Network Defense and Countermeasures: Principles and Practices, 3rd Edition

Network Defense and Countermeasures: Principles and Practices, 3rd Edition

by Chuck Easttom
Released April 2018
Publisher(s): Pearson IT Certification
ISBN: 9780134893112

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

All you need to know about defending networks, in one book

· Clearly explains concepts, terminology, challenges, tools, and skills

· Covers key security standards and models for business and government

· The perfect introduction for all network/computer security professionals and students

Welcome to today’s most useful and practical introduction to defending modern networks. Drawing on decades of experience, Chuck Easttom brings together updated coverage of all the concepts, terminology, techniques, and solutions you’ll need to be effective.

Easttom thoroughly introduces the core technologies of modern network security, including firewalls, intrusion-detection systems, and VPNs. Next, he shows how encryption can be used to safeguard data as it moves across networks.

You’ll learn how to harden operating systems, defend against malware and network attacks, establish robust security policies, and assess network security using industry-leading standards and models. You’ll also find thorough coverage of key issues such as physical security, forensics, and cyberterrorism.

Throughout, Easttom blends theory and application, helping you understand both what to do and why. In every chapter, quizzes, exercises, projects, and web resources deepen your understanding and help you use what you’ve learned–in the classroom and in your career.

Learn How To

· Evaluate key network risks and dangers

· Choose the right network security approach for your organization

· Anticipate and counter widespread network attacks, including those based on “social engineering”

· Successfully deploy and apply firewalls and intrusion detection systems

· Secure network communication with virtual private networks

· Protect data with cryptographic public/private key systems, digital signatures, and certificates

· Defend against malware, including ransomware, Trojan horses, and spyware

· Harden operating systems and keep their security up to date

· Define and implement security policies that reduce risk

· Explore leading security standards and models, including ISO and NIST standards

