Table of Contents

1 Survivability: A Paradigm Shift........................................................................ 1

1.1 Instructional Objectives............................................................................... 2
1.2 Overview..................................................................................................... 3
1.3 Survivability Defined ................................................................................... 4
1.4 Security vs. Survivability ............................................................................. 6
1.5 Layered Approach to Survivability ............................................................ 10
1.6 Information Security Model ....................................................................... 11
1.6.1 Information Security Properties..................................................... 12
1.6.2 Information States......................................................................... 13
1.6.3 Security Measures ........................................................................ 15
1.6.4 Information Security Model ........................................................... 16
1.6.5 Information Security Conepts........................................................ 17
1.7 Review Questions..................................................................................... 19
1.8 Summary .................................................................................................. 20
1.9 Bibliography .............................................................................................. 21

2 Threat Awareness ........................................................................................... 23

2.1 Instructional Objectives............................................................................. 24
2.2 Overview................................................................................................... 25
2.3 General Attack Sequence ......................................................................... 26
2.3.1 Threat Management Terms .......................................................... 27
2.4 Footprinting............................................................................................... 29
2.4.1 Defined.......................................................................................... 29
2.4.2 Step-by-step guide........................................................................ 30
2.5 Scanning................................................................................................... 40
2.5.1 Ping Sweeps ................................................................................. 41
2.5.2 Port Scans .................................................................................... 43
2.5.3 Operating System Identification .................................................... 46
2.6 Enumeration ............................................................................................. 49
2.6.1 Windows Enumeration Techniques .............................................. 50
2.7 Network Enumeration Techniques ............................................................ 56
2.8 Identify Asset vulnerabilities...................................................................... 59
2.8.1 Vulnerability Exploit Cycle............................................................. 60

Information Security for Technical Staff i

 2.8.2 Sequence and Align Vulnerabilities .............................................. 62
2.8.3 Weak Default Settings .................................................................. 63
2.9 Information Gathering............................................................................... 65
2.9.1 Scans............................................................................................ 66
2.9.2 Packet Sniffing.............................................................................. 67
2.9.3 Malicious Code Attacks ................................................................ 69
2.10 Exploitation of Software Bugs................................................................... 77
2.11 Weak Network Protocols–IPv4 ................................................................. 79
2.11.1 Denial of Service Attacks.............................................................. 80
2.12 Network Flooding ..................................................................................... 82
2.12.1 “Smurf” Attack............................................................................... 84
2.12.2 SYN Attack ................................................................................... 88
2.12.3 UDP bounce Attack ...................................................................... 89
2.12.4 Distributed DoS Attack.................................................................. 91
2.13 Carrying Out the Attack ............................................................................ 93
2.14 Review questions ..................................................................................... 94
2.15 Summary .................................................................................................. 95
2.16 References ............................................................................................... 96

3 Risk Management ........................................................................................... 97

3.1 Instructional Objectives ............................................................................ 98
3.2 Overview .................................................................................................. 99
3.3 Description of Risk ................................................................................. 100
3.3.1 Risk Impact ................................................................................. 101
3.4 Components of Risk ............................................................................... 103
3.4.1 Identify Assets ............................................................................ 105
3.4.2 Identify Critical Assets ................................................................ 107
3.4.3 Identify Security Requirements................................................... 109
3.4.4 Vulnerabilities ............................................................................. 110
3.4.5 Threats ....................................................................................... 111
3.5 Calculating Risk Exposure ......................................................................112
3.5.1 Qualitative Risk Analysis ............................................................ 114
3.5.2 Quantitative Risk Analysis .......................................................... 117
3.6 Risk Management ...................................................................................119
3.6.1 Risk Management Strategies...................................................... 120
3.7 Review Questions .................................................................................. 122
3.8 Summary ................................................................................................ 123
3.9 Bibliography (Sources used throughout) ................................................ 124

