Network Security Technologies

Free Download

Authors:

Edition: 2

ISBN: 0849330270, 9780849330278

Size: 4 MB (4585489 bytes)

Pages: 267/267

File format:

Language:

Publishing Year:

Category:

Kwok T. Fung0849330270, 9780849330278

Network security development and implementation efforts involve the integration of technologies from seemingly unrelated fields that did not previously have to cross paths or internetwork. Areas such as cryptography, network protocols, and switch and router technology each have established theories and practices; developing expertise in all of these fields is a challenging task. Security professionals need a resource that can help them bring all of these security components together for the benefit of their organizations. Network Security Technologies, Second Edition presents key security technologies from diverse fields, using an organized, hierarchical framework that enables you to understand security components, how they relate to one another, and how they interwork. The author delivers a unique presentation of major legacy, state-of-the-art, and emerging network security technologies from all relevant areas, resulting in a useful and easy-to-follow guide. This text is unique in that it classifies technologies as basic, enhanced, integrated, and architectural as a means of associating their functional complexities, providing added insight into their interrelationships. It introduces and details each security technology, then discusses its function so you can more easily grasp the function and importance of each technology within the totality of the network security landscape.

Table of contents :
EEn
……Page 1
Network Security Technologies, Second Edition……Page 2
Back Cover
……Page 3
Other Auerbach Publications……Page 5
Copyright Info
……Page 7
DEDICATION……Page 8
TABLE OF CONTENTS……Page 9
ABOUT THE AUTHOR……Page 18
PREFACE……Page 19
CHAPTER 1: INTRODUCTION……Page 21
1.1 SECURITY IN NETWORK DESIGN AND IMPLEMENTATIONS……Page 22
1.2.1 Major Basic Network Security Functional Elements……Page 24
1.2.2 Network Security and the OSI Model……Page 26
1.2.3 Categorizing Network Security Technologies……Page 27
1.3 THE ORGANIZATION OF THE BOOK……Page 28
BIBLIOGRAPHY……Page 31
CHAPTER 2: BASIC CONFIDENTIALITY TECHNOLOGIES……Page 32
2.1.1 The MD5 Algorithm……Page 33
2.1.1.1 Common Use……Page 34
2.1.2 The SHS Standard……Page 35
2.1.2.1.2 Hash Computation — Computing the Message Digest……Page 36
2.1.2.1.4 Hash Computation Method……Page 37
2.1.2.2 Message Digests and Digital Signatures……Page 38
2.2 SECRET- AND PUBLIC-KEY CRYPTOGRAPHY……Page 40
2.3.1 Block Ciphers and Stream Ciphers……Page 41
2.3.2.1 The Basic DES Algorithm……Page 43
2.3.2.2 The 3DES Algorithm……Page 44
2.3.3.1 The Rijndael Algorithm……Page 45
2.3.3.3 Common Use……Page 46
2.3.4.2 Common Use……Page 47
2.4.1 Public Key Cryptography Standards……Page 48
2.4.2.2 Encryption by Sender A……Page 49
2.4.3.1 The DSA Algorithm……Page 50
2.4.3.1.2 DSA Signature Verification……Page 51
2.5 THE DIFFIE–HELLMAN KEY-EXCHANGE ALGORITHM……Page 52
2.5.2 Common Use……Page 53
Bibliography……Page 54
3.1 IP-LAYER AUTHENTICATION MECHANISMS……Page 56
3.1.1 AH……Page 57
3.1.1.1 AH Header Format……Page 58
3.1.1.2 AH Authentication Operation……Page 59
