Engineering Information Security The Application of Systems Engineering Concepts to Achieve Information Assurance 2nd Edition pdf pdf
ENGINEERING
INFORMATION
SECURITY
IEEE Press
445 Hoes Lane
Piscataway, NJ 08854
IEEE Press Editorial Board
Tariq Samad, Editor in Chief
George W. Arnold Vladimir Lumelsky Linda Shafer
Dmitry Goldgof Pui-In Mak Zidong Wang
Ekram Hossain Jeffrey Nanzer MengChu Zhou
Mary Lanzerotti Ray Perez George Zobrist
Kenneth Moore, Director of IEEE Book and Information Services (BIS)
ENGINEERING
INFORMATION SECURITY The Application of Systems Engineering
Concepts to Achieve
Information Assurance
SECOND EDITION
Stuart Jacobs Copyright 2016 by The Institute of Electrical and Electronics Engineers, Inc. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permittedunder Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission
of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance
Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web
at www.copyright.com . Requests to the Publisher for permission should be addressed to the PermissionsDepartment, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-
6008, or online at http://www.wiley.com/go/permission .Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or completeness
of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a
particular purpose. No warranty may be created or extended by sales representatives or written sales materials.
The advice and strategies contained herein may not be suitable for your situation. You should consult with a
professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or anyother commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact ourCustomer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-
3993 or fax (317) 572-4002.Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.
com .Library of Congress Cataloging-in-Publication Data: Jacobs, Stuart.
Engineering information security: The application of systems engineering concepts to achieve information assurance/Stuart Jacobs. p. cm.
ISBN 978-1-119-10160-4 (hardback) 1. Computer security. 2.
Computer networks–Security measures. 3. Information technology–Security measures. 4. Data protection. I. Title. QA76.9.A25J325 2010 005.8–dc22
