《Computer Network Security:Theory And Practice》 introduces to the reader a complete and concise view of network security. It provides in-depth theoretical coverage of recent advancements and practical solutions to network security threats. This book can be used for a one-semester network security course for graduate and upper-level undergraduate students, as well as a reference for IT professionals.Dr. Wang has been Professor of Computer Science at the University of Massachusetts Lowell since 2001, Director of its Center for Network and Information Security since 2004, and Chairman of its Department of Computer Science since 2007.
作者簡介
Jie Wang is Professor and Chair of Computer Science at the University of Massachusetts Lowell (UML). He is also Director of the Center for Network and Information Security of UML. His first name "Jie" in Mandarin is pronounced similarto "Jed." He received Ph.D. degree in Computer Science from Boston University in1990, M.S. degree in Computer Science from Zhongshan University in 1985, andB.S. degree in Computational Mathematics from Zhongshan University in 1982. Hehas over 18 years of teaching and research experience and is equipped with networksecurity consulting experience in financial industry. His research interests includenetwork security, algorithms and computational optimization, computational complexity theory, and wireless sensor networks. His research has been funded continuously by the National Science Foundation since 1991 and has also been funded byIBM, Intel, and the Natural Science Foundation of China. He has published over 95journal and conference papers, two books and three edited books. He is active inprofessional service, including chairing conference program committees and organizing workshops.
圖書目錄
1 Network Security Overview 1.1 Mission and Definitions 1.2 Common Attacks and Defense Mechanisms 1.2.1 Eavesdropping 1.2.2 Cryptanalysis 1.2.3 Password Pilfering 1.2.4 Identity Spoofing 1.2.5 Buffer-Overflow Exploitations 1.2.6 Repudiation 1.2.7 Intrusion 1.2.8 Traffic Analysis 1.2.9 Denial of Service Attacks 1.2.10 Malicious Software 1.3 Attacker Profiles 1.3.1 Hackers 1.3.2 Script Kiddies 1.3.3 Cyber Spies 1.3.4 Vicious Employees 1.3.5 Cyber Terrorists 1.3.6 Hypothetical Attackers 1.4 Basic Security Model 1.5 Security Resources 1.6 Closing Remarks 1.7 Exercises 2 Data Encryption Algorithms 2.1 Data Encryption Algorithm Design Criteria 2.1.1 ASCII Code 2.1.2 XOR Encryption 2.1.3 Criteria of Data Encryptions 2.1.4 Implementation Criteria 2.2 Data Encryption Standard 2.2.1 Feistels Cipher Scheme 2.2.2 DES Subkeys 2.2.3 DES Substitution Boxes 2.2.4 DES Encryption 2.2.5 DES Decryption and Correctness Proof 2.2.6 DES Security Strength 2.3 Multiple DES 2.3.1 Triple-DES with Two Keys 2.3.2 2DES and 3DES/3 2.3.3 Meet-in-the-Middle Attacks on 2DES 2.4 Advanced Encryption Standard 2.4.1 AES Basic Structures 2.4.2 AES S-Boxes 2.4.3 AES-128 Round Keys 2.4.4 Add Round Keys 2.4.5 Substitute-Bytes 2.4.6 Shift-Rows 2.4.7 Mix-Columns 2.4.8 AES-128 Encryption 2.4.9 AES-128 Decryption and Correctness Proof 2.4.10 Galois Fields 2.4.11 Construction of the AES S-Box and Its Inverse ... 