Network Defense and Countermeasures: Principles and Practices, 4th edition
Published by Pearson IT Certification (September 19, 2023) © 2024
- William Easttom
eTextbook
- Anytime, anywhere learning with the Pearson+ app
- Easy-to-use search, navigation and notebook
- Simpler studying with flashcards
- A print text (hardcover or paperback)
- Free shipping
All you need to know about defending networks, in one book
- Clearly explains concepts, terminology, challenges, tools, and skills
- Covers key security standards and models for business and government
- The perfect introduction for all network/computer security professionals and students
Welcome to today's most useful and practical introduction to defending modern networks. Drawing on decades of experience, Chuck Easttom brings together updated coverage of all the concepts, terminology, techniques, and solutions you'll need to be effective.
Easttom thoroughly introduces the core technologies of modern network security, including firewalls, intrusion-detection systems, and VPNs. Next, he shows how encryption can be used to safeguard data as it moves across networks.
You'll learn how to harden operating systems, defend against malware and network attacks, establish robust security policies, and assess network security using industry-leading standards and models. You'll also find thorough coverage of key issues such as physical security, forensics, and cyberterrorism.
Throughout, Easttom blends theory and application, helping you understand both what to do and why. In every chapter, quizzes, exercises, projects, and web resources deepen your understanding and help you use what you've learned—in the classroom and in your career.
LEARN HOW TO
- Evaluate key network risks and dangers
- Choose the right network security approach for your organization
- Anticipate and counter widespread network attacks, including those based on "social engineering"
- Successfully deploy and apply firewalls and intrusion detection systems
- Secure network communication with virtual private networks
- Protect data with cryptographic public/private key systems, digital signatures, and certificates
- Defend against malware, including ransomware, Trojan horses, and spyware
- Harden operating systems and keep their security up to date
- Define and implement security policies that reduce risk
- Explore leading security standards and models, including ISO and NIST standards
- Prepare for an investigation if your network has been attacked
- Understand the growing risks of espionage and cyberterrorism
   Preface xxiii
Chapter 1: Introduction to Network Security 2
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
   The Basics of a Network.. . . . . . . . . . . . . . . . . . . . . . . . . 3
   Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 11
   The OSI Model.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   What Does This Mean for Security?. . . . . . . . . . . . . . . . . . . . 16
   Assessing Likely Threats to the Network. . . . . . . . . . . . . . . . . . 16
   Classifications of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 20
   Likely Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
   Threat Assessment.. . . . . . . . . . . . . . . . . . . . . . . . . . . 25
   Understanding Security Terminology.. . . . . . . . . . . . . . . . . . . . 26
   Choosing a Network Security Approach.. . . . . . . . . . . . . . . . . . 30
   Network Security and the Law.. . . . . . . . . . . . . . . . . . . . . . 32
   Using Security Resources. . . . . . . . . . . . . . . . . . . . . . . . 34
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 2: Types of Attacks 42
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
   Understanding Denial of Service Attacks.. . . . . . . . . . . . . . . . . . 43
   Defending Against Buffer Overflow Attacks.. . . . . . . . . . . . . . . . . 63
   Defending Against IP Spoofing. . . . . . . . . . . . . . . . . . . . . . 64
   Defending Against Session Hijacking.. . . . . . . . . . . . . . . . . . . 66
   Blocking Virus and Trojan Horse Attacks. . . . . . . . . . . . . . . . . . 66
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Chapter 3: Fundamentals of Firewalls 82
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
   What Is a Firewall?. . . . . . . . . . . . . . . . . . . . . . . . . . . 83
   Implementing Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . 90
   Firewall Deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . 95
   Selecting and Using a Firewall.. . . . . . . . . . . . . . . . . . . . . . 96
   Using Proxy Servers.. . . . . . . . . . . . . . . . . . . . . . . . . . 97
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 4: Firewall Practical Applications 106
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
   Using Single Machine Firewalls.. . . . . . . . . . . . . . . . . . . . . 107
   Windows 10 Firewall.. . . . . . . . . . . . . . . . . . . . . . . . . . 108
   User Account Control.. . . . . . . . . . . . . . . . . . . . . . . . . 110
   Linux Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
   Using Small Office/Home Office Firewalls.. . . . . . . . . . . . . . . . . 118
   Using Medium-Sized Network Firewalls.. . . . . . . . . . . . . . . . . . 121
   Using Enterprise Firewalls. . . . . . . . . . . . . . . . . . . . . . . . 124
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Chapter 5: Intrusion-Detection Systems 132
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
   Understanding IDS Concepts.. . . . . . . . . . . . . . . . . . . . . . 133
   IDS Components and Processes.. . . . . . . . . . . . . . . . . . . . . 135
   SIEM.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
   Evasion Techniques.. . . . . . . . . . . . . . . . . . . . . . . . . . 137
   Understanding and Implementing IDSs.. . . . . . . . . . . . . . . . . . 138
   Understanding and Implementing Honeypots. . . . . . . . . . . . . . . . 141
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Chapter 6: Encryption Fundamentals 152
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
   The History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . 153
   Learning About Modern Encryption Methods.. . . . . . . . . . . . . . . . 160
   Identifying Good Encryption.. . . . . . . . . . . . . . . . . . . . . . . 173
   Understanding Digital Signatures and Certificates.. . . . . . . . . . . . . . 174
   MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . 179
   Understanding and Using Decryption.. . . . . . . . . . . . . . . . . . . 179
   Cracking Passwords.. . . . . . . . . . . . . . . . . . . . . . . . . . 180
   Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
   Steganalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
   Quantum Computing and Quantum Cryptography. . . . . . . . . . . . . . 186
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
   Endnote.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Chapter 7: Virtual Private Networks 194
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
