Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to...
Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The second edition offers updated content and brand new material, from enhanced coverage of non-firewall subjects like information and network security to an all-new section dedicated to intrusion detection in the context of incident response.
Introduction xviiIntroduction to Information Security 1Introduction 2What Is Information Security? 3Critical Characteristics of Information 4CNSS Security Model 5Securing Components 6Balancing Information Security and Access 6Business Needs First 7Protecting the Functionality of an Organization 7Enabling the Safe Operation of Applications 8Protecting Data That Organizations Collect and Use 8Safeguarding Technology Assets in Organizations 8Security Professionals and the Organization 8Data Ownership 9Threats 10Human Error or Failure 11Compromises to Intellectual Property 12Espionage or Trespass 13Information Extortion 16Sabotage or Vandalism 16Theft 17Software Attacks 17Forces of Nature 20Deviations in Quality of Service 21Hardware Failures or Errors 22Software Failures or Errors 23Obsolescence 23Attacks 23Malicious Code 23"Hoaxes" 24Back Doors 24Password Crack 25Brute Force 25Dictionary 25Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) 25Spoofing 26Man-in-the-Middle 27Spam 28Mail Bombing 28Sniffers 28Social Engineering 28Buffer Overflow 30Timing Attack 30Chapter Summary 30Review Questions 31Exercises 32Case Exercises 33An Introduction to Networking 37Introduction 38Networking Fundamentals 38Reasons to Network 39Types of Networks 40Network Standards 42Internet Society (ISOC) 42Internet Assigned Numbers Authority (IANA) 42American National Standards Institute (ANSI) 43International Telecommunication Union (ITU) 43Institute of Electrical and Electronics Engineers (IEEE) 43Telecommunications Industry Association (TIA) 43International Organization for Standardization (ISO) 44OSI Reference Model and Security 44The Physical Layer 45Data Link Layer 53Network Layer 56Transport Layer 59Session Layer 64Presentation Layer 64Application Layer 64The Internet and TCP/IP 66The World Wide Web 66TCP/IP 67Chapter Summary 69Review Questions 70Exercises 71Case Exercises 71Security Policies, Standards, and Planning 73Introduction 74Information Security Policy, Standards, and Practices 75Definitions 75Enterprise Information Security Policy (EISP) 77Issue-Specific Security Policy (ISSP) 78System-Specific Policy (SysSP) 81Policy Management 83Frameworks and Industry Standards 85The ISO 27000 Series 86NIST Security Models 90IETF Security Architecture 91Benchmarking and Best Business Practices 91Security Architecture 92Security Education, Training, and Awareness Program 95Security Education 96Security Training 96Security Awareness 97Continuity Strategies 98Business Impact Analysis 101Incident Response Planning 104Disaster Recovery Planning 104Business Continuity Planning 105Crisis Management 106Chapter Summary 107Review Questions 108Exercises 109Case Exercises 110Finding Network Vulnerabilities 113Introduction 114Common Vulnerabilities 114Defects in Software or Firmware 114Weaknesses in Processes and Procedures 121Scanning and Analysis Tools 121Port Scanners 125Firewall Analysis Tools 126Operating System Detection Tools 127Vulnerability Scanners 128Packet Sniffers 133Wireless Security Tools 134Penetration Testing 135Chapter Summary 138Review Questions 138Exercises 139Case Exercises 139Firewall Planning and Design 141Introduction 142Misconceptions About Firewalls 143Firewalls Explained 143An Analogy: Office Tower Security Guard 144Firewall Security Features 145Firewall User Protection 145Firewall Network Perimeter Security 145Firewall Components 146Firewall Security Tasks 147Types of Firewall Protection 152Packet Filtering 152PAT and NAT 159Application Layer Gateways 160Firewall Categories 162Processing Mode 162Firewall