Computer and Information Security

Handbook John R. Vacca

Visit to download the full and correct content document:
https://ebookmass.com/product/computer-and-information-security-handbook-john-r-v
acca/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Nanoscale Networking and Communications Handbook John

R. Vacca

https://ebookmass.com/product/nanoscale-networking-and-
communications-handbook-john-r-vacca/

Solving Urban Infrastructure Problems Using Smart City

Technologies: Handbook on Planning, Design,
Development, and Regulation 1st Edition John R. Vacca

https://ebookmass.com/product/solving-urban-infrastructure-
problems-using-smart-city-technologies-handbook-on-planning-
design-development-and-regulation-1st-edition-john-r-vacca/

Computer Security Fundamentals Chuck Easttom

https://ebookmass.com/product/computer-security-fundamentals-
chuck-easttom/

Fundamentals of Information Systems Security

https://ebookmass.com/product/fundamentals-of-information-
systems-security/
Principles of Computer Security: CompTIA Security+ and
Beyond 2nd edition Edition Conklin

https://ebookmass.com/product/principles-of-computer-security-
comptia-security-and-beyond-2nd-edition-edition-conklin/

Computer Security Principles and Practice 5th Edition

William Stallings

https://ebookmass.com/product/computer-security-principles-and-
practice-5th-edition-william-stallings/

Computer Security Fundamentals, 5th Edition Chuck

Easttom

https://ebookmass.com/product/computer-security-fundamentals-5th-
edition-chuck-easttom/

Computer Network Security 1st Edition Ali Sadiqui

https://ebookmass.com/product/computer-network-security-1st-
edition-ali-sadiqui/

Computer Security Fundamentals, Fourth Edition Chuck

Easttom

https://ebookmass.com/product/computer-security-fundamentals-
fourth-edition-chuck-easttom/
Computer and Information Security Handbook
This page intentionally left blank
Computer and Information
Security Handbook
Third Edition

Edited by
John R. Vacca
Morgan Kaufmann is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright © 2017 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.
Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with
organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website:
www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be
noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding,
changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information,
methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their
own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury
and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of
any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-803843-7

For information on all Morgan Kaufmann publications

visit our website at https://www.elsevier.com/books-and-journals

Publisher: Todd Green

Acquisition Editor: Brian Romer
Editorial Project Manager: Charlie Kent
Production Project Manager: Priya Kumaraguruparan
Designer: Maria Inês Cruz

Typeset by TNQ Books and Journals

This book is dedicated to my wife, Bee.
This page intentionally left blank
Contents

Contributors xxvii 3. A Cryptography Primer 35

About the Editor xxxi
Foreword xxxiii Scott R. Ellis
Preface xxxv 1. What Is Cryptography? What Is
Acknowledgments xli Encryption? 36
2. Famous Cryptographic Devices 36
3. Ciphers 37
Part I 4. Modern Cryptography 44
Overview of System and Network 5. The Computer Age 49
Security: A Comprehensive 6. How Advanced Encryption Standard
Works 52
Introduction 1 7. Selecting Cryptography: the Process 55
8. Summary 56
1. Information Security in the Modern Chapter Review Questions/Exercises 57
Enterprise 3 Exercise 57
James Pooley
1. Introduction 3 4. Verifying User and Host Identity 59
2. Challenges Facing Information Keith Lewis
Security 4
3. Assessment and Planning 5 1. Introduction: Verifying the User 59
4. Policies and Procedures 8 2. Identity Access Management:
5. Training 9 Authentication and Authorization 59
6. Summary 10 3. Synthetic or Real User Logging 61
Chapter Review Questions/Exercises 10 4. Verifying a User in Cloud
Exercise 11 Environments 62
5. Verifying Hosts 63
6. Verifying Host Domain Name System and
2. Building a Secure Organization 13
Internet Protocol Information 63
John R. Mallery 7. Summary 64
8. Chapter Review Questions/Exercises 64
1. Obstacles to Security 13
Exercise 65
2. Computers Are Powerful and
References 65
Complex 13
3. Current Trend Is to Share, Not
Protect 14 5. Detecting System Intrusions 67
4. Security Is Not About Hardware and
Scott R. Ellis
Software 16
5. Ten Steps to Building a Secure 1. Introduction 67
Organization 18 2. Developing Threat Models 69
6. Preparing for the Building of Security 3. Securing Communications 70
Control Assessments 31 4. Network Security Monitoring and
7. Summary 31 Intrusion Detection Systems 74
Chapter Review Questions/Exercises 33 5. Installing Security Onion to a
Exercise 33 Bare-Metal Server 83