4 Policy Management ...................................................................................... 125

4.1 Instructional Objectives .......................................................................... 129

ii Information Security for Technical Staff

 4.2 Overview................................................................................................. 130
4.3 Information Security Policy ..................................................................... 133
4.4 Senior Management Statement of Policy................................................ 135
4.5 Policy Components................................................................................. 137
4.6 Supporting Documents ........................................................................... 140
4.6.1 Stakeholders and Contributors ................................................... 142
4.7 Characteristics of an Effective IS Policy ................................................. 144
4.7.1 Traceable, long-term focus ......................................................... 144
4.7.2 Clearly defined scope ................................................................. 144
4.7.3 Involves stakeholders, affected parties....................................... 144
4.7.4 Addresses what, not how............................................................ 144
4.7.5 Realistic ...................................................................................... 145
4.7.6 Role based.................................................................................. 145
4.7.7 Documented, up-to-date ............................................................. 145
4.7.8 Visible and actively enforced ...................................................... 145
4.7.9 Awareness and training .............................................................. 145
4.7.10 Minimum Set of Policy Topics..................................................... 146
4.7.11 Acceptable Use Policy Topics..................................................... 149
4.7.12 Policy Topics for Privileged Users (Admin)................................. 151
4.8 Review Questions................................................................................... 152
4.9 Summary ................................................................................................ 153
4.10 Bibliography ............................................................................................ 154
4.11 References ............................................................................................. 156

5 Configuration Management ......................................................................... 157

5.1 Instructional Objectives........................................................................... 159
5.2 Overview................................................................................................. 160
5.3 Defining Configuration Management and Control................................... 161
5.3.1 Change Control........................................................................... 163
5.3.2 Configuration Management vs. Change Control......................... 164
5.4 The Configuration Management Process ............................................... 165
5.5 Certification and Accreditation Phases ................................................... 167
5.6 Configuration Management Problems and Pitfalls.................................. 173
5.6.1 Examples–Change Control Problems......................................... 176
5.7 Impact on Survivability............................................................................ 178
5.7.1 Consequences: The Bad and the Ugly ....................................... 180
5.8 Role of the IT Manager ........................................................................... 181
5.9 Best Practice: Change Control Process ................................................. 183
5.10 Review Questions................................................................................... 189
5.11 Summary ................................................................................................ 190

Information Security for Technical Staff iii

6 Availability Management.............................................................................. 191
6.1 Instructional Objectives .......................................................................... 192
6.2 Overview ................................................................................................ 193
6.3 Definitions and Concepts........................................................................ 194
6.3.1 Fault tolerance, Redundancy, and Disaster Tolerance............... 195
6.4 Levels of Availability ............................................................................... 197
6.5 Single Points of Failure (SPOF) ............................................................. 199
6.5.1 SPOF in Systems and Network .................................................. 200
6.5.2 SPOF in Personnel ..................................................................... 207
6.5.3 SPOF in Dependency Services .................................................. 208
6.6 Disaster Recovery .................................................................................. 213
6.6.1 Mutual Aid Agreements .............................................................. 214
6.6.2 Hot Site ....................................................................................... 214
6.6.3 Cold Site ..................................................................................... 214
6.6.4 Warm Site ................................................................................... 215
6.6.5 Multiple Centers.......................................................................... 215
6.6.6 Service Bureaus ......................................................................... 215
6.6.7 Testing the Disaster Recovery Plan ........................................... 215
6.6.8 The Recovery Team ................................................................... 216
6.6.9 The Salvage Team ..................................................................... 216
6.6.10 Normal Operations Resume ....................................................... 217
6.6.11 Other Recovery Issues ............................................................... 217
6.6.12 Case Study: Beth Israel Deaconess Medical Center.................. 217
6.7 Best Practices for Ensuring Availability .................................................. 219
6.7.1 Host System Availability Strategies ............................................ 220
6.7.2 Newtork Availability Strategies ................................................... 222
6.7.3 Management Strategies.............................................................. 224
6.8 Review Questions .................................................................................. 225
6.9 Summary ................................................................................................ 226

7 TCP/IP Security ............................................................................................. 227

7.1 Instructional Objectives .......................................................................... 228
7.2 Overview ................................................................................................ 229
7.3 TCP/IP History........................................................................................ 230
7.4 TCP/IP Layered Architecture .................................................................. 232
7.5 Network Access Layer ............................................................................ 234
7.5.1 ARP ............................................................................................ 237
7.5.2 ARP Security Concerns .............................................................. 239
7.6 TCP/IP Internet Layer............................................................................. 241
7.6.1 IP Characteristics........................................................................ 242
7.6.2 IP Addressing ............................................................................. 243

