Computer securoty and encryption : an introduction / S. R. Chauhan y S. Jangra

Chapter 1: Security Concepts

1.1 Security Introduction
1.2 The Need for Security
1.3 Security Approaches
1.3.1 Security Models
1.3.2 Security Management Practices
1.4 Principles of Security
1.4.1 Confidentiality
1.4.2 Authentication
1.4.3 Integrity
1.4.4 Non-Repudiation
1.4.5 Access Control
1.4.6 Availability
1.5 Types of Attacks
1.5.1 Theoretical Concepts
1.5.2 The Practical Side of Attacks
1.5.3 Java Security
1.5.4 Specific Attacks

Chapter 2: Public Key Cryptography and SSL

2.1 One-Way Functions Introduction
2.1.1 Motivation
2.2 One-Way Functions: Definitions
2.2.1 (Strong) One-Way Functions
2.3 Digital Signatures
2.4 Hash Functions
2.5 Centralized Certificates
2.6 Random Key Generation
2.7 Authentication Methods
2.8 Email Security
2.9 Challenge Handshake Authentication
2.10 Automatic Rekeying
2.11 Biometrics
2.12 Public Key Cryptography
2.13 Mutual Authentication
2.14 Multifactor Authentication
2.15 Elements of an Authentication System
2.16 Attacks
2.17 IP Security Encryption Router
2.18 Cryptography
2.19 Cryptosystems
2.20 Key Based Methodology
2.21 Symmetric (Private) Methodology
2.22 Asymmetric (Public) Methodology
2.23 Key Distribution
2.24 Asymmetric algorithms
2.25 Hash Functions vs. Key-Based Cryptosystems

Chapter 3: World Wide Web Transaction Security

3.1 Internet Infrastructure
3.1.1 Internet
3.1.2 Internet Service Providers (ISPs)
3.1.3 Point of Presences (POPs)
3.1.4 Network Access Point (NAP)
3.1.5 Local Area Network (LAN)
3.2 Network Infrastructure
3.3 Basic Issues in Secret Key Management
3.3.1 Links
3.3.2 Routers
3.4 Addressing
3.5 System Security
3.6 Basic Issues in Internet Transaction Security
3.7 Network Information and Network Infrastructure Securities
3.8 Importance of Network Infrastructure Security
3.9 Internet Infrastructure Vulnerability
3.9.1 Solutions Usually Require Large Scale Modifications
3.9.2 Security and Performance Tradeoffs
3.9.3 Security is Only as Strong as the Weakest Link
3.9.4 Attacks Can Be Easily Launched and Are Difficult to Trace
3.10 Network Infrastructure Security Switching
3.11 Switch Security is Important
3.12 How Switches Can Be Attacked
3.12.1 Mac Flooding
3.12.2 Content Addressable Memory Table
3.12.3 Mac Flooding Attacks
3.12.4 Mitigation
3.12.5 ARP Spoofing
3.13 ARP
3.14 The ARP Poisoning Process
3.15 Man-in-the Middle Attack
3.15.1 DoS Attack
3.15.2 Hijacking
3.15.3 Spoofing WAN Traffic
3.16 Static ARP Entries
3.16.1 Detection
3.16.2 No Cache Update
3.17 STP Attacks
3.18 Topology Change (Bit 1)
3.181 Bridge ID
3.18.2 Port State
3.18.3 STP Timer
3.19 How STP Works
3.20 Topology Change
3.20.1 Failure to Receive the Hello Bpdus
3.21 STP Attack Scenarios
3.22 Root Claim and MITM
3.23 Affecting Network Performance
3.24 Countermeasures Guard
3.24.1 BPDU Guard
3.25 Root Guard
3.26 VLAN Attacks
3.26.1 Easier Network Administration
3.26.2 Improved Bandwidth Usage
3.26.3 Blocking Broadcast Traffic

Chapter 4: IP Security and Firewalls

4.1 Internet Firewalls
4.2 Protective Devices
4.2.1 Your Data
4.2.2 Resources
4.2.3 Reputation
4.3 Types of Attacks
4.3.1 Intrusion
4.3.2 Denial of Service
4.4 Network Taps
4.5 IP Security Firewall
4.6 Joy Riders
4.7 Vandals
4.8 Scorekeeper
4.9 Spies: Industrial and Otherwise
4.10 Irresponsible Mistakes and Accidents
4.11 Theoretical Attacks
4.12 Who Do You Trust?
4.12.1 No Security
4.13 Security Through Obscurity
4.14 Host Security
4.15 Network Security Model
4.15.1 No Security Model Can Do It All
4.15.2 Internet Firewalls
4.16 A Firewall Can Log Internet Activity Efficiently
4.17 A Firewall Limits Your Exposure
4.18 A Firewall Can't Protect Against Malicious Insiders
4.19 A Firewall Can't Protect Connections That Don't Go Through It
4.20 A Firewall Can't Protect Against New Threats
4.21 A Firewall Can't Fully Protect Against Viruses
4.22 A Firewall Can't Set Itself Up Correctly
4.22.1 What's Wrong with Firewalls?
4.23 Firewalls Interfere with the Internet
4.24 Firewalls Don't Deal with the Real Problem
4.241 Philosophical Arguments
4.25 Buying Versus Building

