ENGINEERING

  

INFORMATION

SECURITY

  

IEEE Press

445 Hoes Lane

Piscataway, NJ 08854

  

IEEE Press Editorial Board

Tariq Samad, Editor in Chief

George W. Arnold Vladimir Lumelsky Linda Shafer

  

Dmitry Goldgof Pui-In Mak Zidong Wang

Ekram Hossain Jeffrey Nanzer MengChu Zhou

Mary Lanzerotti Ray Perez George Zobrist

Kenneth Moore, Director of IEEE Book and Information Services (BIS)

  ENGINEERING

  INFORMATION SECURITY The Application of Systems Engineering

  Concepts to Achieve

Information Assurance

SECOND EDITION

  Stuart Jacobs Copyright  2016 by The Institute of Electrical and Electronics Engineers, Inc. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by

any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted

under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission

of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance

Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web

at www.copyright.com . Requests to the Publisher for permission should be addressed to the Permissions

Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-

6008, or online at http://www.wiley.com/go/permission .

  Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in

preparing this book, they make no representations or warranties with respect to the accuracy or completeness

of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a

particular purpose. No warranty may be created or extended by sales representatives or written sales materials.

The advice and strategies contained herein may not be suitable for your situation. You should consult with a

professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any

other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our

Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-

3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be

available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.

com .

  Library of Congress Cataloging-in-Publication Data: Jacobs, Stuart.

  Engineering information security: The application of systems engineering concepts to achieve information assurance/Stuart Jacobs. p. cm.

  ISBN 978-1-119-10160-4 (hardback) 1. Computer security. 2.

  Computer networks–Security measures. 3. Information technology–Security measures. 4. Data protection. I. Title. QA76.9.A25J325 2010 005.8–dc22

  2010028408 Printed in United States of America

  10

  9

  8

  7

  6

  5

  4

  3

  2

  1

  

This book is dedicated to my wife, Eileen,

for her patience with my spending so much time at the keyboard

rather than with her

  CONTENTS Preface and Acknowledgments xxiii About the Companion Website xxvii

1 WHAT IS SECURITY?

  1

  1.1 Introduction

  1

  1.2 The Subject of Security

  2

  1.2.1 Branches of Security

  2

  1.2.2 Defining Security by Function

  5

  1.2.2.1 Risk Avoidance

  5

  1.2.2.2 Deterrence

  5

  1.2.2.3 Prevention

  6

  1.2.2.4 Detection

  7

  1.2.2.5 Recovery

  7

  1.2.3 The Common Body of Knowledge (CBK) Security Domains

  8

  1.2.3.1 Access Control Systems and Methodology

  8

  1.2.3.2 Application and Systems Development Security

  9

  1.2.3.3 Business Continuity Planning and Disaster Recovery Planning

  10

  1.2.3.4 Cryptography

  10

  1.2.3.5 Information Security and Risk Management

  11

  1.2.3.6 Legal, Regulations, Compliance, and Investigations 11

  1.2.3.7 Operations Security

  12

  1.2.3.8 Physical Security

  13

  1.2.3.9 Security Architecture and Models

  14

  1.2.3.10 Telecommunications and Network Security

  14

  1.2.3.11 CBK Summary

  15

1.3 A Twenty-First Century Tale

  15

1.3.1 The Actors

  15

1.3.1.1 Bob’s Story

  15 C O N T E N T S viii

  1.3.1.2 Carol’s Story

  16

  1.3.1.3 Alice’s Story

  17

  1.3.2 What Actually Occurred

  17

  1.3.3 How Could All This Have Been Prevented?

  19

  1.3.4 They Did Not Live Happily Ever After

  20

  1.4 Why Are You Important to Computer Security?

  21

  1.4.1 What Are the Threats to Your Computer?

  22

  1.4.2 As a User, What to Do?

  23

  1.4.3 The Reality of Cybercrime and Cyberwarfare

  23

  1.5 End of the Beginning

  25

  1.6 Chapter Summary

  29

  1.7 Further Reading and Resources

  30

2 SYSTEMS ENGINEERING

  31

  2.1 So What Is Systems Engineering?

  31

  2.1.1 Similar Systems Engineering Process

  32

  2.1.1.1 Stating the Problem

  34

  2.1.1.2 Investigate Alternatives and Model the System

  35

  2.1.1.3 Develop/Integrate

  36

  2.1.1.4 Launch the System

  37

  2.1.1.5 Assess Performance

  38

  2.1.1.6 Re-evaluate

  38

  2.1.2 Another Systems Engineering View

  38

  2.1.3 Process Variations

  41

  2.2 Process Management

  41

  2.2.1 ISO 9000 Processes and Procedures

  41

  2.2.2 Capability Maturity Model (CMM)

  43

  2.3 Organization Environments

  46

  2.3.1 Economic, Legal, and Political Contexts

  47

  2.3.1.1 Regulations/Legislation

  47

  2.3.1.2 Market-Based Regulations

  49

  2.3.1.3 Technology Evolution

  51

  2.3.1.4 Customer Demands and Expectations

  51

  2.3.1.5 Legal Liability

  51

  2.3.1.6 Competition

  51

  2.3.1.7 Terrorism and Cybercrime

  52

  2.3.2 Business/Organizational Types

  52 C O N T E N T S ix

  2.3.2.2 Residential

3 FOUNDATION CONCEPTS

  64

  3.1.4 Security Goals/Objectives

  65

  3.1.5 X.800 Security Services

  66

  3.1.5.1 Authentication

  67

  3.1.5.2 Access Control

  67

  67

  3.1.5.4 Data Integrity

  68

  3.1.5.5 Non-Repudiation

  69

  54

  3.1.3 Domains, Security, and Trust

  63

  3.1.2 What Is Trust?

  2.4 Chapter Summary

  2.3.2.3 Governments

  54

  2.3.2.4 Nongovernmental Organizations (NGOs)

  56

  2.3.3 National Critical Infrastructure

  56

  59

  63

  2.5 Further Reading and Resources

  59

  61

  3.1 Security Concepts and Goals

  62

  3.1.1 Subjects and Objects

3.1.5.3 Confidentiality

3.1.6 A Modern Definition of Security Services

  3.1.6.2 Authorization-Access Control

  3.2.1.1 HMAC-MD5 and HMAC-SHA1

  3.1.6.1 Authentication

  69

  3.2.3.1 Cryptanalysis 101

  3.2.3 Cryptanalysis and Other Key Issues 101

  95

  3.2.2.3 Encryption Algorithm Performance

  93

  3.2.2.2 Asymmetric Encryption

  86

  3.2.2.1 Symmetric Encryption

  86

  3.2.2 Encryption Algorithms

  85

  81

  69

  3.2.1 Cryptographic Hash Algorithms

  77

  3.2 Role of Cryptography in Information Security

  74

  3.1.6.7 Service Mapping and Application of Services

  74

  3.1.6.6 Privacy As a Security Service

  73

  3.1.6.5 Accountability

  71

  3.1.6.4 Availability

  70

  3.1.6.3 Integrity

  69

  C O N T E N T S x

  3.2.3.3 Key Protection 106

  3.2.3.4 Using Passwords with Cryptography 107

  3.2.3.5 Using Passphrases with Cryptography 108

  3.2.4 Key Management 108

  3.2.4.1 Diffie–Hellmann Key Distribution 110

  3.2.5 Cryptographic Authentication 112

  3.2.5.1 Challenge–Response Technique 113

  3.2.5.2 Message Authentication Code Technique 116

  3.2.5.3 Digital Signature Authentication Technique 119

  3.3 Key Management Revisited 120

  3.4 Chapter Summary 121

  3.5 Further Reading and Resources 122

  4 AUTHENTICATION OF SUBJECTS 123

  4.1 Authentication Systems 123

  4.1.1 Kerberos-Based Authentication 124

  4.1.2 Public-Key Infrastructure 128

  4.1.2.1 X.509 Digital Certificates 128

  4.1.2.2 Certificate Authority Hierarchies 131

  4.1.2.3 Certificate Generation Requests 136

  4.1.2.4 PKI Component Deployment 139

  4.1.2.5 Digital Certificate Revocation and Status Verification 141

  4.1.2.6 Certificate Verification 143

  4.1.3 Remote Authentication Dial-in User Service and EAP 144

  4.1.4 Diameter 149

  4.1.5 Secure Electronic Transactions (SET) 150

  4.1.6 Authentication Systems Summary 154

  4.2 Human Authentication 154

  4.2.1 What the Subject Has Factor 155

  4.2.2 What the Subject Knows Factor 155

  4.2.3 What the Subject Is Factor 156

  4.2.4 Where the Subject Is Factor 157

  4.2.5 Combinations of Factors 157

  4.2.6 Rainbow Tables 158

  4.2.7 Proxies for Humans 159

  4.2.7.1 Operating Systems 159

  C O N T E N T S xi

  4.2.7.2 User Agents 159

  4.2.7.3 Single Sign-On (SSO) 159

  4.2.7.4 Shibboleth SSO Authentication 164

  4.2.7.5 Identity Management (IdM) 164

  4.3 Chapter Summary 167

  4.4 Further Reading and Resources 168

5 SECURITY SYSTEMS ENGINEERING 169

  5.1 Security Policy Development 170

  5.2 Senior Management Oversight and Involvement 170

  5.3 Security Process Management and Standards 170

5.3.1 ISO 27002

  172

  5.3.1.1 Establishing Organizational Security Policy (Section 5)

  172

  5.3.1.2 Organizational Security Infrastructure (Section 6) 173

  5.3.1.3 Asset Classification and Control (Section 7) 175

  5.3.1.4 Personnel Security (Section 8) 176

  5.3.1.5 Physical and Environmental Security (Section 9) 178

  5.3.1.6 Communications and Operations Management (Section 10)

  179

  5.3.1.7 Access Controls (Section 11) 180

  5.3.1.8 Information Systems Acquisition, Development, and Maintenance (Section 12) 181

  5.3.1.9 Information Security Incident Management (Section 13)

  182

  5.3.1.10 Business Continuity Management (Section 14) 182

  5.3.1.11 Compliance (Section 15) 183

  5.3.1.12 ISO 27002 Summary 185

  5.3.2 ISO 27001 185

  5.3.3 Policy Hierarchy 186

  5.3.4 An Enterprise Security Policy Example 189

  5.3.5 COBIT 189

  5.3.6 Information Technology Infrastructure Library 194

  5.3.7 Federal Information Security Management Act (FISMA) 196

  5.4 Information Security Systems Engineering Methodology 199

  5.4.1 Existing Asset Inventory and Classification 201

5.4.1.1 Physical Assets 201

  xii ^{C O N T E N T S}

  5.6.6 Role-Based Access Control (RBAC) 249

  246

  5.6.3 Discretionary Access Control using an Access Control List Approach

  246

  5.6.4 Mandatory Access Control using a Capability List Approach 247

  5.6.5 Administrative Tasks in Access Control Methods 248

  5.6.5.1 Groups and Permissions 248

  5.6.5.2 Protection Rings 249

  5.7 Security Modeling and Security-Related Standards 251

  5.6.1 Subjects, Objects, and Access Operations 245

  5.7.1 Confidentiality Policies and Integrity Policies 252

  5.7.2 Bell–LaPadula Model 253

  5.7.3 Graham–Denning Confidentiality Model 254

  5.7.4 Chinese Wall Multilateral Confidentiality Model 255

  5.7.5 Biba Integrity Model 256

  5.7.6 Clark–Wilson Model 256

  5.7.7 Security Model Summary 258

  5.6.2 Mandatory Access Control using a Matrix or Lattice Approach

  5.6 Access Control Concepts 244

  5.4.1.3 Conceptual Assets 202

  5.4.3.4 Common Criteria (CC) Mitigation Approach 227

  5.4.2 Vulnerabilities, Threats, and Risk 203

  5.4.2.1 Asset Vulnerabilities 204

  5.4.2.2 Organization Threat Profile(s) 204

  5.4.3 Dealing with Risk 224

  5.4.3.1 ITU-T View of Risk Mitigation Approach 224

  5.4.3.2 STRIDE Mitigation Approach 226

  5.4.3.3 ISO 27005 Approach to Managing Risk 226

  5.4.3.5 ETSI Security-Related Vulnerability and Threat Analysis Efforts

  5.5 Requirements Analysis and Decomposition 240

  230

  5.4.4 Risk Management Framework 232

  5.4.4.1 Impact Analysis 233

  5.4.4.2 Risk Assessment Analysis 234

  5.4.4.3 Risk Assessment—Asset Definition and Inventorying

  236

  5.4.4.4 Risk Assessment–Threats 237

  5.4.5 Risk Assignment 240

  5.7.8 Security Standards 259

  C O N T E N T S xiii

  5.7.8.1 Public-Key Cryptography Standards 260

  5.7.8.2 Third-Generation Partnership Project 260

  5.7.8.3 Third-Generation Partnership Project 2 260

  5.7.8.4 Alliance for Telecommunications Industry Solutions 262

  5.7.8.5 Cable Television Laboratories, Inc. 262

  5.7.8.6 European Telecommunications Standards Institute 263

  5.7.8.7 International Organization for Standardization 263

  5.7.8.8 ITU Telecommunication Standardization Sector 263

  5.7.8.9 Internet Engineering Task Force 264

  5.7.8.10 Object Management Group 264

  5.7.8.11 Organization for the Advancement of Structured Information Standards

  264

  5.7.8.12 Parlay Group 265

  5.7.8.13 TeleManagement Forum 265

  5.7.8.14 World Wide Web Consortium 265

  5.8 Chapter Summary 265

  5.8.1 Things to Remember 266

  5.8.1.1 Subjects and Objects 266

  5.8.1.2 Mandatory Access Controls 267

  5.8.1.3 Discretionary Access Controls 267

  6 TRADITIONAL NETWORK CONCEPTS 269

  6.1 Networking Architectures 269

  6.1.1 OSI Network Model 270

  6.1.2 Internet Network Model 272

  6.2 Types of Networks 274

  6.2.1 Local Area Network (LAN) 274

  6.2.2 Wireless LAN (WLAN) 277

  6.2.3 Metropolitan Area Networks (MAN) 277

  6.2.4 Wide Area Networks (WAN) 278

  6.2.5 The Internet 279

  6.2.6 Circuit Switched Networks 279

  6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems 284

  6.2.8 Sensor Networks 288

  6.2.9 Clouds 289

  6.2.9.1 Hardware as a Service 290

  6.2.9.2 Infrastructure as a Service 291

  xiv ^{C O N T E N T S}

  6.3.4.5 Security in Transport Layer Protocols 342

  6.3.3.5 IP Version 6 329

  6.3.3.6 Security in Internetworking Layer Protocols 332

  6.3.4 Layer 4—Transport 332

  6.3.4.1 Transmission Control Protocol 334

  6.3.4.2 User Datagram Protocol 338

  6.3.4.3 Stream Control Transmission Protocol 339

  6.3.4.4 Open Shortest Path First 340

  6.3.5 Layer 5—User Application Protocols 342

  6.3.3.3 Internet Control Management Protocol 325

  6.3.5.1 Initial Internet User Application Protocols 344

  6.3.5.2 HyperText Transfer Protocol 344

  6.3.5.3 X Windows 346

  6.3.5.4 eXtensible Markup Language 348

  6.3.5.5 Security in User Application Protocols 349

  6.3.6 Layer 5—Signaling and Control Application Protocols 349

  6.3.6.1 MPLS Signaling Protocols 351

  6.3.3.4 IPv4 Fragmentation and Related Attacks 327

  6.3.3.2 IP Version 4 320

  6.2.9.3 Applications as a Service 292

  6.3.2.1 Ethernet 297

  6.2.9.4 Public versus Private Clouds 293

  6.2.10 Cellular Networks 294

  6.2.11 IEEE 802.16 Networks 295

  6.2.12 Long-Term Evolution Networks 295

  6.3 Network Protocols 295

  6.3.1 Layer 1—Physical 296

  6.3.2 Layer 2—Data Link Protocols 296

  6.3.2.2 Virtual Ethernets 299

  6.3.3.1 Address Resolution Protocol 310

  6.3.2.3 Wireless Networking 300

  6.3.2.4 MultiProtocol Label Switching 301

  6.3.2.5 Asynchronous Transfer Mode and Frame Relay 304

  6.3.2.6 Digital Subscriber Lines 304

  6.3.2.7 Optical Networking 305

  6.3.2.8 Security in Data Link Layer Protocols 310

  6.3.3 Layer 3—Internetworking Layer Protocols 310

  6.3.6.2 Border Gateway Protocol 352 C O N T E N T S xv

  6.3.6.3 Mobile IP Routing 352

  6.3.6.4 Dynamic Host Configuration Protocol 355

  6.3.6.5 Network Time Protocols 359

  6.3.6.6 Domain Name System 359

  6.3.6.7 Lightweight Directory Access Protocol 361

  6.3.6.8 Active Directory 362

  6.3.6.9 Security in Signaling and Control Application Protocols

  363

6.3.7 Layer 5—Management Application Protocols 363

  6.3.7.1 Simple Network Management Protocol 363

  6.3.7.2 Customer Premise Equipment WAN Management Protocol

  367

  6.3.7.3 Remote Monitoring 368

  6.3.7.4 Security in Management Application Protocols 368

  6.4 Chapter Summary 368

  6.5 Further Reading and Resources 370

7 NEXT-GENERATION NETWORKS 371

7.1 Framework and Topology of the NGN 372

  Functional Entities and Groups

  7.1.1 372

  Domains

  7.1.2 373

  7.1.2.1 Customer Domain 374

  7.1.2.2 SP Access Domain 374

  7.1.2.3 SP Core/Services Domain 374 Interfaces

  7.1.3 374

  Protocol Layers, Functional Planes, and Interfaces

  7.1.4 376

7.2 The NGN Functional Reference Model 380

  Strata

  7.2.1 380

  Management Functional Group

  7.2.2 381

  Application Functional Group

  7.2.3 381

  The Transport Stratum

  7.2.4 381

  The Service Stratum

  7.2.5 385

7.2.6 The Service Stratum and the IP Multimedia

  Subsystem (IMS) 385

  7.3 Relationship Between NGN Transport and Service Domains 389

7.4 Enterprise Role Model 390

  7.5 Security Allocation within the NGN Transport Stratum Example 393

  C O N T E N T S xvi

  7.6 Converged Network Management (TMN and eTOM) 393

  7.7 General Network Security Architectures 401

  7.7.1 The ITU-T X.800 Generic Architecture 402

  7.7.2 The Security Frameworks (X.810–X.816) 402

  7.7.3 The ITU-T X.805 Approach to Security 403

  7.8 Chapter Summary 405

  7.9 Further Reading and Resources 405

  8 GENERAL COMPUTER SECURITY ARCHITECTURE 409

  8.1 The Hardware Protects the Software 410

  8.1.1 Processor States and Status 411

  8.1.1.1 Protection on the Motorola 68000 411

  8.1.1.2 Protection on the Intel 80386/80486 412

  8.1.2 Memory Management 412

  8.1.2.1 Fence 413

  8.1.2.2 Relocation 413

  8.1.2.3 Base/Bounds Registers 414

  8.1.2.4 Segmentation 416

  8.1.2.5 Paging 418

  8.1.2.6 Combining Segmentation and Paging (Virtual Memory)

  419

  8.1.3 Interruption of Processor Activity 420

  8.1.4 Hardware Encryption 421

  8.1.4.1 Hardware Security Modules 421

  8.1.4.2 Hardware Acceleration Cards 422

  8.1.4.3 Hardware Acceleration USB Devices 422

  8.1.4.4 Smartcards 423

  8.2 The Software Protects Information 424

  8.3 Element Security Architecture Description 426

  8.3.1 The Kernel 429

  8.3.2 Security Contexts 430

  8.3.3 Security-Critical Functions 432

  8.3.3.1 Security Policy Decision Function (SPDF) 432

  8.3.3.2 Authentication Function 433

  8.3.3.3 Audit Function 433

  8.3.3.4 Process Scheduling Function 434 C O N T E N T S xvii

  8.3.3.5 Device Management Functions and Device Controllers

  434

  8.3.4 Security-Related Functions 435

  8.4 Operating System (OS) Structure 435

  8.4.1 Security Management Function 437

  8.4.2 Networking Subsystem Function 437

  8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437

  8.5.1 General Purpose (GP) OSs 438

  8.5.1.1 Hardware Mechanisms for GP OS Usage 438

  8.5.1.2 Software Functional Entities for General Purpose (GP) OS Contexts

  438

  8.5.2 Minimized General Purpose Operating Systems 438

  8.5.2.1 Hardware Mechanisms for Minimized GP OS Usage

  449

  8.5.2.2 Software Mechanisms for Minimized GP OS Usage

  449

  8.5.3 Embedded (“Real-Time”) Operating Systems 449

  8.5.3.1 Hardware Mechanisms for Embedded OS Usage 449

  8.5.3.2 Software Mechanisms for Embedded OS Usage 451

  8.5.4 Basic Input–Output Systems (BIOS) 451

  8.5.4.1 Hardware Mechanisms for BIOS Usage 451

  8.5.4.2 Software Mechanisms for BIOS Usage 451

  8.6 Chapter Summary 456

  8.7 Further Reading and Resources 460

  9 COMPUTER SOFTWARE SECURITY 461

  9.1 Specific Operating Systems (OSs) 461

  9.1.1 Unix and Linux Security 462

  9.1.1.1 Login and User Accounts 462

  9.1.1.2 Group Accounts 463

  9.1.1.3 Set User ID (setuid) and Set Group ID (setgid) 463

  9.1.1.4 Access Control 464

  9.1.1.5 Audit Logs and Intrusion Detection 467 9.1.1.6 inetd and TCP Wrappers 469

  9.1.1.7 Log Files and Unix Disk Partitions 470

  9.1.2 Solaris Operating System and Role-Based Access Controls 473

  9.1.3 Windows OSs 476

  xviii ^{C O N T E N T S}

9.1.4 Embedded OSs 496

9.2 Applications

9.2.1 Application Security Issues 498

  9.2.2.5 Linux, Unix, and Mac OS X Malware 512

  9.2.1.6 Dynamic Code Security Analysis 503

  9.2.2.1 Viruses 505

  9.2.2.2 Worms 507

  9.2.2.3 Trojan Horses, Rootkits, and Backdoors 507

  9.2.2.4 Spyware and Botnets 510

  9.2.3.2 Host-Based Firewalls 513

  9.2.3.1 Malware and Spyware Scanners 512

  9.2.1.4 Application Development Security 501

  9.2.3.3 Modification Scanners 514

  9.2.3.4 Host-Based Intrusion Detection 515

  9.3 Chapter Summary 515

  9.4 Further Reading and Resources 516

  9.2.1.5 Static Code Security Analysis 502

  9.2.1.3 Shared Libraries 500

  9.1.3.1 Users and Groups 477

  500

  9.1.3.2 Access Control Model 478

  9.1.3.3 Access Tokens 478

  9.1.3.4 Access Control Lists 479

  9.1.3.5 Access Control Entries 481

  9.1.3.6 Access Rights and Access Masks 481

  9.1.3.7 Security Identifiers 481

  9.1.3.8 The Registry 482

  9.1.3.9 Domains and Trust Relationships 485

  9.1.3.10 Active Directory 487

  9.1.3.11 More on Trust Relationships 489

  9.1.3.12 Identification and Authentication 492

  9.1.3.13 Windows Server 2003—Role-Based Access Control (RBAC)

  493

  498

  9.2.1.1 Buffer Overflows 499

  9.2.1.2 Exception Handling, Bounds Checking, and Shared Libraries

9.2.2 Malicious Software (Malware) 503

9.2.3 Anti-malware Applications 512

  C O N T E N T S xix

  10 SECURITY SYSTEMS DESIGN—DESIGNING NETWORK SECURITY 517

  10.1 Introduction 517

  10.2 Security Design for Protocol Layer 1 520

  10.2.1 Wired and Optical Media 520

  10.2.1.1 Link-Bulk Encryption 520

  10.2.1.2 Dial-back Modems 522

  10.2.2 Wireless Media 522

  10.2.2.1 Fast Frequency Hopping 523

  10.3 Layer 2—Data Link Security Mechanisms 524

  10.3.1 IEEE 802.1x 524

  10.3.2 IEEE 802.1ae 525

  10.3.3 IEEE 802.11 WPA and 802.11i 528

  10.4 Security Design for Protocol Layer 3 530

  10.4.1 IP Security (IPsec) 530

  10.4.1.1 IPsec Architecture 531

  10.4.1.2 IPsec Key Management and Key Exchange 536

  10.4.1.3 IKE Operation 537

  10.4.1.4 IPsec Security Associations (SAs) 541

  10.4.1.5 Combining Security Associations 542

  10.4.1.6 IPsec Authentication Header (AH) Transform 544

  10.4.1.7 The IPsec Encapsulating Security Payload (ESP) Transform

  545

  10.4.1.8 The Various ESP Transforms 545

  10.4.1.9 IPsec Processing 545

  10.4.1.10 IPsec Policy Management 547

  10.4.1.11 IPsec and Network Address Translation 549

  10.4.1.12 IPsec Implementation Availability 554

  10.4.1.13 IPsec and Fault-Tolerant Network Designs 554

  10.4.1.14 IPsec and PKI 556

  10.4.1.15 IPsec Summary and Observations 557

  10.5 IP Packet Authorization and Access Control 558

  10.5.1 Network and Host Packet Filtering 559

  10.5.2 The Demilitarized Zone 563

  10.5.3 Application-Level Gateways 564

  10.5.4 Deep-Packet Inspection (DPI) 567

  10.6 Chapter Summary 571

  10.7 Further Reading and Resources 571

  xx ^{C O N T E N T S}

11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573

11.1 Layer 4—Transport Security Protocols 573

11.1.1 TLS, DTLS, and SSL 574

  11.1.1.3 TLS and SSL Security Items 579

11.2 Layer 5—User Service Application Protocols 582

  11.2.2.1 eXtensible Markup Language Security (XML) 589

  11.1.1.1 TLS Session Establishment 576

11.2.1 Email

  11.2.2.5 Security Assertion Markup Language (SAML) 594

  11.2.2.4 SOAP 593

  11.2.2.3 Web Services 593

  11.2.2.2 Service-Oriented Architecture (SOA) 590

  11.2.2 World Wide Web (Web) and Identity Management 589

  11.1.1.4 SSL Virtual Private Networks 579

  11.1.1.2 TLS Operational Activities 579

  11.2.1.3 S/MIME and OpenPGP Differences 587

  586

  11.2.1.2 Secure/Multipurpose Internet Mail Extensions (S/MIME)

  11.2.1.1 Pretty Good Privacy (PGP) 583

  583

  11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581

  11.1.2 Secure Shell (SSH) 581

  11.2.1.4 Email Attacks 587

11.2.3 Voice over Internet Protocol (VoIP) 596

  11.2.4 DNS Security Extensions 605

  11.2.5 Instant Messaging and Chat 608

  11.2.6 Peer-to-Peer Applications 615

  11.2.7 Ad hoc Networks 616

  11.2.8 Java 618

  11.2.8.1 Basic Concepts 619

  11.2.8.2 Java 2 Cryptographic Architecture 620

  11.2.9 .NET

  622

  11.2.3.6 VoIP and NAT 604

  11.2.3.5 VoIP Device Security 602

  11.2.3.4 VoIP Session Border Control 602

  11.2.3.3 VoIP Media Security 601

  11.2.3.1 VoIP Signaling Security 599

  11.2.3.2 Real-Time Protocol 599 C O N T E N T S xxi

  11.2.9.1 Role-Based Security 622

  11.2.9.2 Web Application Security 622

  11.2.9.3 Evidence-Based Security 622

  11.2.9.4 Cryptography Available in .NET 623

  11.2.9.5 Security Policy Administration in .NET 623

  11.2.10 Common Object Request Broker Architecture (CORBA) 624

  11.2.11 Distributed Computing Environment 626

  11.2.12 Dynamic Host Configuration Protocol Security 630

  11.3 Chapter Summary 632

  11.4 Further Reading and Resources 632

  12 SECURING MANAGEMENT AND MANAGING SECURITY 633

  12.1 Securing Management Applications 633

  12.1.1 Management Roots 633

  12.1.2 The Telecommunications Management Network 634

  12.1.2.1 Telecommunications Management Network Structure

  635

  12.1.2.2 Element, Network Management Systems, and Operations Systems

  636

  12.1.3 TMN Security 640

  12.1.4 Management of Security Mechanisms 642

  12.1.4.1 EMS Security Needs 643

  12.1.4.2 NMS Security Additions 644

  12.1.4.3 Selected OSS/EMS Security Services 644

  12.1.5 A Security Management Framework 645

  12.2 Operation, Administration, Maintenance, and Decommissioning 648

  12.2.1 Operational Security Mechanisms 649

  12.2.1.1 Separation of Duties and Roles 649

  12.2.1.2 Operational Guidelines and Procedures 650

  12.2.1.3 Independent Auditing and Review 651

  12.2.1.4 Human Resources and Legal Aspects 653

  12.2.1.5 Accountability 653

  12.2.1.6 Documentation 653

  12.2.1.7 Acceptance Testing, Field Testing, and Operational Readiness

  653

  12.2.2 Operations Security 654

  12.2.2.1 Third-Party Access 655

  C O N T E N T S xxii

  12.2.2.3 Senior Security Management Mechanisms 657

  12.2.2.4 Operational Reviews 657

12.2.2.5 Accreditation and Certification 658

  12.2.2.6 Life-cycle Review 661

  12.2.2.7 Withdrawal from Service 661

  12.2.3 Operations Compliance 664

  12.2.3.1 Example Security Tools 667

  12.2.3.2 Penetration Testing 669

  12.3 Systems Implementation or Procurement 671

  12.3.1 Development 672

  12.3.1.1 CMMI and ISO-9001 Processes 672

  12.3.1.2 Coding 672

  12.3.1.3 Testing 673

  12.3.2 Procurement 673

  12.3.2.1 Requests for Information/Proposals (RFIs/RFPs) 673

  12.3.2.2 Standards Compliance 679

  12.3.2.3 Acceptance Testing and Review 681

  12.3.3 Forensic Tools 681

  12.4 Chapter Summary 681

  12.5 Further Reading and Resources 681

  About the Author 683 Glossary 685 Index 725

  PREFACE AND ACKNOWLEDGMENTS APPROACH

  This book focuses on information security (information assurance) from the viewpoint of how to control access to information in a systematic manner. Many books on security primarily cover specific security mechanisms such as authentication protocols, encryp- tion algorithms, and security-related protocols. Other books on security are use case oriented, providing specific contexts for discussing vulnerabilities, threats, and counter- measures. Few books on security consider the planning, operations, and management aspects of protecting information. Unlike these other books that focus on security mechanisms, threats, and vulnerabilities, this book presents a methodology for address- ing security concerns in any organization. The methodology is based on a set of concepts called systems engineering that are designed to methodologically examine, analyze, and document objectives and the functional and performance capabilities (requirements) that need to exist to achieve the stated goals. Systems engineering concepts provide:

• a framework for developing capabilities and solutions that ensure compliance with the aforementioned requirements;
• traceability starting at objectives, progressing through requirements development, solution design/development/procurement into, and during, operation and admin- istration; and
• support for compliance evaluation of deployed systems and how these systems are used.

  Another critical aspect of the systems methodology is the necessity to consider all aspects of a system, not just the technical components. All information processing infrastructures (networks and computing devices) exist within a context defined by:

• how the deploying organization operates,
• what the deploying organization provides as services or products,
• who competes with the deploying organization,
• what legal and regulatory burdens the deploying organization has to accommo- date, and

  P R E F A C E A N D A C K N O W L E D G M E N T S xxiv

• who may target the deploying organization with the intent of personal or financial gain, political advantage, or ideological objectives.

  Over time the technologies used for the processing, storage, and communicating of information have changed dramatically and rapidly. By presenting a systems engineering approach to information security, this book will assist security practitioners to cope with these rapid changes. Achieving information security is not a matter of dealing with specific technologies, rather information security is a process of managing technologies to ensure that information is only accessible to valid users.

  ORGANIZATION

  The coverage of information security by this book includes all aspects of security in a systematic engineering approach:

