Network Security, Administration and Management by Dulal Chandra Kar and Mahbubur Rahman Syed


60587c9896312e9-261x361.jpeg Author Dulal Chandra Kar and Mahbubur Rahman Syed
Isbn 9781609607777
File size 4.6MB
Year 2011
Pages 384
Language English
File format PDF
Category security


 

Network Security, Administration and Management: Advancing Technology and Practice Dulal Chandra Kar Texas A&M University-Corpus Christi, USA Mahbubur Rahman Syed Minnesota State University, Mankato, USA Senior Editorial Director: Director of Book Publications: Editorial Director: Acquisitions Editor: Development Editor: Production Editor: Typesetters: Print Coordinator: Cover Design: Kristin Klinger Julia Mosemann Lindsay Johnston Erika Carter Joel Gamon Sean Woznicki Natalie Pronio, Jennifer Romanchak, Milan Vracarich Jr Jamie Snavely Nick Newcomer Published in the United States of America by Information Science Reference (an imprint of IGI Global) 701 E. Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: [email protected] Web site: http://www.igi-global.com/reference Copyright © 2011 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging-in-Publication Data Network security, administration and management: advancing technology and practice / Dulal Chandra Kar and Mahbubur Rahman Syed, editors. p. cm. Includes bibliographical references and index. Summary: “This book identifies the latest technological solutions, practices and principles on network security while exposing possible security threats and vulnerabilities of contemporary software, hardware, and networked systems”-- Provided by publisher. ISBN 978-1-60960-777-7 (hardcover) -- ISBN 978-1-60960-778-4 (ebook) -- ISBN 978-1-60960-779-1 (print & perpetual access) 1. Computer networks-Management. 2. Computer networks--Security measures. I. Kar, Dulal Chandra, 1960- II. Syed, Mahbubur Rahman, 1952TK5105.5.N466724 2011 005.8--dc22 2011010430 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library. All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not necessarily of the publisher. Editorial Advisory Board Luther Troell, Rochester Institute of Technology, USA Iuon-Chang Lin, National Chung Hsing University, Taiwan, R.O.C. Christos Bouras, University of Patras, Greece Gregorio Martinez, University of Murcia, Spain Timothy J. McGuire, Sam Houston State University, USA Chuan-Kun Wu, Chinese Academy of Sciences, China Muhammad Nadzir Marsono, Universiti Teknologi, Malaysia Mario Garcia, Texas A&M University-Corpus Christi, USA Jim Holt, Freescale Semiconductor, Inc., USA John Fernandez, Texas A&M University-Corpus Christi, USA List of Reviewers Aftab Ahmad, Norfolk State University, USA Christos Bouras, University of Patras, Greece Bruce Hartpence, Rochester Institute of Technology, USA Jim Holt, Freescale Semiconductor, Inc., USA Dijiang Huang, Arizona State University, USA Ajay Katangur, Texas A&M University-Corpus Christi, USA David Lee, The Ohio State University, USA Salvador Mandujano, Intel Corporation, USA B. Dawn Medlin, Appalachian State University, USA Sumita Mishra, Rochester Institute of Technology, USA Clifton Mulkey, Texas A&M University-Corpus Christi, USA Yin Pan, Rochester Institute of Technology, USA Remzi Seker, University of Arkansas at Little Rock, USA Christophe Veltsos, Minnesota State University, Mankato, USA Chuan-Kun Wu, Chinese Academy of Sciences, China Xun Yi, Victoria University, Australia Table of Contents Foreword . ...........................................................................................................................................xiii Preface . ............................................................................................................................................... xiv Acknowledgment................................................................................................................................. xxi Section 1 Network Systems Security Chapter 1 Basic Device and Protocol Security......................................................................................................... 1 Bruce Hartpence, Rochester Institute of Technology, USA Chapter 2 Mitigating the Blended Threat: Protecting Data and Educating Users.................................................. 20 Christophe Veltsos, Minnesota State University, Mankato, USA Chapter 3 Security Issues for Multi-Domain Resource Reservation...................................................................... 38 Christos Bouras, Research Academic Computer Technology Institute (CTI) & University of Patras, Greece Kostas Stamos, Research Academic Computer Technology Institute (CTI) & University of Patras, Greece Section 2 Authentication and Data Privacy: Passwords and Keys Chapter 4 Healthcare Employees and Passwords: An Entry Point for Social Engineering Attacks...................... 52 B. Dawn Medlin, Appalachian State University, USA Douglas May, Appalachian State University, USA Ken Corley, Appalachian State University, USA Chapter 5 Public Key Infrastructure....................................................................................................................... 65 Reed Petty, University of Arkansas at Little Rock, USA Jiang Bian, University of Arkansas at Little Rock, USA Remzi Seker, University of Arkansas at Little Rock, USA Chapter 6 Key Management................................................................................................................................... 88 Chuan-Kun Wu, Chinese Academy of Sciences, China Section 3 Network Security Auditing, Assessment, and Manageability Security Chapter 7 Security Assessment of Networks........................................................................................................ 115 Aftab Ahmad, Norfolk State University, USA Chapter 8 Network Security Auditing.................................................................................................................. 131 Yin Pan, Rochester Institute of Technology, USA Bo Yuan, Rochester Institute of Technology, USA Sumita Mishra, Rochester Institute of Technology, USA Chapter 9 Network Manageability Security......................................................................................................... 