How to Cheat at Securing Your Network - 1st Edition - ISBN: 9781597492317, 9780080558646

How to Cheat at Securing Your Network

1st Edition

Authors: Ido Dubrawsky
eBook ISBN: 9780080558646
Paperback ISBN: 9781597492317
Imprint: Syngress
Published Date: 2nd October 2007
Page Count: 432
Tax/VAT will be calculated at check-out Price includes VAT (GST)
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
25% off
25% off
25% off
25% off
25% off
20% off
20% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
39.95
31.96
31.96
27.96
27.96
27.96
27.96
27.96
31.99
25.59
25.59
22.39
22.39
22.39
22.39
22.39
5800.00
4350.00
4350.00
4350.00
4350.00
4350.00
4640.00
4640.00
51.95
41.56
41.56
36.37
36.37
36.37
36.37
36.37
Unavailable
Price includes VAT (GST)
DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Table of Contents


Chapter 1 General Security Concepts: Access Control, Authentication, and Auditing

Introduction to AAA

What is AAA?

Access Control

Authentication

Auditing

Access Control

MAC/DAC/RBAC

MAC

DAC

RBAC

Authentication

Kerberos

CHAP

Certificates

Username/Password

Tokens

Multi-factor

Mutual Authentication

Biometrics

Auditing

Auditing Systems

Logging

System Scanning

Disabling Non-essential Services, Protocols, Systems and Processes

Non-essential Services

Non-essential Protocols

Disabling Non-essential Systems

Disabling Non-essential Processes

Disabling Non-Essential Programs

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 General Security Concepts: Attacks

Attacks

Active Attacks

DoS and DDoS

Resource Consumption Attacks

SYN Attacks

DDoS Attacks

Software Exploitation and Buffer Overflows

MITM Attacks

TCP/IP Hijacking

Replay Attacks

Spoofing Attacks

IP Spoofing

E-mail Spoofing

Web Site Spoofing

Phishing

Wardialing

Dumpster Diving

Social Engineering

Vulnerability Scanning

Passive Attacks

Sniffing and Eavesdropping

Password Attacks

Brute Force Attacks

Dictionary-based Attacks

Malicious Code Attacks

Viruses

Worms

Trojan Horses

Rootkits

Back Doors

Logic Bombs

Spyware and Adware

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Communication Security: Remote Access and Messaging

Introduction

he Need for Communication Security

Communications-based Security

Remote Access Security

802.1x

EAP

Vulnerabilities

Media Access Control Authentication

VPN

Site-to-site VPN

Remote Access VPN

RADIUS

Authentication Process

Vulnerabilities

TACACS/+

TACACS

XTACACS

TACACS+

Vulnerabilities

PPTP/L2TP

PPTP

L2TP

SSH

How SSH Works

IPSec

IPSec Authentication

ISAKMP

Vulnerabilities

Eavesdropping

Data Modification

Identity Spoofing

User Vulnerabilities and Errors

Administrator Vulnerabilities and Errors

E-mail Security

MIME

S/MIME

PGP

How PGP Works

Vulnerabilities

SMTP Relay

Spoofing

E-mail and Mobility

E-mail and Viruses

Spam

Hoaxes

Phishing

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Communication Security: Wireless

