Preface 7
About the Author 13
Chapter 1 Introduction 1

Computer Security Concepts 4
The OSI Security Architecture 8
Security Attacks 9
Security Services 11
Security Mechanisms 15
A Model for Network Security 16
Standards 19
Outline of This Book 19
Recommended Reading 20
Internet and Web Resources 20
Key Terms, Review Questions, and Problems 21
PART ONE CRyPTOgRAPhy 23
Chapter 2 Symmetric Encryption and Message Confidentiality 23

Symmetric Encryption Principles 25
Symmetric Block Encryption Algorithms 30
Random and Pseudorandom Numbers 36
Stream Ciphers and RC4 41
Cipher Block Modes of Operation 46
Recommended Reading 51
Key Terms, Review Questions, and Problems 52
Chapter 3 Public-Key Cryptography and Message Authentication 57
Approaches to Message Authentication 59
Secure Hash Functions 63
Message Authentication Codes 70
Public-Key Cryptography Principles 76
Public-Key Cryptography Algorithms 79
Digital Signatures 87
Recommended Reading 88
Key Terms, Review Questions, and Problems 88
PART TWO NETWORk SECuRiTy APPliCATiONS 95
Chapter 4 Key Distribution and User Authentication 95
Symmetric Key Distribution Using Symmetric Encryption 96
Kerberos 98
Key Distribution Using Asymmetric Encryption 111
X.509 Certificates 113
Public-Key Infrastructure 121
Federated Identity Management 123
Recommended Reading 129
Key Terms, Review Questions, and Problems 130
Chapter 5 Network Access Control and Cloud Security 135
Network Access Control 136
Extensible Authentication Protocol 139
IEEE 802.1X Port-Based Network Access Control 143
Cloud Computing 145
Cloud Security Risks and Countermeasures 152
Data Protection in the Cloud 154
Cloud Security as a Service 157
Recommended Reading 160
Key Terms, Review Questions, and Problems 161
Chapter 6 Transport-Level Security 162
Web Security Considerations 163
Secure Sockets Layer (SSL) 165
Transport Layer Security (TLS) 179
HTTPS 183
Secure Shell (SSH) 184
Recommended Reading 195
Key Terms, Review Questions, and Problems 196
Chapter 7 Wireless Network Security 198
Wireless Security 199
Mobile Device Security 202
IEEE 802.11 Wireless LAN Overview 206
IEEE 802.11i Wireless LAN Security 212
Recommended Reading 226
Key Terms, Review Questions, and Problems 227
Chapter 8 Electronic Mail Security 230
Pretty Good Privacy (PGP) 231
S/MIME 239
DomainKeys Identified Mail (DKIM) 255
Recommended Reading 262
Key Terms, Review Questions, and Problems 262
Chapter 9 IP Security 264
IP Security Overview 266
IP Security Policy 270
Encapsulating Security Payload 276
Combining Security Associations 283
Internet Key Exchange 287
Cryptographic Suites 295
Recommended Reading 297
Key Terms, Review Questions, and Problems 297
Contents 5
PART ThREE SySTEm SECuRiTy 299
Chapter 10 Malicious Software 299
Types of Malicious Software (Malware) 300
Propagation—Infected Content—Viruses 303
Propagation—Vulnerability Exploit—Worms 308
Propagation—Social Engineering—SPAM E-mail, Trojans 313
Payload—System Corruption 315
Payload—Attack Agent—Zombie, Bots 316
Payload—Information Theft—Keyloggers, Phishing, Spyware 318
Payload—Stealthing—Backdoors, Rootkits 319
Countermeasures 321
Distributed Denial of Service Attacks 327
Recommended Reading 332
Key Terms, Review Questions, and Problems 333
Chapter 11 Intruders 336
Intruders 338
Intrusion Detection 342
Password Management 357
Recommended Reading 368
Key Terms, Review Questions, and Problems 369
Chapter 12 Firewalls 373
The Need for Firewalls 374
Firewall Characteristics 375
Types of Firewalls 377
Firewall Basing 383
Firewall Location and Configurations 386
Recommended Reading 391
Key Terms, Review Questions, and Problems 391
APPENDICES 395
Appendix A Some Aspects of Number Theory 395
Prime and Relatively Prime Numbers 396
Modular Arithmetic 398
Appendix B Projects for Teaching Network Security 400
Research Projects 401
Hacking Project 402
Programming Projects 402
Laboratory Exercises 403
Practical Security Assessments 403
Firewall Projects 403
Case Studies 404
Writing Assignments 404
Reading/Report Assignments 404
References 405
Index 412