   Basic VPN Technology.. . . . . . . . . . . . . . . . . . . . . . . . . 195
   Using VPN Protocols for VPN Encryption.. . . . . . . . . . . . . . . . . 197
   IPsec.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
   SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
   Other VPN Protocols.. . . . . . . . . . . . . . . . . . . . . . . . . . 209
   Implementing VPN Solutions.. . . . . . . . . . . . . . . . . . . . . . 210
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Chapter 8: Operating System Hardening 222
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
   Configuring Windows Properly.. . . . . . . . . . . . . . . . . . . . . . 223
   Configuring Linux Properly.. . . . . . . . . . . . . . . . . . . . . . . 244
   Patching the Operating System.. . . . . . . . . . . . . . . . . . . . . 245
   Configuring Browsers.. . . . . . . . . . . . . . . . . . . . . . . . . 246
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Chapter 9: Defending Against Virus Attacks 260
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
   Understanding Virus Attacks.. . . . . . . . . . . . . . . . . . . . . . 261
   Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
   Virus Scanning Techniques. . . . . . . . . . . . . . . . . . 272
   When Antivirus Causes a Problem. . . . . . . . . . . . . . . 274
   Commercial Antivirus Software.. . . . . . . . . . . . . . . . 274
   Antivirus Policies and Procedures.. . . . . . . . . . . . . . . . . . . . 283
   Additional Methods for Defending Your System.. . . . . . . . . . . . . . . 284
   What to Do If Your System Is Infected by a Virus.. . . . . . . . . . . . . . 285
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Chapter 10: Defending Against Trojan Horses and Phishing 296
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
   Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
   Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Chapter 11: Security Policies 318
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
   ISO 27002. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
   Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 322
   Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 324
   Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 331
   Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 336
   Defining Developmental Policies.. . . . . . . . . . . . . . . . . . . . . 337
   Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 338
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Chapter 12: Assessing System Security 346
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
   Risk Assessment Concepts.. . . . . . . . . . . . . . . . . . . . . . . 347
   Evaluating the Security Risk.. . . . . . . . . . . . . . . . . . . . . . . 348
   Conducting the Initial Assessment. . . . . . . . . . . . . . . . . . . . 351
   Probing the Network.. . . . . . . . . . . . . . . . . . . . . . . . . . 357
   Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
   McCumber Cube.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384
   Security Documentation.. . . . . . . . . . . . . . . . . . . . . . . . 385
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Chapter 13: Security Standards 394
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
   COBIT.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
   ISO Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
   NIST Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
   U.S. DoD Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 403
   Using the Common Criteria.. . . . . . . . . . . . . . . . . . . . . . . 405
   Using Security Models.. . . . . . . . . . . . . . . . . . . . . . . . . 407
   U.S. Federal Regulations, Guidelines, and Standards.. . . . . . . . . . . . 410
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Chapter 14: Physical Security and Disaster Recovery 422
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
   Physical Security.. . . . . . . . . . . . . . . . . . . . . . . . . . . 422
   Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 428
   Ensuring Fault Tolerance.. . . . . . . . . . . . . . . . . . . . . . . . 432
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Chapter 15: Techniques Used by Attackers 438
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
   Preparing to Hack.. . . . . . . . . . . . . . . . . . . . . . . . . . . 439
   The Attack Phase. . . . . . . . . . . . . . . . . . . . . . . . . . . 453
   Session Hijacking. . . . . . . . . . . . . . . . . . . . . . . . . . . 457
   Wi-Fi Hacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
   Bluetooth Hacking.. . . . . . . . . . . . . . . . . . . . . . . . . . . 459
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Chapter 16: Introduction to Forensics 466
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
   General Forensics Guidelines.. . . . . . . . . . . . . . . . . . . . . . 467
   FBI Forensics Guidelines. . . . . . . . . . . . . . . . . . . . . . . . 470
   Imaging a Drive.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
   Finding Evidence on the PC.. . . . . . . . . . . . . . . . . . . . . . . 474
   Gathering Evidence from a Cell Phone.. . . . . . . . . . . . . . . . . . 485
   Forensic Tools to Use.. . . . . . . . . . . . . . . . . . . . . . . . . 491
   AccessData Forensic Toolkit.. . . . . . . . . . . . . . . . . 491
   EnCase.. . . . . . . . . . . . . . . . . . . . . . . . . . 492
   The Sleuth Kit. . . . . . . . . . . . . . . . . . . . . . . 492
   OSForensics. . . . . . . . . . . . . . . . . . . . . . . . 492
   Forensic Science.. . . . . . . . . . . . . . . . . . . . . . . . . . . 493
   To Certify or Not to Certify?.. . . . . . . . . . . . . . . . . . . . . . . 493
   Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 494
   Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 495
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
   Endnote.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Chapter 17: Cyber Warfare and Terrorism 504
   Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
   Defending Against Computer-Based Espionage. . . . . . . . . . . . . . . 505
   Defending Against Computer-Based Terrorism. . . . . . . . . . . . . . . 508
   Choosing Defense Strategies.. . . . . . . . . . . . . . . . . . . . . . 514
   Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
   Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Appendix A: Answers 530
Glossary 542
Â
9780138200589, 9/1/2023
Dr. Chuck Easttom is the author of 41 books, including several on computer security, forensics, and cryptography. He is also an inventor with 25 patents and the author of over 70 research papers. He holds a Doctor of Science in cybersecurity, a Ph.D. in nanotechnology, a Ph.D. in computer science, and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He is a senior member of both the IEEE and the ACM. He is also a Distinguished Speaker of the ACM and a Distinguished Visitor of the IEEE. Dr. Easttom is currently an adjunct professor for Georgetown University and for Vanderbilt University.
Need help? Get in touch