158 Salvador Mandujano, Intel Corporation, USA Section 4 Sensor Network Security Chapter 10 Security and Attacks in Wireless Sensor Networks............................................................................. 183 Murat Al, University of Arkansas at Little Rock, USA Kenji Yoshigoe, University of Arkansas at Little Rock, USA Chapter 11 Wireless Sensor Networks: Emerging Applications and Security Solutions....................................... 217 Sumita Mishra, Rochester Institute of Technology, USA Chapter 12 Privacy Preserving Data Gathering in Wireless Sensor Networks...................................................... 237 Md. Golam Kaosar, Victoria University, Australia Xun Yi, Victoria University, Australia Section 5 Security Architectures, Algorithms, and Protocols Chapter 13 BANBAD: A Centralized Anomaly Detection Technique for Ad Hoc Networks............................... 253 Rajeev Agrawal, North Carolina A&T State University, USA Chaoli Cai, Western Michigan University, USA Ajay Gupta, Western Michigan University, USA Rajib Paul, Western Michigan University, USA Raed Salih, Western Michigan University, USA Chapter 14 Data Regulation Protocol for Source-End Mitigation of Distributed Denial of Service..................... 277 Nirav Shah, Arizona State University, USA Dijiang Huang, Arizona State University, USA Chapter 15 Instant Messaging Security.................................................................................................................. 288 Zhijun Liu, The Ohio State University, USA Guoqiang Shu, The Ohio State University, USA David Lee, The Ohio State University, USA Compilation of References ............................................................................................................... 324 About the Contributors .................................................................................................................... 348 Index.................................................................................................................................................... 356 Detailed Table of Contents Foreword . ...........................................................................................................................................xiii Preface . ............................................................................................................................................... xiv Acknowledgment................................................................................................................................. xxi Section 1 Network Systems Security Chapter 1 Basic Device and Protocol Security......................................................................................................... 1 Bruce Hartpence, Rochester Institute of Technology, USA This is an introductory chapter that addresses security issues of all common networking devices such as hubs, switches, access points, and routers, as well as vulnerable network protocols such as ARP (Address Resolution Protocol), SRP (Spanning Tree Protocol), ICMP (Internet Control Message Protocol), and DHCP (Dynamic Host Configuration Protocol). In addition, the chapter critically examines security issues in common routing protocols such as RIP (Routing Information Protocol), BGP (Border Gateway Protocol), and OSPF (Open Shortest Path First), as well as some network management protocols such as SNMP (Simple Network Management Protocol) and CDP (Cisco Discovery Protocol). Later, the chapter suggests ways to ensure device security, as well as protocol security to mitigate possible attacks. Chapter 2 Mitigating the Blended Threat: Protecting Data and Educating Users.................................................. 20 Christophe Veltsos, Minnesota State University, Mankato, USA This chapter discusses current trend and evolution in security threats, in which attackers use multiple, persistent approaches to attack a target. Traditional security technologies and practices such as antivirus software, firewalls, intrusion detection systems, cryptosystems, and automated patch delivery and installation mechanisms are shown to have limitations to mitigate such risks and attacks, known as blended threats. Accordingly, the author presents new security controls and strategies to mitigate such evolving risks. In addition, the chapter underscores the need for security awareness education and proposes organized training programs for common users. Chapter 3 Security Issues for Multi-Domain Resource Reservation...................................................................... 38 Christos Bouras, Research Academic Computer Technology Institute (CTI) & University of Patras, Greece Kostas Stamos, Research Academic Computer Technology Institute (CTI) & University of Patras, Greece This chapter addresses security issues of the components that are responsible for provisioning multidomain network services, particularly for resource reservation and allocation of network services. The authors discuss the importance of inter-domain security during negotiation of resource reservations, as well as intra-domain security during initiation and realization of a resource reservation. Correspondingly, architectures and procedures to handle user authentication, trusted communications between modules or components, and multi-domain user authorization are provided in the context of a case study. Particularly, the chapter presents security requirements and procedures for protecting against various types of attacks on a networked system that supports differentiated services and bandwidth on demand services over multiple domains. Section 2 Authentication and Data Privacy: Passwords and Keys Chapter 4 Healthcare Employees and Passwords: An Entry Point for Social Engineering Attacks...................... 