3.1.1.3 Authentication Algorithm……Page 60
3.1.2.1 ESP Packet Format……Page 61
3.1.2.2 ESP Authentication Operation……Page 62
3.1.2.3 Encryption Algorithm……Page 63
3.2.1 Packet Filter Types……Page 64
3.3.1 PAP……Page 65
3.4 SUMMARY……Page 66
BIBLIOGRAPHY……Page 67
CHAPTER 4: BASIC AUTHORIZATION TECHNOLOGIES……Page 68
4.1.1 Physical Access Control……Page 69
4.1.2.1 Levels of Access Privilege……Page 70
4.1.3.1 Systems ACLs……Page 71
4.1.3.2.1 ACL Syntax Example……Page 72
4.2 DMZ……Page 74
BIBLIOGRAPHY……Page 75
CHAPTER 5: BASIC MESSAGE INTEGRITY TECHNOLOGIES……Page 76
5.1 OVERVIEW OF VPN TECHNOLOGIES……Page 77
5.2 LAYER 2 VPNS……Page 78
5.2.1 FR……Page 79
5.2.1.1.1 SVCs……Page 80
5.2.1.2 FR Frame Format……Page 81
5.2.2.1 ATM Cell Header Format……Page 83
5.2.2.2 Quality of Service (QoS)……Page 84
5.3.1 The MPLS Protocol……Page 86
5.3.1.2 FEC……Page 87
5.3.1.3 Labels and Label Bindings……Page 88
5.3.2 MPLS VPNs……Page 90
5.4 ETHERNET VLAN……Page 91
5.4.1 IEEE 802.1Q……Page 92
5.4.3.1 Common Use……Page 93
5.5.1 PPP……Page 94
5.5.2 PPPoE……Page 95
5.5.3.1 The Interface Format……Page 96
5.5.5 PPTP……Page 97
5.5.6 L2TP……Page 98
BIBLIOGRAPHY……Page 99
6.1 DIGITAL SIGNATURES……Page 101
6.2 MAC……Page 102
6.3 NAT AND PAT……Page 103
6.3.1.1 NAT Function Example……Page 104
6.3.1.2 Common Use……Page 105
6.3.2.1 PAT Function Example……Page 106
Bibliography……Page 107
CHAPTER 7: ENHANCED TECHNOLOGIES……Page 108
7.1.1 CHAP……Page 109
7.1.2 Kerberos……Page 110
7.1.2.1 Basic Mechanism……Page 111
7.2.1 Token Card Authentication Methods……Page 112
7.2.1.2 Common Use……Page 113
7.3.1 EAP……Page 114
7.3.1.1 EAP Packet Formats……Page 115
7.4 KEY-MANAGEMENT PROTOCOLS……Page 117
7.4.1 Key Management……Page 118
7.4.1.1.1 Overview……Page 119
7.4.1.1.3 ISAKMP Packets……Page 120
7.4.1.1.4 ISAKMP Message Exchanges……Page 121
7.4.1.2 OAKLEY……Page 123
7.4.1.2.2 Key Exchange……Page 124
7.4.1.3.1 Overview of IKE……Page 125
7.4.1.3.2 IKE Phases……Page 126
7.4.1.3.3 IKE Exchanges……Page 127
7.4.1.4 SKIP……Page 128
7.4.1.5 STS……Page 129
7.5.1 Digital Signature Standard (DSS)……Page 130
7.5.1.3 DS Algorithm……Page 131
7.5.2 Using Digital Signature in SSL……Page 132
7.6.2 Computing MACs……Page 133
7.7 DIGITAL CERTIFICATE……Page 134
7.7.1 X.509 Certificates……Page 135
7.7.2 Certification Authority and Certification Path……Page 136
7.8.1 WEP……Page 137
7.8.1.1 WEP Encryption and Decryption Process……Page 138
7.9 SUMMARY……Page 139
Bibliography……Page 140
CHAPTER 8: INTEGRATED TECHNOLOGIES……Page 141
8.1 SSO TECHNOLOGIES……Page 142
8.1.1 The Open Group Security Forum (OGSF) SSO Model……Page 143
8.1.2 Service Selection Gateways (SSGs)……Page 145
8.1.3 The Generic Security Service Application Program Interface (GSS-API)……Page 146
8.1.3.1 Common Use……Page 147
8.2 HIGHER-LAYER VPNS……Page 148
8.2.1.1 IPSec Overview……Page 149
8.2.1.2 IPSec-Based VPNs……Page 150
8.2.2.1 SSL Overview……Page 152
8.2.2.1.1 The Record Protocol……Page 153
8.2.2.1.2 The Handshake Protocol……Page 154
8.2.2.1.3 The Alert Protocol……Page 155
8.2.2.1.4 Key SSL Characteristics……Page 156
8.2.2.2 SSL Accelerators……Page 157
8.2.3.1 An Overview……Page 158
8.2.3.2 Backward Compatibility with SSL……Page 159
8.2.4 The TTLS and PEAP Protocols……Page 160
8.2.5 Comparison of Some VPN Technologies……Page 161
8.3 FIREWALLS……Page 163