vii
viii Contents

6. Putting It All Together 86 4. Motives 134

7. Securing Your Installation 87 5. The Crackers’ Tools of the Trade 134
8. Managing an Intrusion Detection System 6. Bots 136
in a Network Security Monitoring 7. Symptoms of Intrusions 136
Framework 87 8. What Can You Do? 137
9. Setting the Stage 93 9. Security Policies 139
10. Alerts and Events 93 10. Risk Analysis 140
11. Sguil: Tuning Graphics Processing Unit 11. Tools of Your Trade 141
Rules, Alerts, and Responses 95 12. Controlling User Access 143
12. Developing Process 99 13. Intrusion Prevention Capabilities 145
13. Understanding, Exploring, and Managing 14. Summary 145
Alerts 100 Chapter Review Questions/Exercises 146
14. Summary 106 Exercise 146
Chapter Review Questions/Exercises 107
Exercise 107 8. Guarding Against Network
Intrusions 149
6. Intrusion Detection in Contemporary
Environments 109 Thomas M. Chen

Tarfa Hamed, Rozita Dara, Stefan C. Kremer 1. Introduction 149

2. Traditional Reconnaissance and
1. Introduction 109 Attacks 149
2. Mobile Operating Systems 110 3. Malicious Software 152
3. Mobile Device Malware Risks 111 4. Defense in Depth 154
4. Cloud Computing Models 112 5. Preventive Measures 155
5. Cloud Computing Attack Risks 112 6. Intrusion Monitoring and Detection 159
6. Source of Attacks on Mobile 7. Reactive Measures 160
Devices 113 8. Network-Based Intrusion Protection 161
7. Source or Origin of Intrusions in Cloud 9. Summary 162
Computing 113 Chapter Review Questions/Exercises 162
8. Classes of Mobile Malware 114 Exercise 163
9. Types of Cloud Computing Attacks 114
10. Malware Techniques in Android 115
11. Cloud Computing Intrusions 9. Fault Tolerance and Resilience
Techniques 117 in Cloud Computing
12. Examples of Smartphone Malware 118 Environments 165
13. Examples of Cloud Attacks 119
Ravi Jhawar, Vincenzo Piuri
14. Types of Intrusion Detection Systems for
Mobile Devices 121 1. Introduction 165
15. Types of Intrusion Detection Systems for 2. Cloud Computing Fault
Cloud Computing 123 Model 166
16. Intrusion Detection System Performance 3. Basic Concepts of Fault Tolerance 168
Metrics 126 4. Different Levels of Fault Tolerance in
17. Summary 127 Cloud Computing 170
Chapter Review Questions/Exercises 128 5. Fault Tolerance Against Crash Failures in
Exercise 128 Cloud Computing 171
References 128 6. Fault Tolerance Against Byzantine Failures
in Cloud Computing 173
7. Preventing System Intrusions 131 7. Fault Tolerance as a Service in Cloud
Computing 175
Michael A. West 8. Summary 179
1. So, What Is an Intrusion? 132 Chapter Review Questions/Exercises 180
2. Sobering Numbers 133 Exercise 180
3. Know Your Enemy: Hackers Versus Acknowledgments 180
Crackers 133 References 180
 Contents ix