52 B. Dawn Medlin, Appalachian State University, USA Douglas May, Appalachian State University, USA Ken Corley, Appalachian State University, USA This chapter provides an account of security breaches in healthcare industry due to social engineering attacks and reported results of a simulated study of a social engineering attack on hospital employees to obtain authentication information such as passwords. The authors identify violations of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology and Clinical Health Act) regulations among healthcare employees who are supposed to protect the privacy and medical records of patients. The chapter also reports research results on the choice of passwords based on human psychology and memory, and exposes severe deficiencies in the choice of passwords by common users that can be exploited easily using social engineering techniques. The findings in the chapter underscore the need for stringent control and aggressive policy. Chapter 5 Public Key Infrastructure....................................................................................................................... 65 Reed Petty, University of Arkansas at Little Rock, USA Jiang Bian, University of Arkansas at Little Rock, USA Remzi Seker, University of Arkansas at Little Rock, USA Security of modern cryptography relies upon secrecy of keys. Public key infrastructure plays the crucial role in the storage management, distribution, and verification of such keys in cryptography. This chapter provides a comprehensive overview of popular public key algorithms, their applications in key exchange and digital signatures, and their vulnerabilities and weaknesses. The chapter identifies several management challenges based on the very basic foundation of trust upon which the public key infrastructure relies. In addition, the chapter highlights emerging technologies such as quantum computing that can make public key cryptographic techniques useless and accordingly discusses implications of quantum cryptography in cryptography in general. Chapter 6 Key Management................................................................................................................................... 88 Chuan-Kun Wu, Chinese Academy of Sciences, China This chapter describes key management schemes and issues under various application domains such as mobile ad hoc networks, wireless sensor networks, and mobile telecommunication systems. Topics on key management include key agreement, group-based key agreement and distribution, PKI (Public Key Infrastructure) mechanisms, secret sharing scheme based key management, key escrow, password associated key management, key management in PGP, and key management in UMTS (Universal Mobile Telecommunication System) systems. In addition, the chapter discusses limitations of different methods used in key management. Section 3 Network Security Auditing, Assessment, and Manageability Security Chapter 7 Security Assessment of Networks........................................................................................................ 115 Aftab Ahmad, Norfolk State University, USA The sheer complexity of network systems warrants a need for a framework that can be used to assess security in such systems. Specifically, this chapter shows how the ITU-T Network Security Framework (X.805) can be utilized in a performance model for assessing a security system. As an example, the chapter uses a model to assess the security of the popular sensor network standard IEEE 802.15.4. The model can be applied to assess security using security metrics addressing various vulnerabilities and threats, such as destruction of information, corruption of information, loss of information, information disclosure, and service interruption. Chapter 8 Network Security Auditing.................................................................................................................. 131 Yin Pan, Rochester Institute of Technology, USA Bo Yuan, Rochester Institute of Technology, USA Sumita Mishra, Rochester Institute of Technology, USA Network security auditing is a process to assess policies, procedures, and controls to identify security risks or vulnerabilities in network systems. This chapter describes network auditing process, procedure, standards, and frameworks. A detailed discussion of procedures and technologies to identify various network security threats and vulnerabilities is provided. State of the art techniques and procedures for determination and management of risks are also discussed. Through a series of procedural steps for a case study, the chapter illustrates different phases of network discovery, network penetration, network threat analysis, and audit reporting. Chapter 9 Network Manageability Security......................................................................................................... 158 Salvador Mandujano, Intel Corporation, USA Network manageability deals with remote administration, management, and service of network devices and any other devices connected to a network, such as servers, laptop computers, PDAs, and cell phones. This chapter analyzes a number of manageability frameworks, protocols, and services for various platforms such as desktops, laptops, servers, and mobile devices for their vulnerabilities and misuses. Among the manageability protocols discussed, OMA (open mobile alliance) device management protocols for mobile devices to perform firmware updates for changing configurations is noteworthy. The chapter discusses IPMI (Intelligent Platform Management Interface) standard to monitor and reconfigure server platforms using AMT (Active Management Technology) solution on a chipset created by Intel Corporation for laptop and desktop systems. Section 4 Sensor Network Security Chapter 10 Security and Attacks in Wireless Sensor Networks............................................................................. 183 Murat Al, University of Arkansas at Little Rock, USA Kenji Yoshigoe, University of Arkansas at Little Rock, USA Wireless sensor networks belong to a class of ad hoc networks that are very vulnerable to various attacks due to unique characteristics of sensor devices of limited processing power, limited battery life, and limited memory capacity. Chapter 10 provides a general overview of vulnerabilities, attacks, and countermeasures in wireless sensor networks, compares salient characteristics and applications of common wireless technologies with those of wireless sensor networks, describes characteristics of attacks and corresponding countermeasures as proposed in literature, and qualitatively provides a comparative analysis of the attacks on wireless sensor networks. Identifying security vulnerabilities is an essential step towards devising a security solution. The chapter provides an exhaustive list of attacks and corresponding defense mechanisms to mitigate or prevent such attacks. Many of these attacks are found in wireless networks. However, additional attacks, such as denial of sleep attacks to drain battery life, attacks on data aggregation, node capturing, and tampering are very possible on sensor networks due to their characteristics. System constraints and security design issues using current security solutions using cryptographic techniques and other means are discussed in the chapter. Chapter 11 Wireless Sensor Networks: Emerging Applications and Security Solutions....................................... 