Introduction

Wireless Concepts

Understanding Wireless Networks

Overview of Wireless

Communication in a Wireless Network

Radio Frequency Communications

Spread Spectrum Technology

Wireless Network Architecture

CSMA/CD and CSMA/CA

Wireless Local Area Networks

WAP

WTLS

IEEE 802.11

IEEE 802.11b

Ad-Hoc and Infrastructure Network Configuration

WEP

Creating Privacy with WEP

Authentication

Common Exploits of Wireless Networks

Passive Attacks on Wireless Networks

Active Attacks on Wireless Networks

MITM Attacks on Wireless Networks

Wireless Vulnerabilities

WAP Vulnerabilities

WEP Vulnerabilities

Security of 64-Bit vs. 128-Bit Keys

Acquiring a WEP Key

Addressing Common Risks and Threats

Finding a Target

Finding Weaknesses in a Target

Exploiting Those Weaknesses

Sniffing

Protecting Against Sniffing and Eavesdropping

Spoofing (Interception) and Unauthorized Access

Protecting Against Spoofing and Unauthorized Attacks

Network Hijacking and Modification

Protection against Network

Hijacking and Modification

Denial of Service and Flooding Attacks

Protecting Against DoS and Flooding Attacks

IEEE 802.1x Vulnerabilities

Site Surveys

Additional Security Measures for Wireless Networks

Using a Separate Subnet for Wireless Networks

Using VPNs for Wireless Access to Wired Network

Temporal Key Integrity Protocol

Message Integrity Code (MIC)

IEEE 802.11i Standard

Implementing Wireless Security: Common Best Practices

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Communication Security: Web Based Services

Introduction

Web Security

Web Server Lockdown

Managing Access Control

Handling Directory and Data Structures

Eliminating Scripting Vulnerabilities

Logging Activity

Performing Backups

Maintaining Integrity

Finding Rogue Web Servers

Stopping Browser Exploits

Exploitable Browser Characteristics

Cookies

Web Spoofing

Web Server Exploits

SSL and HTTP/S

SSL and TLS

HTTP/S

TLS

S-HTTP

Instant Messaging

Packet Sniffers and Instant Messaging7

Text Messaging and Short Message Service (SMS)

Web-based Vulnerabilities

Understanding Java-, JavaScript-, and ActiveX-based Problems

Preventing Problems with

Java, JavaScript, and ActiveX

Programming Secure Scripts

Code Signing: Solution or More Problems?

Understanding Code Signing

The Benefits of Code Signing

Problems with the Code Signing Process

Buffer Overflows

Making Browsers and E-mail Clients More Secure

Restricting Programming Languages

Keep Security Patches Current

Securing Web Browser Software

Securing Microsoft IE

CGI

What is a CGI Script and What Does It Do?

Typical Uses of CGI Scripts

Break-ins Resulting from Weak CGI Scripts

CGI Wrappers

Nikto

FTP Security

Active and Passive FTP

S/FTP

Secure Copy

Blind FTP/Anonymous

FTP Sharing and Vulnerabilities

Packet Sniffing FTP Transmissions

Directory Services and LDAP Security

LDAP

LDAP Directories

Organizational Units

Objects, Attributes and the Schema

Securing LDAP

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Infrastructure Security: Devices and Media

Introduction

Device-based Security

Firewalls

Packet-filtering Firewalls

Application-layer Gateways

Stateful Inspection Firewalls

Routers

Switches

Wireless

Modems

RAS

Telecom/PBX

Virtual Private Network

IDS

Network Monitoring/Diagnostic

Workstations

Servers

Mobile Devices

Media-based Security

Coax

Thin Coax

Thick Coax

Vulnerabilities of Coax Cabling

UTP/STP

Fiber Optic

Removable Media

Magnetic Tape

CDRs

Hard Drives

Diskettes

Flashcards

Smart Cards

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Topologies and IDS

Introduction

Security Topologies

Security Zones

Introducing the Demilitarized Zone

Intranet

Extranet

VLANs

Network Address Translation

Tunneling

Intrusion Detection

Characterizing IDSes

Signature-based IDSes and Detection Evasion

Popular Commercial IDS Systems

Honeypots and Honeynets

Judging False Positives and Negatives

Incident Response

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Infrastructure Security: System Hardening

Introduction

Concepts and Processes of OS and NOS Hardening

File System

Updates

Hotfixes

Service Packs

Patches

Network Hardening

pdates (Firmware)

Configuration

Enabling and Disabling Services and Protocols

ACLs

Application Hardening

Updates

Hotfixes

Service Packs

Patches

Web Servers

E-mail Servers

FTP Servers

DNS Servers

NNTP Servers

File and Print Servers

DHCP Servers

Data Repositories

Directory Services

Network Access Control

Databases

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Basics of Cryptography

Introduction

Algorithms

What Is Encryption?