10. Securing Web Applications, 13. Internet Security 239

Services, and Servers 183 Jesse Walker
Gerald Beuchelt
1. Internet Protocol Architecture 239
1. Setting the Stage 183 2. An Internet Threat Model 246
2. Basic Security for HTTP Applications and 3. Defending Against Attacks on the
Services 184 Internet 251
3. Basic Security for SOAP Services 187 4. Internet Security Checklist 262
4. Identity Management and Web 5. Summary 262
Services 189 Chapter Review Questions/Exercises 263
5. Authorization Patterns 195 Exercise 263
6. Security Considerations 196
7. Challenges 201 14. The Botnet Problem 265
8. Summary 202
Nailah Mims
Chapter Review Questions/Exercises 202
Exercise 203 1. Introduction 265
Resources 203 2. What Is a Botnet? 265
3. Building a Botnet 265
11. UNIX and Linux Security 205 4. The Problem With Botnets 268
5. Botnet Case Studies and Known
Gerald Beuchelt
Botnets 270
1. Introduction 205 6. Summary 272
2. UNIX and Security 205 Chapter Review Questions/Exercises 272
3. Basic UNIX Security Overview 206 Exercise 273
4. Achieving UNIX Security 209 References 274
5. Protecting User Accounts and
Strengthening Authentication 211 15. Intranet Security 275
6. Limiting Superuser Privileges 215
7. Securing Local and Network File Bill Mansoor
Systems 217 1. Smartphones and Tablets in the
8. Network Configuration 219 Intranet 277
9. Improving the Security of Linux and 2. Security Considerations 281
UNIX Systems 221 3. Plugging the Gaps: Network Access
10. Additional Resources 222 Control and Access Control 283
11. Summary 223 4. Measuring Risk: Audits 284
Chapter Review Questions/Exercises 223 5. Guardian at the Gate: Authentication
Exercise 224 and Encryption 286
6. Wireless Network Security 286
12. Eliminating the Security Weakness 7. Shielding the Wire: Network
of Linux and UNIX Operating Protection 287
Systems 225 8. Weakest Link in Security: User
Training 289
Mario Santana
9. Documenting the Network: Change
1. Introduction to Linux and UNIX 225 Management 289
2. Hardening Linux and UNIX 229 10. Rehearse the Inevitable: Disaster
3. Proactive Defense for Linux and Recovery 290
UNIX 236 11. Controlling Hazards: Physical and
4. Summary 237 Environmental Protection 292
Chapter Review Questions/Exercises 238 12. Know Your Users: Personnel
Exercise 238 Security 293
x Contents

13. Protecting Data Flow: Information and Chapter Review Questions/Exercises 334
System Integrity 293 Exercise 335
14. Security Assessments 294 References 335
15. Risk Assessments 294
16. Intranet Security Implementation 19. Security for the Internet of
Process Checklist 295 Things 339
17. Summary 295
Chapter Review Questions/Exercises 296 William Stallings
Exercise 296 1. Introduction 339
2. ITU-T Internet of Things (IoT) Reference
Model 340
16. Local Area Network Security
3. Internet of Things (IoT) Security 344
(online chapter) 299 4. Summary 347
Pramod Pandya Chapter Review Questions/Exercises 347
Exercise 348
17. Wireless Network Security 301 References 348

Chunming Rong, Gansen Zhao, 20. Cellular Network Security 349

Liang Yan, Erdal Cayirci,
Hongbing Cheng Peng Liu, Thomas F. LaPorta,
Kameswari Kotapati
1. Cellular Networks 301
2. Wireless Ad Hoc Networks 303 1. Introduction 349
3. Security Protocols 304 2. Overview of Cellular Networks 349
4. Wired Equivalent Privacy 305 3. The State of the Art of Cellular Network
5. Secure Routing 307 Security 352
6. Authenticated Routing for Ad Hoc 4. Cellular Network Attack
Networks 309 Taxonomy 354
7. Secure Link State Routing 5. Cellular Network Vulnerability
Protocol 309 Analysis 359
8. Key Establishment 310 6. Summary 366
9. Ingemarsson, Tang, and Wong 311 Chapter Review Questions/Exercises 367
10. Management Countermeasures 313 Exercise 367
11. Summary 314 References 368
Chapter Review Questions/Exercises 314
Exercise 315 21. Radio Frequency Identification
References 315 Security 369
Chunming Rong, Gansen Zhao, Liang Yan,
18. Wireless Sensor Network Security: Erdal Cayirci, Hongbing Cheng
The Internet of Things 317
1. Radio Frequency Identification
Harsh Kupwade Patil, Thomas M. Chen Introduction 369
2. Radio Frequency Identification
1. Introduction to Wireless Sensor
Challenges 372
Networks 317
3. Radio Frequency Identification
2. Threats to Privacy 319
Protections 376
3. Cryptographic Security in Wireless
4. Summary 382
Sensor Networks 323
Chapter Review Questions/Exercises 383
4. Secure Routing in Wireless Sensor
Exercise 383
Networks 329
References 384
5. Routing Protocols in Wireless Sensor
Networks 330
22. Optical Network Security
6. Wireless Sensor Networks and Internet
(online chapter) 387
of Things 332
7. Summary 334 Lauren Collins
 Contents xi