iv Information Security for Technical Staff

 7.6.3 IP Packet Format ........................................................................ 246
7.6.4 IP Fragmentation and Reassembly............................................. 248
7.6.5 IP Security Concerns .................................................................. 255
7.6.6 ICMP Functions .......................................................................... 257
7.6.7 The ICMP Packet........................................................................ 258
7.6.8 ICMP Message Types................................................................. 259
7.6.9 ICMP Code Field......................................................................... 261
7.6.10 ICMP Security Concerns............................................................. 264
7.7 TCP/IP Transport Layer .......................................................................... 266
7.7.1 TCP Characteristics .................................................................... 267
7.7.2 TCP Segment Format ................................................................. 269
7.7.3 TCP “Three-Way Handshake” .................................................... 271
7.7.4 TCP Flags–Why so Important?................................................... 273
7.7.5 TCP Security Concerns .............................................................. 276
7.7.6 UDP Characteristics.................................................................... 279
7.7.7 UDP Packet Format .................................................................... 281
7.7.8 UDP Security Concerns .............................................................. 282
7.7.9 Service Ports............................................................................... 284
7.8 TCP/IP Version 6 .................................................................................... 286
7.8.1 Paradigm Change with IPv4 to IPv6 ........................................... 289
7.8.2 IPv6 characteristics..................................................................... 291
7.8.3 Increased Address Space........................................................... 292
7.8.4 Map Globe with IP Addresses?................................................... 293
7.8.5 Simplified Header........................................................................ 294
7.8.6 Extension Headers...................................................................... 296
7.8.7 Enhanced Mobility....................................................................... 299
7.8.8 Easier Configuration ................................................................... 301
7.8.9 Improved Quality of Service........................................................ 302
7.8.10 Integrated Security...................................................................... 305
7.8.11 IPv4 to IPv6 Transition: Mechanisms.......................................... 306
7.8.12 IPv4 to IPv6 Transition: Security Risks ....................................... 308
7.8.13 IPv6 Work Remaining ................................................................. 310
7.9 Review Questions................................................................................... 311
7.10 Summary ................................................................................................ 312
7.11 Bibliography ............................................................................................ 313

8 Cryptography ................................................................................................ 315

8.1 Instructional Objectives........................................................................... 316
8.2 Overview................................................................................................. 317
8.3 History of Cryptography .......................................................................... 320
8.4 Basic Cryptography Terms...................................................................... 323
8.4.1 Plaintext ...................................................................................... 324

Information Security for Technical Staff v

 8.4.2 Cipher ......................................................................................... 325
8.4.3 Ciphertext ................................................................................... 328
8.4.4 Algorithm..................................................................................... 329
8.4.5 Keys............................................................................................ 330
8.4.6 Cryptosystem.............................................................................. 334
8.5 Types of Encryption ................................................................................ 335
8.5.1 Symmetric Encryption................................................................. 336
8.5.2 Asymmetric Encryption ............................................................... 338
8.5.3 Hybrid Model............................................................................... 341
8.6 Common Encryption Algorithms ............................................................. 343
8.6.1 DES ............................................................................................ 344
8.6.2 Triple DES .................................................................................. 346
8.6.3 IDEA ........................................................................................... 348
8.6.4 AES ............................................................................................ 349
8.6.5 RC4 ............................................................................................ 352
8.6.6 RSA ............................................................................................ 353
8.6.7 ELGamal..................................................................................... 354
8.6.8 Hash Function............................................................................. 356
8.6.9 MD5 ............................................................................................ 357
8.6.10 SHA ............................................................................................ 359
8.7 Cryptography Applications...................................................................... 360
8.7.1 Hash Examaple .......................................................................... 360
8.8 Digital Signatures ................................................................................... 361
8.8.1 Properties of a Digital Signature ................................................. 362
8.8.2 Digital Certificates....................................................................... 365
8.9 Steganography ....................................................................................... 367
8.9.1 How Does Steganography Work? .............................................. 370
8.9.2 How Is It hidden? ........................................................................ 371
8.9.3 Impact of Steganography............................................................ 376
8.10 Review Questions .................................................................................. 377
8.11 Summary ................................................................................................ 378

