Kwok T. Fung9780849330278, 0-8493-3027-0
Table of contents :
Network Security Technologies 2nd……Page 1
TABLE OF CONTENTS……Page 4
ABOUT THE AUTHOR……Page 13
PREFACE……Page 14
CHAPTER 1: INTRODUCTION……Page 16
1.1 SECURITY IN NETWORK DESIGN AND IMPLEMENTATIONS……Page 17
1.2.1 Major Basic Network Security Functional Elements……Page 19
1.2.2 Network Security and the OSI Model……Page 21
1.2.3 Categorizing Network Security Technologies……Page 22
1.3 THE ORGANIZATION OF THE BOOK……Page 23
BIBLIOGRAPHY……Page 26
CHAPTER 2: BASIC CONFIDENTIALITY TECHNOLOGIES……Page 27
2.1.1 The MD5 Algorithm……Page 28
2.1.1.1 Common Use……Page 29
2.1.2 The SHS Standard……Page 30
2.1.2.1.2 Hash Computation — Computing the Message Digest……Page 31
2.1.2.1.4 Hash Computation Method……Page 32
2.1.2.2 Message Digests and Digital Signatures……Page 33
2.2 SECRET- AND PUBLIC-KEY CRYPTOGRAPHY……Page 35
2.3.1 Block Ciphers and Stream Ciphers……Page 36
2.3.2.1 The Basic DES Algorithm……Page 38
2.3.2.2 The 3DES Algorithm……Page 39
2.3.3.1 The Rijndael Algorithm……Page 40
2.3.3.3 Common Use……Page 41
2.3.4.2 Common Use……Page 42
2.4.1 Public Key Cryptography Standards……Page 43
2.4.2.2 Encryption by Sender A……Page 44
2.4.3.1 The DSA Algorithm……Page 45
2.4.3.1.2 DSA Signature Verification……Page 46
2.5 THE DIFFIE–HELLMAN KEY-EXCHANGE ALGORITHM……Page 47
2.5.2 Common Use……Page 48
Bibliography……Page 49
3.1 IP-LAYER AUTHENTICATION MECHANISMS……Page 51
3.1.1 AH……Page 52
3.1.1.1 AH Header Format……Page 53
3.1.1.2 AH Authentication Operation……Page 54
3.1.1.3 Authentication Algorithm……Page 55
3.1.2.1 ESP Packet Format……Page 56
3.1.2.2 ESP Authentication Operation……Page 57
3.1.2.3 Encryption Algorithm……Page 58
3.2.1 Packet Filter Types……Page 59
3.3.1 PAP……Page 60
3.4 SUMMARY……Page 61
BIBLIOGRAPHY……Page 62
CHAPTER 4: BASIC AUTHORIZATION TECHNOLOGIES……Page 63
4.1.1 Physical Access Control……Page 64
4.1.2.1 Levels of Access Privilege……Page 65
4.1.3.1 Systems ACLs……Page 66
4.1.3.2.1 ACL Syntax Example……Page 67
4.2 DMZ……Page 69
BIBLIOGRAPHY……Page 70
CHAPTER 5: BASIC MESSAGE INTEGRITY TECHNOLOGIES……Page 71
5.1 OVERVIEW OF VPN TECHNOLOGIES……Page 72
5.2 LAYER 2 VPNS……Page 73
5.2.1 FR……Page 74
5.2.1.1.1 SVCs……Page 75
5.2.1.2 FR Frame Format……Page 76
5.2.2.1 ATM Cell Header Format……Page 78
5.2.2.2 Quality of Service (QoS)……Page 79
5.3.1 The MPLS Protocol……Page 81
5.3.1.2 FEC……Page 82
5.3.1.3 Labels and Label Bindings……Page 83
5.3.2 MPLS VPNs……Page 85
5.4 ETHERNET VLAN……Page 86
5.4.1 IEEE 802.1Q……Page 87
5.4.3.1 Common Use……Page 88
5.5.1 PPP……Page 89
5.5.2 PPPoE……Page 90
5.5.3.1 The Interface Format……Page 91
5.5.5 PPTP……Page 92
5.5.6 L2TP……Page 93
BIBLIOGRAPHY……Page 94