217 Sumita Mishra, Rochester Institute of Technology, USA This chapter provides an overview of emerging applications of wireless sensor networks, correspondingly addresses security concerns, and discusses existing and possible security solutions for such emerging applications of wireless sensor networks. Existing security solutions are found to be inadequate for many emerging sensor network applications that involve collection of highly sensitive data that requires stringent privacy. In particular, the chapter identifies security issues in Body Area Networks (BAN), Smart Grid Networks, and Area Surveillance Networks, and finally, addresses security requirements for such emerging sensor network applications as secure data storage, key establishment and management, access control, and link layer security. Chapter 12 Privacy Preserving Data Gathering in Wireless Sensor Networks...................................................... 237 Md. Golam Kaosar, Victoria University, Australia Xun Yi, Victoria University, Australia This chapter presents a computational model as well as a protocol that can be used to maintain data privacy while performing data aggregation operations by intermediate nodes on data en route to the base station from a sensor node. According to the computational model, a sensor node perturbs its data, generates two fragments from the data, and uploads the fragments to two separate semi-trusted servers, from which a data collector or a base station can collect and combine them. Security proofs provided by the authors show that any of the servers or any intermediate sensor node neither can discover any individual data nor can associate any data to an individual. Beyond sensor networks, the scheme has many other content-privacy sensitive applications such as auction, voting and feedback collection, and privacy preserving data mining. Section 5 Security Architectures, Algorithms, and Protocols Chapter 13 BANBAD: A Centralized Anomaly Detection Technique for Ad Hoc Networks............................... 253 Rajeev Agrawal, North Carolina A&T State University, USA Chaoli Cai, Western Michigan University, USA Ajay Gupta, Western Michigan University, USA Rajib Paul, Western Michigan University, USA Raed Salih, Western Michigan University, USA This chapter proposes a new efficient algorithm to detect anomalous behavior among the mobile nodes of an ad hoc network. Based on belief networks of probabilistic graphical models, the algorithm builds a normal profile during training by utilizing data on relevant features such velocity, displacement, local computation and communication time, energy consumption, and response time of each node in the net- work. Using a specific Bayesian inference algorithm, the algorithm can distinguish abnormal behavior during testing. In a simulated study by the authors, the algorithm is shown to achieve high detection rates greater than 95%, and with low false alarm rates below 5%. According to the authors, the algorithm can detect anomalies even data is incomplete or missing. The algorithm has many applications, including intrusion detection in ad hoc networks. Chapter 14 Data Regulation Protocol for Source-End Mitigation of Distributed Denial of Service..................... 277 Nirav Shah, Arizona State University, USA Dijiang Huang, Arizona State University, USA In this chapter, the authors propose a new data regulation protocol that utilizes packet filtering at the source end to mitigate distributed denial of service attacks. The protocol provides a target controlled traffic mechanism implemented at the source gateway. Underlying assumption of the protocol is that the gateway at the source as well as the target can be under attack, but not compromised. The security analysis of the protocol shows its robustness under various attack scenarios such as source address spoofing, distributed attacks, and spoofed acknowledgements. A proof of the concept implementation verifies the claims made by the authors in the chapter. Chapter 15 Instant Messaging Security.................................................................................................................. 288 Zhijun Liu, The Ohio State University, USA Guoqiang Shu, The Ohio State University, USA David Lee, The Ohio State University, USA Contrary to email and similar other systems, IM (Instant Messaging) systems face a different set of security challenges due to their real-time characteristics. This chapter describes architectures and protocols of today’s IM systems, identifies threats to IM services, and offers various defense mechanisms. Particularly, the chapter focuses on the two most damaging attacks, IM spams and IM worms. For IM spams, new detection and spam filtering mechanisms are proposed. A new architecture for detection and defense against IM spams are also proposed. Compilation of References ............................................................................................................... 324 About the Contributors .................................................................................................................... 348 Index.................................................................................................................................................... 