Elementary Information Security

Preface
Chapter 1
Security From The Ground Up
1.1
The Security Landscape
1.1.1     Making Security Decisions
1.1.2     Framework for Risk Management
1.2
Assessing Risks
1.2.1     The Proprietor’s Risk Management Framework
1.2.2     Goals and Assets
1.2.3     Security Boundaries
1.2.4     Security Architecture
1.3
Identifying Risks
1.3.1     Threat Agents
1.3.2     Potential Attacks
1.3.3     Risk Matrix
1.4
Prioritizing Risks
1.5
Drafting Security Requirements
1.5.1     Analyzing Alice’s Risks
1.5.2     Monitoring Security Measures
1.6
Ethical Issues in Security Analysis
1.6.1     Searching for Vulnerabilities
1.6.2     Sharing and Publishing Cyber Vulnerabilities
1.7
Resources
1.7.1     Review Questions
1.7.2     Exercises
Chapter 2
Controlling a Computer
2.1
Computers and Programs
2.1.1     Input/Output
2.1.2     Program Execution
2.1.3     Procedures
2.2
Programs and Processes
2.2.1     Switching Between Processes
2.2.2     The Operating System
2.3
Buffer Overflows and the Morris Worm
2.3.1     The “Finger” Overflow
2.3.2     Security Alerts
2.3.3     Studying Cyberattacks
2.4
Access Control Strategies
2.4.1     Puzzles and Patterns
2.4.2     Chain of Control: Another Basic Principle
2.5
Keeping Processes Separate
2.5.1     Sharing a Program
2.5.2     Sharing Data
2.6
Selecting Security Controls
2.7
Security Plan: Process Protection
2.8
Resources
2.8.1     Review Questions
2.8.2     Exercises
Chapter 3
Controlling Files
3.1
The File System
3.1.1     File Ownership and Access Rights
3.1.2     Directory Access Rights
3.2
Executable Files
3.2.1     Execution Access Rights
3.2.2     Computer Viruses
3.2.3     Macro Viruses
3.2.4     Modern Malware: A Rogue’s Gallery
3.3
Sharing and Protecting Files
3.3.1     Security Policies for Sharing and Protection
3.4
Security Controls for Files
3.4.1     Deny by Default: A Basic Principle
3.4.2     Managing Access Rights
3.5
File Security Controls
3.5.1     File Permission Flags
3.5.2     Security Controls to Enforce the Isolation Policy
3.5.3     States and State Diagrams
3.6
Patching Security Flaws
3.7
Resources
3.7.1     Review Questions
3.7.2     Exercises
Chapter 4
Sharing Files
4.1
Controlled Sharing
4.1.1     Basic File Sharing on Windows
4.1.2     User Groups
4.1.3     Least Privilege and Administrative Users
4.2
File Permission Flags
4.2.1     Permission Flags and Ambiguities
4.2.2     Permission Flag Examples
4.3
Access Control Lists and OS X
4.4
Microsoft Windows ACLs
4.4.1     Denying Access
4.4.2     Default File Protection
4.4.3     A Different Trojan Horse
4.5
Monitoring Cyber System Security
4.5.1     Logging Events
4.5.2     External Security Requirements
4.6
Resources
4.6.1     Review Questions
4.6.2     Exercises
Chapter 5
Storing Files
5.1
Incident Response and Attack
5.1.1     The Aftermath of an Incident
5.1.2     Legal Disputes
5.2
Digital Evidence
5.2.1     Collecting Legal Evidence
5.2.2     Digital Evidence Procedures
5.3
Storing Data on a Hard Drive
5.3.1     Hard Drive Controller
5.3.2     Hard Drive Formatting
5.4
Common Drive Concepts
5.4.1     Error Detection and Correction
5.4.2     Drive Partitions
5.4.3     Memory Sizes and Address Variables
5.5
FAT: An Example File System
5.5.1     Boot Blocks