Generation 164Firewall Structures 165Firewall Architectures 174Limitations of Firewalls 178Chapter Summary 178Review Questions 179Exercises 180Case Exercises 181Packet Filtering 183Introduction 184Understanding Packets and Packet Filtering 184Packet-Filtering Devices 184Anatomy of a Packet 185Packet-Filtering Rules 187Packet-Filtering Methods 189Stateless Packet Filtering 190Stateful Packet Filtering 195Filtering Based on Packet Content 197Setting Specific Packet Filter Rules 197Best Practices for Firewall Rules 197Rules That Cover Multiple Variations 199Rules for ICMP Packets 199Rules That Enable Web Access 201Rules That Enable DNS 202Rules That Enable FTP 202Rules That Enable E-Mail 203Chapter Summary 205Review Questions 205Exercises 206Case Exercises 207Working with Proxy Servers and Application-Level Firewalls 209Introduction 210Overview of Proxy Servers 210How Proxy Servers Work 210How Proxy Servers Differ from Packet Filters 212Sample Proxy Server Configurations 212Goals of Proxy Servers 214Concealing Internal Clients 215Blocking URLs 216Blocking and Filtering Content 216E-Mail Proxy Protection 217Improving Performance 217Ensuring Security 218Providing User Authentication 218Redirecting URLs 219Proxy Server Configuration Considerations 219Providing for Scalability 219Working with Client Configurations 219Working with Service Configurations 221Creating Filter Rules 221Recognizing the Single Point of Failure 222Recognizing Buffer Overflow Vulnerabilities 222Choosing a Proxy Server 222Transparent Proxies 222Nontransparent Proxies 223SOCKS-Based Proxies 223Proxy Server-Based Firewalls Compared 224T.REX Open-Source Firewall 225Squid 225WinGate 225Symantec Enterprise Firewall 226Microsoft Internet Security & Acceleration Server 226Reverse Proxies 226When a Proxy Service Isn't the Correct Choice 228Chapter Summary 229Review Questions 229Exercises 230Case Exercises 231Firewall Configuration and Administration 233Introduction 234Establishing Firewall Rules and Restrictions 235The Role of the Rules File 235Restrictive Firewalls 235Connectivity-Based Firewalls 236Firewall Configuration Strategies 237Scalability 237Productivity 237Dealing with IP Address Issues 238Approaches That Add Functionality to Your Firewall 239NAT/PAT 239Encryption 239Application Proxies 240VPNs 240Intrusion Detection and Prevention Systems 241Enabling a Firewall to Meet New Needs 243Verifying Resources Needed by the Firewall 244Identifying New Risks 245Adding Software Updates and Patches 245Adding Hardware 246Dealing with Complexity on the Network 247Adhering to Proven Security Principles 248Environmental Management 248BIOS, Boot, and Screen Locks 248Remote Management Interface 249Why Remote Management Tools Are Important 249Security Concerns 250Basic Features of Remote Management Tools 250Automating Security Checks 251Configuring Advanced Firewall Functions 251Data Caching 251Hot Standby Redundancy 252Load Balancing 253Filtering Content 254Chapter Summary 256Review Questions 257Exercises 257Case Exercises 258Encryption and Firewalls 259Introduction 260Firewalls and Encryption 260The Cost of Encryption 262Preserving Data Integrity 262Maintaining Confidentiality 262Authenticating Network Clients 263Enabling Virtual Private Networks (VPNs) 263Principles of Cryptography 263Encryption Definitions 264Cryptographic Notation 264Encryption Operations 265Using Cryptographic Controls 276E-mail Security 277Securing the Web 277Securing Authentication 278Attacks on Cryptosystems 280Man-in-the-Middle Attack 281Correlation Attacks 281Dictionary Attacks 281Timing Attacks 282Defending from Attacks 282Chapter Summary 283Review Questions 283Exercises 284Case Exercises 285Authenticating Users 287Introduction 288The Authentication Process in General 288How Firewalls Implement the Authentication Process 289Firewall Authentication Methods 290User Authentication 291Client Authentication 291Session