Network Security

Steven L. Shaffer, Alan R. Simon

Publisher: Academic Press, 1994, 318 pages

ISBN: 0-12-638010-4

Keywords: IT Security, Networks

Last modified: May 24, 2021, 11:16 p.m.

Synopsis

As computer networking becomes increasingly fundamental to corporate and personal communications, the need to safeguard networks against undesired infiltration and damaging viruses becomes paramount. Network Security presents a comprehensive approach to this topic, with specific cost-effective strategies and step-by-step implementation methodology that allows users to enjoy all the benefits of a network while securing confidential data. This book will be essential reading for anyone who must protect information stored or accessed via a network, and includes:

  • Techniques for controlling viruses and trojan horses; Advanced network security strategies for PCs, networked workstations, and High-Performance Systems.
  • Practical approaches to network security including establishing policies, hiring personnel, and maximizing design.
  • A separate chapter on security issues relating to Personal Computer Networking (NetWare®, Vines®, etc.).
  • Material on covert channels (concepts, analysis, countermeasures, and elimination).
  • An appendix discussing and analyzing representative network security programs in detail.

Table of Contents

  1. Principles of Distributed Computing and Networks
    1. Introduction
    2. The Network Computing Revolution
    3. Focus and Objective
    4. Secure Distributed Processing
      • Many Existing Views of Distributed Processing
      • Notions of a Distributed System
    5. Distributed Systems Elements Structure for this Book
      • Elements of Distribution
      • Distributed Users
      • Distributed Communications
      • Distributed Processes
      • Distributed Data
      • Distributed Control
      • Distributed Security
    6. Distribution
      • Proximity
      • Number of Nodes
      • Cooperation within and among Elements
    7. Summary
      • End Notes
  2. The Need for Network Security
    1. Introduction
    2. Information Service and Value
    3. Classified Information
    4. Proprietary and Sensitive Information
    5. Total Dependence
    6. Economics
    7. Summary
  3. The Network Security Challenge
    1. Introduction
    2. The Fundamental Paradox
      • Tradeoffs
      • Principal Issues
    3. Reclusive and Tightly Held Science
    4. Inadequate Funding and Management Commitment
    5. Organization Opposition
    6. Operational Opposition and Costs
    7. Technical Complexity and Rapid Change
    8. A Moving Target
    9. The Lack of Network Security Standards
    10. Legal Inadequacies
    11. Summary
      • End Notes
  4. Network Security Services
    1. Introduction
    2. Security Control Objectives
      • Policy
      • Accountability
      • Assurance
    3. Continuity of Operations Services
      • Network Security Mechanisms — Continuity of Operations
    4. Integrity Services
    5. Authentication Services
      • Identification and Authentication
      • Distributed Identification and Authentication Services
      • Cascading Authentication
      • Goals
      • Trusted Path Propagation
      • Privilege Passing
      • Network Security Mechanisms — Authentication
    6. Access Control Services
      • Mandatory Access Controls
      • Distributed MAC
      • Discretionary Access Controls
      • Distributed DAC
      • Access Control Lists
      • ACL Issues
      • Information/Data Labels
      • Capabilities/Functions-Based Access Control
      • Logical Networking Controls
    7. Confidentiality Services
      • Network Security Mechanisms — Confidentiality
    8. Nonrepudiation Services
      • Network Security Mechanisms — Nonrepudiation
    9. Assurance
    10. Summary
      • End Notes
  5. Network Security Disciplines
    1. Introduction — Security Engineering Disciplines
    2. Physical Security
    3. Personnel Security
    4. Information Security
    5. TEMPEST
    6. Network and Computer Security
    7. Communications Security
    8. Industrial Security
    9. Operations Security
    10. Life-Cycle Security Engineering
    11. Summary
  6. Network Security Approaches and Mechanisms
    1. Introduction
    2. The ISO/OSI Reference Model