9 Securing Host Systems................................................................................ 379

9.1 Instructional Objectives .......................................................................... 380
9.2 Overview ................................................................................................ 381
9.3 Host Systems from Known Vulnerabilities .............................................. 382
9.3.1 Harden Host and Networked Systems........................................ 382
9.3.2 Physical Security ........................................................................ 385
9.3.3 Install Necessary Software Only................................................. 388
9.3.4 What Services Are Necessary? .................................................. 390
9.3.5 Secure Necessary Services........................................................ 393
9.3.6 Secure Weak Default Settings.................................................... 398

vi Information Security for Technical Staff

 9.3.7 Anti-Virus Software ..................................................................... 401
9.3.8 Host-based Firewalls .................................................................. 402
9.3.9 Logging ....................................................................................... 407
9.3.10 Data Integrity............................................................................... 410
9.3.11 Backups ...................................................................................... 414
9.3.12 Windows 2000 Hardening........................................................... 416
9.4 Implement Access Controls .................................................................... 426
9.4.1 Identity and Authentication.......................................................... 429
9.4.2 The Best Protection .................................................................... 431
9.4.3 Authentication Methods Summary .............................................. 443
9.4.4 What Access IS Needed? ........................................................... 444
9.4.5 Assign Permission To Groups .................................................... 446
9.4.6 Windows 2000 NTFS ACLS........................................................ 447
9.4.7 POSIX ACLs ............................................................................... 453
9.5 Implementing Encryption to Secure Data ............................................... 459
9.5.1 Recovery Agents, Revocation Keys, and Key Escrow................ 459
9.5.2 Encryption–Applications.............................................................. 461
9.5.3 Encrypting File System Architecture ........................................... 464
9.6 Review Questions................................................................................... 466
9.7 Summary ................................................................................................ 467
9.8 References ............................................................................................. 469

10 Securing Network Services.......................................................................... 471

10.1 Instructional Objectives........................................................................... 472
10.2 Overview................................................................................................. 473
10.3 Network Authentication Methods ............................................................ 474
10.3.1 PAP, CHAP, and EAP................................................................. 476
10.3.2 RADIUS and TACACS+.............................................................. 478
10.3.3 NTLM .......................................................................................... 479
10.3.4 What is Kerberos? ...................................................................... 481
10.3.5 Public Key Infrastructure............................................................. 487
10.4 Securing Critical Network Services......................................................... 490
10.5 Securing DNS Best Practices ................................................................. 491
10.5.1 DNS Security for the Internet ...................................................... 494
10.5.2 Securing DNS in Windows.......................................................... 496
10.6 Securing DHCP Service ......................................................................... 497
10.7 SNMP Security Best Practices ............................................................... 501
10.8 Email Security Best Practices................................................................. 504
10.9 Securing WWW Services........................................................................ 507
10.9.1 Real-Time Communication ......................................................... 511
10.10 VTC and VolP .................................................................................. 512

Information Security for Technical Staff vii

 10.11 Instant Messaging and Presence .................................................... 513
10.11.1 Securing RTC ......................................................................... 514
10.12 VPN ................................................................................................. 516
10.12.1 VPN Implementation Goals .................................................... 517
10.12.2 Transport vs. Tunneling Protocols.......................................... 519
10.12.3 VPN vs. Dedicated Circuit ...................................................... 520
10.12.4 Available Deployment Choices............................................... 522
10.12.5 VPN Implementations............................................................. 523
10.12.6 The SSH Protocol................................................................... 524
10.12.7 SSH Key Facts ....................................................................... 527
10.12.8 SSL and TLS .......................................................................... 528
10.12.9 The SSL/TLS Protocol............................................................ 529
10.12.10 SSL Handshake.................................................................... 531
10.12.11 TLS’s Improvements............................................................. 534
10.12.12 IPSec Basics ........................................................................ 535
10.12.13 L2TP ..................................................................................... 545
10.13 Review Questions ........................................................................... 549
10.14 Summary ......................................................................................... 550
10.15 References ...................................................................................... 551

11 Securing Network Infrastructure................................................................. 553

11.1 Instructional Objectives .......................................................................... 554
11.2 Overview ................................................................................................ 555
11.3 Physical Security of Infrastructure .......................................................... 556
11.4 Securing 802.11x Networking................................................................. 559
11.4.1 IEEE 802 Protocols..................................................................... 560
11.4.2 802.11x Comparison................................................................... 561
11.4.3 Service Sets................................................................................ 563
11.5 Wireless Security.................................................................................... 564
11.5.1 Best Practices............................................................................. 572
11.6 Switch and Router Security .................................................................... 574
11.6.1 Securing a Switched Network..................................................... 574
11.6.2 An overview of VLAN technology ............................................... 578
11.6.3 VLAN Implementation Issues ..................................................... 581
11.6.4 VLAN Security Issues ................................................................. 583
11.6.5 Protecting Data from Sniffing...................................................... 585
11.6.6 Harden the Router ...................................................................... 587
11.6.7 Filtering Traffic with Access Lists................................................ 597
11.6.8 Placement of Access Lists in Network........................................ 600
11.6.9 Access List Best Practices.......................................................... 602
11.6.10 Secure Routing Table Updates .............................................. 612
11.7 Review Questions .................................................................................. 615

viii Information Security for Technical Staff

 11.8 Summary ................................................................................................ 616
11.9 References ............................................................................................. 617

