Networks security illlustrated

Network

Security

Illustrated

Jason Albanese

Wes Sonnenreich

McGraw-Hill

New York Chicago San Francisco Lisbon

London Madrid Mexico City Milan New Delhi

San Juan Seoul Singapore Sydney Toronto

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page i

Copyright © 2004 by Jason Albanese and Wes Sonnenreich. All rights reserved. Manufactured in the

United States of America. Except as permitted under the United States Copyright Act of 1976, no part

of this publication may be reproduced or distributed in any form or by any means, or stored in a data￾base or retrieval system, without the prior written permission of the publisher.

0-07-143355-4

The material in this eBook also appears in the print version of this title: 0-07-141504-1

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after

every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit

of the trademark owner, with no intention of infringement of the trademark. Where such designations

appear in this book, they have been printed with initial caps.

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales pro￾motions, or for use in corporate training programs. For more information, please contact George

Hoare, Special Sales, at [email protected] or (212) 904-4069.

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors

reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted

under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not

decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon,

transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without

McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use;

any other use of the work is strictly prohibited. Your right to use the work may be terminated if you

fail to comply with these terms.

THE WORK IS PROVIDED “AS IS”. McGRAW-HILL AND ITS LICENSORS MAKE NO GUAR￾ANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF

OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMA￾TION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE,

AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT

NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A

PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the func￾tions contained in the work will meet your requirements or that its operation will be uninterrupted or

error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inac￾curacy, error or omission, regardless of cause, in the work or for any damages resulting therefrom.

McGraw-Hill has no responsibility for the content of any information accessed through the work.

Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental,

special, punitive, consequential or similar damages that result from the use of or inability to use the

work, even if any of them has been advised of the possibility of such damages. This limitation of lia￾bility shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort

or otherwise.

DOI: 10.1036/0071433554

Want to learn more?

We hope you enjoy this McGraw-Hill eBook! If you d like

more information about this book, its author, or related books

and websites, please click here.

Dedication

I would like to dedicate this book to my incredible wife Emily, who provided me with

the strength and courage to complete this project and to the memory of my grand￾father, Irving Monchik, whose spirit and intellect inspires me each and every day.

Jason Albanese

I dedicate this book to my parents, who might actually have been right once or twice,

well… maybe just once. Their attention, devotion and unending love have made

them the best parents one could hope for, despite Mom’s paranoia about whether I’ve

eaten enough or Dad’s endless supply of really bad jokes (like the one about the

koala and the prostitute).

Wes Sonnenreich

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page iii

This page intentionally left blank.

Contents

Introduction xvii

Acknowledgments xxi

PART 1 Managing Security 1

Summary 1

Key Points 1

Connecting the Chapters 1

Introduction to Managing Security 2

Security and Business Processes 2

The Harsh Truth 4

The Security Philosophy 6

The Security Policy 8

Final Thoughts 11

1 Managing Security: The Security Assessment 13

Technology Overview 13

How the Security Assessment Works 14

Best Practices 18

Final Thoughts 18

2 Managing Security: Systems and Network Monitoring 19

Technology Overview 19

How Systems and Network Monitoring Work 20

Security Considerations 21

Making the Connection 22

Best Practices 23

Final Thoughts 24

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page v

For more information about this title, click here.

Copyright 2004 by Jason Albanese and Wes Sonnenreich. Click Here for Terms of Use.

