Network security technologies

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Network Security Technologies, Second Edition presents key security technologies from diverse fields, using a hierarchical framework that enables understanding of security components, how they relate to one another, and how they interwork. The author delivers a unique presentation of major legacy, state-of-the-art, and emerging network security technologies from all relevant areas, resulting in a useful and easy-to-follow guide. This text is unique in that it classifies technologies as basic, enhanced, integrated, and architectural as a means of associating their functional complexities, providing added insight into their interrelationships. It introduces and details security components and their relationships to each other.

Author(s): Kwok T. Fung
Edition: 2nd ed
Publisher: Auerbach Publications
Year: 2005

Language: English
Pages: 266
City: Boca Raton, FL

EEn
......Page 0
Network Security Technologies, Second Edition......Page 1
Back Cover
......Page 2
Other Auerbach Publications......Page 4
Copyright Info
......Page 6
DEDICATION......Page 7
TABLE OF CONTENTS......Page 8
ABOUT THE AUTHOR......Page 17
PREFACE......Page 18
CHAPTER 1: INTRODUCTION......Page 20
1.1 SECURITY IN NETWORK DESIGN AND IMPLEMENTATIONS......Page 21
1.2.1 Major Basic Network Security Functional Elements......Page 23
1.2.2 Network Security and the OSI Model......Page 25
1.2.3 Categorizing Network Security Technologies......Page 26
1.3 THE ORGANIZATION OF THE BOOK......Page 27
BIBLIOGRAPHY......Page 30
CHAPTER 2: BASIC CONFIDENTIALITY TECHNOLOGIES......Page 31
2.1.1 The MD5 Algorithm......Page 32
2.1.1.1 Common Use......Page 33
2.1.2 The SHS Standard......Page 34
2.1.2.1.2 Hash Computation — Computing the Message Digest......Page 35
2.1.2.1.4 Hash Computation Method......Page 36
2.1.2.2 Message Digests and Digital Signatures......Page 37
2.2 SECRET- AND PUBLIC-KEY CRYPTOGRAPHY......Page 39
2.3.1 Block Ciphers and Stream Ciphers......Page 40
2.3.2.1 The Basic DES Algorithm......Page 42
2.3.2.2 The 3DES Algorithm......Page 43
2.3.3.1 The Rijndael Algorithm......Page 44
2.3.3.3 Common Use......Page 45
2.3.4.2 Common Use......Page 46
2.4.1 Public Key Cryptography Standards......Page 47
2.4.2.2 Encryption by Sender A......Page 48
2.4.3.1 The DSA Algorithm......Page 49
2.4.3.1.2 DSA Signature Verification......Page 50
2.5 THE DIFFIE–HELLMAN KEY-EXCHANGE ALGORITHM......Page 51
2.5.2 Common Use......Page 52
Bibliography......Page 53
3.1 IP-LAYER AUTHENTICATION MECHANISMS......Page 55
3.1.1 AH......Page 56
3.1.1.1 AH Header Format......Page 57
3.1.1.2 AH Authentication Operation......Page 58
3.1.1.3 Authentication Algorithm......Page 59
3.1.2.1 ESP Packet Format......Page 60
3.1.2.2 ESP Authentication Operation......Page 61
3.1.2.3 Encryption Algorithm......Page 62
3.2.1 Packet Filter Types......Page 63
3.3.1 PAP......Page 64
3.4 SUMMARY......Page 65
BIBLIOGRAPHY......Page 66
CHAPTER 4: BASIC AUTHORIZATION TECHNOLOGIES......Page 67
4.1.1 Physical Access Control......Page 68
4.1.2.1 Levels of Access Privilege......Page 69
4.1.3.1 Systems ACLs......Page 70
4.1.3.2.1 ACL Syntax Example......Page 71
4.2 DMZ......Page 73
BIBLIOGRAPHY......Page 74
