Security of e-Systems and Computer Networks
, by Mohammad Obaidat , Noureddine Boudriga
- ISBN: 9780521837644 | 0521837642
- Cover: Hardcover
- Copyright: 6/25/2007
e-Based systems, and computer networks are ubiquitous in the modern world, with applications spanning e-commerce, WLANs, healthcare and governmental organizations, among others. The secure transfer of information has therefore become a critical area of research, development, and investment. This book presents the fundamental concepts, tools, and protocols of e-based system and computer network security and its wide range of applications.
Mohammad S. Obaidat, is a Professor of Computer Science at Monmouth University, New Jersey Noureddine A. Boudriga is a professor of Telecommunications at the School of Communication Engineering, and Director of the Research Laboratory on Networks and Security
| Preface | p. xv |
| E-security | p. 1 |
| Introduction to e-security | p. 3 |
| Introduction | p. 3 |
| Security costs | p. 4 |
| The CSI/FBI computer crime and security survey | p. 4 |
| Australian computer crime and security survey | p. 7 |
| Security services | p. 9 |
| Security services | p. 10 |
| Security attacks | p. 11 |
| Threats and vulnerabilities | p. 12 |
| Basics of protection | p. 14 |
| Security management | p. 15 |
| Security policies | p. 16 |
| Protections of users and networks | p. 18 |
| Protection of employees | p. 18 |
| Protection of networks | p. 19 |
| Security planning | p. 20 |
| Risk analysis | p. 21 |
| Security plans | p. 21 |
| Legal issues in system security | p. 22 |
| Summary | p. 23 |
| References | p. 24 |
| Public key cryptosystems | p. 25 |
| Introduction | p. 25 |
| Symmetric encryption | p. 26 |
| Secret key encryption features | p. 27 |
| Secret key distribution | p. 29 |
| Public key cryptosystems | p. 31 |
| Trapdoor function model | p. 32 |
| Conventional public key encryption | p. 33 |
| Comparing cryptosystems | p. 34 |
| Public key main algorithms | p. 36 |
| RSA algorithm | p. 36 |
| ElGamel algorithm | p. 38 |
| Public key management | p. 39 |
| Key management life cycle | p. 39 |
| Key distribution | p. 40 |
| Key recovery | p. 42 |
| Attacks against public key cryptosystems | p. 44 |
| Conclusion | p. 46 |
| References | p. 46 |
| Authentication and digital signature | p. 48 |
| Introduction | p. 48 |
| Weak authentication schemes | p. 50 |
| Password-based authentication | p. 50 |
| PIN-based authentication | p. 51 |
| Strong authentication schemes | p. 52 |
| Challenge-response by cryptosystems | p. 53 |
| Challenge-response by zero-knowledge techniques | p. 54 |
| Device-based authentication | p. 55 |
| Attacks on authentication | p. 56 |
| Digital signature frameworks | p. 59 |
| The RSA signature scheme | p. 60 |
| The DSA signature scheme | p. 60 |
| One-time signature | p. 61 |
| Hash functions | p. 62 |
| Examples of hash functions | p. 63 |
| Security of hash functions | p. 65 |
| Message authentication | p. 66 |
| Authentication applications | p. 66 |
| X.509 Authentication service | p. 67 |
| Kerberos service | p. 67 |
| Authentication network services | p. 68 |
| IP authentication header protocol | p. 69 |
| Authentication in wireless networks | p. 69 |
| Conclusion | p. 70 |
| References | p. 70 |
| E-system and network security tools | p. 73 |
| Public key infrastructure (PKI) systems | p. 75 |
| Introduction | p. 75 |
| The PKIX architecture model | p. 77 |
| Main PKI components | p. 77 |
| PKI documents | p. 80 |
| PKIX management functions | p. 81 |
| Public key certificates | p. 84 |
| Certificate format | p. 85 |
| CRL format | p. 87 |
| Trust hierarchical models | p. 88 |
| Hierarchical model | p. 88 |