PART 2 Outsourcing Options 27

Summary 27

Key Points 27

Connecting the Chapters 27

Introduction to Reserving Rights 28

The Illusion of Outsourcing 28

Outsourcing and Data Security 29

Outsourcing Business Technology 31

Outsourcing Business Services 34

Outsourcing Security Services 36

Final Thoughts 37

3 Outsourcing Options: Outsourcing Network Monitoring 39

Overview 39

How Outsourced Monitoring Works 40

Security Considerations 44

Best Practices 44

Final Thoughts 45

4 Outsourcing Options: Outsourcing Disaster Prevention 47

Overview 47

Preventing Machine Failure 47

Preventing Network Failure 48

Preventing Data Loss 49

Preventing Software Failure 50

Preventing People Failure 52

Preventing Repeat Disasters 52

Final Thoughts 53

5 Outsourcing Options: Outsourcing Proactive Security 55

Overview 55

Policy 56

Auditing 57

Defensive Forensics 58

Protection 59

Vulnerabilities 59

Penetration Testing 61

Final Thoughts 62

PART 3 Reserving Rights 63

Summary 63

Key Points 63

Connecting the Chapters 63

Introduction to Reserving Rights 64

vi Contents

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page vi

Protecting Your Digital Rights 64

The Other Side of the Coin 67

Putting It All Together 68

Why Today’s Intellectual Property Laws Are Confusing 69

Final Thoughts 77

6 Reserving Rights: Digital Rights Management 79

Technology Overview 79

How Digital Rights Management Works 81

Security Considerations 81

Making the Connection 84

Best Practices 84

Final Thoughts 86

7 Reserving Rights: Copy Protection 87

Technology Overview 87

How Copy Protection Works 88

Security Considerations 91

Making the Connection 92

Best Practices 92

Final Thoughts 93

PART 4 Determining Identity 95

Summary 95

Key Points 95

Connecting the Chapters 95

Introduction to Determining Identity 96

Your Digital Identity in General 97

Digital Identity: The Secure Way 100

How Many Factors? 101

Final Thoughts 103

8 Determining Identity: Passwords 105

Technology Overview 105

How Passwords Work 107

Security Considerations 108

Making the Connection 110

Best Practices 111

Final Thoughts 113

9 Determining Identity: Digital Certificates 115

Technology Overview 115

How Digital Certificates Work 117

Security Considerations 118

Making the Connection 121

Contents vii

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page vii

Best Practices 121

Final Thoughts 121

10 Determining Identity: Portable Identifiers 123

Technology Overview 123

How Portable Identifiers Work 124

Security Considerations 126

Making the Connection 127

Best Practices 127

Final Thoughts 127

11 Determining Identity: Biometrics 129

Technology Overview 129

How Biometrics Work 131

Security Considerations 133

Making the Connection 135

Best Practices 136

Final Thoughts 138

PART 5 Preserving Privacy 139

Summary 139

Key Points 139

Connecting the Chapters 139

Introduction to Preserving Privacy 140

What Is Privacy? 140

How to Achieve Privacy 141

Protecting Digital Privacy 143

Protecting the Digital Privacy of Others 145

Final Thoughts 146

12 Preserving Privacy: Anonymity 147

Technology Overview 147

How a Mix Works 149

Security Considerations 152

Making The Connection 152

Best Practices 153

Final Thoughts 153

13 Preserving Privacy: User Tracking 155

Technology Overview 155

How Cookies and Spyware Work 157

Security Considerations 159

Making the Connection 161

Best Practices 161

Final Thoughts 162

viii Contents

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page viii

14 Preserving Privacy: Spam Management 163

Technology Overview 163

How Spam Management Works 165

Security Considerations 166

Making the Connection 167

Best Practices 167

Final Thoughts 168

PART 6 Connecting Networks 169

Summary 169

Key Points 169

Connecting the Chapters 169

Introduction to Connecting Networks 170

One Computer, Two Computer, Red Computer 170

Specialized Networks Need Specialized Hardware 171

Networks: Power and Peril 173

Connecting Correctly 174

Final Thoughts 177

15 Connecting Networks: Networking Hardware 179

Technology Overview 179

How Routers Work 185

Security Considerations 186

Making the Connection 186

Best Practices 187

Final Thoughts 188

16 Connecting Networks: Wireless Connections 189

Technology Overview 189

How Radio Works 190

How Spread Spectrum Works 193

Security Considerations 194

Making the Connection 196

Best Practices 197

Final Thoughts 198

17 Connecting Networks: Network Lingo 199

Technology Overview 199

Security Considerations 205

Making the Connection 207

Best Practices 207

Final Thoughts 208