5.5.2     Building Files from Clusters
5.5.3     FAT Directories
5.6
Modern File Systems
5.6.1     Unix File System
5.6.2     Apple’s HFS Plus
5.6.3     Microsoft’s NTFS
5.7
Input/Output and File System Software
5.7.1     Software Layering
5.7.2     A Typical I/O Operation
5.7.3     Security and I/O
5.8
Resources
5.8.1     Review Questions
5.8.2     Exercises
Chapter 6
Authenticating People
6.1
Unlocking a Door
6.1.1     Authentication Factors
6.1.2     Threat Agents and Risks
6.1.3     Database Thefts
6.2
Evolution of Password Systems
6.2.1     One-Way Hash Functions
6.2.2     Sniffing Credentials
6.3
Password Guessing
6.3.1     Password Search Space
6.3.2     Truly Random Password Selection
6.3.3     Cracking Speeds
6.4
Attacks on Password Bias
6.4.1     Biased Choices and Average Attack Space
6.4.2     Estimating Language-Based Password Bias
6.5
Authentication Tokens
6.5.1     Challenge-Response Authentication
6.5.2     One-Time Password Tokens
6.5.3     Token Vulnerabilities
6.6
Biometric Authentication
6.6.1     Biometric Accuracy
6.6.2     Biometric Vulnerabilities
6.7
Authentication Policy
6.7.1     Weak and Strong Threats
6.7.2     Policies for Weak Threat Environments
6.7.3     Policies for Strong and Extreme Threats
6.7.4     Password Selection and Handling
6.8
Resources
6.8.1     Review Questions
6.8.2     Exercises
Chapter 7
Encrypting Files
7.1
Protecting the Accessible
7.1.1     The Encrypted Diary
7.1.2     Encryption Basics
7.1.3     Encryption and Information States
7.2
Encryption and Cryptanalysis
7.2.1     The Vigenère Cipher
7.2.2     Electromechanical Encryption
7.3
Computer-Based Encryption
7.3.1     Exclusive Or: A Crypto Building Block
7.3.2     Stream Ciphers: Another Building Block
7.3.3     Key Stream Security
7.3.4     The One-Time Pad
7.4
File Encryption Software
7.4.1     Built-In File Encryption
7.4.2     Encryption Application Programs
7.4.3     Erasing a Plaintext File
7.4.4     Choosing a File Encryption Program
7.5
Digital Rights Management
7.6
Resources
7.6.1     Review Questions
7.6.2     Exercises
Chapter 8
Secret and Public Keys
8.1
The Key Management Challenge
8.1.1     Rekeying
8.1.2     Using Text for Encryption Keys
8.1.3     Key Strength
8.2
The Reused Key Stream Problem
8.2.1     Avoiding Reused Keys
8.2.2     Key Wrapping: Another Building Block
8.2.3     Separation of Duty: A Basic Principle
8.2.4     DVD Key Handling
8.3
Public-Key Cryptography
8.3.1     Sharing a Secret: Diffie-Hellman
8.3.2     Diffie-Hellman: The Basics of the Math
8.3.3     Elliptic Curve Cryptography
8.4
RSA: Rivest-Shamir-Adleman
8.4.1     Encapsulating Keys with RSA
8.4.2     An Overview of RSA Mathematics
8.5
Data Integrity and Digital Signatures
8.5.1     Detecting Malicious Changes
8.5.2     Detecting a Changed Hash Value
8.5.3     Digital Signatures
8.6
Publishing Public Keys
8.6.1     Public-Key Certificates
8.6.2     Chains of Certificates
8.6.3     Authenticated Software Updates
8.7
Resources
8.7.1     Review Questions
8.7.2     Exercises
Chapter 9
Encrypting Volumes
9.1
Securing a Volume
9.1.1     Risks to Volumes
9.1.2     Risks and Policy Trade-Offs
9.2
Block Ciphers
9.2.1     Evolution of DES and AES
9.2.2     The RC4 Story
9.2.3     Qualities of Good Encryption Algorithms
