Foundations Network Security 4374FM.fm Page i Tuesday, August 10, 2004 8:16 PM 4374FM.fm Page ii Tuesday, August 10, 2004 8:16 PM San Francisco ◆ London Foundations Network Security Matthew Strebe 4374FM.fm Page iii Tuesday, August 10, 2004 8:16 PM Associate Publisher: Neil Edde Acquisitions and Developmental Editor: Maureen Adams Production Editor: Elizabeth Campbell Technical Editor: Donald Fuller Copyeditor: Judy Flynn Compositor: Laurie Stewart, Happenstance Type-o-Rama Proofreaders: Laurie O’Connell, Nancy Riddiough Indexer: Nancy Guenther Book Designer: Judy Fung Cover Design: Ingalls + Associates Cover Photo: Jerry Driendl, Taxi Copyright © 2004 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. An earlier version of this book was published under the title Network Security Jumpstart © 2002 SYBEX Inc. Library of Congress Card Number: 2004109315 ISBN: 0-7821-4374-1 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. Screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 4374FM.fm Page iv Tuesday, August 10, 2004 8:16 PM To Kira Rayleigh Strebe Kira Lyra Loo, I love you 4374FM.fm Page v Tuesday, August 10, 2004 8:16 PM Acknowledgments My wife does an amazing job of handling our life, our house, and our kids so that I can run a business and write books. Without her, none of my books would have been written. I’d like to thank Seanna for prying off and losing the keycaps of the non-critical laptop, Nathan for only losing the ball out of the trackball twice during the production of this book, and Kira for not being able to walk yet and for not choking on the keycap she found under the couch. I’d like to thank Maureen Adams, who is my friend more than my editor, for suggesting this title and steering it through the process. Elizabeth Campbell did an expert job managing the flurry of e-mail that constitutes the modern writing process, and did so with an infectious enthusiasm that made the process easy. Judy Flynn expanded the acronyms, excised the jargon (well, some of it, anyway), clarified the odd constructions, and corrected the capitalization (or standardized it, at least). Without her, this book would have been much harder to understand. Thanks also to the CD team of Dan Mummert and Kevin Ly for their work on the companion CD. 4374FM.fm Page vi Tuesday, August 10, 2004 8:16 PM Contents Introduction xv Chapter 1 Security Principles 1 Why Computers Aren’t Secure . . . . . . . . . . . . . . . . . . . . . . 2 The History of Computer Security . . . . . . . . . . . . . . . . . . . 4 –1945 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1945–1955 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1955–1965 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1965–1975 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1975–1985 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1985–1995 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1995–2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2005– . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Chain of Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Chapter 2 Understanding Hacking 19 What Is Hacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Types of Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Security Experts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Underemployed Adult Hackers . . . . . . . . . . . . . . . . . . 21 Ideological Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Criminal Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Corporate Spies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Disgruntled Employees . . . . . . . . . . . . . . . . . . . . . . . . 24 Vectors That Hackers Exploit . . . . . . . . . . . . . . . . . . . . . 24 Direct Intrusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Dial-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 4374FM.fm Page vii Tuesday, August 10, 2004 8:16 PM viii Contents Hacking Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Target Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Information Gathering . . . . . . . . . . . . . . . . . . . . . . . . 29 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Chapter 3 Encryption and Authentication 39 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Secret Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 41 One-Way Functions (Hashes) . . . . . . . . . . . . . . . . . . . 41 Public Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 43 Hybrid Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . 44 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Password Authentication . . . . . . . . . . . . . . . . . . . . . . . 45 Session Authentication . . . . . . . . . . . . . . . . . . . . . . . . 47 Public Key Authentication . . . . . . . . . . . . . . . . . . . . . . 48 Certificate-Based Authentication . . . . . . . . . . . . . . . . . 49 Biometric Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 50 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Chapter 4 Managing Security 53 Developing a Security Policy . . . . . . . . . . . . . . . . . . . . . . 54 Creating a Policy Requirements Outline . . . . . . . . . . . 54 Security Policy Best Practices . . . . . . . . . . . . . . . . . . . . 58 Implementing Security Policy . . . . . . . . . . . . . . . . . . . . . . 63 Applying Automated Policy . . . . . . . . . . . . . . . . . . . . . 64 Human Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Updating the Security Policy . . . . . . . . . . . . . . . . . . . . . . 67 The Security Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Chapter 5 Border Security 71 Principles of Border Security . . . . . . . . . . . . . . . . . . . . . . 72 Understanding Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . 74 Fundamental Firewall Functions . . . . . . . . . . . . . . . . . 74 Firewall Privacy Services . . . . . . . . . . . . . . . . . . . . . . . 82 Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . 83 Other Border Services . . . . . . . . . . . . . . . . . . . . . . . . . 83 4374FM.fm Page viii Tuesday, August 10, 2004 8:16 PM Contents ix Selecting a Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Chapter 6 Virtual Private Networks 87 Virtual Private Networking Explained . . . . . . . . . . . . . . . 88 IP Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Cryptographic Authentication . . . . . . . . . . . . . . . . . . . 89 Data Payload Encryption . . . . . . . . . . . . . . . . . . . . . . . 90 Characteristics of VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Common VPN Implementations . . . . . . . . . . . . . . . . . . . 91 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 PPP/SSL or PPP/SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 95 VPN Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Chapter 7 Securing Remote and Home Users 101 The Remote Security Problem . . . . . . . . . . . . . . . . . . . . 102 Virtual Private Security Holes . . . . . . . . . . . . . . . . . . 102 Laptops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Protecting Remote Machines . . . . . . . . . . . . . . . . . . . . . 103 VPN Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Data Protection and Reliability . . . . . . . . . . . . . . . . . 