· Prepare for an investigation if your network has been attacked

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Contents
  6. About This E-Book
  7. Preface
  8. About the Author
  9. Dedication
  10. Acknowledgments
  11. About the Technical Reviewers
  12. We Want to Hear from You!
  13. Reader Services
  14. Chapter 1: Introduction to Network Security
    1. Introduction
    2. The Basics of a Network
      1. Basic Network Structure
      2. Data Packets
      3. IP Addresses
      4. Uniform Resource Locators
      5. MAC Addresses
      6. Protocols
    3. Basic Network Utilities
      1. ipconfig
      2. ping
      3. tracert
      4. netstat
    4. The OSI Model
    5. What Does This Mean for Security?
    6. Assessing Likely Threats to the Network
    7. Classifications of Threats
      1. Malware
      2. Compromising System Security—Intrusions
      3. Denial of Service
    8. Likely Attacks
    9. Threat Assessment
    10. Understanding Security Terminology
      1. Hacking Terminology
      2. Security Terminology
    11. Choosing a Network Security Approach
      1. Perimeter Security Approach
      2. Layered Security Approach
      3. Hybrid Security Approach
    12. Network Security and the Law
    13. Using Security Resources
    14. Summary
  15. Chapter 2: Types of Attacks
    1. Introduction
    2. Understanding Denial of Service Attacks
      1. DoS in Action
      2. SYN Flood
      3. Smurf Attack
      4. Ping of Death
      5. UDP Flood
      6. ICMP Flood
      7. DHCP Starvation
      8. HTTP Post DoS
      9. PDoS
      10. Distributed Reflection Denial of Service
      11. DoS Tools
      12. Real-World Examples
      13. Defending Against DoS Attacks
    3. Defending Against Buffer Overflow Attacks
    4. Defending Against IP Spoofing
    5. Defending Against Session Hijacking
    6. Blocking Virus and Trojan Horse Attacks
      1. Viruses
      2. Types of Viruses
      3. Trojan Horses
    7. Summary
  16. Chapter 3: Fundamentals of Firewalls
    1. Introduction
    2. What Is a Firewall?
      1. Types of Firewalls
      2. Packet Filtering Firewall
      3. Stateful Packet Inspection
      4. Application Gateway
      5. Circuit Level Gateway
      6. Hybrid Firewalls
      7. Blacklisting/Whitelisting
    3. Implementing Firewalls
      1. Host-Based
      2. Dual-Homed Hosts
      3. Router-Based Firewall
      4. Screened Hosts
    4. Selecting and Using a Firewall
      1. Using a Firewall
    5. Using Proxy Servers
      1. The WinGate Proxy Server
      2. NAT
    6. Summary
  17. Chapter 4: Firewall Practical Applications
    1. Introduction
    2. Using Single Machine Firewalls
    3. Windows 10 Firewall
    4. User Account Control
    5. Linux Firewalls
      1. Iptables
      2. Symantec Norton Firewall
      3. McAfee Personal Firewall
    6. Using Small Office/Home Office Firewalls
      1. SonicWALL
      2. D-Link DFL-2560 Office Firewall
    7. Using Medium-Sized Network Firewalls
      1. Check Point Firewall
      2. Cisco Next-Generation Firewalls
    8. Using Enterprise Firewalls
    9. Summary
  18. Chapter 5: Intrusion-Detection Systems
    1. Introduction
    2. Understanding IDS Concepts
      1. Preemptive Blocking
      2. Anomaly Detection
    3. IDS Components and Processes
    4. Understanding and Implementing IDSs
      1. Snort
      2. Cisco Intrusion-Detection and Prevention
    5. Understanding and Implementing Honeypots
      1. Specter
      2. Symantec Decoy Server
      3. Intrusion Deflection
      4. Intrusion Deterrence
    6. Summary
  19. Chapter 6: Encryption Fundamentals
    1. Introduction
    2. The History of Encryption
      1. The Caesar Cipher
      2. ROT 13
      3. Atbash Cipher
      4. Multi-Alphabet Substitution
      5. Rail Fence
      6. Vigenère
      7. Enigma
      8. Binary Operations
    3. Learning About Modern Encryption Methods
      1. Symmetric Encryption
      2. Key Stretching
      3. PRNG
      4. Public Key Encryption
      5. Digital Signatures
    4. Identifying Good Encryption
    5. Understanding Digital Signatures and Certificates
      1. Digital Certificates
      2. PGP Certificates
      3. MD5
      4. SHA
      5. RIPEMD
      6. HAVAL
    6. Understanding and Using Decryption
    7. Cracking Passwords
      1. John the Ripper
      2. Using Rainbow Tables
      3. Using Other Password Crackers
      4. General Cryptanalysis
    8. Steganography
    9. Steganalysis
    10. Quantum Computing and Quantum Cryptography
    11. Summary
  20. Chapter 7: Virtual Private Networks
    1. Introduction
    2. Basic VPN Technology
    3. Using VPN Protocols for VPN Encryption
      1. PPTP
      2. PPTP Authentication
      3. L2TP
      4. L2TP Authentication
      5. L2TP Compared to PPTP
    4. IPSec
    5. SSL/TLS
    6. Implementing VPN Solutions
      1. Cisco Solutions
      2. Service Solutions
      3. Openswan
      4. Other Solutions
    7. Summary
  21. Chapter 8: Operating System Hardening
    1. Introduction
    2. Configuring Windows Properly
      1. Accounts, Users, Groups, and Passwords
      2. Setting Security Policies
      3. Registry Settings
      4. Services
      5. Encrypting File System
      6. Security Templates
    3. Configuring Linux Properly
    4. Patching the Operating System
    5. Configuring Browsers
      1. Securing Browser Settings for Microsoft Internet Explorer
      2. Other Browsers
    6. Summary
  22. Chapter 9: Defending Against Virus Attacks
    1. Introduction
    2. Understanding Virus Attacks
      1. What Is a Virus?
      2. What Is a Worm?
      3. How a Virus Spreads
      4. The Virus Hoax
      5. Types of Viruses
    3. Virus Scanners