2010028408 Printed in United States of America
10
9
8
7
6
5
4
3
2
1
This book is dedicated to my wife, Eileen,
for her patience with my spending so much time at the keyboard
rather than with her
CONTENTS Preface and Acknowledgments xxiii About the Companion Website xxvii
1 WHAT IS SECURITY?
1
1.1 Introduction
1
1.2 The Subject of Security
2
1.2.1 Branches of Security
2
1.2.2 Defining Security by Function
5
1.2.2.1 Risk Avoidance
5
1.2.2.2 Deterrence
5
1.2.2.3 Prevention
6
1.2.2.4 Detection
7
1.2.2.5 Recovery
7
1.2.3 The Common Body of Knowledge (CBK) Security Domains
8
1.2.3.1 Access Control Systems and Methodology
8
1.2.3.2 Application and Systems Development Security
9
1.2.3.3 Business Continuity Planning and Disaster Recovery Planning
10
1.2.3.4 Cryptography
10
1.2.3.5 Information Security and Risk Management
11
1.2.3.6 Legal, Regulations, Compliance, and Investigations 11
1.2.3.7 Operations Security
12
1.2.3.8 Physical Security
13
1.2.3.9 Security Architecture and Models
14
1.2.3.10 Telecommunications and Network Security
14
1.2.3.11 CBK Summary
15
1.3 A Twenty-First Century Tale
15
1.3.1 The Actors
15
1.3.1.1 Bob’s Story
15 C O N T E N T S viii
1.3.1.2 Carol’s Story
16
1.3.1.3 Alice’s Story
17
1.3.2 What Actually Occurred
17
1.3.3 How Could All This Have Been Prevented?
19
1.3.4 They Did Not Live Happily Ever After
20
1.4 Why Are You Important to Computer Security?
21
1.4.1 What Are the Threats to Your Computer?
22
1.4.2 As a User, What to Do?
23
1.4.3 The Reality of Cybercrime and Cyberwarfare
23
1.5 End of the Beginning
25
1.6 Chapter Summary
29
1.7 Further Reading and Resources
30
2 SYSTEMS ENGINEERING
31
2.1 So What Is Systems Engineering?
31
2.1.1 Similar Systems Engineering Process
32
2.1.1.1 Stating the Problem
34
2.1.1.2 Investigate Alternatives and Model the System
35
2.1.1.3 Develop/Integrate
36
2.1.1.4 Launch the System
37
2.1.1.5 Assess Performance
38
2.1.1.6 Re-evaluate
38
2.1.2 Another Systems Engineering View
38
2.1.3 Process Variations
41
2.2 Process Management
41
2.2.1 ISO 9000 Processes and Procedures
41
2.2.2 Capability Maturity Model (CMM)
43
2.3 Organization Environments
46
2.3.1 Economic, Legal, and Political Contexts
47
2.3.1.1 Regulations/Legislation
47
2.3.1.2 Market-Based Regulations
49
2.3.1.3 Technology Evolution
51
2.3.1.4 Customer Demands and Expectations
51
2.3.1.5 Legal Liability
51
2.3.1.6 Competition
51
2.3.1.7 Terrorism and Cybercrime
52
2.3.2 Business/Organizational Types
52 C O N T E N T S ix
2.3.2.2 Residential
3 FOUNDATION CONCEPTS
64
3.1.4 Security Goals/Objectives
65
3.1.5 X.800 Security Services
66
3.1.5.1 Authentication
67
3.1.5.2 Access Control
67
67
3.1.5.4 Data Integrity
68
3.1.5.5 Non-Repudiation
69
54
3.1.3 Domains, Security, and Trust
63
3.1.2 What Is Trust?
2.4 Chapter Summary
2.3.2.3 Governments
54
2.3.2.4 Nongovernmental Organizations (NGOs)
56
2.3.3 National Critical Infrastructure
56
59
63
2.5 Further Reading and Resources
59
61
3.1 Security Concepts and Goals
62
3.1.1 Subjects and Objects
3.1.5.3 Confidentiality
3.1.6 A Modern Definition of Security Services
3.1.6.2 Authorization-Access Control
3.2.1.1 HMAC-MD5 and HMAC-SHA1
3.1.6.1 Authentication
69
3.2.3.1 Cryptanalysis 101
3.2.3 Cryptanalysis and Other Key Issues 101
95
3.2.2.3 Encryption Algorithm Performance
93
3.2.2.2 Asymmetric Encryption
86
3.2.2.1 Symmetric Encryption
86
3.2.2 Encryption Algorithms
85
81
69
3.2.1 Cryptographic Hash Algorithms
77
3.2 Role of Cryptography in Information Security
74
3.1.6.7 Service Mapping and Application of Services
74
3.1.6.6 Privacy As a Security Service
73
3.1.6.5 Accountability
71
3.1.6.4 Availability
70
3.1.6.3 Integrity
69
C O N T E N T S x
3.2.3.3 Key Protection 106
3.2.3.4 Using Passwords with Cryptography 107
3.2.3.5 Using Passphrases with Cryptography 108
3.2.4 Key Management 108
3.2.4.1 Diffie–Hellmann Key Distribution 110
3.2.5 Cryptographic Authentication 112
3.2.5.1 Challenge–Response Technique 113
3.2.5.2 Message Authentication Code Technique 116
3.2.5.3 Digital Signature Authentication Technique 119
3.3 Key Management Revisited 120