6.1 DIGITAL SIGNATURES……Page 96
6.2 MAC……Page 97
6.3 NAT AND PAT……Page 98
6.3.1.1 NAT Function Example……Page 99
6.3.1.2 Common Use……Page 100
6.3.2.1 PAT Function Example……Page 101
Bibliography……Page 102
CHAPTER 7: ENHANCED TECHNOLOGIES……Page 103
7.1.1 CHAP……Page 104
7.1.2 Kerberos……Page 105
7.1.2.1 Basic Mechanism……Page 106
7.2.1 Token Card Authentication Methods……Page 107
7.2.1.2 Common Use……Page 108
7.3.1 EAP……Page 109
7.3.1.1 EAP Packet Formats……Page 110
7.4 KEY-MANAGEMENT PROTOCOLS……Page 112
7.4.1 Key Management……Page 113
7.4.1.1.1 Overview……Page 114
7.4.1.1.3 ISAKMP Packets……Page 115
7.4.1.1.4 ISAKMP Message Exchanges……Page 116
7.4.1.2 OAKLEY……Page 118
7.4.1.2.2 Key Exchange……Page 119
7.4.1.3.1 Overview of IKE……Page 120
7.4.1.3.2 IKE Phases……Page 121
7.4.1.3.3 IKE Exchanges……Page 122
7.4.1.4 SKIP……Page 123
7.4.1.5 STS……Page 124
7.5.1 Digital Signature Standard (DSS)……Page 125
7.5.1.3 DS Algorithm……Page 126
7.5.2 Using Digital Signature in SSL……Page 127
7.6.2 Computing MACs……Page 128
7.7 DIGITAL CERTIFICATE……Page 129
7.7.1 X.509 Certificates……Page 130
7.7.2 Certification Authority and Certification Path……Page 131
7.8.1 WEP……Page 132
7.8.1.1 WEP Encryption and Decryption Process……Page 133
7.9 SUMMARY……Page 134
Bibliography……Page 135
CHAPTER 8: INTEGRATED TECHNOLOGIES……Page 136
8.1 SSO TECHNOLOGIES……Page 137
8.1.1 The Open Group Security Forum (OGSF) SSO Model……Page 138
8.1.2 Service Selection Gateways (SSGs)……Page 140
8.1.3 The Generic Security Service Application Program Interface (GSS-API)……Page 141
8.1.3.1 Common Use……Page 142
8.2 HIGHER-LAYER VPNS……Page 143
8.2.1.1 IPSec Overview……Page 144
8.2.1.2 IPSec-Based VPNs……Page 145
8.2.2.1 SSL Overview……Page 147
8.2.2.1.1 The Record Protocol……Page 148
8.2.2.1.2 The Handshake Protocol……Page 149
8.2.2.1.3 The Alert Protocol……Page 150
8.2.2.1.4 Key SSL Characteristics……Page 151
8.2.2.2 SSL Accelerators……Page 152
8.2.3.1 An Overview……Page 153
8.2.3.2 Backward Compatibility with SSL……Page 154
8.2.4 The TTLS and PEAP Protocols……Page 155
8.2.5 Comparison of Some VPN Technologies……Page 156
8.3 FIREWALLS……Page 158
8.3.1 Classification of Firewalls……Page 159
8.4 SUMMARY……Page 160
BIBLIOGRAPHY……Page 161
CHAPTER 9: NETWORK SECURITY ARCHITECTURES……Page 163
9.1.1.2 User Authentication and Authorization……Page 164
9.1.2 Authentication and Authorization Protocols……Page 165
9.1.3 Remote Access Architecture……Page 166
9.1.3.3 Authentication Server……Page 167
9.1.3.4 Proxy Server……Page 168
9.1.4 AAA Servers……Page 169
9.1.5 An Illustration……Page 170
9.2.1 PKI Overview……Page 171
9.2.3 PKI Defined……Page 172
9.2.4.2 Certification Authority……Page 173
