Table of Contents

Network Defense and Countermeasures

Chapter 1: Introduction to Network Security

Introduction

The Basics of a Network

  • Basic Network Structure 
  • Data Packets 
  • IP Addresses 
  • Uniform Resource Locators 
  • MAC Addresses 
  • Protocols 

Basic Network Utilities

  • ipconfig 
  • ping 

   tracert

  • netstat 

The OSI Model
What Does This Mean for Security?

Assessing Likely Threats to the Network

Classifications of Threats

  • Malware 
  • Compromising System Security–Intrusions 
  • Denial of Service 

Likely Attacks

Threat Assessment

Understanding Security Terminology

  • Hacking Terminology 
  • Security Terminology 

Choosing a Network Security Approach

  • Perimeter Security Approach 
  • Layered Security Approach 
  • Hybrid Security Approach 

Network Security and the Law

Using Security Resources

Summary

Chapter 2: Types of Attacks 

Introduction

Understanding Denial of Service Attacks

  • DoS in Action 
  • SYN Flood 
  • Smurf Attack 
  • Ping of Death 
  • UDP Flood 
  • ICMP Flood 
  • DHCP Starvation 
  • HTTP Post DoS 
  • PDoS 
  • Distributed Reflection Denial of Service 
  • DoS Tools 
  • Real-World Examples 
  • Defending Against DoS Attacks 

Defending Against Buffer Overflow Attacks

Defending Against IP Spoofing

Defending Against Session Hijacking

Blocking Virus and Trojan Horse Attacks

  • Viruses 
  • Types of Viruses 
  • Trojan Horses 

Summary

Chapter 3: Fundamentals of Firewalls

Introduction

What Is a Firewall?

  • Types of Firewalls 
  • Packet Filtering Firewall 
  • Stateful Packet Inspection 
  • Application Gateway 
  • Circuit Level Gateway 
  • Hybrid Firewalls 
  • Blacklisting/Whitelisting 

Implementing Firewalls

  • Host-Based 
  • Dual-Homed Hosts 
  • Router-Based Firewall 
  • Screened Hosts 

Selecting and Using a Firewall

  • Using a Firewall 

Using Proxy Servers

  • The WinGate Proxy Server 
  • NAT 

Summary

Chapter 4: Firewall Practical Applications

Introduction

Using Single Machine Firewalls

Windows 10 Firewall

User Account Control

Linux Firewalls

  • Iptables 
  • Symantec Norton Firewall 
  • McAfee Personal Firewall 

Using Small Office/Home Office Firewalls

  • SonicWALL 
  • D-Link DFL-2560 Office Firewall 

Using Medium-Sized Network Firewalls

  • Check Point Firewall 
  • Cisco Next-Generation Firewalls 

Using Enterprise Firewalls

Summary

Chapter 5: Intrusion-Detection Systems

Introduction

Understanding IDS Concepts

  • Preemptive Blocking 
  • Anomaly Detection 

IDS Components and Processes

Understanding and Implementing IDSs

  • Snort 
  • Cisco Intrusion-Detection and Prevention 

Understanding and Implementing Honeypots

  • Specter 
  • Symantec Decoy Server 
  • Intrusion Deflection 
  • Intrusion Deterrence 

Summary

Chapter 6: Encryption Fundamentals

Introduction

The History of Encryption

  • The Caesar Cipher 
  • ROT 13 
  • Atbash Cipher 
  • Multi-Alphabet Substitution 
  • Rail Fence 
  • Vigenère 
  • Enigma 
  • Binary Operations 

Learning About Modern Encryption Methods

  • Symmetric Encryption 
  • Key Stretching 
  • PRNG 
  • Public Key Encryption 
  • Digital Signatures 

Identifying Good Encryption

Understanding Digital Signatures and Certificates

  • Digital Certificates 
  • PGP Certificates 
  • MD5 
  • SHA 
  • RIPEMD 
  • HAVAL 

Understanding and Using Decryption

Cracking Passwords
John the Ripper

  • Using Rainbow Tables 
  • Using Other Password Crackers 
  • General Cryptanalysis 

Steganography

Steganalysis

Quantum Computing and Quantum Cryptography

Summary

Chapter 7: Virtual Private Networks

Introduction

Basic VPN Technology

Using VPN Protocols for VPN Encryption

  • PPTP 
  • PPTP Authentication 
  • L2TP 
  • L2TP Authentication 
  • L2TP Compared to PPTP 

IPSec

SSL/TLS

Implementing VPN Solutions

  • Cisco Solutions 
  • Service Solutions 
  • Openswan 
  • Other Solutions 

Summary

Chapter 8: Operating System Hardening

Introduction

Configuring Windows Properly

  • Accounts, Users, Groups, and Passwords 
  • Setting Security Policies 
  • Registry Settings 
  • Services 
  • Encrypting File System 
  • Security Templates 

Configuring Linux Properly

Patching the Operating System

Configuring Browsers

  • Securing Browser Settings for Microsoft Internet Explorer 
  • Other Browsers 

Summary

Chapter 9: Defending Against Virus Attacks

Introduction

Understanding Virus Attacks

  • What Is a Virus? 
  • What Is a Worm? 
  • How a Virus Spreads 
  • The Virus Hoax 
  • Types of Viruses 