356 xiii Foreword I had the opportunity to review the content of this book and I was very impressed with the quality and variety of interesting topics. The collection of these topics could be very useful as support material for any network security course or as a reference material. These topics cover cryptography (a blended threat approach by cyber attackers); potential security breaches in healthcare industry and need for better password management; use of anomaly detection algorithms in intrusion detection systems; security issues in allocation of network services over multiple federations of networks or services; vulnerability for network manageability; network security auditing; vulnerability of wireless sensor networks; vulnerability of Instant Messaging (IM) due to their real-time characteristics; security issues of all common networking devices as well as routing protocols; security assessment model for network systems; and a new data regulation protocol that utilizes packet filtering at the source end to mitigate distributed denial of service attacks. Cyrus Azarbod Minnesota State University, Mankato, USA Cyrus Azarbod, PhD, is currently a professor at the Information Systems and Technology department at Minnesota State University at Mankato since September of 1985. He has Ph.D. in computer science (databases). Database security, auditing, and disaster recovery areas are among his focus in teaching and research. Dr. Azarbod is also the founder and CEO of InfoGem which is an Information System consulting company since 1998. He has provided consulting to many companies such as IBMRochester, Schweser Study Program (A Kaplan Professional Company), General Electric, and Kato Engineering (a subsidiary of Emerson Company). His training courses and consulting also covers several other areas such as fuzzy relational databases, multi-level secure database systems, security in statistical databases, data modeling, database design and implementation, software engineering, data mining and data warehousing, distributed databases, SQL, Oracle database programming and administration, CASE tools, knowledge discovery, integration of heterogeneous databases, and online course development. xiv Preface The explosive growth and deployment of networking technology that supports connectivity to a diverse range of computing devices running many network systems and applications poses many complex security challenges to networking and computer security professionals. To cope with such ever-increasing security challenges, professionals are often trained with knowledge to handle security problems for specific hardware and software systems, which may be inadequate and inapplicable if a situation or system changes. Having a broad background particularly in the contemporary development of network and information security issues and their solutions would certainly enhance one’s ability to adapt to a new situation quickly to handle security issues. However, contemporary research results on network and information security are not readily available in useful or comprehensible form to the people who need them in a timely manner. Accordingly, this book presents a body of literature based on the current research and trends in network and information security with contemporary security issues and solutions and preventive measures. This reference will be particularly useful for those who are in administration and Information Systems management, who are required to be up to date on the latest network and security concepts, protocols, algorithms, and issues relevant to modern network and Information Systems and services. This book presents a diverse set of viewpoints from diverse contributors, such as academics, researchers, and industry professionals. OBJECTIVES OF THE BOOK The main purpose of the book is to make current research results on network and information security available and coherent to networking and security professionals, managers, and administrators who often lack the necessary background to understand scholarly articles published in journals and conferences. The book is intended to bridge the gap in knowledge between research communities and security professionals. Specifically, the book aims to accomplish the following objectives: • • • To identify, accumulate, and disseminate worldwide, the latest technological solutions, practices, and principles on network and information security for management, administrative, and research purposes To provide network security professionals and trainers, network systems designers and developers, and academicians with a book that can serve as a reference To provide undergraduate and graduate students in Information Technology, Management Information Systems, Computer Information Systems, and Information Assurance with a book containing theoretical as well practical details of current network and information security practices xv • To highlight future security issues and challenges for ever-expanding and emerging network services and systems. TARGET AUDIENCE The book is a collection of chapters written by scholars/researchers and professionals well familiar with the state of the art in the area of computer and network security. The book provides a general coverage of network and information security issues, concerns, security protocols, architectures, and algorithms. Recent research results from existing literature on network and information security are reported in the book in a format understandable and usable by networking professionals including network administrators and Information Systems managers. The book will enable networking professionals grasp emerging technological developments in networking and to cope with the corresponding security challenges. In addition, students and educators in computer science, Information Systems, and Information Technology can use the book as a reference for network and information security. Network designers, network engineers, and network systems developers may use the book as a reference to design, develop, and deploy networking systems with appropriate considerations for security and ease of administration accordingly. ORGANIZATION OF THE BOOK The book is comprised of fifteen self-contained chapters and divided into the following five sections: • • • • • Section 1: Network Systems Security Section 2: Authentication and Data Privacy: Passwords and Keys Section 3: Network Security Auditing, Assessment, and Manageability Security Section 4: Sensor Network Security Section 5: Security Architectures, Algorithms, and Protocols Section 1: Network Systems Security This section introduces the readers