2.4.12 AES Security Strength 2.5 Standard Block-Cipher Modes of Operations 2.5.1 Electronic-Codebook Mode 2.5.2 Cipher-Block-Chaining Mode 2.5.3 Cipher-Feedback Mode 2.5.4 Output-Feedback Mode 2.5.5 Counter Mode 2.6 Stream Ciphers 2.6.1 RC4 Stream Cipher 2.6.2 RC4 Security Weaknesses 2.7 Key Generations 2.7.1 ANSI X9.17 PRNG 2.7.2 BBS Pseudorandom Bit Generator 2.8 Closing Remarks 2.9 Exercises 3 Public-Key Cryptography and Key Management 3.1 Concepts of Public-Key Cryptography 3.2 Elementary Concepts and Theorems in Number Theory 3.2.1 Modular Arithmetic and Congruence Relations 3.2.2 Modular Inverse 3.2.3 Primitive Roots 3.2.4 Fast Modular Exponentiation 3.2.5 Finding Large Prime Numbers 3.2.6 The Chinese Remainder Theorem 3.2.7 Finite Continued Fractions 3.3 Diffie-Hellman Key Exchange 3.3.1 Key Exchange Protocol 3.3.2 Man-in-the-Middle Attacks 3.3.3 Elgamai PKC 3.4 RSA Cryptosystem 3.4.1 RSA Key Pairs, Encryptions, and Decryptions 3.4.2 RSA Parameter Attacks 3.4.3 RSA Challenge Numbers 3.5 Elliptic-Curve Cryptography 3.5.1 Commutative Groups on Elliptic Curves 3.5.2 Discrete Elliptic Curves 3.5.3 ECC Encodings 3.5.4 ECC Encryption and Decryption 3.5.5 ECC Key Exchange 3.5.6 ECC Strength 3.6 Key Distributions and Management 3.6.1 Master Keys and Session Keys 3.6.2 Public-Key Certificates 3.6.3 CA Networks 3.6.4 Key Rings 3.7 Closing Remarks 3.8 Exercises 4 Data Authentication 4.1 Cryptographic Hash Functions 4.1.1 Design Criteria of Cryptographic Hash Functions .. 4.1.2 Quest for Cryptographic Hash Functions 4.1.3 Basic Structure of Standard Hash Functions 4.1.4 SHA-512 4.1.5 WHIRLPOOL 4.2 Cryptographic Checksums 4.2.1 Exclusive-OR Cryptographic Checksums 4.2.2 Design Criteria of MAC Algorithms 4.2.3 Data Authentication Algorithm 4.3 HMAC 4.3.1 Design Criteria of HMAC 4.3.2 HMAC Algorithm 4.4 Offset Codebook Mode of Operations 4.4.1 Basic Operations 4.4.2 OCB Encryption and Tag Generation 4.4.3 OCB Decryption and Tag Verification 4.5 Birthday Attacks 4.5.1 Complexity Upper Bound of Breaking Strong Collision Resistance 4.5.2 Set Intersection Attack 4.6 Digital Signature Standard 4.7 Dual Signatures and Electronic Transactions 4.7.1 Dual Signature Applications 4.7.2 Dual Signatures and Electronic Transactions 4.8 Blind Signatures and Electronic Cash 4.8.1 RSA Blind Signatures 4.8.2 Electronic Cash 4.9 Closing Remarks 4.10 Exercises 5 Network Security Protocols in Practice 5.1 Crypto Placements in Networks 5.1.1 Crypto Placement at the Application Layer 5.1.2 Crypto Placement at the Transport Layer 5.1.3 Crypto Placement at the Network Layer 5.1.4 Crypto Placement at the Data-Link Layer 5.1.5 Hardware versus Software Implementations of Cryptographic Algorithms 5.2 Public-Key Infrastructure 5.2.1 X.509 Public-Key Infrastructure 5.2.2 X.509 Certificate Formats 5.3 IPsec: A Security Protocol at the Network Layer 5.3.1 Security Association 5.3.2 Application Modes and Security Associations 5.3.3 AH Format 5.3.4 ESP Format 5.3.5 Secret Key Determination and Distribution 5.4 SSL/TLS: Security Protocols at the Transport Layer 5.4.1 SSL Handshake Protocol 5.4.2 SSL Record Protocol 5.5 PGP and S/MIME: Email Security Protocols 5.5.1 Basic Emall Security Mechanisms 5.5.2 PGP 5.5.3 S/MIME 5.6 Kerberos: An Authentication Protocol 5.6.1 Basic Ideas 5.6.2 Single-Realm Kerberos 5.6.3 Multiple-Realm Kerberos 5.7 SSH: Security Protocols for Remote Logins 5.8 Closing Remarks 5.9 Exercises 6 Wireless Network Security 6.1 Wireless Communications and 802.11 WLAN Standards 6.1.1 WLAN Architecture 6.1.2 802.11 Essentials 6.1.3 Wireless Security Vulnerabilities 6.2 WEP 6.2.1 Device Authentication and Access Control 6.2.2 Data Integrity Check 6.2.3 LLC Frame Encryption 6.2.4 Security Flaws of WEP 6.3 WPA 6.3.1 Device Authentication and Access Controls 6.3.2 