23. Optical Wireless Security 26. Policy-Driven System

(online chapter) 389 Management 427
Scott R. Ellis Henrik Plate, Cataldo Basile,
Stefano Paraboschi
1. Introduction 427
Part II 2. Security and Policy-Based
Managing Information Security 391 Management 427
3. Classification and Languages 439
24. Information Security Essentials for 4. Controls for Enforcing Security Policies
Information Technology Managers: in Distributed Systems 442
Protecting Mission-Critical 5. Products and Technologies 447
6. Research Projects 452
Systems 393
7. Summary 457
Albert Caballero Chapter Review Questions/Exercises 458
Exercise 458
1. Introduction 393
Acknowledgments 458
2. Protecting Mission-Critical
References 459
Systems 394
3. Information Security Essentials for
Information Technology 27. Information Technology Security
Managers 396 Management (online chapter) 461
4. Systems and Network Security 399
Rahul Bhaskar, Bhushan Kapoor
5. Application Security 402
6. Cloud Security 404
7. Data Protection 407 28. The Enemy (The Intruder’s
8. Wireless and Mobile Security 408 Genesis) (online chapter) 463
9. Identity and Access Management 409
Pramod Pandya
10. Security Operations 410
11. Policies, Plans, and Programs 413
12. Summary 417 29. Social Engineering Deceptions
Chapter Review Questions/Exercises 417 and Defenses 465
Exercise 418 Scott R. Ellis
References 418
1. Introduction 465
25. Security Management Systems 421 2. Counter-Social Engineering 465
3. Vulnerabilities 466
Jim Harmening 4. Using a Layered Defense
1. Security Management System Approach 467
Standards 421 5. Attack Scenarios 469
2. Training Requirements 422 6. Suspect Everyone: Network Vector 469
3. Principles of Information Security 422 7. Policy and Training 471
4. Roles and Responsibilities of 8. Physical Access 472
Personnel 422 9. Summary 472
5. Security Policies 422 Chapter Review Questions/Exercises 473
6. Security Controls 423 Exercise 473
7. Network Access 423
8. Risk Assessment 424 30. Ethical Hacking 475
9. Incident Response 425
Scott R. Ellis
10. Summary 425
Chapter Review Questions/Exercises 426 1. Introduction 475
Exercise 426 2. Hacker’s Toolbox 476
xii Contents

3. Attack Vectors 478 33. Security Education, Training, and

4. Physical Penetrations 480 Awareness 497
5. Summary 481
Chapter Review Questions/Exercises 481 Albert Caballero
Exercise 481 1. Security Education, Training, and
Awareness (SETA) Programs 497
31. What Is Vulnerability 2. Users, Behavior, and Roles 499
Assessment? 483 3. Security Education, Training, and
Awareness (SETA) Program Design 500
Almantas Kakareka
4. Security Education, Training, and
1. Introduction 483 Awareness (SETA) Program
2. Reporting 483 Development 501
3. The “It Will Not Happen to Us” 5. Implementation and Delivery 501
Factor 484 6. Technologies and Platforms 502
4. Why Vulnerability Assessment? 484 7. Summary 503
5. Penetration Testing Versus Vulnerability Chapter Review Questions/Exercises 504
Assessment 484 Exercise 505
6. Vulnerability Assessment Goal 485 References 505
7. Mapping the Network 485
8. Selecting the Right Scanners 485 34. Risk Management 507
9. Central Scans Versus Local Scans 487
10. Defense in Depth Strategy 488 Sokratis K. Katsikas
11. Vulnerability Assessment Tools 488 1. The Concept of Risk 508
12. Security Auditor’s Research 2. Expressing and Measuring Risk 508
Assistant 489 3. The Risk Management
13. Security Administrator’s Integrated Methodology 510
Network Tool 489 4. Risk Management Laws and
14. Microsoft Baseline Security Regulations 522
Analyzer 489 5. Risk Management Standards 524
15. Scanner Performance 489 6. Summary 526
16. Scan Verification 490 Chapter Review Questions/Exercises 526
17. Scanning Cornerstones 490 Exercise 527
18. Network Scanning
Countermeasures 490 35. Insider Threat 529
19. Vulnerability Disclosure
Date 490 William F. Gross
20. Proactive Security Versus Reactive 1. Introduction 529
Security 491 2. Defining Insider Threat 529
21. Vulnerability Causes 492 3. Motivations of the Insider Threat
22. Do It Yourself Vulnerability Actors 530
Assessment 493 4. Insider Threat Indicators 531
23. Summary 493 5. Examples of Insider Threats 531
Chapter Review Questions/Exercises 493 6. Impacts 532
Exercise 494 7. Analysis: Relevance 532
8. Manage and Mitigate the Insider
32. Security Metrics: An Introduction Threat 532
and Literature Review 9. Summary 534
(online chapter) 495 Chapter Review Questions/Exercises 535
Exercise 535
George O.M. Yee
References 535
 Contents xiii