Contents ix

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page ix

PART 7 Hardening Networks 209

Summary 209

Key Points 209

Connecting the Chapters 209

Introduction to Hardening Networks 210

Ideal Versus Reality: The Need for Hardening 211

There’s No Point in Closing the Barn Door After

the Horse Has Left 211

Out with the Bad, in with the Good 212

More Harm than Good? 213

Final Thoughts 214

18 Hardening Networks: Firewalls 215

Technology Overview 215

How Packet Filters Work 222

Security Considerations 224

Making the Connection 225

Best Practices 225

Final Thoughts 228

19 Hardening Networks: Network Address Translation 229

Technology Overview 229

How NAT Works 232

Security Considerations 234

Making the Connection 235

Best Practices 236

Final Thoughts 236

20 Hardening Networks: Virtual Private Networks 237

Technology Overview 237

How VPNs Work 238

IPSec Protocols 240

Security Considerations 241

Making the Connection 241

Best Practices 242

Final Thoughts 243

21 Hardening Networks: Traffic Shaping 245

Technology Overview 245

How Traffic Shaping Works 246

Security Considerations 249

Making the Connection 250

Best Practices 250

Final Thoughts 251

x Contents

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page x

PART 8 Storing Information 253

Summary 253

Key Points 253

Connecting the Chapters 253

Introduction to Storing Information 254

Don’t Leave Me Unprotected 254

Storage Caveats 255

Storing Securely 256

Summary 257

22 Storing Information: Storage Media 259

Technology Overview 259

How Storage Media Works 260

Security Considerations 260

23 Storing Information: Local File Systems 263

Technology Overview 263

How File Systems Work 264

Security Considerations 265

Making the Connection 267

Best Practices 267

Final Thoughts 269

24 Storing Information: Network File Systems 271

Technology Overview 271

How NFS and SMB Work 272

Security Considerations 273

Making the Connection 274

Best Practices 274

Final Thoughts 275

25 Storing Information: Databases 277

Technology Overview 277

How Databases Work 278

Security Considerations 280

Making the Connection 282

Best Practices 282

Final Thoughts 284

PART 9 Hiding Information 285

Summary 285

Key Points 285

Connecting the Chapters 285

Contents xi

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page xi

Introduction to Hiding Information 286

How Things Can Be Hidden 287

How Hidden Things Are Found 289

Final Thoughts 290

26 Hiding Information: Cryptography 291

Technology Overview 291

Asymmetrical (Public Key) Cryptography 294

How Cryptography Works 295

Security Considerations 296

Making the Connection 297

Best Practices 297

Final Thoughts 298

27 Hiding Information: Cryptanalysis 301

Technology Overview 301

How Cryptanalysis Works 302

Security Considerations 302

Best Practices 303

Final Thoughts 304

28 Hiding Information: Steganography 305

Technology Overview 305

How Steganography Works 306

Security Considerations 309

Making the Connection 311

Best Practices 311

Final Thoughts 312

PART 10 Accessing Information 313

Summary 313

Key Points 313

Connecting the Chapters 313

Introduction to Accessing Information 314

The Burden of Choice 314

Textual vs. Visual Access: UNIX and Windows 316

Access Bold As Love 317

Final Thoughts 318

29 Accessing Information: Client-Server Architecture 319

Technology Overview 319

How Client/Server Applications Work 323

Security Considerations 324

Making the Connection 325

xii Contents

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page xii

Best Practices 325

Final Thoughts 326

30 Accessing Information: Internet Services 327

Technology Overview 327

The Web 327

Email 329

Security Considerations 331

Best Practices 332

FTP and TFTP 333

Security Considerations 333

Best Practices 334

News 334

Security Considerations 335

Best Practices 336

Final Thoughts 336

31 Accessing Information: Remote Access 337

Technology Overview 337

How Remote Access Protocols Work 340

Security Considerations 342

Making the Connection 342

Best Practices 343

Final Thoughts 343

32 Accessing Information: Peer-to-Peer Networking 345

Technology Overview 345

How P2P Works 347

Security Considerations 348

Making the Connection 350

Best Practices 350

Final Thoughts 350

PART 11 Ensuring Availability 353

Summary 353

Key Points 353

Connecting the Chapters 353

Introduction to Ensuring Availability 354

Putting Off the Inevitable 354

The Anatomy of Redundancy 355

Size Matters 356

Final Thoughts 357

Contents xiii

00_200423_FM_Sonnenreich 9/3/03 1:17 PM Page xiii