TKIP Key Generations 6.3.3 TKIP Message Integrity Code 6.3.4 TKIP Key Mixing 6.3.5 WPA Encryption and Decryption 6.3.6 WPA Security Strength and Weaknesses 6.4 IEEE 802.1 li/WPA2 6.4.1 Key Generations 6.4.2 CCMP Encryptions and MIC 6.4.3 802.11i Security Strength and Weaknesses 6.5 Bluetooth Security 6.5.1 Piconets 6.5.2 Secure Pairings 6.5.3 SAFER+ Block Ciphers 6.5.4 Bluetooth Algorithms El, E21, and E22 6.5.5 Bluetooth Authentication 6.5.6 A PIN Cracking Attack 6.5.7 Bluetooth Secure Simple Pairing 6.6 Wireless Mesh Network Security 6.7 Closing Remarks 6.8 Exercises 7 Network Perimeter Security 7.1 General Framework 7.2 Packet Filters 7.2.1 Stateless Filtering 7.2.2 Stateful Filtering 7.3 Circuit Gateways 7.3.1 Basic Structures 7.3.2 SOCKS 7.4 Application Gateways 7.4.1 Cache Gateways 7.4.2 Stateful Packet Inspections 7.5 Trusted Systems and Bastion Hosts 7.5.1 Trusted Operating Systems 7.5.2 Bastion hosts and Gateways 7.6 Firewall Configurations 7.6.1 Single-Homed Bastion Host System 7.6.2 Dual-Homed Bastion Host System 7.6.3 Screened Subnets 7.6.4 Demilitarized Zones 7.6.5 Network Security Topology 7.7 Network Address Translations 7.7.1 Dynamic NAT 7.7.2 Virtual Local-Area Networks 7.7.3 Small Office and Home Office Firewalls 7.8 Setting Up Firewalls 7.8.1 Security Policy 7.8.2 Building A Linux Stateless Packet Filter 7.9 Closing Remarks 7.10 Exercises 8 The Art of Anti Malicious Software 8.1 Viruses 8.1.1 Virus Types 8.1.2 Virus Infection Schemes 8.1.3 Virus Structures 8.1.4 Compressor Viruses 8.1.5 Virus Disseminations 8.1.6 Win32 Virus Infection Dissection 8.1.7 Virus Creation Toolkits 8.2 Worms 8.2.1 Common Worm Types 8.2.2 The Morris Worm 8.2.3 The Melissa Worm 8.2.4 Email Attachments 8.2.5 The Code Red Worm 8.2.6 Other Worms Targeted at Microsoft Products 8.3 Virus Defense 8.3.1 Standard Scanning Methods 8.3.2 Anti-Virus Software Products 8.3.3 Virus Emulator 8.4 Trojan Horses 8.5 Hoaxes 8.6 Peer-to-Peer Security 8.6.1 P2P Security Vulnerabilities 8.6.2 P2P Security Measures 8.6.3 Instant Messaging 8.7 Web Security 8.7.1 Basic Types of Web Documents 8.7.2 Security of Web Documents 8.7.3 ActiveX 8.7.4 Cookies 8.7.5 Spyware 8.7.6 AJAX Security 8.7.7 Safe Web Surfing 8.8 Distributed Denial of Service Attacks 8.8.1 Master-Slave DDoS Attacks 8.8.2 Master-Slave-Reflector DDoS Attacks 8.8.3 DDoS Attacks Countermeasures 8.9 Closing Remarks 8.10 Exercises 9 The Art of Intrusion Detection 9.1 Basic Ideas of Intrusion Detection 9.1.1 Basic Methodology 9.1.2 Auditing 9.1.3 IDS Components 9.1.4 IDS Architecture 9.1.5 Intrusion Detection Policies 9.1.6 Unacceptable Behaviors 9.2 Network-Based Detections and Host-Based Detections 9.2.1 Network-Based Detections 9.2.2 Host-Based Detections 9.3 Signature Detections 9.3.1 Network Signatures 9.3.2 Host-Based Signatures 9.3.3 Outsider Behaviors and Insider Misuses 9.3.4 Signature Detection Systems 9.4 Statistical Analysis 9.4.1 Event Counter 9.4.2 Event Gauge 9.4.3 Event Timer 9.4.4 Resource Utilization 9.4.5 Statistical Techniques 9.5 Behavioral Data Forensics 9.5.1 Data Mining Techniques 9.5.2 A Behavioral Data Forensic Example 9.6 Honeypots 9.6.1 Types of Honeypots 9.6.2 Honeyd 9.6.3 MWCollect Projects 9.6.4 Honeynet Projects 9.7 Closing Remarks 9.8 Exercises A 7-bit ASCII code B SHA-512 Constants (in hexadecimal).. C Data Compression using ZIP D Base64 Encoding E Cracking WEP Keys using WEPCrack E.1 System Setup E.2 Experiment Details E.3 Sample Code F Acronyms References Index