Part III 39. Security Policies and Plans

Disaster Recovery Security 537 Development 565
Keith Lewis
36. Disaster Recovery 539
1. Introduction: Policies and Planning:
Scott R. Ellis, Lauren Collins Security Framework Foundation 565
1. Introduction 539 2. CIA: Not the Central Intelligence
2. Measuring Risk and Avoiding Agency 567
Disaster 539 3. Security Policy Structure 567
3. The Business Impact Assessment 541 4. Security Policy: Sign Off Approval 569
4. Summary 546 5. Summary 569
Chapter Review Questions/Exercises 546 Chapter Review Questions/Exercises 569
Exercise 547 Exercise 570
References 570
37. Disaster Recovery Plans for
Small and Medium Businesses
(SMBs) 549 Part V
Cyber, Network, and Systems
William F. Gross, Jr.
Forensics Security and
1. Introduction 549 Assurance 571
2. Identifying the Need for a Disaster
Recovery Plan 549
40. Cyber Forensics 573
3. Recovery 549
4. Threat Analysis 550 Scott R. Ellis
5. Methodology 550
1. What Is Cyber Forensics? 573
6. Train and Test the Plan 551
2. Analysis of Data 574
7. Communication 551
3. Cyber Forensics in the Court
8. Recovery 552
System 576
9. Summary 552
4. Understanding Internet History 577
Chapter Review Questions/Exercises 552
5. Temporary Restraining Orders and
Exercise 553
Labor Disputes 578
References 553
6. First Principles 589
7. Hacking a Windows XP Password 589
8. Network Analysis 592
Part IV 9. Cyber Forensics Applied 593
Security Standards and Policies 555 10. Tracking, Inventory, Location of Files,
Paperwork, Backups, and So on 593
38. Security Certification and Standards 11. Testifying as an Expert 595
Implementation 557 12. Beginning to End in Court 598
13. Summary 601
Keith Lewis Chapter Review Questions/Exercises 601
1. Introduction: The Security Compliance Exercise 602
Puzzle 557
2. The Age of Digital Regulations 557 41. Cyber Forensics and Incidence
3. Security Regulations and Laws: Response 603
Technology Challenges 558
Cem Gurkok
4. Implementation: The Compliance
Foundation 560 1. Introduction to Cyber Forensics 603
5. Summary 562 2. Handling Preliminary
Chapter Review Questions/Exercises 562 Investigations 604
Exercise 563 3. Controlling an Investigation 606
References 563 4. Conducting Disc-Based Analysis 607
xiv Contents

5. Investigating Information-Hiding Part VI

Techniques 610
6. Scrutinizing Email 614
Encryption Technology 673
7. Validating Email Header
Information 615
46. Data Encryption
8. Tracing Internet Access 616 (online chapter) 675
9. Searching Memory in Real Time 619 Bhushan Kapoor, Pramod Pandya
10. Summary 625
Chapter Review Questions/Exercises 627
Exercise 627 47. Satellite Encryption 677
References 628 Daniel S. Soper

42. Securing e-Discovery 629 1. Introduction 677

2. The Need for Satellite Encryption 678
Scott R. Ellis 3. Implementing Satellite Encryption 679
1. Information Management 631 4. Pirate Decryption of Satellite
2. Legal and Regulatory Obligation 631 Transmissions 683
3. Summary 654 5. Satellite Encryption Policy 685
Chapter Review Questions/Exercises 654 6. Satellite Encryption Service (SES) 686
Exercise 655 7. The Future of Satellite Encryption 686
8. Summary 686
Chapter Review Questions/Exercises 688
43. Network Forensics
Exercise 688
(online chapter) 657
Yong Guan 48. Public Key Infrastructure 691
Terence Spies
44. Microsoft Office and Metadata 1. Cryptographic Background 691
Forensics: A Deeper Dive 659 2. Overview of Public Key
Rich Hoffman Infrastructure 693
3. The X.509 Model 694
1. Introduction 659
4. X.509 Implementation
2. In a Perfect World 659
Architectures 695
3. Microsoft Excel 660
5. X.509 Certificate Validation 695
4. Exams! 661
6. X.509 Certificate Revocation 698
5. Items Outside of Office
7. Server-Based Certificate Validity
Metadata 663
Protocol 699
6. Summary 666
8. X.509 Bridge Certification
Chapter Review Questions/Exercises 666
Systems 700
Exercise 667
9. X.509 Certificate Format 702
10. Public Key Infrastructure Policy
45. Hard Drive Imaging 669 Description 704
John Benjamin Khan 11. Public Key Infrastructure Standards
Organizations 705
1. Introduction 669 12. Pretty Good Privacy Certificate
2. Hard Disc Drives 669 Formats 706
3. Solid State Drives 669 13. Pretty Good Privacy Public Key
4. Hardware Tools 670 Infrastructure Implementations 706
5. Software Tools 670 14. World Wide Web Consortium 707
6. Techniques 670 15. Is Public Key Infrastructure
7. Summary 671 Secure? 707
Chapter Review Questions/Exercises 671 16. Alternative Public Key Infrastructure
Exercise 672 Architectures 707
References 672 17. Modified X.509 Architectures 708
 Contents xv