8.3.1 Classification of Firewalls……Page 164
8.4 SUMMARY……Page 165
BIBLIOGRAPHY……Page 166
CHAPTER 9: NETWORK SECURITY ARCHITECTURES……Page 168
9.1.1.2 User Authentication and Authorization……Page 169
9.1.2 Authentication and Authorization Protocols……Page 170
9.1.3 Remote Access Architecture……Page 171
9.1.3.3 Authentication Server……Page 172
9.1.3.4 Proxy Server……Page 173
9.1.4 AAA Servers……Page 174
9.1.5 An Illustration……Page 175
9.2.1 PKI Overview……Page 176
9.2.3 PKI Defined……Page 177
9.2.4.2 Certification Authority……Page 178
9.2.4.4 Repositories……Page 179
9.2.5.3 Certification……Page 180
9.2.5.8 Management Function Protocols……Page 181
9.2.7 An Illustration……Page 182
9.3 FEDERAL PKI……Page 183
9.3.1.1 PKI Functionality……Page 184
9.3.1.2 Federal PKI Directory Servers……Page 187
9.3.2.1 Directory Components……Page 188
9.3.2.2 Architecture Overview……Page 190
9.3.2.3 Concept of Operation……Page 191
9.3.3 PKI Services……Page 192
9.4.1 Overview of SET……Page 193
9.5 SUMMARY……Page 195
BIBLIOGRAPHY……Page 196
CHAPTER 10: WLAN SECURITY ARCHITECTURE……Page 198
10.1 OVERVIEW OF WLANS……Page 199
10.1.1.4 Security Servers……Page 200
10.1.2.1 First-Generation WLANs……Page 202
10.1.3 WLAN Implementations……Page 203
10.2.1 Authentication and Authorization……Page 205
10.2.3 Enterprisewide Roaming……Page 206
10.3.1.1 DMZ Isolation……Page 207
10.3.2 802.11 Security Features……Page 208
10.3.2.2 MAC Address Filtering……Page 209
10.3.2.3.1 WEP Encryption and Decryption……Page 210
10.3.2.3.2 Secret-Key Management……Page 211
10.3.2.3.3 WEP Working with Other WLAN Security Technologies……Page 212
10.3.2.5 Authentication for 802.1X……Page 213
10.3.2.6 WPA……Page 214
10.3.3 VPN Wireless Security……Page 215
10.4 SUMMARY……Page 217
Bibliography……Page 218
CHAPTER 11: NETWORK SECURITY IMPLEMENTATION TOPICS……Page 219
11.1.1 Cryptographic Standards……Page 220
11.1.1.2.1 WEP……Page 221
11.1.1.2.2 Use of SSID……Page 222
11.1.1.4 Protocol-Based DoS……Page 223
11.1.1.5 SSL and TLS……Page 224
11.1.2.1 OSPF Security Capabilities……Page 225
11.1.2.1.3 Cryptographic Authentication……Page 226
11.2 END-TO-END CONNECTIVITY……Page 227
11.3.1 OS and NOS Problems……Page 228
11.3.2.1 Protection of Network Equipment……Page 229
11.4.1.2 OS or NOS Vulnerabilities……Page 230
11.4.2.1 Design and Development……Page 231
11.5.1 ACLs and Packet Filtering……Page 232
11.5.2 NAT and PAT Limitations……Page 233
11.5.2.1 VoIP……Page 234
11.6 ADDING SECURITY TO APPLICATIONS AND SERVICES……Page 235
11.6.1.2 S/MIME……Page 236
11.7 SUMMARY……Page 237
Bibliography……Page 238
APPENDIX A: SECURITY TECHNOLOGIES: A HIERARCHICAL GUIDE……Page 239
GENERAL RECOMMENDATIONS……Page 241
SPECIFIC RECOMMENDATIONS: ROUTER ACCESS……Page 242
SPECIFIC RECOMMENDATIONS: ACCESS LISTS……Page 244
ROUTER SECURITY CHECKLIST……Page 247
APPENDIX C: KEY NETWORK SECURITY TERMS AND DEFINITIONS……Page 249
COMMON WELL-KNOWN PORT NUMBERS……Page 252
GENERATING A KEY PAIR AND PROTECTING THE PRIVATE KEY……Page 256
Step 2: Encoding RSAPublicKey and RSAPrivateKey Values……Page 257
Step 4: Encrypting the PrivateKeyInfo Encoding……Page 259
Step 5: Encoding the EncryptedPrivateKeyInfo Value……Page 260
APPENDIX F: ACRONYMS……Page 262

Reviews

There are no reviews yet.

Be the first to review “Network Security Technologies”
Shopping Cart
Scroll to Top