      1. Virus Scanning Techniques
      2. Commercial Antivirus Software
    4. Antivirus Policies and Procedures
    5. Additional Methods for Defending Your System
    6. What to Do If Your System Is Infected by a Virus
      1. Stopping the Spread of the Virus
      2. Removing the Virus
      3. Finding Out How the Infection Started
    7. Summary
  23. Chapter 10: Defending Against Trojan Horses, Spyware, and Adware
    1. Introduction
    2. Trojan Horses
      1. Identifying Trojan Horses
      2. Symptoms of a Trojan Horse
      3. Why So Many Trojan Horses?
      4. Preventing Trojan Horses
    3. Spyware and Adware
      1. Identifying Spyware and Adware
      2. Anti-Spyware
      3. Anti-Spyware Policies
    4. Summary
  24. Chapter 11: Security Policies
    1. Introduction
    2. Defining User Policies
      1. Passwords
      2. Internet Use Policy
      3. E-mail Attachments
      4. Software Installation and Removal
      5. Instant Messaging
      6. Desktop Configuration
      7. Final Thoughts on User Policies
    3. Defining System Administration Policies
      1. New Employees
      2. Leaving Employees
      3. Change Requests
      4. Security Breaches
    4. Defining Access Control
    5. Defining Developmental Policies
    6. Summary
  25. Chapter 12: Assessing System Security
    1. Introduction
    2. Risk Assessment Concepts
    3. Evaluating the Security Risk
    4. Conducting the Initial Assessment
      1. Patches
      2. Ports
      3. Protect
      4. Physical
    5. Probing the Network
      1. NetCop
      2. NetBrute
      3. Cerberus
      4. Port Scanner for Unix: SATAN
      5. SAINT
      6. Nessus
      7. NetStat Live
      8. Active Ports
      9. Other Port Scanners
      10. Microsoft Baseline Security Analyzer
      11. NSAuditor
      12. NMAP
    6. Vulnerabilities
      1. CVE
      2. NIST
      3. OWASP
    7. McCumber Cube
      1. Goals
      2. Information States
      3. Safeguards
    8. Security Documentation
      1. Physical Security Documentation
      2. Policy and Personnel Documentation
      3. Probe Documents
      4. Network Protection Documents
    9. Summary
  26. Chapter 13: Security Standards
    1. Introduction
    2. COBIT
    3. ISO Standards
    4. NIST Standards
      1. NIST SP 800-14
      2. NIST SP 800-35
      3. NIST SP 800-30 Rev. 1
    5. U.S. DoD Standards
    6. Using the Orange Book
      1. D - Minimal Protection
      2. C - Discretionary Protection
      3. B - Mandatory Protection
      4. A - Verified Protection
    7. Using the Rainbow Series
    8. Using the Common Criteria
    9. Using Security Models
      1. Bell-LaPadula Model
      2. Biba Integrity Model
      3. Clark-Wilson Model
      4. Chinese Wall Model
      5. State Machine Model
    10. U.S. Federal Regulations, Guidelines, and Standards
      1. The Health Insurance Portability & Accountability Act of 1996 (HIPAA)
      2. HITECH
      3. Sarbanes-Oxley (SOX)
      4. Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030
      5. Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029
      6. General Data Protection Regulation (GDPR)
      7. PCI DSS
    11. Summary
  27. Chapter 14: Physical Security and Disaster Recovery
    1. Introduction
    2. Physical Security
      1. Equipment Security
      2. Securing Building Access
      3. Monitoring
      4. Fire Protection
      5. General Premises Security
    3. Disaster Recovery
      1. Disaster Recovery Plan
      2. Business Continuity Plan
      3. Determining Impact on Business
      4. Testing Disaster Recovery
      5. Disaster Recovery Related Standards
    4. Ensuring Fault Tolerance
    5. Summary
  28. Chapter 15: Techniques Used by Attackers
    1. Introduction
    2. Preparing to Hack
      1. Passively Searching for Information
      2. Active Scanning
      3. NSAuditor
      4. Enumerating
      5. Nmap
      6. Shodan.io
      7. Manual Scanning
    3. The Attack Phase
      1. Physical Access Attacks
      2. Remote Access Attacks
    4. Wi-Fi Hacking
    5. Summary
  29. Chapter 16: Introduction to Forensics
    1. Introduction
    2. General Forensics Guidelines
      1. EU Evidence Gathering
      2. Scientific Working Group on Digital Evidence
      3. U.S. Secret Service Forensics Guidelines
      4. Don’t Touch the Suspect Drive
      5. Leave a Document Trail
      6. Secure the Evidence
    3. FBI Forensics Guidelines
    4. Finding Evidence on the PC
      1. In the Browser
      2. In System Logs
      3. Recovering Deleted Files
      4. Operating System Utilities
      5. The Windows Registry
    5. Gathering Evidence from a Cell Phone
      1. Logical Acquisition
      2. Physical Acquisition
      3. Chip-off and JTAG
      4. Cellular Networks
      5. Cell Phone Terms
    6. Forensic Tools to Use
      1. AccessData Forensic Toolkit
      2. EnCase
      3. The Sleuth Kit
      4. OSForensics
    7. Forensic Science
    8. To Certify or Not to Certify?
    9. Summary
  30. Chapter 17: Cyber Terrorism
    1. Introduction
    2. Defending Against Computer-Based Espionage
    3. Defending Against Computer-Based Terrorism
      1. Economic Attack
      2. Compromising Defense
      3. General Attacks
      4. China Eagle Union
    4. Choosing Defense Strategies
      1. Defending Against Information Warfare
      2. Propaganda
      3. Information Control
      4. Actual Cases
      5. Packet Sniffers
    5. Summary
  31. Appendix A: Answers
  32. Glossary
  33. Index

Product information

  • Title: Network Defense and Countermeasures: Principles and Practices, 3rd Edition
  • Author(s): Chuck Easttom
  • Release date: April 2018
  • Publisher(s): Pearson IT Certification
  • ISBN: 9780134893112