3.4 Chapter Summary 121
3.5 Further Reading and Resources 122
4 AUTHENTICATION OF SUBJECTS 123
4.1 Authentication Systems 123
4.1.1 Kerberos-Based Authentication 124
4.1.2 Public-Key Infrastructure 128
4.1.2.1 X.509 Digital Certificates 128
4.1.2.2 Certificate Authority Hierarchies 131
4.1.2.3 Certificate Generation Requests 136
4.1.2.4 PKI Component Deployment 139
4.1.2.5 Digital Certificate Revocation and Status Verification 141
4.1.2.6 Certificate Verification 143
4.1.3 Remote Authentication Dial-in User Service and EAP 144
4.1.4 Diameter 149
4.1.5 Secure Electronic Transactions (SET) 150
4.1.6 Authentication Systems Summary 154
4.2 Human Authentication 154
4.2.1 What the Subject Has Factor 155
4.2.2 What the Subject Knows Factor 155
4.2.3 What the Subject Is Factor 156
4.2.4 Where the Subject Is Factor 157
4.2.5 Combinations of Factors 157
4.2.6 Rainbow Tables 158
4.2.7 Proxies for Humans 159
4.2.7.1 Operating Systems 159
C O N T E N T S xi
4.2.7.2 User Agents 159
4.2.7.3 Single Sign-On (SSO) 159
4.2.7.4 Shibboleth SSO Authentication 164
4.2.7.5 Identity Management (IdM) 164
4.3 Chapter Summary 167
4.4 Further Reading and Resources 168
5 SECURITY SYSTEMS ENGINEERING 169
5.1 Security Policy Development 170
5.2 Senior Management Oversight and Involvement 170
5.3 Security Process Management and Standards 170
5.3.1 ISO 27002
172
5.3.1.1 Establishing Organizational Security Policy (Section 5)
172
5.3.1.2 Organizational Security Infrastructure (Section 6) 173
5.3.1.3 Asset Classification and Control (Section 7) 175
5.3.1.4 Personnel Security (Section 8) 176
5.3.1.5 Physical and Environmental Security (Section 9) 178
5.3.1.6 Communications and Operations Management (Section 10)
179
5.3.1.7 Access Controls (Section 11) 180
5.3.1.8 Information Systems Acquisition, Development, and Maintenance (Section 12) 181
5.3.1.9 Information Security Incident Management (Section 13)
182
5.3.1.10 Business Continuity Management (Section 14) 182
5.3.1.11 Compliance (Section 15) 183
5.3.1.12 ISO 27002 Summary 185
5.3.2 ISO 27001 185
5.3.3 Policy Hierarchy 186
5.3.4 An Enterprise Security Policy Example 189
5.3.5 COBIT 189
5.3.6 Information Technology Infrastructure Library 194
5.3.7 Federal Information Security Management Act (FISMA) 196
5.4 Information Security Systems Engineering Methodology 199
5.4.1 Existing Asset Inventory and Classification 201
5.4.1.1 Physical Assets 201
xii C O N T E N T S
5.6.6 Role-Based Access Control (RBAC) 249
246
5.6.3 Discretionary Access Control using an Access Control List Approach
246
5.6.4 Mandatory Access Control using a Capability List Approach 247
5.6.5 Administrative Tasks in Access Control Methods 248
5.6.5.1 Groups and Permissions 248
5.6.5.2 Protection Rings 249
5.7 Security Modeling and Security-Related Standards 251
5.6.1 Subjects, Objects, and Access Operations 245
5.7.1 Confidentiality Policies and Integrity Policies 252
5.7.2 Bell–LaPadula Model 253
5.7.3 Graham–Denning Confidentiality Model 254
5.7.4 Chinese Wall Multilateral Confidentiality Model 255
5.7.5 Biba Integrity Model 256
5.7.6 Clark–Wilson Model 256
5.7.7 Security Model Summary 258
5.6.2 Mandatory Access Control using a Matrix or Lattice Approach
5.6 Access Control Concepts 244
5.4.1.3 Conceptual Assets 202
5.4.3.4 Common Criteria (CC) Mitigation Approach 227
5.4.2 Vulnerabilities, Threats, and Risk 203
5.4.2.1 Asset Vulnerabilities 204
5.4.2.2 Organization Threat Profile(s) 204
5.4.3 Dealing with Risk 224
5.4.3.1 ITU-T View of Risk Mitigation Approach 224
5.4.3.2 STRIDE Mitigation Approach 226
5.4.3.3 ISO 27005 Approach to Managing Risk 226
5.4.3.5 ETSI Security-Related Vulnerability and Threat Analysis Efforts
5.5 Requirements Analysis and Decomposition 240
230
5.4.4 Risk Management Framework 232
5.4.4.1 Impact Analysis 233
5.4.4.2 Risk Assessment Analysis 234
5.4.4.3 Risk Assessment—Asset Definition and Inventorying
236
5.4.4.4 Risk Assessment–Threats 237
5.4.5 Risk Assignment 240
5.7.8 Security Standards 259
C O N T E N T S xiii
5.7.8.1 Public-Key Cryptography Standards 260
5.7.8.2 Third-Generation Partnership Project 260
5.7.8.3 Third-Generation Partnership Project 2 260
5.7.8.4 Alliance for Telecommunications Industry Solutions 262
5.7.8.5 Cable Television Laboratories, Inc. 262
5.7.8.6 European Telecommunications Standards Institute 263
5.7.8.7 International Organization for Standardization 263
5.7.8.8 ITU Telecommunication Standardization Sector 263
5.7.8.9 Internet Engineering Task Force 264
5.7.8.10 Object Management Group 264
5.7.8.11 Organization for the Advancement of Structured Information Standards
264
5.7.8.12 Parlay Group 265
5.7.8.13 TeleManagement Forum 265
5.7.8.14 World Wide Web Consortium 265
5.8 Chapter Summary 265
5.8.1 Things to Remember 266
5.8.1.1 Subjects and Objects 266
5.8.1.2 Mandatory Access Controls 267
5.8.1.3 Discretionary Access Controls 267
6 TRADITIONAL NETWORK CONCEPTS 269
6.1 Networking Architectures 269
6.1.1 OSI Network Model 270
6.1.2 Internet Network Model 272
6.2 Types of Networks 274
6.2.1 Local Area Network (LAN) 274
6.2.2 Wireless LAN (WLAN) 277
6.2.3 Metropolitan Area Networks (MAN) 277
6.2.4 Wide Area Networks (WAN) 278
6.2.5 The Internet 279
6.2.6 Circuit Switched Networks 279
6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems 284
6.2.8 Sensor Networks 288
6.2.9 Clouds 289
6.2.9.1 Hardware as a Service 290
6.2.9.2 Infrastructure as a Service 291
xiv C O N T E N T S
6.3.4.5 Security in Transport Layer Protocols 342
6.3.3.5 IP Version 6 329
6.3.3.6 Security in Internetworking Layer Protocols 332
6.3.4 Layer 4—Transport 332
6.3.4.1 Transmission Control Protocol 334
6.3.4.2 User Datagram Protocol 338
6.3.4.3 Stream Control Transmission Protocol 339
6.3.4.4 Open Shortest Path First 340
6.3.5 Layer 5—User Application Protocols 342
6.3.3.3 Internet Control Management Protocol 325
6.3.5.1 Initial Internet User Application Protocols 344
6.3.5.2 HyperText Transfer Protocol 344
6.3.5.3 X Windows 346
6.3.5.4 eXtensible Markup Language 348
6.3.5.5 Security in User Application Protocols 349
6.3.6 Layer 5—Signaling and Control Application Protocols 349
6.3.6.1 MPLS Signaling Protocols 351
6.3.3.4 IPv4 Fragmentation and Related Attacks 327
6.3.3.2 IP Version 4 320
6.2.9.3 Applications as a Service 292
6.3.2.1 Ethernet 297
6.2.9.4 Public versus Private Clouds 293
6.2.10 Cellular Networks 294
6.2.11 IEEE 802.16 Networks 295
6.2.12 Long-Term Evolution Networks 295
6.3 Network Protocols 295
6.3.1 Layer 1—Physical 296
6.3.2 Layer 2—Data Link Protocols 296
6.3.2.2 Virtual Ethernets 299
6.3.3.1 Address Resolution Protocol 310
6.3.2.3 Wireless Networking 300
6.3.2.4 MultiProtocol Label Switching 301
6.3.2.5 Asynchronous Transfer Mode and Frame Relay 304
6.3.2.6 Digital Subscriber Lines 304
6.3.2.7 Optical Networking 305
6.3.2.8 Security in Data Link Layer Protocols 310
6.3.3 Layer 3—Internetworking Layer Protocols 310
6.3.6.2 Border Gateway Protocol 352 C O N T E N T S xv
6.3.6.3 Mobile IP Routing 352
6.3.6.4 Dynamic Host Configuration Protocol 355
6.3.6.5 Network Time Protocols 359
6.3.6.6 Domain Name System 359
6.3.6.7 Lightweight Directory Access Protocol 361
6.3.6.8 Active Directory 362
6.3.6.9 Security in Signaling and Control Application Protocols
363
6.3.7 Layer 5—Management Application Protocols 363
6.3.7.1 Simple Network Management Protocol 363
6.3.7.2 Customer Premise Equipment WAN Management Protocol
367
6.3.7.3 Remote Monitoring 368
6.3.7.4 Security in Management Application Protocols 368
6.4 Chapter Summary 368
6.5 Further Reading and Resources 370
7 NEXT-GENERATION NETWORKS 371
7.1 Framework and Topology of the NGN 372
Functional Entities and Groups
7.1.1 372
Domains
7.1.2 373
7.1.2.1 Customer Domain 374
7.1.2.2 SP Access Domain 374
7.1.2.3 SP Core/Services Domain 374 Interfaces
7.1.3 374
Protocol Layers, Functional Planes, and Interfaces
7.1.4 376
7.2 The NGN Functional Reference Model 380
Strata
7.2.1 380
Management Functional Group
7.2.2 381
Application Functional Group
7.2.3 381
The Transport Stratum
7.2.4 381
The Service Stratum
7.2.5 385
7.2.6 The Service Stratum and the IP Multimedia
Subsystem (IMS) 385
7.3 Relationship Between NGN Transport and Service Domains 389