| Mesh PKIs | p. 89 |
| Bridge certification authority architecture | p. 91 |
| Certification path processing | p. 91 |
| Path construction | p. 92 |
| Path validation | p. 94 |
| Deploying the enterprise's PKI | p. 95 |
| Assessing the needs | p. 95 |
| PKI deployment | p. 96 |
| Conclusion | p. 98 |
| References | p. 98 |
| Biometric-based security systems | p. 99 |
| Introduction | p. 99 |
| Biometrics techniques | p. 101 |
| Accuracy of biometric techniques | p. 111 |
| Issues and challenges | p. 114 |
| Concluding remarks | p. 116 |
| References | p. 117 |
| Trust management in communication networks | p. 119 |
| Introduction | p. 119 |
| Trust definition | p. 121 |
| A model for trust | p. 121 |
| Delegation of trust | p. 122 |
| Digital credentials | p. 124 |
| Active credentials | p. 124 |
| SPKI certificates | p. 127 |
| Authorization and access control systems | p. 129 |
| Access control systems | p. 129 |
| Authorization systems | p. 130 |
| Trust policy | p. 131 |
| Trust management systems | p. 133 |
| PolicyMaker | p. 133 |
| Referee | p. 134 |
| Trust-management applications | p. 135 |
| Clinical information systems | p. 135 |
| E-payment systems | p. 137 |
| Distribute firewalls | p. 140 |
| Concluding remarks | p. 141 |
| References | p. 141 |
| E-security applications | p. 143 |
| E-services security | p. 145 |
| Introduction | p. 145 |
| E-service basic concepts and roles | p. 147 |
| Examples of e-services | p. 150 |
| Basic technologies for e-services | p. 153 |
| The UDDI/SOAP/WSDL initiative | p. 154 |
| ebXML Initiative | p. 156 |
| Technical challenges and security | p. 157 |
| Message protection mechanisms | p. 161 |
| Security needs | p. 161 |
| SOAP message security | p. 162 |
| Securing registry services | p. 164 |
| ebXML registry security | p. 164 |
| Service-side protection of registries | p. 165 |
| Conclusion | p. 167 |
| References | p. 167 |
| E-government security | p. 169 |
| Introduction | p. 169 |
| E-government: concepts and practices | p. 170 |
| E-government assets | p. 171 |
| Challenges, limits, and obstacles to e-government | p. 172 |
| Authentication in e-government | p. 173 |
| Privacy in e-government | p. 175 |
| E-voting security | p. 178 |
| E-voting requirements | p. 179 |
| E-voting limits | p. 179 |
| E-voting solution | p. 181 |
| Engineering secured e-government | p. 183 |
| E-government model | p. 183 |
| E-security model | p. 185 |
| Implementing e-government | p. 186 |
| Monitoring e-government security | p. 188 |
| Security monitoring life cycle | p. 188 |
| Monitoring tools | p. 190 |
| Advanced issues in e-government | p. 190 |
| Response support system | p. 191 |
| From e-government to m-government | p. 191 |
| Conclusion | p. 193 |
| References | p. 193 |
| E-commerce security | p. 196 |
| Introduction | p. 196 |
| E-commerce security requirements | p. 198 |
| General form of the e-commerce process | p. 198 |
| Security requirements | p. 200 |
| Available security protocols | p. 201 |
| Transaction security with SSL/TLS | p. 202 |
| SSL/TLS features | p. 202 |
| Security limitations of SSL/TLS | p. 203 |
| Transaction security with SET | p. 204 |
| Protocol overview | p. 204 |
| SET process and security | p. 205 |
| Certificate operation | p. 206 |
| Securing electronic payment | p. 209 |
| Payment classification | p. 209 |
| Anonymity | p. 211 |
| M-commerce and security | p. 212 |
| M-commerce features | p. 213 |
| M-commerce transactions | p. 214 |
| Conclusion | p. 216 |
| References | p. 216 |
| Wireless LANs security | p. 218 |
| Introduction and rationale | p. 218 |
| Attacks on WLANs | p. 221 |
| Security services | p. 224 |
| Wired equivalent privacy (WEP) protocol | p. 225 |