Virus Scanners

  • Virus Scanning Techniques 
  • Commercial Antivirus Software 

Antivirus Policies and Procedures

Additional Methods for Defending Your System

What to Do If Your System Is Infected by a Virus

  • Stopping the Spread of the Virus 
  • Removing the Virus 
  • Finding Out How the Infection Started 

Summary

Chapter 10: Defending Against Trojan Horses, Spyware, and Adware

Introduction

Trojan Horses

  • Identifying Trojan Horses 
  • Symptoms of a Trojan Horse 
  • Why So Many Trojan Horses? 
  • Preventing Trojan Horses 

Spyware and Adware

  • Identifying Spyware and Adware 
  • Anti-Spyware 
  • Anti-Spyware Policies 

Summary

Chapter 11: Security Policies

Introduction

Defining User Policies

  • Passwords 
  • Internet Use Policy 
  • E-mail Attachments 
  • Software Installation and Removal 
  • Instant Messaging 
  • Desktop Configuration 
  • Final Thoughts on User Policies 

Defining System Administration Policies

  • New Employees 
  • Leaving Employees 
  • Change Requests 
  • Security Breaches 

Defining Access Control

Defining Developmental Policies

Summary

Chapter 12: Assessing System Security

Introduction

Risk Assessment Concepts

Evaluating the Security Risk

Conducting the Initial Assessment

  • Patches 
  • Ports 
  • Protect 
  • Physical 

Probing the Network

  • NetCop 
  • NetBrute 
  • Cerberus 
  • Port Scanner for Unix: SATAN 
  • SAINT 
  • Nessus 
  • NetStat Live 
  • Active Ports 
  • Other Port Scanners 
  • Microsoft Baseline Security Analyzer 
  • NSAuditor 
  • NMAP 

Vulnerabilities

  • CVE 
  • NIST 
  • OWASP 

McCumber Cube

  • Goals 
  • Information States 
  • Safeguards 

Security Documentation

  • Physical Security Documentation 
  • Policy and Personnel Documentation 
  • Probe Documents 
  • Network Protection Documents 

Summary

Chapter 13: Security Standards

Introduction
COBIT

ISO Standards

NIST Standards

  • NIST SP 800-14 
  • NIST SP 800-35 
  • NIST SP 800-30 Rev. 1 

U.S. DoD Standards

Using the Orange Book

  • D - Minimal Protection 
  • C - Discretionary Protection 
  • B - Mandatory Protection 
  • A - Verified Protection 

Using the Rainbow Series

Using the Common Criteria

Using Security Models

  • Bell-LaPadula Model 
  • Biba Integrity Model 
  • Clark-Wilson Model 
  • Chinese Wall Model 
  • State Machine Model 

U.S. Federal Regulations, Guidelines, and Standards

  • The Health Insurance Portability & Accountability Act of 1996 (HIPAA) 
  • HITECH 
  • Sarbanes-Oxley (SOX) 
  • Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 
  • Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029 
  • General Data Protection Regulation (GDPR) 
  • PCI DSS 

Summary

Chapter 14: Physical Security and Disaster Recovery

Introduction

Physical Security

  • Equipment Security 
  • Securing Building Access 
  • Monitoring 
  • Fire Protection 
  • General Premises Security 

Disaster Recovery

  • Disaster Recovery Plan 
  • Business Continuity Plan 
  • Determining Impact on Business 
  • Testing Disaster Recovery 
  • Disaster Recovery Related Standards 

Ensuring Fault Tolerance

Summary

Chapter 15: Techniques Used by Attackers

Introduction

Preparing to Hack

  • Passively Searching for Information 
  • Active Scanning 
  • NSAuditor 
  • Enumerating 
  • Nmap 
  • Shodan.io 
  • Manual Scanning 

The Attack Phase

  • Physical Access Attacks 
  • Remote Access Attacks 

Wi-Fi Hacking

Summary

Chapter 16: Introduction to Forensics

Introduction

General Forensics Guidelines

  • EU Evidence Gathering 
  • Scientific Working Group on Digital Evidence 
  • U.S. Secret Service Forensics Guidelines 
  • Don’t Touch the Suspect Drive 
  • Leave a Document Trail 
  • Secure the Evidence 

FBI Forensics Guidelines

  • Finding Evidence on the PC 
  • In the Browser 
  • In System Logs 
  • Recovering Deleted Files 
  • Operating System Utilities 
  • The Windows Registry 

Gathering Evidence from a Cell Phone

  • Logical Acquisition 
  • Physical Acquisition 
  • Chip-off and JTAG 
  • Cellular Networks 
  • Cell Phone Terms 

Forensic Tools to Use

  • AccessData Forensic Toolkit 
  • EnCase 
  • The Sleuth Kit 
  • OSForensics 

Forensic Science

To Certify or Not to Certify?

Summary

Chapter 17: Cyber Terrorism

Introduction

Defending Against Computer-Based Espionage

Defending Against Computer-Based Terrorism

  • Economic Attack 
  • Compromising Defense 
  • General Attacks 
  • China Eagle Union 

Choosing Defense Strategies

  • Defending Against Information Warfare 
  • Propaganda 
  • Information Control 
  • Actual Cases 
  • Packet Sniffers 

Summary

Appendix A: Answers
Glossary