with basic device, protocol, network, system, and inter-domain security issues and solutions. Networking devices are integral parts of a computer network and often become targets for attackers and if successful, can make the whole network vulnerable. Internet vulnerabilities of these devices arise from limited capacity of the devices in terms of memory and processing power, limitations of their operating protocols and principles, incorrect configurations, and flaws in hardware and software design and implementation. Chapter 1, “Basic Device and Protocols Security,” by Bruce Hartpence, addresses security issues of all common networking devices such as hubs, switches, access points, and routers, as well as vulnerable protocols such as ARP (Address Resolution Protocol), SRP (Spanning Tree Protocol), ICMP(Internet Control Message Protocol), and DHCP (Dynamic Host Configuration Protocol). In addition, the chapter examines and exposes security issues in common routing protocols such as RIP (Routing Information Protocol), BGP (Border Gateway Protocol), and OSPF (Open Shortest Path First) protocols as well as network management protocols such as SNMP (Simple Network Management Protocol) and xvi CDP (Cisco Discovery Protocol) protocols. Finally, the chapter suggests ways to ensure device security, as well as protocol security, to mitigate possible attacks. Recent technological development in security software, hardware, and mechanisms, such as anti-virus programs, firewalls, intrusion detection systems, cryptosystems, and automated patch delivery systems, have successfully mitigated risks and attacks on cyber based systems and services. However, cyber attackers are devising more sophisticated attacks to exploit new vulnerabilities that are often overlooked, as network or systems administrators are only concerned defending their networks, operating systems, and services on known vulnerabilities. Often such attacks use a blended threat approach in which an attacker uses a number of methods simultaneously to infect and take control of a target system. Chapter 2, by Dr. Christophe Veltsos, “Mitigating the Blended Threat: Protecting and Educating Users,” examines this evolving threat, discusses limitations of traditional security technologies and controls to mitigate this threat, and presents new security controls to mitigate this type of new evolving risks. In addition, the chapter proposes security awareness education and training programs for common users to mitigate the blended treat. Multi-domain resource reservation involves provisioning and allocation of network services over multiple federations of networks or services. One such example is bandwidth and queue allocations at the network elements for providing QoS over multiple domains. Cooperating components that are responsible for provisioning services over multiple domains must ensure inter-domain security during negotiation of resource reservations, as well as intra-domain security during initiation and realization of a resource reservation. Chapter 3, “Security Issues for Multi-Domain Resource Reservation,” by Christos Bouras and Kostas Stamos addresses such security issues in this context and provides architectures and procedures to handle multi-domain user authentication, trusted communications between inter-domain modules or components, and multi-domain user authorization. Particularly, the chapter presents security requirements and procedures for protecting against various types of attacks on a networked system for differentiated services and “bandwidth on demand” services over multiple domains. Section 2: Authentication and Data Privacy: Passwords and Keys In this section, we present three chapters that deal with vulnerabilities of password-based authentication mechanisms due to social engineering attacks, as well as key management mechanisms and infrastructures currently used for data privacy and other cryptographic services. Social engineering attacks exploit inherent human characteristics such as kindness, mutual trust, willingness to help, et cetera to gain access to unauthorized private information, systems, and services. A hospital or a healthcare facility is very susceptible to social engineering attacks as unauthorized attackers can easily befriend healthcare workers or providers in such an environment. Chapter 4, “Healthcare Employees and Passwords: An Entry Point for Social Engineering Attacks,” by Dawn Medlin, Douglas May, and Ken Corley provides an account of security breaches in healthcare industry and discusses violations of HIPAA (Health Insurance Portability and Accountability Act) regulations. In addition, the chapter provides an analysis of research results on the choice of passwords characteristically based on human psychological traits and memorization ability and exposes severe deficiencies in passwords used by common masses, as they are very predictable or obtainable easily by social engineering means. Specifically, the chapter focuses on research on the choice and usage of passwords by employees in five different hospitals and reports significant findings that employees are very likely to share their passwords with their family members and other healthcare employees. These findings underscore the xvii need for stringent control and aggressive policy, not only in healthcare industry, but also in other similar industries as well. Security of modern cryptography relies upon secrecy of keys. Public key infrastructure plays the crucial role in the storage management, distribution, and verification of such keys in cryptography. Chapter 5 by Reed Petty, Jiang Brian, and Remzi Seker entitled “Public Key Infrastructure,” presents a comprehensive overview of popular public key algorithms, their applications in key exchange and digital signatures, and their vulnerabilities and weaknesses. The chapter identifies several key management challenges based on the very basic foundation of trust upon which the public key infrastructure relies. In addition, emerging technologies such as quantum computing that can make public key cryptographic techniques useless are also discussed. However, quantum cryptography can offer new solutions to all of our cryptographic needs instead, as stated in the chapter. Public key cryptography has eliminated the