18. Alternative Key Management Part VII

Models 708
19. Summary 709
Privacy and Access
Chapter Review Questions/Exercises 710 Management 741
Exercise 710
References 710 52. Online Privacy 743
Chiara Braghin, Marco Cremonini
49. Password-Based Authenticated
Key Establishment Protocols 1. The Quest for Privacy 743
2. Trading Personal Data 746
(online chapter) 713
3. Control of Personal Data 747
Jean Lancrenon, Dalia Khader, 4. Privacy and Technologies 749
Peter Y.A. Ryan, Feng Hao 5. Summary 755
Chapter Review Questions/Exercises 755
Exercise 756
50. Context-Aware Multifactor References 756
Authentication Survey 715
Emin Huseynov, Jean-Marc Seigneur 53. Privacy-Enhancing
1. Introduction 715
Technologies 759
2. Classic Approach to Multifactor Simone Fischer-Hbner, Stefan Berthold
Authentication 715
1. The Concept of Privacy 759
3. Modern Approaches to Multifactor
2. Legal Privacy Principles 759
Authentication 718
3. Classification of Privacy-Enhancing
4. Comparative Summary 722
Technologies (PETs) 761
5. Summary 723
4. Traditional Privacy Goals of
Chapter Review Questions/Exercises 724
Privacy-Enhancing Technologies
Exercise 726
(PETs) 761
References 726
5. Privacy Metrics 762
6. Data Minimization Technologies 764
51. Instant-Messaging Security 727 7. Transparency-Enhancing
Samuel J.J. Curry Tools 772
8. Summary 775
1. Why Should I Care About Instant
Chapter Review Questions/Exercises 775
Messaging? 727
Exercise 776
2. What Is Instant Messaging? 727
References 776
3. The Evolution of Networking
Technologies 728
4. Game Theory and Instant
54. Personal Privacy Policies
Messaging 728 (online chapter) 779
5. The Nature of the Threat 731 George O.M. Yee, Larry Korba
6. Common Instant Messaging
Applications 734
7. Defensive Strategies 735 55. Detection of Conflicts in Security
8. Instant-Messaging Security Maturity Policies 781
and Solutions 736 Cataldo Basile, Matteo Maria Casalino,
9. Processes 737 Simone Mutti, Stefano Paraboschi
10. Summary 738
Chapter Review Questions/Exercises 740 1. Introduction 781
Exercise 740 2. Conflicts in Security Policies 781
xvi Contents