| Problems with the WEP protocol | p. 227 |
| Keystream reuse | p. 228 |
| Message authentication | p. 230 |
| Wi-Fi protected access (WPA) | p. 231 |
| Mobile IP | p. 233 |
| Virtual private network (VPN) | p. 237 |
| Forms of VPN services | p. 239 |
| Summary | p. 243 |
| References | p. 243 |
| Protecting enterprises | p. 247 |
| Intrusion detection systems | p. 249 |
| Introduction | p. 249 |
| IDS architecture and classification | p. 251 |
| Generic IDS architecture | p. 252 |
| IDS location | p. 253 |
| Detection techniques | p. 255 |
| Detection methods | p. 255 |
| Response generation | p. 257 |
| Forensic analysis | p. 257 |
| Modeling the intrusion process | p. 258 |
| Foundation of ID | p. 258 |
| Intrusion correlation | p. 260 |
| Correlation in practice | p. 263 |
| Alert fusion | p. 264 |
| Alert verification | p. 265 |
| Intrusion identification | p. 266 |
| IDS products | p. 266 |
| IDS requirements | p. 266 |
| Product survey | p. 268 |
| Advanced issues in intrusion detection | p. 270 |
| Distributed intrusion detection | p. 270 |
| Intrusion detection for high-speed network | p. 271 |
| References | p. 273 |
| Virtual private networks | p. 274 |
| Introduction | p. 274 |
| Elements of VPNs | p. 279 |
| Types of virtual private networks | p. 280 |
| VPN considerations | p. 282 |
| VPN implementations | p. 284 |
| Hardware components | p. 285 |
| Protocols used by VPNs | p. 286 |
| Point-to-point tunneling protocol (PPTP) | p. 287 |
| Layer-2 tunneling protocol (L2TP) | p. 288 |
| IP Security (IPSec) | p. 289 |
| Encapsulating security payload | p. 290 |
| Management of keys | p. 291 |
| Packet authentication | p. 291 |
| Authentication (validation) of users | p. 292 |
| MPLS (multiprotocol label switching) | p. 294 |
| QoS provision | p. 294 |
| Summary | p. 295 |
| References | p. 296 |
| Protecting against malware | p. 298 |
| Introduction to malware | p. 298 |
| Virus analysis | p. 301 |
| Viruses classification | p. 302 |
| Defense against viruses | p. 304 |
| Worm analysis | p. 306 |
| Target discovery | p. 306 |
| Worm activation | p. 308 |
| Worm propagation | p. 310 |
| Trojan analysis | p. 311 |
| Types of Trojan horses | p. 312 |
| Protection against Trojans | p. 314 |
| Protection techniques against malware | p. 315 |
| Firewall-based protection | p. 315 |
| Preventing malware by using anti-malware software | p. 316 |
| Invasion protection using IPS | p. 318 |
| Protection guidelines | p. 319 |
| Polymorphism challenge | p. 321 |
| Conclusion | p. 323 |
| References | p. 323 |
| Computer and network security risk management | p. 325 |
| Introduction | p. 325 |
| Risk management requirements | p. 326 |
| Risk management methods | p. 328 |
| The OCTAVE method | p. 329 |
| The CORAS framework | p. 330 |
| Limits of the existing methodologies | p. 332 |
| Architectural limits | p. 332 |
| Technical limits | p. 333 |
| The NetRAM framework | p. 333 |
| Management of risk libraries | p. 336 |
| The vulnerability library | p. 337 |
| The attack library | p. 340 |
| Risk analysis | p. 342 |
| The risk analysis process | p. 342 |
| Classifying risk analysis techniques | p. 343 |
| Risk Assessment | p. 344 |
| Quantitative vs qualitative approaches | p. 344 |
| Risk assessment for preventive risk analysis | p. 346 |
| Risk assessment for reactive risk analysis | p. 346 |
| Monitoring the system state | p. 347 |
| Pattern-based monitoring | p. 347 |
| Behavior-based monitoring | p. 348 |
| Conclusion | p. 349 |
| References | p. 350 |
| Index | p. 351 |
| Table of Contents provided by Ingram. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.
Please wait while the item is added to your bag...