Chapter 5: Public Key Certificates

5.1 Security Objectives
5.1.1 Security Issues when Connecting to the Internet
5.1.2 Protecting Confidential Information
5.2 Protecting Your Network: Maintaining Internal Network System Integrity
5.2.1 Network Packet Sniffers
5.2.2 IP Spoofing
5.2.3 Password Attacks
5.2.4 Denial-of-Service Attacks
5.2.5 Application Layer Attacks
5.3 Trusted, Untrusted, and Unknown Networks
5.3.1 Trusted Networks
5.3.2 Untrusted Networks
5.3.3 Unknown Networks
5.4 Establishing a Security Perimeter
5.5 Perimeter Networks
5.6 Developing Your Security Design
5.6.1 Know Your Enemy
5.6.2 Count the Cost
5.6.3 Identify Any Assumptions
5.6.4 Control Your Secrets
5.6.5 Human Factors
5.6.6 Know Your Weaknesses
5.6.7 Limit the Scope of Access
5.6.8 Understand Your Environment
5.6.9 Limit Your Trust
5.6.10 Remember Physical Security
5.6.11 Make Security Pervasive
5.7 Secure Sockets Layer
5.8 Email Security
5.9 Secure Email Protocols
5.9.1 Pretty Good Privacy (PGP)
5.9.2 Privacy Enhanced Mail (PEM)
5.9.3 PGP Versus PEM
5.9.4 Secure MIME (S/MIME)
5.10 Web-Based Email Services
5.11 Certification Authority Hierarchies
5.12 Key Recovery and Escrowed Encryption
5.12.1 Key Recovery Methodologies
5.12.2 Key Recovery Entry
5.12.3 Key Escrow
5.13 Strong and Weak Cryptography
5.14 Security Alternatives for Web Forms
5.14.1 Web Security Considerations
5.15 Web Traffic Security Approaches

Chapter 6: Security at the IP Layer

6.1 Cryptography
6.2 Stream Ciphers
6.3 Block Ciphers
6.3.1 Breaking Ciphers
6.4 Known Plaintext Attack
6.4.1 Chosen Plaintext Attack
6.5 Cryptanalysis
6.6 Brute Force
6.6.1 Social Engineering
6.6.2 Other Types of Attacks
6.7 Encryption
6.8 Symmetric Key Encryption
6.9 Data Encryption Standard (DES)
6.9.1 International Data Encryption Algorithm (IDEA)
6.9.2 CAST
6.9.3 Rivest Cipher #4 (RC4)
6.10 Asymmetric Key Encryption
6.11 Public Key Cryptosystems
6.11.1 Diffic-Hellman
6.11.2 Message Integrity
6.12 Secure Hash Algorithm-1 (SHA-1)
6.12.1 Authentication
6.13 Public Key Infrastructure
6.14 Secrete Key Exchange
6.15 Web Security
6.15.1 Threats
6.15.2 Secure Naming
6.16 DNS Spoofing
6.16.1 Secure DNS
6.16.2 Self-Certifying Names
6.17 The Secure Sockets Layer
6.18 RSA Algorithm