      • Physical Layer — Layer 1
      • Data Link Layer — Layer 2
      • Network Layer — Layer 3
      • Transport Layer — Layer 4
      • Session Layer — Layer 5
      • Presentation Layer — Layer 6
      • Application Layer — Layer 7
    3. Network Security Services Revisited
    4. Network Security Mechanisms
      • Specific Security Mechanisms
      • Pervasive Security Mechanisms
    5. Layering and Placement of Network Security Services and Mechanisms
      • Physical Layer
      • Data Link Layer
      • Network Layer
      • Transport Layer
      • Session Layer
      • Presentation Layer
      • Application Layer
    6. An Example of a Network Security Implementation
    7. Summary
      • End Notes
  7. Personal Computer Networking — Security Issues and Approaches
    1. Introduction — The PC Networking Revolution
    2. Practical Guidance for PC Networking
    3. PC Physical Security Concerns
    4. Identification and Authentication — Network Operating Systems
      • Passwords
      • Mandatory Access Controls
      • Discretionary Access Controls
      • Novell NetWare File and Directory Security
      • Banyan VINES File and Directory Security
      • Simultaneous Log-ons
      • Encryption
    5. Application Protection in a PC Networking Environment
      • Security for Network Applications
    6. Summary
      • End Notes
  8. Controlling Viruses and Trojan Horses
    1. Introduction
    2. Viruses
      • Virus Advancement
      • Virus Protection
      • Software Acquisition
      • Secure Systems
      • Network Performance Alarms
      • Preventative Program Utility
      • gateways and Filters
      • Detective Software
      • Computer Emergency Response Teams
      • NOS Virus Protection
      • Practical Virus Advice
      • Practical Virus Prevention
      • Specific and Practical Actions
      • Ongoing Activities
      • Government
      • Commercial
      • Summary — The Virus Threat
    3. Trojan Horses
      • Introduction
      • Types of Trojan Horses
    4. Techniques for Introducing a Trojan Horse into Systems
      • Introducing a Trojan Horse in Hardware
      • Introducing a Trojan Horse in Software
      • Introducing a Viritic Trojan Horse
      • Introducing a Trojan Horse through the Use of a Trap Door
    5. Exploitation
      • System Vulnerabilities
      • Exploited by Trojan Horses
      • Absence of Security Policy
      • Inadequate Security Policy
      • Countermeasures
      • Lack of Support for Security Features
      • Discretionary Access Controls
      • Mandatory Access Controls
      • Programming Environment
      • The Insider Threat
    6. Example of Trojan Horses
      • Case 1 — Space Physics Analysis Network
      • Case 2 — A Money Order Trojan Horse
      • Case 3 — A Trojan Horse in a Pharmaceutical Company
    7. Identification of Trojan Horses
      • Observations
      • Automated Comparison Assessment
      • Audit Controls
      • Centralized Control
    8. Prevention
      • Mandatory Access Controls
      • Integrity Controls
      • Discretionary Access Controls
      • Management of Software Development
      • Logic Flow Diagrams
      • Documentation
      • Techniques to Eliminate Trojan Horses in User Code
      • Restricted User Software Development or Isolation
      • Manual Review of Logic/Source
      • Behavioral Observation
      • Risk Management Scheme
    9. Maintaining "Trojan Horse-Free" Code
      • Training
      • Encryption
      • Read-Only Memory
      • Configuration Management and Control
    10. Summary
      • End Notes
  9. Covert Channels
    1. The Covert Channel Threat
      • Causes for Covert Channels
    2. General Concepts
      • Storage and Timing Channels
      • Definition of Covert Channels
    3. Covert Channel Taxonomy
      • Defined Covert Channels
      • Undefined Covert Channels
    4. Exploitation of Covert Channels
      • Identification of a Covert Channel Candidate
      • Channel Exploitation after Identification
      • Channel Access
      • Channel Modulation
      • Covert Protocols
      • Information Reception
      • Information Usage and Benefit
    5. System Vulnerabilities Exploited by Covert Channels
      • Covert Storage Channels — Examples
      • Covert Timing Channels