9.3
Block Cipher Modes
9.3.1     Stream Cipher Modes
9.3.2     Cipher Feedback Mode
9.3.3     Cipher Block Chaining
9.4
Encrypting a Volume
9.4.1     Volume Encryption in Software
9.4.2     Block Modes for Volume Encryption
9.4.3     A “Tweakable” Encryption Mode
9.4.4     Residual Risks
9.5
Encryption in Hardware
9.5.1     The Drive Controller
9.5.2     Drive Locking and Unlocking
9.6
Managing Encryption Keys
9.6.1     Key Storage
9.6.2     Booting an Encrypted Drive
9.6.3     Residual Risks to Keys
9.7
Resources
9.7.1     Review Questions
9.7.2     Exercises
Chapter 10
Connecting Computers
10.1
The Network Security Problem
10.1.1   Basic Network Attacks and Defenses
10.1.2   Physical Network Protection
10.1.3   Host and Network Integrity
10.2
Transmitting Data
10.2.1   Message Switching
10.2.2   Circuit Switching
10.2.3   Packet Switching
10.3
Putting Bits on a Wire
10.3.1   Wireless Transmission
10.3.2   Transmitting Packets
10.3.3   Recovering a Lost Packe
10.4
Ethernet: A Modern LAN
10.4.1   Wiring a Small Network
10.4.2   Ethernet Frame Format
10.4.3   Finding Host Addresses
10.4.4   Handling Collisions
10.5
The Protocol Stack
10.5.1   Relationships Between Layers
10.5.2   The OSI Protocol Model
10.6
Network Applications
10.6.1   Resource Sharing
10.6.2   Data and File Sharing
10.7
Resources
10.7.1   Review Questions
10.7.2   Exercises
Chapter 11
Networks of Networks
11.1
Building Data Networks
11.1.1   Point-to-Point Network
11.1.2   Star Network
11.1.3   Bus Network
11.1.4   Tree Network
11.1.5   Mesh
11.2
Combining Computer Networks
11.2.1   Hopping Between Networks
11.2.2   Evolution of Internet Security
11.2.3   Internet Structure
11.3
Talking between Hosts
11.3.1   IP Addresses
11.3.2   IP Packet Format
11.3.3   Address Resolution Protocol
11.4
Internet Addresses in Practice
11.4.1   Addresses, Scope, and Reachability
11.4.2   Private IP Addresses
11.5
Network Inspection Tools
11.5.1   Wireshark Examples
11.5.2   Mapping a LAN with Nmap
11.6
Resources
11.6.1   Review Questions
11.6.2   Exercises
Chapter 12
End-to-End Networking
12.1
“Smart” Versus “Dumb” Networks
12.2
Internet Transport Protocols
12.2.1   Transmission Control Protocol
12.2.2   Attacks on Protocols
12.3
Names on the Internet
12.3.1   Domain Names in Practice
12.3.2   Looking Up Names
12.3.3   DNS Protocol
12.3.4   Investigating Domain Names
12.3.5   Attacking DNS
12.4
Internet Gateways and Firewalls
12.4.1   Network Address Translation
12.4.2   Filtering and Connectivity
12.4.3   Software-Based Firewalls
12.5
Long-Distance Networking
12.5.1   Older Technologies
12.5.2   Mature Technologies
12.5.3   Evolving Technologies
12.6
Resources
12.6.1   Review Questions
12.6.2   Exercises
Chapter 13
Enterprise Computing
13.1
The Challenge of Community
13.1.1   Companies and Information Control
13.1.2   Enterprise Risks
13.1.3   Social Engineering
13.2
Management Processes
13.2.1   Security Management Standards
13.2.2   Deployment Policy Directives
13.2.3   Management Hierarchies and Delegation
13.2.4   Managing Information Resources
13.2.5   Security Audits
13.2.6   Information Security Professionals
13.3
Enterprise Issues
13.3.1   Personnel Security
13.3.2   Physical Security
13.3.3   Software Security
13.4
