Introduction to Security and Network Forensics

Keeping up with the latest developments in cyber security requires ongoing commitment, but without a firm foundation in the principles ofcomputer security and digital forensics, those tasked with safeguarding private information canget lost in a turbulent and shifting sea. Providing such a foundation,Introduction to Security and Network Forensics covers the basic principles of intrusion detection systems, encryption, and authentication, as well as the key academic principles related to digital forensics.Starting with an overview of general security concepts, it addresses hashing, digital certificates, enhanced software security, and network security. The text introduces the concepts of risk, threat analysis, and network forensics, and includes online access to an abundance of ancillary materials, including labs, Cisco challenges, test questions, and web-based videos. The author provides readers with access to a complete set of simulators for routers, switches, wireless access points (Cisco Aironet 1200), PIX/ASA firewalls (Version 6.x, 7.x and 8.x), Wireless LAN Controllers (WLC), Wireless ADUs, ASDMs, SDMs, Juniper, and much more, including: More than 3,700 unique Cisco challenges and 48,000 Cisco Configuration Challenge Elements 60,000 test questions, including for Certified Ethical Hacking and CISSP® 350 router labs, 180 switch labs, 160 PIX/ASA labs, and 80 Wireless labs Rounding out coverage with a look into more advanced topics, including data hiding, obfuscation, web infrastructures, and cloud and grid computing, this book provides thefundamental understanding in computer security and digital forensics required to develop and implement effective safeguards against ever-evolving cyber security threats. Along with this, the textincludes arange of online lectures and related material, available at: http://asecuritybook.com.

Introduction to Security ObjectivesThe Industrial and the Information AgeCIA and AAAProtecting against IntrudersUsers, Systems, and DataServices, Role-Based Security, and Cloud ComputingSecurity and Forensic ComputingISO 27002RisksRisk Management/AvoidanceSecurity PoliciesDefi ning the PolicyExample RisksDefense-in-DepthGateways and DMZ (Demilitarized Zones)Layered Model and SecurityEncryption and a Layered Approach to DefenseSoftware Tutorial—Data Packet CaptureOnline ExercisesNetworkSims ExercisesChapter LectureReferences Intrusion Detection Systems ObjectivesIntroductionTypes of IntrusionAttack PatternsHost/Network-Based Intrusion DetectionPlacement of the IDSSNORTExample RulesRunning SnortUser, Machine, and Network ProfilingHoney PotsIn-Line and Out-of-Line IDSsFalse and TrueCustomized Agent-Based IDSTutorialSoftware TutorialSnort TutorialOnline ExercisesNetworkSims ExercisesChapter LectureReferences Encryption ObjectivesIntroductionSimple Cipher MethodsBrute-Force AnalysisPublic Key, Private Key, and Session KeysAdding SaltPrivate-Key EncryptionEncryption ClassesPublic-Key EncryptionOne-Way HashingKey EntropyFile EncryptionTutorialSoftware TutorialWeb Page ExercisesNetwork Simulation TutorialChallengesOnline ExercisesNetworkSims ExercisesChapter Lecture Authentication, Hashing, and Digital Certificates ObjectivesIntroductionMethods of AuthenticationBiometricsMessage HashAuthenticating the SenderDigital Certifi cates and PKIHMAC (Hash Message Authentication Code)Future of Authentication Systems—KerberosEmail EncryptionTutorialSoftware TutorialOnline ExercisesWeb Page ExercisesNetworkSims ExercisesChapter LectureReference Enhanced Software Security ObjectivesIntroductionIntegrating Security into ApplicationsGood PracticeThe Future of Software.NET Environment—The Future of SecurityStrengths of .NETGlobal Assembly Cache (GAC)Strong NamesNET Security ModelIntegrating Security into ApplicationsWeb Service SecurityNET Framework 3.0 (WinFX)TutorialSoftware TutorialWeb Page ExercisesOn-Line ExercisesNetworkSims ExercisesChapter LectureReferences Network Security Elements ObjectivesIntroductionRouter (Packet Filtering) FirewallsNetwork Address TranslationPIX/ASA FirewallProxy ServersTutorialWeb Page ExercisesOnline ExercisesNetworkSims ExercisesChapter Lecture Introduction to Risk ObjectivesIntroductionSecurity TaxonomyThreatsService-Oriented InfrastructuresSecurity PoliciesDefining the PolicyTutorialWindows Service TutorialLinux Service TutorialThreat Analysis ObjectivesIntroductionIntruder DetectionVulnerably AnalysisHpingBotnetsPhishingActive AttacksInferenceAffiliate ScamsPassword Cracking ProgramsTutorialVulnerability TutorialSQL Injection TutorialAppendix Network Forensics ObjectivesIntroductionThe Key ProtocolsEthernet, IP, and TCP HeadersTCP ConnectionARPSYNApplication Layer Analysis—FTPICMPDNSPort ScanSYN FloodSpoofed AddressesApplication Layer Analysis—HTTPNetwork Logs on HostsTripwireTutorialNetwork Forensics TutorialTripwire Tutorial Data Hiding and Obfuscation ObjectivesIntroductionObfuscation Using EncryptionObfuscation through TunnelingCovert ChannelsWatermarking and StenographyHiding File ContentsReferencesTutorialExercises Web Infrastructures ObjectivesIntroductionIdentity 2.0SOAP over HTTPLDAPAuthentication Infrastructures802.1x Authentication InfrastructureOpenIDKerberosWS-*Access ControlTutorialPractical WorkExercisesActivitiesSecure Server Setup Cloud/Grid ComputingObjectivesIntroductionGrid ComputingCloud ComputingAmazon Web ServicesInstalling EC2 and S3 Command ToolsActivities Index

Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University, UK. He currently leads the Centre for Distributed Computing and Security, along with leading the Scottish Centre of Excellence in Security and Cybercrime. He works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. ProfessorBuchanan has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing, including a widely-used network simulation package. He has published over 25 academic books, and over 120 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including within law enforcement, health care, and finance. Along with this he has been involved in university start-ups and in generating novel methods within security and digital forensics.