    6. Covert Channel Analysis and Measurement Techniques
      • The Access Control Method
      • Informal Methodologies
      • The Information Flow Method
      • The Shared Resource Matrix Method
      • Formal Methodologies
      • Formal Verification
    7. Practice and Examples
      • NCSC Certified Systems
      • NCSC Practices
    8. Guidance to Developers and Evaluators
      • Measurement by Analysis and Engineering Estimate
      • Measurement by Experiment
      • Bursty Channels
      • Considerations in Design
      • Considerations during Implementation
      • Identification of Covert Channels
    9. Countermeasures
    10. Elimination of Covert Channels
      • Bandwidth Reduction Techniques
      • Limited Access
      • Channel Sterilization
      • Noise Introduction
      • Encryption
    11. Damage Confinement
      • Monitoring Techniques for Remaining Covert Channels
      • Configuration Management and Controls
    12. Summary
      • End Notes
  10. Practical Approaches to Network Security
    1. Introduction
    2. Practical Network Security Objectives
    3. Senior Management Commitment
    4. Network Risk Analysis
      • Benefits
      • Security Perimeter
      • System Decomposition
      • Risk Analysis Team
      • Sensitivity Assessment
      • Technically, Logically, and Organizationally
      • Valuation of Information Assets
      • Identification of Threats
      • Threat Environment
      • Threat Categories
      • Threats — LAN Communications
      • Threats — Long-Haul Communications
      • Threat Logic Tree
      • Threat Rejection Logic
      • Determining Vulnerability to Threats
      • Degree of Risk
      • Countermeasure Application
      • Residual Risk
      • Process Iteration
      • Certification Process
      • Network Accreditation
      • Continuance
    5. Network Security Policy
      • Discretionary Access Controls
      • User ID and Passwords
      • Host Discretionary Access Controls
      • Biometric — Discretionary Access Control
      • Mandatory Access Controls
      • MAC — Physical Separation
      • MAC — Segmentation
      • MAC — Resource Isolation
      • Marking Policy
      • Physical Security
      • Accountability
      • Assurance
    6. Security Management Personnel
      • Network Security Manager
      • Network Security Officer(s)
      • Network Security Administrators
    7. Network Security — Policies and Procedures
      • Training and Awareness
      • Software Development and Introduction
      • System Backups
      • Reporting of Security Incidents
    8. Maximize Inherent Security Capabilities in Design
      • Common Sense
      • Principle of Least privilege
      • Physical Separation
      • Segmentation
      • Heterogeneous Implementation
      • Filtering Bridges and Brouters
      • Dedicated Network Resources
      • Selective Service/Access Menus
      • Security Overhead and Transparency
    9. Summary
  11. Advanced Network Security Strategies
    1. Introduction
    2. Integrity — The Mew Network Security Frontier
    3. Denial of Service — Dependence on Reliability, Maintainability, and Availability
    4. Accountability
    5. Network Security Integration
    6. Network Security Standards
    7. Security Overhead and Transparency
    8. High-Performance Systems
    9. Public Disclosure of Security-Relevant Information
    10. Intrusion Detection Systems (IDS)
    11. Security Mechanism Communality
    12. Uniform Use of Encryption Mechanisms
    13. Uniform Labeling
    14. Covert Channels
    15. Upward Compatibility of Security Services
    16. Compatibility of Security Properties
    17. Capability-Based Protection
    18. Modeling Distributed Systems
    19. Summary
  12. Network Security Standards
    1. Introduction
    2. SNMP V2.0
    3. IEEE 902.10
      • 802.10 Parts
      • Secure Data Exchange (SDE)
      • Layer 2 Security Services versus those of OSI
      • Key Management
    4. Summary
      • End Notes
  • Appendix: Representative Network Security Programs

Reviews

Network Security

Reviewed by Roland Buresund

Good ******* (7 out of 10)

Last modified: Nov. 14, 2008, 12:13 p.m.

Opinion

If you need to know something about networks and MLS, buy this book.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required