CHAPTER 5: BASIC MESSAGE INTEGRITY TECHNOLOGIES......Page 75
5.1 OVERVIEW OF VPN TECHNOLOGIES......Page 76
5.2 LAYER 2 VPNS......Page 77
5.2.1 FR......Page 78
5.2.1.1.1 SVCs......Page 79
5.2.1.2 FR Frame Format......Page 80
5.2.2.1 ATM Cell Header Format......Page 82
5.2.2.2 Quality of Service (QoS)......Page 83
5.3.1 The MPLS Protocol......Page 85
5.3.1.2 FEC......Page 86
5.3.1.3 Labels and Label Bindings......Page 87
5.3.2 MPLS VPNs......Page 89
5.4 ETHERNET VLAN......Page 90
5.4.1 IEEE 802.1Q......Page 91
5.4.3.1 Common Use......Page 92
5.5.1 PPP......Page 93
5.5.2 PPPoE......Page 94
5.5.3.1 The Interface Format......Page 95
5.5.5 PPTP......Page 96
5.5.6 L2TP......Page 97
BIBLIOGRAPHY......Page 98
6.1 DIGITAL SIGNATURES......Page 100
6.2 MAC......Page 101
6.3 NAT AND PAT......Page 102
6.3.1.1 NAT Function Example......Page 103
6.3.1.2 Common Use......Page 104
6.3.2.1 PAT Function Example......Page 105
Bibliography......Page 106
CHAPTER 7: ENHANCED TECHNOLOGIES......Page 107
7.1.1 CHAP......Page 108
7.1.2 Kerberos......Page 109
7.1.2.1 Basic Mechanism......Page 110
7.2.1 Token Card Authentication Methods......Page 111
7.2.1.2 Common Use......Page 112
7.3.1 EAP......Page 113
7.3.1.1 EAP Packet Formats......Page 114
7.4 KEY-MANAGEMENT PROTOCOLS......Page 116
7.4.1 Key Management......Page 117
7.4.1.1.1 Overview......Page 118
7.4.1.1.3 ISAKMP Packets......Page 119
7.4.1.1.4 ISAKMP Message Exchanges......Page 120
7.4.1.2 OAKLEY......Page 122
7.4.1.2.2 Key Exchange......Page 123
7.4.1.3.1 Overview of IKE......Page 124
7.4.1.3.2 IKE Phases......Page 125
7.4.1.3.3 IKE Exchanges......Page 126
7.4.1.4 SKIP......Page 127
7.4.1.5 STS......Page 128
7.5.1 Digital Signature Standard (DSS)......Page 129
7.5.1.3 DS Algorithm......Page 130
7.5.2 Using Digital Signature in SSL......Page 131
7.6.2 Computing MACs......Page 132
7.7 DIGITAL CERTIFICATE......Page 133
7.7.1 X.509 Certificates......Page 134
7.7.2 Certification Authority and Certification Path......Page 135
7.8.1 WEP......Page 136
7.8.1.1 WEP Encryption and Decryption Process......Page 137
7.9 SUMMARY......Page 138
Bibliography......Page 139
CHAPTER 8: INTEGRATED TECHNOLOGIES......Page 140
8.1 SSO TECHNOLOGIES......Page 141
8.1.1 The Open Group Security Forum (OGSF) SSO Model......Page 142
8.1.2 Service Selection Gateways (SSGs)......Page 144
8.1.3 The Generic Security Service Application Program Interface (GSS-API)......Page 145
8.1.3.1 Common Use......Page 146
8.2 HIGHER-LAYER VPNS......Page 147
8.2.1.1 IPSec Overview......Page 148
8.2.1.2 IPSec-Based VPNs......Page 149
8.2.2.1 SSL Overview......Page 151
8.2.2.1.1 The Record Protocol......Page 152
8.2.2.1.2 The Handshake Protocol......Page 153
8.2.2.1.3 The Alert Protocol......Page 154
8.2.2.1.4 Key SSL Characteristics......Page 155
8.2.2.2 SSL Accelerators......Page 156
8.2.3.1 An Overview......Page 157
8.2.3.2 Backward Compatibility with SSL......Page 158
8.2.4 The TTLS and PEAP Protocols......Page 159
8.2.5 Comparison of Some VPN Technologies......Page 160
8.3 FIREWALLS......Page 162
8.3.1 Classification of Firewalls......Page 163
8.4 SUMMARY......Page 164
BIBLIOGRAPHY......Page 165
CHAPTER 9: NETWORK SECURITY ARCHITECTURES......Page 167
9.1.1.2 User Authentication and Authorization......Page 168