need for a separate secure channel for transmission of the secret key to be shared by the communicating entities. However, the straightforward application of public key cryptography for key exchange is vulnerable to man-in-the-middle attacks. The problem is solved with a public key infrastructure (PKI) that serves as a certifying authority for all public keys. But managing public key certificates is rather complex as it requires one or more certification authorities, and the process involves excessive computation and communication cost. Alternatively, identity based cryptography simplifies the process as it eliminates the need for public certificate verification. Chapter 6 by Chuan-Kun Wu, “Key Management” provides a survey of current key management schemes and discusses key management issues under various application domains such as mobile ad hoc networks, wireless sensor networks, and mobile telecommunication systems. Subsequently, the chapter covers in detail the mechanisms of public key infrastructure, key escrow systems, and the key management aspects in the PGP email system. In addition, the chapter covers password-based key management as well as secret sharing scheme based key management schemes. Finally, the author critically delineates limitations in various key management methodologies. Section 3: Network Security Auditing, Assessment, and Manageability Security This section deals with managerial aspects of network security such as standards, frameworks, and procedures for assessment and auditing of network security as well as security issues of manageability hardware and software technologies. Network systems are complex, and hence, require a reference framework to account for all possible threats and for assessment of security with a good degree of confidence. Chapter 7, “Security Assessment of Networks” by Aftab Ahmad stresses the need for a framework for security assessment and proposes an assessment model for network systems. Particularly, the chapter shows how the ITU-T Network Security Framework (X.805) can be utilized in a performance model for assessing a security system. As an example, the chapter uses the model to assess the security of the popular sensor network standard IEEE 802.15.4. The model can be applied to assess security using security metrics addressing vulnerabilities and threats such as destruction of information, corruption of information, loss of information, information disclosure, and service interruption. Existing security technologies such as firewalls, intrusion detection systems, and cryptography, though they have greatly boosted security for networks and computer systems, are often insufficient to deter and prevent certain types of attacks, such as Web-based attacks, hidden backdoors, et cetera. Network security auditing is a process to assess policies, procedures, and controls to identify security risks or xviii vulnerabilities in network systems. Network security auditing can expose threats from such attacks by setting appropriate security policies, procedures, and controls. Chapter 8, “Network Security Auditing” by Yin Pan, Bo Yuan, and Sumita Mishra introduces network auditing process, procedure, standards, and frameworks. A detailed discussion of procedures and technologies to identify various network security threats and vulnerabilities is provided in this chapter. State of the art techniques and procedures for determination and management of risks are also discussed. Through a series of procedural steps for a case study, the chapter illustrates different phases of network discovery, network penetration, network threat analysis, and audit reporting. Network manageability deals with remote administration, management, and service of network devices and any other devices connected to a network such as servers, laptop computers, PDAs, and cell phones. Manageability hardware and software technologies allow an administrator through an out of band channel to remotely access and troubleshoot a system regardless of the conditions or the power state of the system. Chapter 9, “Network Manageability Security” by Salvador Mandujano analyzes a number of manageability frameworks, protocols, and services for various platforms such as desktops, laptops, servers, and mobile devices. Manageability technologies are also vulnerable to attacks and misuses on the system such as firmware tampering, device tracking, device reconfiguration, loss of administrative control, and so on. Several manageability protocols are discussed in this chapter including the OMA (Open Mobile Alliance) device management protocol for mobile devices that can be used to perform firmware updates and change configurations. The chapter also discusses IPMI (Intelligent Platform Management Interface) standard to monitor and reconfigure server platforms such as AMT (Active Management Technology) solution on a chipset created by Intel Corporation for laptop and desktop systems and DASH (Desktop and Mobile Architecture for System Hardware) as a standard that makes remote administration of hardware over a TCP/IP network. Finally, it describes and discusses security issues of SNMP (Simple Network Management Protocol). Section 4: Sensor Network Security Wireless sensor networks belong to a class of ad hoc networks that are very vulnerable to various attacks due to unique characteristics of sensor devices of limited processing power, limited battery life, and limited memory capacity. Accordingly, this section provides a survey of security concerns, attacks, and solutions for existing, as well as emerging applications of wireless sensor networks. In addition, it includes a new data privacy protocol that allows in-network data aggregation. Chapter 10 by Murat Al and Kenji Yoshigoe, “Security and Attacks in Wireless Sensor Networks,” provides an overview of vulnerabilities, attacks, and countermeasures in wireless sensor networks, compares salient characteristics and applications of wireless sensor networks with those of common wireless technologies, describes characteristics of attacks and corresponding countermeasures as proposed in literature, and qualitatively provides a comparative analysis of the attacks on wireless sensor networks. Identifying security vulnerabilities is an essential step to devise a