Internet and Intranet SecurityAnnotation Oppliger (computer security series editor at Artech House) presents the second edition of this text for computer, network, and security professionals, on the most current security technologies available today. The second edition provides practical guidance in TCP/IP networking and cryptographic fundamentals, firewall technologies providing access control services, the latest communication security protocols for securing today's Internet applications, and public key infrastructures. The book requires familiarity with the fundamentals of computer networks and distributed systems, cryptography and the use of cryptographic protocols in networked and distributed systems. Annotation c. Book News, Inc., Portland, OR (booknews.com). |
Contents
Terminology | 3 |
References | 10 |
TCPIP Networking | 11 |
21 History and Development | 12 |
22 Internet | 15 |
23 Internet Standardization | 17 |
232 Documentation Series | 24 |
233 Internet Standards Process | 27 |
Conclusions and Outlook | 195 |
References | 201 |
COMMUNICATION SECURITY | 203 |
Network Access Layer Security Protocols | 205 |
132 Layer 2 Forwarding Protocol | 209 |
133 PointtoPoint Tunneling Protocol | 210 |
1331 MSPPTP Authentication | 212 |
1332 MSPPTP Encryption | 215 |
24 Internet Model | 35 |
242 Internet Layer | 36 |
243 Transport Layer | 44 |
244 Application Layer | 50 |
References | 52 |
Attacks | 55 |
31 Passive Attacks | 56 |
32 Active Attacks | 58 |
321 Denial of Service | 59 |
322 Degradation of Service | 62 |
324 Session Hijacking | 66 |
OSI Security Architecture | 69 |
42 Security Services | 72 |
43 Security Mechanisms | 75 |
432 Pervasive Security Mechanisms | 78 |
References | 79 |
Cryptographic Techniques | 81 |
52 Cryptographic Hash Functions | 84 |
53 Secret Key Cryptography | 87 |
531 DES | 88 |
532 TripleDBS | 89 |
536 CAST128 | 90 |
541 RSA | 95 |
542 DiffieHellman | 96 |
543 ElGamal | 97 |
55 Digital Envelopes | 98 |
56 Protection of Cryptographic Keys | 101 |
57 Generation of Pseudorandom Bit Sequences | 102 |
58 Legal Issues | 103 |
582 Regulations | 104 |
583 Electronic and Digital Signature Legislation | 106 |
59 Notation | 107 |
References | 108 |
Authentication and Key Distribution | 111 |
611 Proof by Possession | 112 |
612 Proof by Knowledge | 113 |
613 Proof by Property | 117 |
614 Proof by Location | 118 |
62 Key Distribution | 119 |
621 Manual Key Distribution | 120 |
623 CertificateBased Key Distribution | 122 |
ACCESS CONTROL | 125 |
Overview | 127 |
71 Introduction | 128 |
72 Basic Components | 133 |
722 Packet Filters | 136 |
723 Application Gateways | 137 |
73 Sources for Further Information | 139 |
References | 140 |
Packet Filtering | 141 |
82 PacketFiltering Rules | 145 |
83 PacketFiltering Products | 151 |
84 Stateful Inspection | 156 |
85 Conclusions | 157 |
References | 160 |
CircuitLevel Gateways | 161 |
92 SOCKS | 163 |
93 Conclusions | 168 |
References | 169 |
ApplicationLevel Gateways | 171 |
102 User Authentication and Authorization | 175 |
103 Proxy Servers | 177 |
104 Conclusions | 178 |
References | 180 |
Firewall Configurations | 181 |
112 Screened Host Firewall Configurations | 185 |
113 Screened Subnet Firewall Configurations | 186 |
114 Networkd Address Translation | 188 |
115 Protection Against Denial of Service | 190 |
116 Firewall Certification | 192 |
References | 193 |
1333 Security Analysis | 216 |
134 Layer 2 Tunneling Protocol | 218 |
135 Conclusions | 219 |
References | 220 |
Internet Layer Security Protocols | 223 |
141 Previous Work | 224 |
142 IETF Standardization | 226 |
143 IP Security Architecture | 227 |
144 IPSEC Protocols | 230 |
1441 Authentication Header | 232 |
1442 Encapsulating Security Payload | 234 |
145 Key Management Protocols | 236 |
1451 SKIP | 238 |
1452 IKE | 242 |
146 Implementations | 245 |
147 Conlusions | 246 |
References | 247 |
Transport Layer Security Protocols | 251 |
152 SSL Protocol | 252 |
1521 SSL Record Protocol | 258 |
1522 SSL Handshake Protocol | 260 |
153 TLS Protocol | 269 |
154 Firewall Tunneling | 274 |
155 Conclusions | 277 |
References | 279 |
Application Layer Security Protocols | 283 |
161 SecurityEnhanced Application Protocols | 284 |
1612 File Transfer | 290 |
1613 Electronic Mail | 291 |
1614 WWW Transactions | 292 |
1615 Domain Name System | 293 |
1616 Distributed File Systems | 294 |
162 Authentication and Key Distribution Systems | 295 |
1621 Kerberos | 296 |
1622 SESAME | 305 |
1623 Windows 2000 | 306 |
163 Conclusions | 307 |
References | 308 |
Message Security Protocols | 313 |
172 Secure Messaging Protocols | 314 |
1721 PGP | 316 |
1722 SMIME | 323 |
173 Conclusions | 325 |
References | 326 |
Conclusions and Outlook | 329 |
Reference | 333 |
DISCUSSION | 335 |
Public Key Infrastructures | 337 |
192 Public Key Certificates | 339 |
193 Attribute Certificates | 342 |
194 IETF PKIX WG | 345 |
195 Certificate Revocation | 348 |
1951 CRLs | 350 |
1952 OCSP | 351 |
1953 Alternative Schemes | 352 |
References | 356 |
Electronic Commerce | 361 |
References | 366 |
Risk Management | 369 |
212 Formal Risk Analysis | 371 |
213 Alternative Approaches and Technologies | 373 |
2132 Intrusion Detection | 374 |
214 Conclusions | 375 |
References | 376 |
Epilogue | 379 |
381 | |
Abbreviations and Acronyms | 383 |
About the Author | 393 |
395 | |
Other editions - View all
Common terms and phrases
access control algorithm application gateway application protocols application-level gateways attacks attribute certificates bastion host bytes Chapter cipher circuit-level gateway client communications Computer Security corresponding data units decrypt deployed destination Diffie-Hellman key digital signature distributed systems electronic encapsulated encryption establish example firewall firewall configuration hash function hash value IETF implementation infrastructure Internet Security intranet IP address IP packet IP security IPsec Kerberos key cryptosystem key distribution key exchange key management layer security protocols multicast network segment overview packet filter packet-filtering packet-filtering rules port number possible PPTP private key problem protect proxy server public key certificates public key cryptography refer Request for Comments RFC documents S/MIME scheme screening router secret key security architecture security services sequence number session key SOCKS server TCP connection TCP/IP technologies Telnet traffic transport layer security tunneling UNIX vulnerabilities