Chapter 7: Remote Access with Internet Protocol Security

7.1 Wireless Technologies
7.1.1 Types of Wireless Technology
7.2 Base Station
7.3 Technology of Offline Message Keys
7.4 Advanced Signaling Techniques Used to Mitigate Multipath
7.4.1 QAM with DFE
7.4.2 Spread Spectrum
7.4.3 FHHS
7.4.4 FDM
7.4.5 OFDM
7.4.6 VOFDM
7.5 Benefits of Using Wireless Solutions
7.6 Earth Curvature Calculation for Line-of-Sight Systems
7.7 Microwave Communication Links
7.7.1 What is Multipath?
7.7.2 Multipath in Non-LOS Environments
7.8 Elements of a Total Network Solution
7.8.1 Premises Networks
7.8.2 Access Networks
7.8.3 Core Networks
7.8.4 Network Management
7.8.5 Deployment
7.9 Billing and Management of Wireless Systems
7.9.1 Example Implementation
7.10 IP Wireless System Advantages
7.11 IP Wireless Services for Small and Medium Businesses
7.12 IP Point-to-Multipoint Architecture
7.13 IP Wireless Open Standards
7.14 IP Vector Orthogonal Frequency-Division Multiplexing
7.14.1 Channel Data Rate
7.14.2 Downstream and Upstream User Bandwidth Allocation
7.14.3 Duplexing Techniques
7.15 Multiple Access Technique
7.15.1 Unsolicited Grant Service
7.15.2 Real-Time Polling Service
7.15.3 Unsolicited Grant Service with Activation Detection
7.15.4 Non-Real-Time Polling Service
7.15.5 Best Effort Service
7.15.6 Committed Information Rate
7.15.7 Frame and Slot Format
7.16 Synchronization Technique (Frame and Slot)
7.17 Average Overall Delay Over Link
7.18 Power Control
7.19 Admission Control
7.20 Requirements for the Cell Radius
7.20.1 Requirement for Frequency Reuse
7.20.2 Radio Resource Management
7.20.3 Spectrum Management in a Cell
7.20.4 Load Balancing of CPES Within an Upstream Channel
7.20.5 Time Slotted Upstream
7.21 Contention Resolution
7.21.1 Traffic Policing
7.22 Interface Specifications Based on the Generic Reference Model
7.23 Wireless Protocol Stack
7.24 System Performance Metrics
7.25 Supercell Network Design
7.26 Transport Layer Products.
7.26.1 P2MP Transport Equipment Element Customer Premises
7.26.2 Rooftop Unit
7.26.3 Basic Receiver
7.26.4 High-Cain Receiver
7.27 Comparison LMDS Environmental Considerations
7.28 WLAN Standards

Chapter 8: Virtual Private Networks

8.1 Security Policy
8.2 IPSec Network
8.3 IPSec Protocols Security
8.3.1 Authentication Header (AH)
8.3.2 Encapsulated Security Payload (ESP)
8.3.3 IKE Protocol
8.4 NAT-Traversal
8.5 Virtual Private Network (VPN)
8.6 Gateway-to-Gateway Architecture
8.7 Host-to-Gateway Architecture
8.8 Model Comparison
8.9 TCP/IP Network Security Protocol
8.10 Node-to-Node Encryption
8.11 Site-to-Site Encryption
8.12 Where to Encrypt
8.13 Encryption Process
8.14 ESP Packet Fields
8.15 How ESP Works
8.16 ESP Version 3
8.17 Internet Key Exchange (IKE)
8.18 Phase One Exchange
8.19 Main Mode
8.20 Diffie-Hellman (DH) Group
8.21 Aggressive Mode
8.22 Phase Two Exchange
8.23 Informational Exchange
8.24 Group Exchange
8.25 IKE Version 2
8.26 IP Payload Compression Protocol (IPCamp)
8.27 ESP in a Gateway-to-Gateway Architecture
8.28 ESP and IPComp in a Host-to-Gateway Architecture
8.29 ESP and AH in a Host-to-Host Architecture

Chapter 9: The Security of Emerging Technologies

9.1 Security of Big Data Analytics
9.1.1 Big Data Analysis Can Transform Security Analytics
9.1.2 Big Data Analytics for Security Issues and Privacy Challenges
9.2 Security of Cloud Computing
9.2.1 Cloud Deployment Models
9.2.2 The Three Layers of the Cloud Computing Services Model (Software, Platform, or Infrastructure (SPI) Model)
9.2.3 Security Concerns and Challenges of Cloud Computing
9.2.4 Cloud Security as a Consumer Service
9.3 Security of the Internet of Things (IoT)
9.3.1 Evolution of the IoT
9.3.2 Building Blocks of the Internet of Things (IoT)
9.3.4 IoT Layer Models
9.3.5 Applications of the IoT
9.3.6 New Challenges Created by the IoT
9.3.7 Security Requirements of the IoT
9.3.8 IoT Attacks
9.3.9 Hybrid Encryption Technique
9.3.10 Hybrid Encryption Algarithm Based on DES and DSA
9.3.11 Advance Encryption Standard (AES)
9.3.12 Requirements for Lightweight Cryptography
9.3.13 Lightweight Cryptography
9.3.14 Prevention of Attacks on the IoT
9.4 Security of the Smart Grid
9.4.1 Smart Grid Challenges
9.4.2 Smart Grid Layers
9.4.3 Information Security Risks and Demands of Smart Grids
9.4.4 Smart Grid Security Objectives
9.4.5 The Smart Grid System: Three Major Systems
9.4.6 Types of Security Attacks that can Compromise the Smart Grid Security
9.4.7 Cybersecurity Attacks on a Smart Grid
9.5 Security of SCADA Control Systems
9.5.1 Components of SCADA Systems
9.5.2 SCADA System Layers
9.5.3 Requirements and Features for the Security of Control Systems
9.5.4 Categories of Security Threats to Modern SCADA Systems
9.6 Index Security of Wireless Sensor Networks (WSNs)
9.6.1 WSN Layers
9.6.2 Security Requirements in WSNs
9.6.3 WSN Attack Categories
9.6.4 Security Protocols in WSNs