9.2.4.4 Repositories……Page 174
9.2.5.3 Certification……Page 175
9.2.5.8 Management Function Protocols……Page 176
9.2.7 An Illustration……Page 177
9.3 FEDERAL PKI……Page 178
9.3.1.1 PKI Functionality……Page 179
9.3.1.2 Federal PKI Directory Servers……Page 182
9.3.2.1 Directory Components……Page 183
9.3.2.2 Architecture Overview……Page 185
9.3.2.3 Concept of Operation……Page 186
9.3.3 PKI Services……Page 187
9.4.1 Overview of SET……Page 188
9.5 SUMMARY……Page 190
BIBLIOGRAPHY……Page 191
CHAPTER 10: WLAN SECURITY ARCHITECTURE……Page 193
10.1 OVERVIEW OF WLANS……Page 194
10.1.1.4 Security Servers……Page 195
10.1.2.1 First-Generation WLANs……Page 197
10.1.3 WLAN Implementations……Page 198
10.2.1 Authentication and Authorization……Page 200
10.2.3 Enterprisewide Roaming……Page 201
10.3.1.1 DMZ Isolation……Page 202
10.3.2 802.11 Security Features……Page 203
10.3.2.2 MAC Address Filtering……Page 204
10.3.2.3.1 WEP Encryption and Decryption……Page 205
10.3.2.3.2 Secret-Key Management……Page 206
10.3.2.3.3 WEP Working with Other WLAN Security Technologies……Page 207
10.3.2.5 Authentication for 802.1X……Page 208
10.3.2.6 WPA……Page 209
10.3.3 VPN Wireless Security……Page 210
10.4 SUMMARY……Page 212
Bibliography……Page 213
CHAPTER 11: NETWORK SECURITY IMPLEMENTATION TOPICS……Page 214
11.1.1 Cryptographic Standards……Page 215
11.1.1.2.1 WEP……Page 216
11.1.1.2.2 Use of SSID……Page 217
11.1.1.4 Protocol-Based DoS……Page 218
11.1.1.5 SSL and TLS……Page 219
11.1.2.1 OSPF Security Capabilities……Page 220
11.1.2.1.3 Cryptographic Authentication……Page 221
11.2 END-TO-END CONNECTIVITY……Page 222
11.3.1 OS and NOS Problems……Page 223
11.3.2.1 Protection of Network Equipment……Page 224
11.4.1.2 OS or NOS Vulnerabilities……Page 225
11.4.2.1 Design and Development……Page 226
11.5.1 ACLs and Packet Filtering……Page 227
11.5.2 NAT and PAT Limitations……Page 228
11.5.2.1 VoIP……Page 229
11.6 ADDING SECURITY TO APPLICATIONS AND SERVICES……Page 230
11.6.1.2 S/MIME……Page 231
11.7 SUMMARY……Page 232
Bibliography……Page 233
APPENDIX A: SECURITY TECHNOLOGIES: A HIERARCHICAL GUIDE……Page 234
GENERAL RECOMMENDATIONS……Page 236
SPECIFIC RECOMMENDATIONS: ROUTER ACCESS……Page 237
SPECIFIC RECOMMENDATIONS: ACCESS LISTS……Page 239
ROUTER SECURITY CHECKLIST……Page 242
APPENDIX C: KEY NETWORK SECURITY TERMS AND DEFINITIONS……Page 244
COMMON WELL-KNOWN PORT NUMBERS……Page 247
GENERATING A KEY PAIR AND PROTECTING THE PRIVATE KEY……Page 251
Step 2: Encoding RSAPublicKey and RSAPrivateKey Values……Page 252
Step 4: Encrypting the PrivateKeyInfo Encoding……Page 254
Step 5: Encoding the EncryptedPrivateKeyInfo Value……Page 255
APPENDIX F: ACRONYMS……Page 257
Reviews
There are no reviews yet.