Authentication 292Centralized Authentication 293Kerberos 294TACACS+ 295Remote Authentication Dial-In User Service (RADIUS) 296TACACS+ and RADIUS Compared 296Password Security Issues 298Passwords That Can Be Cracked 298Password Vulnerabilities 298Lax Security Habits 298Password Security Tools 299One-Time Password Software 299The Shadow Password System 299Other Authentication Systems 300Single-Password Systems 300One-Time Password Systems 300Certificate-Based Authentication 301802.1X Wi-Fi Authentication 302Chapter Summary 303Review Questions 303Exercises 304Case Exercises 305Setting Up a Virtual Private Network 307Introduction 308VPN Components and Operations 309VPN Components 309Essential Activities of VPNs 313Benefits and Drawbacks of VPNs 314VPNs Extend Network Boundaries 314Types of VPNs 315VPN Appliances 316Software VPN Systems 317VPN Combinations of Hardware and Software 318Combination VPNs 318VPN Setups 318Mesh Configuration 318Hub-and-Spoke Configuration 319Hybrid Configuration 321Configurations and Extranet and Intranet Access 321Tunneling Protocols Used with VPNs 322IPSec/IKE 322PPTP 323L2TP 324PPP Over SSL/PPP Over SSH 324Enabling Remote Access Connections Within VPNs 325Configuring the Server 325Configuring Clients 326VPN Best Practices 327The Need for a VPN Policy 327Packet Filtering and VPNs 327Auditing and Testing the VPN 330Chapter Summary 33Review Questions 334Exercises 334Case Exercises 335Contingency Planning 337Introduction 338What Is Contingency Planning? 339Components of Contingency Planning 341Business Impact Analysis 342Incident Response Plan 343Disaster Recovery Plan 344Business Continuity Plan 344Incident Response: Preparation, Organization, and Prevention 345Planning for the Response During the Incident 347Planning for After the Incident 349Planning for Before the Incident 349Incident Classification and Detection 351Classifying Incidents 352Data Collection 354Detecting Compromised Software 356Challenges in Intrusion Detection 357Incident Reaction 357Selecting an IR Strategy 357Notification 359Documenting an Incident 360Incident Containment Strategies 360Interviewing Individuals Involved in the Incident 361Recovering from Incidents 361Identify and Resolve Vulnerabilities 362Restore Data 363Restore Services and Processes 363Restore Confidence Across the Organization 363IR Plan Maintenance 363The After-Action Review 363IR Plan Review and Maintenance 365Training 365Rehearsal 365Data and Application Resumption 366Disk-to-Disk-to-Tape 366Backup Strategies 366Tape Backup and Recovery 367Redundancy-Based Backup and Recovery Using RAID 369Database Backups 371Application Backups 372Real-Time Protection, Server Recovery, and Application Recovery 372Service Agreements 377Chapter Summary 378Review Questions 379Exercises 379Case Exercises 380Intrusion Detection and Prevention Systems 383Introduction 384Intrusion Detection and Prevention 384IDPS Terminology 385Why Use an IDPS? 387Network-Based IDPS 390Host-Based IDPS 394IDPS Detection Methods 396IDPS Response Behavior 398Selecting IDPS Approaches and Products 401Strengths and Limitations of IDPSs 406Deployment and Implementation of an IDPS 407Measuring the Effectiveness of IDPSs 415Honey Pots, Honey Nets, and Padded Cell System 417Trap and Trace Systems 419Active Intrusion Prevention 420Chapter Summary 420Review Questions 421Exercises 422Case Exercises 422Digital Forensics 425Introduction 426The Digital Forensic Team 426The First Response Team 427The Analysis Team 428Digital Forensics Methodology 430Affidavits and Search Warrants 430Acquiring the Evidence 432Identifying Sources 432Authenticating Evidence 433Collecting Evidence 434Maintaining the Chain of Custody 447Analyzing Evidence 449Searching for Evidence 451Reporting the Findings 453Interacting with Law Enforcement 453Anti-Forensics 455Chapter Summary 456Review Questions 456Exercises 457Case Exercise 457Glossary 459Index 473