Chapter 17: Intrusion Detection and Response . . . 557
Malicious Code . . . 557 Viruses . . . 557 Review of Common Attacks . . . 559 Denial-of-service/Distributed denial-of-service attacks . . . 559 Back door . . . 560
Honeypots . . . 573 The Systems Security Engineering Capability Maturity Model . . . . 592 NSA Infosec Assessment Methodology . . . 594
The National Information Assurance Certification
and Accreditation Process . . . 596 Four phases of NIACAP . . . 597 DoD Information Technology Security Certification
and Accreditation Process . . . 598 The four phases of DITSCAP . . . 599 Federal Information Processing Standard 102 . . . 600 OMB Circular A-130 . . . 601 The National Institute of Standards and Technology
Assessment Guidelines . . . 602
Closed-box test . . . 610 Open-box test . . . 610 Auditing and Monitoring . . . 610 Auditing . . . 610 Monitoring . . . 611 Summary . . . 612
Chapter 19: Putting Everything Together . . . 613
Critical Problems Facing Organizations . . . 613 How do I convince management security is a problem
and that they should spend money on it? . . . 613 How do I keep up with the increased number of attacks? . . . 615 How do you make employees part of the solution and
not part of the problem? . . . 615 How do you analyze all of the log data? . . . 616 How do I keep up with all of the different systems across
my enterprise and make sure they are all secure? . . . 617 How do I know if I am a target of corporate espionage
or some other threat? . . . 617 Top 10 common mistakes . . . 618 General Tips for Protecting a Site . . . 620 Defense in depth . . . 620 Principle of least privilege . . . 621 Know what is running on your system . . . 621 Prevention is ideal but detection is a must . . . 622 Apply and test patches . . . 623 Regular checks of systems . . . 623 Summary . . . 623
Index . . . 625
Acknowledgments
J
ohn Wiley is a wonderful publisher to work with. Carol Long is an insightful and energetic executive editor who provides continual support. Marcia Ellett pro-vided constant guidance and expertise, and without all of her help and hard work, this book would not be where it is today.As deadlines approach you reach out to your co-workers who are truly friends to tap into the expertise and knowledge. Sandy Ring, Bill Speirs, and Vignesh Kumar all wrote or helped write chapters in the book. Their technical knowledge is top notch and their input was critical to the success of the book.
The authors would not be working together or be able to complete the book with-out having the opportunity to work for such a great company, TSGI (The Sytex Group, Inc.). Continuing thanks to Syd Martin for understanding the importance of research and for allowing creative minds to think of solutions to complex technical problems. Syd’s support is critical to the success of this book and the success of the cutting-edge research the team produces.
Most of all we want to thank God for blessing us with a great life and a wonderful family.
Eric has Kerry, who is a loving and supportive wife. Without her none of this would be possible. Eric’s wonderful son, Jackson, and his princess, Anna, bring joy and happiness to him everyday.
Ron is blessed with an understanding and supporting wife; children, Sheri and Lisa;
and wonderful grandchildren, Patrick, Ryan, Aaron, and Emma.
Jim receives unlimited love and support from his lovely wife, Jill, and his exceptional children, Matthew and Andrew.
In addition, we thank all of our friends, family, and co-workers who have supported us in a variety of ways through this entire process.
Introduction
N
etwork security spans a large number of disciplines, ranging from manage-ment and policy topics to operating system kernel fundamanage-mentals.Historically, the coverage of these and the other network security areas was pre-sented in multiple, specialized publications or given a high-level treatment that was not suited to the practitioner. Network Security Bibleapproaches network security from the view of the individual who wants to learn and apply the associated net-work security best practices without having to sort through a myriad of extraneous material from multiple sources. The information provided in this text includes
“secrets” learned by practicing professionals in the field of network security through many years of real-world experience.
The Goal of This Book
Network Security Bibleprovides comprehensive coverage of the fundamental con-cepts of network security and the processes and means required to implement a secure network. The goal of this text is to provide the reader with an understanding of security engineering processes and network security best practices, including in-depth specifics on the following topics:
✦Windows
✦UNIX
✦Linux
✦The World Wide Web
✦Risk management
✦Server applications
✦Domain Name Systems (DNS)
✦Communications security
Other topics are aimed at providing the reader with insight into information assurance through clear and thorough tutorials on the latest information, including security assessment, evaluation, and testing techniques. This up-to-date and applicable knowl-edge will benefit practitioners in the commercial, government, and industrial sectors.
Network Security Biblemeets the needs of information security professionals and other individuals who have to deal with network security in their everyday activi-ties. It is truly an all-inclusive reference that tells you why and how to achieve a secure network in clear and concise terms.
The Five Parts of This Book
Network Security Bibleis organized into the following five parts: