Front Cover -- Network and System Security -- Copyright Page -- Contents -- Acknowledgements -- About the Editor -- Contributors -- Introduction -- Organization of this Book -- 1. Detecting System Intrusions -- 1. Introduction -- 2. Monitoring Key Files in the System -- Files Integrity -- 3. Security Objectives -- There Is Something Very Wrong Here -- Additional Accounts on the System -- Timestamps -- Hidden Files and Directories -- 4. 0day Attacks -- Attack Vectors -- Vulnerability Window -- Discovery -- Protection -- Ethics -- 5. Good Known State -- Monitoring Running Processes in the System -- Files with Weird Names -- 6. Rootkits -- Kernel-Level Rootkits -- Userland Rootkits -- Rootkit Detection -- 7. Low Hanging Fruit -- 8. Antivirus Software -- 9. Homegrown Intrusion Detection -- 10. Full-Packet Capture Devices -- Deployment -- Centralized -- Decentralized -- Capacity -- Features: Filtered versus Full-Packet Capture -- Encrypted versus Unencrypted Storage -- Sustained Capture Speed versus Peak Capture Speed -- Permanent versus Overwritable Storage -- Data Security -- 11. Out-of-Band Attack Vectors -- 12. Security Awareness Training -- 13. Data Correlation -- 14. SIEM -- 15. Other Weird Stuff on the System -- 16. Detection -- 17. Network-Based Detection of System Intrusions (DSIs) -- 18. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- References -- 2. Preventing System Intrusions -- 1. So, What is an Intrusion? -- 2. Sobering Numbers -- 3. Know Your Enemy: Hackers versus Crackers -- 4. Motives -- 5. The Crackers' Tools of the Trade -- Our "Unsecured" Wireless World -- 6. Bots -- 7. Symptoms of Intrusions -- 8. What Can You Do? -- Know Today's Network Needs.

Network Security Best Practices -- 9. Security Policies -- 10. Risk Analysis -- Vulnerability Testing -- Audits -- Recovery -- 11. Tools of Your Trade -- Intrusion Detection Systems (IDSs) -- Firewalls -- Intrusion Prevention Systems -- Application Firewalls -- Access Control Systems -- Unified Threat Management -- 12. Controlling User Access -- Authentication, Authorization, and Accounting -- What the User Knows -- What the User Has -- Tokens -- Time Synchronous -- Event Synchronous -- Challenge-Response -- The User is Authenticated, but is She/He Authorized? -- Accounting -- Keeping Current -- 13. Intrusion Prevention Capabilities -- 14. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 3. Guarding Against Network Intrusions -- 1. Traditional Reconnaissance and Attacks -- 2. Malicious Software -- Lures and "Pull" Attacks -- 3. Defense in Depth -- 4. Preventive Measures -- Access Control -- Vulnerability Testing and Patching -- Closing Ports -- Firewalls -- Antivirus and Antispyware Tools -- Spam Filtering -- Honeypots -- Network Access Control -- 5. Intrusion Monitoring and Detection -- Host-Based Monitoring -- Traffic Monitoring -- Signature-Based Detection -- Behavior Anomalies -- Intrusion Prevention Systems -- 6. Reactive Measures -- Quarantine -- Traceback -- 7. Network-Based Intrusion Protection -- 8. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- 4. Securing Cloud Computing Systems -- 1. Cloud Computing Essentials: Examining the Cloud Layers -- Analyzing Cloud Options in Depth -- Public -- Private -- Virtual Private -- Hybrid.

Establishing Cloud Security Fundamentals -- Policy and Organizational Risks -- Lock-in -- Loss of Governance -- Compliance Challenges -- Loss of Business Reputation Due to Co-tenant Activities -- Cloud Service Termination or Failure -- Cloud Provider Acquisition -- Supply Chain Failure -- Technical Risks -- Resource Exhaustion -- Resource Segregation Failure -- Abuse of High Privilege Roles -- Management Interface Compromise -- Intercepting Data in Transit, Data Leakage -- Insecure Deletion of Data -- Distributed Denial of Dervice (DDoS) -- Economic Denial of Service (EDoS) -- Encryption and Key Management (Loss of Encryption Keys) -- Undertaking Malicious Probes or Scans -- Compromise of the Service Engine -- Customer Requirements and Cloud Environment Conflicts -- Legal Risks -- Subpoena and e-discovery -- Varying Jurisdiction -- Data Protection -- Licensing -- General Risks -- Network Failures -- Privilege Escalation -- Social Engineering -- Loss or Compromise of Operational and Security Logs or Audit Trails -- Backup Loss -- Unauthorized Physical Access and Theft of Equipment -- Natural Disasters -- Other Cloud Security Concepts -- Incident Response (IR), Notification and Remediation -- Virtualization -- External Accreditations -- Determining When Security Goals Require a Private Cloud -- 2. Software as a Service (SaaS): Managing Risks in the Cloud -- Centralizing Information with SaaS to Increase Data Security -- Implementing and Managing User Authentication and Authorization -- Permission and Password Protection -- Negotiating Security Requirements with Vendors -- Identifying Needed Security Measures -- Establishing a Service Level Agreement -- Ensuring SLAs Meet Organizational Security Requirements -- 3. Platform as a Service (PaaS): Securing the Platform -- Restricting Network Access Through Security Groups.

Configuring Platform-Specific User Access Control -- Integrating with Cloud Authentication and Authorization Systems -- Compartmentalizing Access to Protect Data Confidentiality -- Securing Data in Motion and Data at Rest -- Identifying Your Security Perimeter -- Techniques for Recovering Critical Data -- Basic Backup and Restore -- Pilot Light -- Warm Standby -- Multisite -- 4. Infrastructure as a Service (IaaS) -- Locking Down Cloud Servers -- Virtualization Software Security -- Customer Guest Operating System (OS) or Virtual Instance Security -- Ensuring the Cloud is Configured According to Best Practices -- Policy -- Risk Management -- Configuration Management and Change Control -- Auditing -- Vulnerability Scanning -- Segregation of Duties -- Security Monitoring -- Confirming Safeguards have been Implemented -- Networking -- Operating Systems -- Applications -- Scanning for and Patching Vulnerabilities -- Controlling and Verifying Configuration Management -- 5. Leveraging Provider-Specific Security Options -- Defining Security Groups to Control Access -- Filtering Traffic by Port Number -- Discovering and Benefiting from the Provider's Built-in Security -- Protecting Archived Data -- Confidentiality -- Integrity -- Availability -- 6. Achieving Security in a Private Cloud -- Taking Full Responsibility for Security -- Managing the Risks of Public Clouds -- Identifying and Assigning Security Tasks in Each SPI Service Model: SaaS, PaaS, IaaS -- Selecting the Appropriate Product -- Comparing Product-Specific Security Features -- Considering Organizational Implementation Requirements -- Virtual Private Cloud (VPC) -- Simulating a Private Cloud in a Public Environment -- Google Secure Data Connector (SDC) -- Amazon VPC -- Industry-Standard, VPN-Encrypted Connections -- The Hybrid Cloud Alternative -- Connecting On-Premises Data with Cloud Applications.

Securely Bridging with VPC -- Dynamically Expanding Capacity to Meet Business Surges -- 7. Meeting Compliance Requirements -- Managing Cloud Governance -- Retaining Responsibility for the Accuracy of the Data -- Verifying Integrity in Stored and Transmitted Data -- Demonstrating Due Care and Due Diligence -- Supporting Electronic Discovery -- Preserving a Chain of Evidence -- Assuring Compliance with Government Certification and Accreditation Regulations -- HIPAA -- Sarbanes-Oxley -- Data Protection Act -- PCI DSS -- Limiting the Geographic Location of Data -- Following Standards for Auditing Information Systems -- Negotiating Third-party Provider Audits -- 8. Preparing for Disaster Recovery -- Implementing a Plan to Sustain Availability -- Reliably Connecting to the Cloud across the Public Internet -- Anticipating a Sudden Provider Change or Loss -- Archiving SaaS Data Locally -- Addressing Data Portability and Interoperability in Preparation for a Change in Cloud Providers -- Exploiting the Cloud for Efficient Disaster Recovery Options -- Achieving Cost-effective Recovery Time Objectives -- Employing a Strategy of Redundancy to Better Resist DoS -- 9. Summary -- Chapter Review Questions/Exercises -- True/False -- Multiple Choice -- Exercise -- Problem -- Hands-On Projects -- Project -- Case Projects -- Problem -- Optional Team Case Project -- Problem -- References -- 5. Unix and Linux Security -- 1. Unix and Security -- The Aims of System Security -- Authentication -- Authorization -- Availability -- Integrity -- Confidentiality -- 2. Basic Unix Security Overview -- Traditional Unix Systems -- Kernel Space versus User Land -- Semantics of User Space Security -- Standard File and Device Access Semantics -- Read, Write, Execute -- Special Permissions -- Set-ID Bit -- Sticky Bit -- Mandatory Locking -- Permissions on Directories -- Read and Write.

Execute.