security solution. The chapter provides an exhaustive list of attacks and corresponding defense mechanisms to mitigate or prevent such attacks. Many of these attacks are found in wireless networks. However, additional attacks such as denial of sleep attacks just to drain battery life, attacks on data aggregation, and node capturing and tampering are very possible on sensor networks due to their characteristics. System constraints and security design issues using current security solutions such as cryptographic techniques and other means are also discussed in this chapter. xix Wireless sensor networking technology has found extensive applications in many sectors. Despite wide applicability, security is a big concern as their environment of deployment is often easily accessible, making a wireless sensor network very vulnerable to attacks. Chapter 11: “Wireless Sensor Networks: Emerging Applications and Security Solutions” by Sumita Mishra addresses security concerns and discusses existing and possible security solutions particularly for emerging applications of wireless sensor networks. Existing security solutions are found to be inadequate for many emerging sensor network applications involving collection of highly sensitive data that requires stringent privacy. It is very challenging to design a robust and efficient security scheme for wireless sensor networks due to limited processing power and battery life of sensor nodes. In particular, the chapter exposes security issues in Body Area Networks (BAN), Smart Grid Networks, and Area Surveillance Networks, and finally, addresses security requirements for such emerging sensor network applications in terms of secure data storage, key establishment and management, key establishment and management, access control, and link layer security. Communication activities are excessively more energy consuming than computation in wireless sensor networks. Data aggregation, or in-network processing of data in a wireless sensor network, is an attempt to reduce communication overhead to extend the life of the network for an application. However, data privacy is a big concern since a data aggregating node along a path to the base station can reveal the data in plaintext. Accordingly, Chapter 12: “Privacy Preserving Data Gathering in Wireless Sensor Networks” by Md. Golam Kaosar and Xun Yi presents a computational model as well as a protocol that can be used to maintain data privacy while performing data aggregation operations by intermediate nodes on data en route to the base station from a sensor node. According to the computational model, a sensor node perturbs its data, generates two fragments from the data, and uploads the fragments to two separate semi-trusted servers, from which a data collector or a base station can collect and combine them. Security proofs provided by the authors shows that any of the servers or any intermediate sensor node neither can discover any individual data nor can associate any data to an individual. Beyond sensor networks, the scheme has many other content-privacy sensitive applications such auction, voting and feedback collection, and privacy preserving data mining. Section 5: Security Architectures, Algorithms, and Protocols This final section presents new research results on security architectures, algorithms, and protocols for detection and prevention of intrusions and distributed denial of service attacks, as well as for controlling of spams and worms in instant messages. Many Intrusion Detection Systems for traditional wired networks often use anomaly detection techniques in their core to detection intrusions by comparing an abnormal traffic behavior or pattern with the normal traffic behavior or pattern. In contrast, such comparison of traffic patterns becomes very challenging in an ad hoc networking environment due to node mobility and lack of a fixed infrastructure within the network. Chapter 13: “BANBAD: A Centralized Anomaly Detection Technique for Ad Hoc Networks” by Rajeev Agrawal, Chaoli Cai, Ajay Gupta, Rajib Paul, and Raed Salih proposes a new algorithm for anomaly detection that is found to be very suitable for ad hoc networks. The anomaly detection algorithm is based on statistical Belief Networks (BN) that builds a normal profile during training by using system features and checks deviation during testing. As ad hoc networks are very dynamic in nature due to mobility of their nodes, they may hinder any on-going data collection process for intrusion detection, which can in turn cause a great deal of difficulty in accurate profile generation by an intrusion detection scheme. As such, existing intrusion detection schemes will not work, due to

Author Dulal Chandra Kar and Mahbubur Rahman Syed Isbn 9781609607777 File size 4.6MB Year 2011 Pages 384 Language English File format PDF Category Security Book Description: FacebookTwitterGoogle+TumblrDiggMySpaceShare The explosive growth and deployment of networking technology poses many security challenges to networking professionals including network administrators and information systems managers. Often, network administrators and managers learn about specific tools and techniques that are applicable to specific systems or situations only, and hence, have a great deal of difficulty in applying their knowledge of security when a technology, a system, or a situation changes. Network Security, Administration and Management: Advancing Technology and Practice identifies the latest technological solutions, practices and principles on network security while exposing possible security threats and vulnerabilities of contemporary software, hardware, and networked systems. This book is a collection of current research and practices in network security and administration to be used as a reference by practitioners as well as a text by academicians and trainers.     Download (4.6MB) Computer Architecture and Security: Fundamentals of Designing Secure Computer Systems Software Quality Assurance : Integrating Testing, Security, and Audit Thinking Security: Stopping Next Year’s Hackers Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks Least Privilege Security for Windows 7, Vista and XP Load more posts

Leave a Reply

Your email address will not be published. Required fields are marked *