Enterprise Network Authentication
13.4.1   Direct Authentication
13.4.2   Indirect Authentication
13.4.3   Off-Line Authentication
13.5
Contingency Planning
13.5.1   Data Backup and Restoration
13.5.2   Handling Serious Incidents
13.5.3   Disaster Preparation and Recovery
13.6
Resources
13.6.1   Review Questions
13.6.2   Exercises
Chapter 14
Network Encryption
14.1
Communications Security
14.1.1   Crypto by Layers
14.1.2   Administrative and Policy Issues
14.2
Crypto Keys on a Network
14.2.1   Manual Keying: A Building Block
14.2.2   Simple Rekeying
14.2.3   Secret-Key Building Blocks
14.2.4   Public-Key Building Blocks
14.2.5   Public-Key Versus Secret-Key Exchanges
14.3
Crypto Atop the Protocol Stack
14.3.1   Transport Layer Security—SSL and TLS
14.3.2   SSL Handshake Protocol
14.3.3   SSL Record Transmission
14.4
Network Layer Cryptography
14.4.1   The Encapsulating Security Payload
14.4.2   Implementing a VPN
14.4.3   Internet Key Exchange Protocol
14.5
Link Encryption on 802.11 Wireless
14.5.1   Wireless Packet Protection
14.5.2   Security Associations
14.6
Cryptographic Security Requirements
14.7
Resources
14.7.1   Review Questions
14.7.2   Exercises
Chapter 15
Internet Services and Email
15.1
Internet Services
15.2
Internet Email
15.2.1   Email Protocol Standards
15.2.2   Tracking an Email
15.2.3   Forging an Email Message
15.3
Email Security Problems
15.3.1   Spam
15.3.2   Phishing
15.3.3   Email Viruses and Hoaxes
15.4
Enterprise Firewalls
15.4.1   Controlling Internet Traffic
15.4.2   Traffic-Filtering Mechanisms
15.4.3   Implementing Firewall Rules
15.5
Enterprise Point of Presence
15.5.1   POP Topology
15.5.2   Attacking an Enterprise Site
15.5.3   The Challenge of Real-Time Media
15.6
Resources
15.6.1   Review Questions
15.6.2   Exercises
Chapter 16
The World Wide Web
16.1
Hypertext Fundamentals
16.1.1   Addressing Web Pages
16.1.2   Retrieving a Static Web Page
16.2
Basic Web Security
16.2.1   Static Website Security
16.2.2   Server Authentication
16.2.3   Server Masquerades
16.3
Dynamic Websites
16.3.1   Scripts on the Web
16.3.2   States and HTTP
16.4
Content Management Systems
16.4.1   Database Management Systems
16.4.2   Password Checking: A CMS Example
16.4.3   Command Injection Attacks
16.5
Ensuring Web Security Properties
16.5.1   Web Availability
16.5.2   Web Privacy
16.6
Resources
16.6.1   Review Questions
16.6.2   Exercises
Chapter 17
Governments and Secrecy
17.1
Secrecy in Government
17.1.1   The Challenge of Secrecy
17.1.2   Cybersecurity and Operations
17.2
Classifications and Clearances
17.2.1   Security Labeling
17.2.2   Security Clearances
17.2.3   Classification Levels in Practice
17.2.4   Compartments and Other Special Controls
17.3
National Policy Issues
17.3.1   Facets of National System Security
17.3.2   Security Planning
17.4
Communications Security
17.4.1   Cryptographic Technology
17.4.2   Crypto Security Procedures
17.4.3   Transmission Security
17.5
Data Protection
17.5.1   Protected Wiring
17.5.2   TEMPEST
17.6
Trustworthy Systems
17.6.1   Integrity of Operations
17.6.2   Multilevel Security
17.6.3   Computer Modes of Operation
17.7
Resources
17.7.1   Review Questions
17.7.2   Exercises
Appendix A
Acronyms
Appendix B
Alternative Security Terms and Concepts
	Index