9.1.2 Authentication and Authorization Protocols......Page 169
9.1.3 Remote Access Architecture......Page 170
9.1.3.3 Authentication Server......Page 171
9.1.3.4 Proxy Server......Page 172
9.1.4 AAA Servers......Page 173
9.1.5 An Illustration......Page 174
9.2.1 PKI Overview......Page 175
9.2.3 PKI Defined......Page 176
9.2.4.2 Certification Authority......Page 177
9.2.4.4 Repositories......Page 178
9.2.5.3 Certification......Page 179
9.2.5.8 Management Function Protocols......Page 180
9.2.7 An Illustration......Page 181
9.3 FEDERAL PKI......Page 182
9.3.1.1 PKI Functionality......Page 183
9.3.1.2 Federal PKI Directory Servers......Page 186
9.3.2.1 Directory Components......Page 187
9.3.2.2 Architecture Overview......Page 189
9.3.2.3 Concept of Operation......Page 190
9.3.3 PKI Services......Page 191
9.4.1 Overview of SET......Page 192
9.5 SUMMARY......Page 194
BIBLIOGRAPHY......Page 195
CHAPTER 10: WLAN SECURITY ARCHITECTURE......Page 197
10.1 OVERVIEW OF WLANS......Page 198
10.1.1.4 Security Servers......Page 199
10.1.2.1 First-Generation WLANs......Page 201
10.1.3 WLAN Implementations......Page 202
10.2.1 Authentication and Authorization......Page 204
10.2.3 Enterprisewide Roaming......Page 205
10.3.1.1 DMZ Isolation......Page 206
10.3.2 802.11 Security Features......Page 207
10.3.2.2 MAC Address Filtering......Page 208
10.3.2.3.1 WEP Encryption and Decryption......Page 209
10.3.2.3.2 Secret-Key Management......Page 210
10.3.2.3.3 WEP Working with Other WLAN Security Technologies......Page 211
10.3.2.5 Authentication for 802.1X......Page 212
10.3.2.6 WPA......Page 213
10.3.3 VPN Wireless Security......Page 214
10.4 SUMMARY......Page 216
Bibliography......Page 217
CHAPTER 11: NETWORK SECURITY IMPLEMENTATION TOPICS......Page 218
11.1.1 Cryptographic Standards......Page 219
11.1.1.2.1 WEP......Page 220
11.1.1.2.2 Use of SSID......Page 221
11.1.1.4 Protocol-Based DoS......Page 222
11.1.1.5 SSL and TLS......Page 223
11.1.2.1 OSPF Security Capabilities......Page 224
11.1.2.1.3 Cryptographic Authentication......Page 225
11.2 END-TO-END CONNECTIVITY......Page 226
11.3.1 OS and NOS Problems......Page 227
11.3.2.1 Protection of Network Equipment......Page 228
11.4.1.2 OS or NOS Vulnerabilities......Page 229
11.4.2.1 Design and Development......Page 230
11.5.1 ACLs and Packet Filtering......Page 231
11.5.2 NAT and PAT Limitations......Page 232
11.5.2.1 VoIP......Page 233
11.6 ADDING SECURITY TO APPLICATIONS AND SERVICES......Page 234
11.6.1.2 S/MIME......Page 235
11.7 SUMMARY......Page 236
Bibliography......Page 237
APPENDIX A: SECURITY TECHNOLOGIES: A HIERARCHICAL GUIDE......Page 238
GENERAL RECOMMENDATIONS......Page 240
SPECIFIC RECOMMENDATIONS: ROUTER ACCESS......Page 241
SPECIFIC RECOMMENDATIONS: ACCESS LISTS......Page 243
ROUTER SECURITY CHECKLIST......Page 246
APPENDIX C: KEY NETWORK SECURITY TERMS AND DEFINITIONS......Page 248
COMMON WELL-KNOWN PORT NUMBERS......Page 251
GENERATING A KEY PAIR AND PROTECTING THE PRIVATE KEY......Page 255
Step 2: Encoding RSAPublicKey and RSAPrivateKey Values......Page 256
Step 4: Encrypting the PrivateKeyInfo Encoding......Page 258
Step 5: Encoding the EncryptedPrivateKeyInfo Value......Page 259
APPENDIX F: ACRONYMS......Page 261