3. Conflicts in Executable Security 58. Virtual Private Networks 843

Policies 785
4. Conflicts in Network Security James T. Harmening
Policies 788 1. History 844
5. Query-Based Conflict 2. Who Is in Charge? 847
Detection 789 3. Virtual Private Network Types 848
6. Semantic Web Technology for Conflict 4. Authentication Methods 851
Detection 795 5. Symmetric Encryption 851
7. Summary 798 6. Asymmetric Cryptography 852
Chapter Review Questions/Exercises 798 7. Edge Devices 852
Exercise 799 8. Passwords 852
Acknowledgments 799 9. Hackers and Crackers 853
References 799 10. Mobile Virtual Private Network 853
11. Virtual Private Network
56. Supporting User Privacy Deployments 854
Preferences in Digital 12. Summary 854
Interactions 801 Chapter Review Questions/Exercises 854
Exercise 855
Sara Foresti, Pierangela Samarati References 856
1. Introduction 801 Resources 856
2. Basic Concepts and Desiderata 802
3. Cost-Sensitive Trust Negotiation 805 59. Identity Theft (online chapter) 857
4. Point-Based Trust Management 808 Markus Jakobsson, Alex Tsow
5. Logical-Based Minimal Credential
Disclosure 810
6. Privacy Preferences in Credential-Based 60. VoIP Security 859
Interactions 812 Harsh Kupwade Patil, Dan Wing,
7. Fine-Grained Disclosure of Sensitive Thomas M. Chen
Access Policies 817
8. Open Issues 819 1. Introduction 859
9. Summary 819 2. Overview of Threats 861
Chapter Review Questions/Exercises 820 3. Security in Voice Over Internet
Exercise 820 Protocol 866
Acknowledgments 820 4. Future Trends 868
References 821 5. Summary 871
Chapter Review Questions/Exercises 872
Exercise 873
57. Privacy and Security in
Environmental Monitoring
Systems: Issues and Solutions 823 Part VIII
Sabrina De Capitani di Vimercati, Storage Security 875
Angelo Genovese, Giovanni Livraga,
Vincenzo Piuri, Fabio Scotti 61. SAN Security (online chapter) 877
1. Introduction 823 John McGowan, Jeffrey S. Bardin,
2. System Architectures 824 John McDonald
3. Environmental Data 826
4. Security and Privacy Issues in 62. Storage Area Networking Security
Environmental Monitoring 827 Devices 879
5. Countermeasures 829
Robert Rounsavall
6. Summary 838
Chapter Review Questions/Exercises 838 1. What Is Storage Area Networking
Exercise 838 (SAN)? 879
Acknowledgments 839 2. Storage Area Networking (SAN)
References 839 Deployment Justifications 879
 Contents xvii

3. The Critical Reasons for Storage Area 65. Private Cloud Security 931
Networking (SAN) Security 880
4. Storage Area Networking (SAN) Keith Lewis
Architecture and Components 880 1. Introduction: Private Cloud System
5. Storage Area Networking (SAN) General Management 931
Threats and Issues 882 2. From Physical to Network Security Base
6. Summary 893 Focus 931
Chapter Review Questions/Exercises 893 3. Benefits of Private Cloud Security
Exercise 894 Infrastructures 933
4. Private Cloud Security Standards and
Best Practices 933
Part IX 5. “As-a-Service” Universe: Service
Cloud Security 895 Models 934
6. Private Cloud Service Model: Layer
Considerations 935
63. Securing Cloud Computing
7. Privacy or Public: The Cloud Security
Systems 897 Challenges 935
Cem Gurkok 8. Summary 935
Chapter Review Questions/Exercises 936
1. Cloud Computing Essentials: Examining
Exercise 936
the Cloud Layers 897
References 936
2. Software as a Service: Managing Risks in
the Cloud 903
3. Platform as a Service: Securing the
66. Virtual Private Cloud Security 937
Platform 904 Keith Lewis
4. Infrastructure as a Service 907
1. Introduction: Virtual Networking in a
5. Leveraging Provider-Specific Security
Private Cloud 937
Options 911
2. Security Console: Centralized Control
6. Achieving Security in a Private
Dashboard Management 937
Cloud 912
3. Security Designs: Virtual Private Cloud
7. Meeting Compliance
Setups 938
Requirements 916
4. Security Object Group Allocations:
8. Preparing for Disaster Recovery 919
Functional Control Management
9. Summary 921
Practices 939
Chapter Review Questions/Exercises 921
5. Virtual Private Cloud Performance
Exercise 922
Versus Security 940
References 922
6. Summary 941
Chapter Review Questions/Exercises 941
64. Cloud Security 923 Exercise 942
Edward G. Amoroso References 942
1. Cloud Overview: Public, Private,
Hybrid 923
2. Cloud Security Threats 924 Part X
3. Internet Service Provider Cloud Virtual Virtual Security 943
Private Network Peering Services 924
4. Cloud Access Security Brokers 925 67. Protecting Virtual
5. Cloud Encryption 925 Infrastructure 945
6. Cloud Security Microsegmentation 926
7. Cloud Security Compliance 927 Edward G. Amoroso
8. Summary 929 1. Virtualization in Computing 945
Chapter Review Questions/Exercises 929 2. Virtual Data Center Security 946
Exercise 929 3. Hypervisor Security 947
References 930 4. Enterprise Segmentation 947
xviii Contents

