The first major issue to understand is how to get packets to their proper destination. Even a small network has many computers that could potentially be the final destination of any packet sent. The Internet has millions of computers spread out across the globe. How do you ensure that a packet gets to its proper destination? The problem is not unlike addressing a letter and ensuring it gets to the correct destination. Let’s begin by looking at IP version 4 addressing because it is the most common in use today, but this section also briefly discusses IP version 6.

An IP version 4 address is a series of four three- digit numbers separated by periods. (An example is 107.22.98.198.) Each of the three-digit numbers must be between 0 and 255. You can see that an address of 107.22.98.466 would not be a valid one. The reason for this rule is that these addresses are

82

actually four binary numbers: The computer simply displays them to you in decimal format. Recall that 1 byte is 8 bits (1s and 0s), and an 8-bit binary number converted to decimal format will be between 0 and 255. The total of 32 bits means that approximately 4.2 billion possible IP version 4 addresses exist.

The IP address of a computer tells you a lot about that computer. The first byte (or the first decimal number) in an address tells you to what class of network that machine belongs. Table 1-1 summarizes the five network classes.

TABLE 1-1 Network Classes

Class IP Range for the First Byte

Use

A 0–126 Extremely large networks. No Class A network IP addresses are left. All have been used.

B 128–191 Large corporate and government networks. All Class B IP addresses have been used.

C 192–223 The most common group of IP

83

addresses. Your ISP probably has a Class C address.

D 224–247 These are reserved for multicasting (transmitting different data on the same channel).

E 248–255 Reserved for experimental use.

These five classes of networks will become more important later in this book (or should you decide to study networking on a deeper level). Observe Table 1-1 carefully, and you probably will discover that the IP range of 127 was not listed. This omission is because that range is reserved for testing. The IP address of 127.0.0.1 designates the machine you are on, regardless of that machine’s assigned IP address. This address is often referred to as the loopback address. That address will be used often in testing your machine and your NIC. We will examine its use a bit later in this chapter in the section on network utilities.

These particular classes are important as they tell you what part of the address represents the network and what part represents the node. For example, in a Class A address, the first octet represents the network, and the remaining three

84

represent the node. In a Class B address, the first two octets represent the network, and the second two represent the node. And finally, in a Class C address, the first three octets represent the network, and the last represents the node.