106 Backups and Archiving . . . . . . . . . . . . . . . . . . . . . . . 106 Protecting against Remote Users . . . . . . . . . . . . . . . . . . 107 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Chapter 8 Malware and Virus Protection 111 Understanding Malware . . . . . . . . . . . . . . . . . . . . . . . . . 112 Understanding Viruses . . . . . . . . . . . . . . . . . . . . . . . . 112 Virus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Natural Immunity . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Active Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Understanding Worms and Trojan Horses . . . . . . . . . . . 119 Protecting Against Worms . . . . . . . . . . . . . . . . . . . . . 121 Implementing Virus Protection . . . . . . . . . . . . . . . . . . . . 121 4374FM.fm Page ix Tuesday, August 10, 2004 8:16 PM x Contents Client Virus Protection . . . . . . . . . . . . . . . . . . . . . . . 122 Server-Based Virus Protection . . . . . . . . . . . . . . . . . . 123 E-Mail Gateway Virus Protection . . . . . . . . . . . . . . . 124 Firewall-Based Virus Protection . . . . . . . . . . . . . . . . . 124 Enterprise Virus Protection . . . . . . . . . . . . . . . . . . . . 125 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Chapter 9 Creating Fault Tolerance 127 Causes for Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Human Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Routine Failure Events . . . . . . . . . . . . . . . . . . . . . . . 128 Crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Environmental Events . . . . . . . . . . . . . . . . . . . . . . . . 132 Fault Tolerance Measures . . . . . . . . . . . . . . . . . . . . . . . 133 Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Uninterruptible Power Supplies (UPSs) and Power Generators . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Redundant Array of Independent Disks (RAID) . . . . 139 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Border Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Offsite Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Deployment Testing . . . . . . . . . . . . . . . . . . . . . . . . . 142 Circuit Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Clustered Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Terms to Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Chapter 10 Windows Security 149 Windows Local Security . . . . . . . . . . . . . . . . . . . . . . . . 150 Security Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Resource Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Objects and Permissions . . . . . . . . . . . . . . . . . . . . . . 154 NTFS File System Permissions . . . . . . . . . . . . . . . . . . 157 Encrypting File System (EFS) . . . . . . . . . . . . . . . . . . . 158 Windows Network Security . . . . . . . . . . . . . . . . . . . . . . 159 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Kerberos Authentication and Domain Security . . . . . 160 Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 4374FM.fm Page x Tuesday, August 10, 2004 8:16 PM [...]... Chapter 11 16 6 16 9 17 1 17 2 19 2 19 3 19 4 19 5 19 6 19 6 19 6 19 8 200 2 01 203 204 205 206 207 208 209 210 211 Web Server Security 213 Web Security Problems 214 Implementing Web Server Security 214 Common Security Solutions 215 xi xii Contents Apache Security Internet Information Services Security ...Contents Share Security IPSec Terms to Know Review Questions Chapter 13 17 3 17 4 17 7 17 7 18 0 18 4 18 6 18 6 18 9 19 0 Unix Network Security 19 1 Unix Network Security Basics Remote Logon Security Remote Access... Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 269 270 2 71 272 273 274 275 276 276 278 279 280 2 81 282 283 Glossary 285 Index 299 xiii Introduction... to a particular platform Who Should Read This Book? Network Security Foundations is designed to teach the fundamentals of computer and network security to people who are fairly new to the topic: ◆ People interested in learning more about computer and network security ◆ Decision-makers who need to know the fundamentals in order to make valid, informed security choices ◆ Administrators who feel they are... about network security ◆ Small business owners interested in understanding the ramifications of their IT decisions xvi Introduction ◆ Those interested in learning more about why computer security is a problem and what the solutions are ◆ Instructors teaching a network security fundamentals course ◆ Students enrolled in a network security fundamentals course What This Book Covers Working in computer security. .. process of network security, and you will see that many of the security concepts are actually named after their real-world counterparts because the analogies are so apt This book continues to build your understanding about network security progressively, like climbing a ladder Here’s how the information is presented: Chapters 1 and 2 These chapters introduce computer security and explain why the security. .. time when you only needed to worry about security if you had something important to protect, but these days, if you don’t understand computer security, the computers you are responsible for will be hacked My goal with Network Security Foundations is to introduce you to computer security concepts so that you’ll come away with an intermediate understanding of security as it pertains to computers This... is absolutely essential that you understand computer security in order to secure the systems that you are responsible for against attack Network Security Foundations contains many drawings and charts that help create a comfortable learning environment It provides many real-world analogies that you will be able to relate to and through which network security will become tangible The analogies provide... discuss security issues outside the realm of direct attack by hackers: viruses, worms, Trojan horses, spyware, spam, and routine failure Solutions to all of these problems are evaluated Chapters 10 through 12 These chapters detail the security features of Windows and Unix, which are the two most popular operating systems and used on 99 percent of all of the computers in the world Chapters 13 and 14 These... add it The History of Computer Security worm Any program that takes active measures to replicate itself onto other machines in a network A network virus When you understand the history of computer security, it becomes obvious why computers aren’t secure Stories of major, nearly catastrophic, hacking exploits happen all the time 20 01 was a particularly bad year for Internet security The Code Red worm spread . 19 0 Chapter 12 Unix Network Security 19 1 Unix Network Security Basics . . . . . . . . . . . . . . . . . . . . 19 2 Remote Logon Security . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Remote. Foundations Network Security 4374FM.fm Page i Tuesday, August 10 , 2004 8 :16 PM 4374FM.fm Page ii Tuesday, August 10 , 2004 8 :16 PM San Francisco ◆ London Foundations Network Security . 14 8 Chapter 10 Windows Security 14 9 Windows Local Security . . . . . . . . . . . . . . . . . . . . . . . . 15 0 Security Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1 Logging