1st Edition

Network and Application Security Fundamentals and Practices

By Debashis Ganguly Copyright 2012
    166 Pages 39 B/W Illustrations
    by CRC Press

    168 Pages
    by CRC Press

    To deal with security issues effectively, it is usually not sufficient to have knowledge of theories. Practical experience in dealing with these issues is essential. This book discusses the basic theories and also helps develop a practical outlook on the matter in a short and intriguing, manner. It provides readers with basic concepts and an awareness of industry standards and best practices. It answers questions such as "How do I know which cryptographic approach to be followed?", "How do I set a firewall?", "How do I secure specific network layers or application?", "How do I fight against application level attacks?", "How should I code securely?"

    Network Security— Fundamentals and Practices
    Network Security Fundamentals
    Security Triangle (Three Fundamental Objectives of Network Security)—Confidentiality; Integrity; Availability
    Security Threats—Classification of Network Threats; Confidentiality Attack; Integrity Attack; Availability Attack;
    Understanding Security Measures
    Cryptography and Network Security
    Confidentiality with Symmetric Key Cryptography—Data Encryption Standard; Triple DES; Advanced Encryption
    Standard; Key Distribution and Confidentiality
    Public Key Cryptography and Message Authentication—Overview; RSA Public-Key Encryption Algorithm; Diffie-
    Hellman Key Exchange; Elliptic Curve Architecture and Cryptography; Key Management
    System-level Security
    Firewall—Design Goals behind Firewall; Security Controls in Firewall; Design Limitations of Firewall; Firewall Types; Firewall Configuration
    Intrusion Detection and Intrusion Prevention Systems—Overview; Intrusion Detection Systems; Intrusion Prevention System
    Applications for Network Security
    Kerberos—an Authentication Protocol—Overview; Implementation Mechanism; Analysis
    X.509 Authentication Service
    Electronic Mail Security
    —Overview; Pretty Good Privacy as a Solution to E-mail Security
    IP Security—Overview; Understanding the IPSec Architecture; IPSec Implementation; Security Association;
    Authentication Header; Encapsulating Security Payload (ESP); IPSec Operation Modes; Key Management
    Web Security—Overview; Web Security Threats; Overview of Security Threat Modelling and General Countermeasures;
    Secure Socket Layer and Transport Layer Security

    Application Security—Fundamentals and Practices
    Application Level Attacks
    Occurrences
    Consequences
    Attack Types
    SQL Injection
    —Overview; Consequences; Remediation
    Cross Site Scripting (XSS)—Overview; Consequences; Remediation
    XML-related Attacks—XML Entity Attacks; XML Injection; XPATH Injection; Remediation
    Log Injection—Overview; Consequences; Remediation
    Path Manipulation—Overview; Consequences; Remediation
    HTTP Response Splitting—Overview; Consequences; Remediation
    LDAP Injection—Overview; Consequences; Remediation
    Command Injection—Overview; Consequences; Remediation
    Buffer Overflow—Overview; Consequences; Remediation
    Cross Site Request Forgery (CSRF)—Overview; Consequences; Remediation
    Practical Software Security—ASP.Net and Java
    ASP.Net Security Guidelines—Overview; Code Access Security (CAS); Windows CardSpace; MachineKey
    Configuration; Authentication in .Net; Restricting Configuration Override
    Java Security Guidelines—Java Security Model; Specifying Security Constraints
    Securing Some Application—Specific Networks
    Securing Storage Area Networks—Overview; Purpose behind SAN; SAN Design Components; SAN Security Issues;
    Security Measures for SAN
    Securing VOIP-enabled Networks—Overview; Why VoIP?; VoIP Design Components; VoIP Security Issues; Security Measures for VoIP

    Biography

    Debashis Ganguly