5. Active Containerized Security 948 5. Threat Assessment, Planning, and Plan

6. Virtual Absorption of Volume Implementation 971
Attacks 948 6. Example: A Corporate Physical Security
7. Open Source Versus Proprietary Policy 972
Security Capabilities 949 7. Integration of Physical and Logical
8. Summary 950 Security 973
Chapter Review Questions/Exercises 950 8. Physical Security Checklist 976
Exercise 951 9. Summary 976
Reference 951 Chapter Review Questions/Exercises 977
Exercise 979
References 979
68. Software-Defined Networking and
Network Function Virtualization
70. Biometrics (online chapter) 981
Security 953
Luther Martin
Edward G. Amoroso
1. Introduction to Software-Defined
Networking 953
2. Software-Defined Networking and Part XII
Network Function Virtualization Practical Security 983
Overview 954
3. Software-Defined Networking and 71. Online Identity and User
Network Function Virtualization for Management Services 985
Internet Service Providers 956
Tewfiq El Maliki, Jean-Marc Seigneur
4. Software-Defined Networking
Controller Security 956 1. Introduction 985
5. Improved Patching With 2. Evolution of Identity Management
Software-Defined Networking 957 Requirements 985
6. Dynamic Security Service Chaining in 3. The Requirements Fulfilled by Identity
Software-Defined Networking 957 Management Technologies 989
7. Future Virtualized Management Security 4. Identity Management 1.0 989
Support in Software-Defined 5. Social Login and User
Networking 959 Management 1001
8. Summary 959 6. Identity 2.0 for Mobile Users 1002
Chapter Review Questions/Exercises 960 7. Summary 1007
Exercise 961 Chapter Review Questions/Exercises 1007
References 961 Exercise 1008
References 1008

Part XI 72. Intrusion Prevention and Detection

Systems 1011
Cyber Physical Security 963
Christopher Day
69. Physical Security Essentials 965 1. What Is an “Intrusion” Anyway? 1011
William Stallings 2. Physical Theft 1011
3. Abuse of Privileges (the Insider
1. Overview 965 Threat) 1011
2. Physical Security Threats 966 4. Unauthorized Access by
3. Physical Security Prevention and Outsider 1012
Mitigation Measures 970 5. Malicious Software Infection 1012
4. Recovery From Physical Security 6. Role of the “Zero-Day” 1013
Breaches 971
 Contents xix

7. The Rogue’s Gallery: Attackers and 76. System Security

Motives 1014 (online chapter) 1039
8. A Brief Introduction to Transmission
Control Protocol/Internet Lauren Collins
Protocol 1014
9. Transmission Control Protocol/ 77. Access Controls 1041
Internet Protocol Data Architecture
and Data Encapsulation 1015 Lauren Collins
10. Survey of Intrusion Detection and 1. Infrastructure Weaknesses:
Prevention Technologies 1019 Discretionary Access Control (DAC),
11. Antimalicious Software 1019 Mandatory Access Control (MAC),
12. Network-Based Intrusion Detection and Role-Based Access Control
Systems 1019 (RBAC) 1041
13. Network-Based Intrusion Prevention 2. Strengthening the Infrastructure:
Systems 1021 Authentication Systems 1044
14. Host-Based Intrusion Prevention 3. Summary 1046
Systems 1021 Chapter Review Questions/Exercises 1047
15. Security Information Management Exercise 1047
Systems 1021
16. Network Session Analysis 1022
17. Digital Forensics 1023 78. Endpoint Security 1049
18. System Integrity Validation 1023 Keith Lewis
19. Summary 1023
Chapter Review Questions/Exercises 1023 1. Introduction: Endpoint Security
Exercise 1024 Defined 1049
References 1024 2. Endpoint Solution: Options 1049
3. Standard Requirements: Security
73. Transmission Control Protocol/ Decisions 1049
Internet Protocol Packet Analysis 4. Endpoint Architecture: Functional
Challenges 1050
(online chapter) 1027
5. Endpoint Intrusion Security:
Pramod Pandya Management Systems 1052
6. Intrusion Prevention System (IPS)
74. Firewalls (online chapter) 1029 Network Logging Tools: Seek and Target
(the Offender) 1053
Errin W. Fulp 7. Endpoint Unification: Network
Access Control (NAC) Design
75. Penetration Testing 1031 Approach (From the Ground-Up) 1053
Roman Zabicki, Scott R. Ellis 8. Software-as-a-Service (SaaS) Endpoint
Security 1053
1. What Is Penetration Testing? 1031 9. Summary 1054
2. Why Would You Do It? 1031 Chapter Review Questions/Exercises 1054
3. How Do You Do It? 1032 Exercise 1055
4. Examples of Penetration Test References 1055
Scenarios 1035
5. Summary 1037
79. Assessments and Audits
Chapter Review Questions/Exercises 1037
Exercise 1038
(online chapter) 1057
References 1038 Lauren Collins
Another random document with
no related content on Scribd:
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back