12 Firewalls......................................................................................................... 619
12.1 Instructional Objectives........................................................................... 622
12.2 Overview................................................................................................. 623
12.3 Firewall Definition ................................................................................... 624
12.4 Firewall Roles ......................................................................................... 626
12.5 Firewall Architectures and Functions ...................................................... 627
12.5.1 Architecture Considerations........................................................ 628
12.5.2 Firewall Architectures.................................................................. 630
12.5.3 Architecture Classes and Tradeoff Criteria ................................. 632
12.5.4 Single Layer Architecture–Basic ................................................. 634
12.5.5 Single Layer Architecture– Base with untrustworthy host.......... 635
12.5.6 Single Layer Architecture–Basic with DMZ network ................... 636
12.5.7 Multi Layer Architecture–Dual with DMZ network ....................... 637
12.6 Firewall Functions................................................................................... 638
12.6.1 Stateless Packet Filtering ........................................................... 639
12.6.2 Stateful Packet Filtering .............................................................. 641
12.6.3 Stateless vs. Stateful .................................................................. 642
12.6.4 Stateless vs. Stateful–UDP......................................................... 643
12.7 Application Proxy .................................................................................... 644
12.7.1 Transparent vs. Non-transparent Proxies ................................... 647
12.8 Network Address Translation (NAT)........................................................ 648
12.8.1 Static NAT................................................................................... 650
12.8.2 Dynamic NAT.............................................................................. 651
12.8.3 Overloading or Port Address Translation (PAT) ......................... 652
12.9 Function Selection Criteria...................................................................... 654
12.10 Review Questions............................................................................ 656
12.11 Summary ......................................................................................... 657
12.12 References ...................................................................................... 658

13 Intrusion Detection Systems ....................................................................... 661

13.1 Instructional Objectives:.......................................................................... 662
13.2 Overview................................................................................................. 663
13.3 What is IDS?........................................................................................... 664
13.4 Evolution of the IDS ................................................................................ 665
13.5 IDS Terms ............................................................................................... 666
13.5.1 Sensor......................................................................................... 666
13.5.2 Analyzer ...................................................................................... 666
13.5.3 Alert mechanism ......................................................................... 666

Information Security for Technical Staff ix

 13.5.4 Logging mechanism.................................................................... 666
13.5.5 User interface ............................................................................. 667
13.5.6 Honeypot .................................................................................... 667
13.6 Common Strategies................................................................................ 668
13.6.1 Signature Characteristics:........................................................... 669
13.6.2 Signature-based Advantages: .................................................... 670
13.6.3 Signature-based Disadvantages:................................................ 671
13.6.4 Signature-based Typical Deployment Environment:................... 672
13.6.5 Anomaly-based Characteristics: ................................................. 673
13.6.6 Anomaly-based Advantages:...................................................... 675
13.6.7 Anomaly-based Disadvantages: ................................................. 676
13.6.8 Anomaly-based Typical Deployment Environment: .................... 677
13.6.9 Host-based Characteristics:........................................................ 678
13.6.10 Host-based Advantages: ........................................................ 680
13.6.11 Host-based Disadvantages: ................................................... 681
13.6.12 Host-based Typical Deployment Environments:..................... 682
13.6.13 Network-based Characteristics:.............................................. 683
13.6.14 Network-based Advantages: .................................................. 685
13.6.15 Network-based Disadvantages:.............................................. 686
13.6.16 Network-based Typical Deployment Environment:................. 687
13.7 How Can Intruders Detect IDS? ............................................................. 688
13.8 IDS Evasion Techniques......................................................................... 689
13.9 IDS Evasion Countermeasures .............................................................. 694
13.10 Implementing IDS............................................................................ 698
13.11 Practical Problems .......................................................................... 700
13.12 Administrative Responsibilities........................................................ 702
13.13 Review Questions ........................................................................... 708
13.14 Summary ......................................................................................... 709
13.15 References ...................................................................................... 710
13.16 Recommended further reading........................................................ 710

Answer Appendix for Modules 1-13 ........................................................................ 1

x Information Security for Technical Staff