• Chapter 1 considers why information security is needed, how security problems can have widespread impacts, and what are the more common ways security is discussed and the deficiencies/limitations of these views.
• Chapter 2 discusses the many legal, technical, competitive, criminal and consumer forces, and influences that are rapidly changing our information-dependent society, along with exploring the concepts of systems engineering and the value these concepts provide to the development of new products and services along with the maintenance and evolution to existing products and services.
• Chapter 3 reviews fundamental security concepts of subjects, objects, security services, and the role of cryptography in information security.
• Chapter 4 considers different approaches for achieving authentication of indi- viduals and systems.
• Chapter 5 delves into how to establish and manage an information security program, evaluate vulnerabilities, threats, and risks, and develop security require- ments, and the chapter considers the value and impact of security standards and the major organizations involved with developing these standards.
• Chapter 6 describes the different forms and types of networks currently in use along with the protocols relied upon that are the cause of many security problems. All protocol layers are considered, and any security capabilities are analyzed for effectiveness and usability.
• Chapter 7 focuses on the near future of next-generation network concepts and services defined within the developing Internet multimedia services framework.
• Chapter 8 provides an in-depth discussion of computer hardware that impacts information security and the role of operating systems in supporting information security, and what security mechanisms an operating system should include.
• Chapter 9 provides an examination of security capabilities in the major commer- cially available operating system (unix variants, Windows variants, and real time)

P R E F A C E A N D A C K N O W L E D G M E N T S xxv

  and then considers security issues within applications software. This chapter concludes with a review of the different forms of malicious software (malware) encountered today and a number of anti-malware applications currently available.

• Chapters 10 and 11 provide descriptions and analysis of the available networking security mechanisms within each protocol layer of networks. Both stand-alone applications (including their associated protocols) and the major application frameworks (e.g., Java, .NET, CORBA, and DCE) are discussed from a security capabilities perspective.
• Chapter 12 explores the security issues within the management of networks, especially the management of security and considers the organizational needs for effective security management, operational security mechanisms, security opera- tions, and other life cycle security issues. This chapter concludes with considera- tion of security within development, integration, and component purchasing activity areas.

  Available for instructors, from the publisher, are (1) a set of assignments and associated grading rubrics, (2) lecture power point slides, (3) a set of quizzes and associated grading rubrics, and a final examination and associated grading rubric.

SECOND EDITION CHANGES

  Chapterwise changes in this 2nd edition include the following: • Errors found in each chapter have been corrected.

• Chapter 3: Revision of Section 3.1.5 to more clearly explain types and purposes of security services, including description of data integrity being based on use of a protected digest. Addition of discussion about protecting storage of private keys.
• Chapter 4: Revisions to Sections 4.1.5, 4.2, and 4.2.7 regarding need to control identities.
• Chapter 5: Revision of Sections 5.1 through 5.3.3 to discuss Governance followed by ISO 27001 and ISO 27002 for policy, and then provide discussion of COBIT, ITIL, and FISMA with revised discussion of requirements.
• Chapter 7: Major revision of material to include discussion of SCADA, Cloud, Sensor, and Ad Hoc networks.
• Chapter 9: Expansion of Section 9.2.1 to include coverage of code reviews, code scanning tools, and testing.
• Chapter 11: Added discussion in Section 11.1.1.3 regarding SSL VPNs and TLS lack of rekeying capabilities. Discussion in Section 11.2.2 of HTTP Basic and Digest authentication.
• Chapter 12: Rework of Section 12.1.1. Added Section 12.2.3.3 to discuss internal operations security process of monitor, review exceptions, plan remediation, and obtain either budget or exception.

  P R E F A C E A N D A C K N O W L E D G M E N T S xxvi • Appendix A: Minor revisions.

• Appendix B: Minor revisions.
• Appendix C: Minor revisions.
• Appendix D: Minor revisions.
• Appendix E: Minor revisions.
• Appendix F: Minor revisions.
• Appendix G: New set of tables for asset inventory construction for risk management.
• Inclusion of a glossary of terms.

TARGET AUDIENCE

  The major audience for this book include graduate and undergraduate students studying, but not limited to, computer/information sciences/engineering systems engineering, technology management, and public safety. The book is also written for professionals in the sciences, engineering, communications, and other fields that rely on reliable and trustable information processing and communications systems and infrastructures. The subject of information security (information assurance, computer security, and network security) is routinely covered as a set of individual subjects and rarely addressed from an engineering perspective. Most professional and academic books focus on the common

  2

  body of knowledge promulgated by organizations, such as the (ISO) and ISSA, or target-specific subjects (database management systems, incident response/forensics, common criteria, risks, encryption, Java, windows, etc.).

  This book considers the complete security life cycle of products and services starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning.

  ACKNOWLEDGMENTS

  I would like to thank Thomas Plevyak for encouraging me to write this book, all of my former Verizon co-workers who routinely challenged my opinions regarding security, and Verizon’s management who, over the years, provided me with many challenging and interesting security-related assignments. I would also like to recognize Allen H. Levesque, Richard Stanley, Fred Kotler, and George Wilson, who were instrumental in my mastering systems engineering concepts.

  ABOUT THE COMPANION WEBSITE

  This book is accompanied by a companion website:

  www.wiley.com/go/informationsecurity2jacobs

  The website includes:

• Appendix A • Appendix B • Appendix C • Appendix D • Appendix E • Appendix F • Appendix G

  1 WHAT IS SECURITY?

1.1 INTRODUCTION