Symmetric Encryption Algorithms

Data Encryption Standard and

Triple Data Encryption Standard

Advanced Encryption Standard (Rijndael)

IDEA

Asymmetric Encryption Algorithms

Diffie-Hellman

El Gamal

RSA

Hashing Algorithms

Concepts of Using Cryptography

Confidentiality

Integrity

Digital Signatures

MITM Attacks

Authentication

Non-Repudiation

Access Control

One-time Pad

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 10 Public Key Infrastructure

Introduction

PKI

Trust Models

Web-of-trust Model

Single Certificate Authority Model

Hierarchical Model

Certificates

X.509

Certificate Policies

Certificate Practice Statements

Revocation

Certificate Revocation List

OCSP

Standards and Protocols

Key Management and Certificate Lifecycle

Centralized vs. Decentralized

Storage

Hardware Key Storage vs. Software Key Storage

Private Key Protection

Escrow

Expiration

Revocation

Status Checking

Suspension

Status Checking

Recovery

Key Recovery Information

M of N Control

Renewal

Destruction

Key Usage

Multiple Key Pairs (Single, Dual)

Summary

Solutions Fast Track

Frequently Asked Questions

Index



Description

Most Systems Administrators are not security specialists. Keeping the network secure is one of many responsibilities, and it is usually not a priority until disaster strikes. How to Cheat at Securing Your Network is the perfect book for this audience. The book takes the huge amount of information available on network security and distils it into concise recommendations and instructions, using real world, step-by-step instruction.

The latest addition to the best selling "How to Cheat..." series of IT handbooks, this book clearly identifies the primary vulnerabilities of most computer networks, including user access, remote access, messaging, wireless hacking, media, email threats, storage devices, and web applications. Solutions are provided for each type of threat, with emphasis on intrusion detection, prevention, and disaster recovery.

Key Features

  • A concise information source - perfect for busy System Administrators with little spare time
  • Details what to do when disaster strikes your network
  • Covers the most likely threats to small to medium sized networks

Readership

System Administrators responsible for securing networks in small to mid-size enterprises.


Details

No. of pages:
432
Language:
English
Copyright:
© Syngress 2007
Published:
Imprint:
Syngress
eBook ISBN:
9780080558646
Paperback ISBN:
9781597492317

About the Authors

Ido Dubrawsky Author

Ido Dubrawsky (CISSP, CCNA, CCDA) is the Chief Security Advisor for Microsoft’s Communication Sector North America, a division of the Mobile and Embedded Devices Group. Prior to working at Microsoft, Ido was the acting Security Consulting Practice Lead at AT&T’s Callisma subsidiary and a Senior Security Consultant. Before joining AT&T, Ido was a Network Security Architect for Cisco Systems, Inc., SAFE Architecture Team. He has worked in the systems and network administration field for almost 20 years in a variety of environments from government to academia to private enterprise. He has a wide range of experience in various networks, from small to large and relatively simple to complex. Ido is the primary author of three major SAFE white papers and has written, and spoken, extensively on security topics. He is a regular contributor to the SecurityFocus website on a variety of topics covering security issues. Previously, he worked in Cisco Systems, Inc. Secure Consulting Group, providing network security posture assessments and consulting services for a wide range of clients. In addition to providing penetration-testing consultation, he also conducted security architecture reviews and policy and process reviews. He holds a B.Sc. and a M.Sc. in Aerospace Engineering from the University of Texas at Austin.

Affiliations and Expertise

Chief Security Advisor, Microsoft’s Communication Sector North America, a division of the Mobile and Embedded Devices Group