7.4 Enterprise Role Model 390
7.5 Security Allocation within the NGN Transport Stratum Example 393
C O N T E N T S xvi
7.6 Converged Network Management (TMN and eTOM) 393
7.7 General Network Security Architectures 401
7.7.1 The ITU-T X.800 Generic Architecture 402
7.7.2 The Security Frameworks (X.810–X.816) 402
7.7.3 The ITU-T X.805 Approach to Security 403
7.8 Chapter Summary 405
7.9 Further Reading and Resources 405
8 GENERAL COMPUTER SECURITY ARCHITECTURE 409
8.1 The Hardware Protects the Software 410
8.1.1 Processor States and Status 411
8.1.1.1 Protection on the Motorola 68000 411
8.1.1.2 Protection on the Intel 80386/80486 412
8.1.2 Memory Management 412
8.1.2.1 Fence 413
8.1.2.2 Relocation 413
8.1.2.3 Base/Bounds Registers 414
8.1.2.4 Segmentation 416
8.1.2.5 Paging 418
8.1.2.6 Combining Segmentation and Paging (Virtual Memory)
419
8.1.3 Interruption of Processor Activity 420
8.1.4 Hardware Encryption 421
8.1.4.1 Hardware Security Modules 421
8.1.4.2 Hardware Acceleration Cards 422
8.1.4.3 Hardware Acceleration USB Devices 422
8.1.4.4 Smartcards 423
8.2 The Software Protects Information 424
8.3 Element Security Architecture Description 426
8.3.1 The Kernel 429
8.3.2 Security Contexts 430
8.3.3 Security-Critical Functions 432
8.3.3.1 Security Policy Decision Function (SPDF) 432
8.3.3.2 Authentication Function 433
8.3.3.3 Audit Function 433
8.3.3.4 Process Scheduling Function 434 C O N T E N T S xvii
8.3.3.5 Device Management Functions and Device Controllers
434
8.3.4 Security-Related Functions 435
8.4 Operating System (OS) Structure 435
8.4.1 Security Management Function 437
8.4.2 Networking Subsystem Function 437
8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437
8.5.1 General Purpose (GP) OSs 438
8.5.1.1 Hardware Mechanisms for GP OS Usage 438
8.5.1.2 Software Functional Entities for General Purpose (GP) OS Contexts
438
8.5.2 Minimized General Purpose Operating Systems 438
8.5.2.1 Hardware Mechanisms for Minimized GP OS Usage
449
8.5.2.2 Software Mechanisms for Minimized GP OS Usage
449
8.5.3 Embedded (“Real-Time”) Operating Systems 449
8.5.3.1 Hardware Mechanisms for Embedded OS Usage 449
8.5.3.2 Software Mechanisms for Embedded OS Usage 451
8.5.4 Basic Input–Output Systems (BIOS) 451
8.5.4.1 Hardware Mechanisms for BIOS Usage 451
8.5.4.2 Software Mechanisms for BIOS Usage 451
8.6 Chapter Summary 456
8.7 Further Reading and Resources 460
9 COMPUTER SOFTWARE SECURITY 461
9.1 Specific Operating Systems (OSs) 461
9.1.1 Unix and Linux Security 462
9.1.1.1 Login and User Accounts 462
9.1.1.2 Group Accounts 463
9.1.1.3 Set User ID (setuid) and Set Group ID (setgid) 463
9.1.1.4 Access Control 464
9.1.1.5 Audit Logs and Intrusion Detection 467 9.1.1.6 inetd and TCP Wrappers 469
9.1.1.7 Log Files and Unix Disk Partitions 470
9.1.2 Solaris Operating System and Role-Based Access Controls 473
9.1.3 Windows OSs 476
xviii C O N T E N T S
9.1.4 Embedded OSs 496
9.2 Applications
9.2.1 Application Security Issues 498
9.2.2.5 Linux, Unix, and Mac OS X Malware 512
9.2.1.6 Dynamic Code Security Analysis 503
9.2.2.1 Viruses 505
9.2.2.2 Worms 507
9.2.2.3 Trojan Horses, Rootkits, and Backdoors 507
9.2.2.4 Spyware and Botnets 510
9.2.3.2 Host-Based Firewalls 513
9.2.3.1 Malware and Spyware Scanners 512
9.2.1.4 Application Development Security 501
9.2.3.3 Modification Scanners 514
9.2.3.4 Host-Based Intrusion Detection 515
9.3 Chapter Summary 515
9.4 Further Reading and Resources 516
9.2.1.5 Static Code Security Analysis 502
9.2.1.3 Shared Libraries 500
9.1.3.1 Users and Groups 477
500
9.1.3.2 Access Control Model 478
9.1.3.3 Access Tokens 478
9.1.3.4 Access Control Lists 479
9.1.3.5 Access Control Entries 481
9.1.3.6 Access Rights and Access Masks 481
9.1.3.7 Security Identifiers 481
9.1.3.8 The Registry 482
9.1.3.9 Domains and Trust Relationships 485
9.1.3.10 Active Directory 487
9.1.3.11 More on Trust Relationships 489
9.1.3.12 Identification and Authentication 492
9.1.3.13 Windows Server 2003—Role-Based Access Control (RBAC)
493
498
9.2.1.1 Buffer Overflows 499
9.2.1.2 Exception Handling, Bounds Checking, and Shared Libraries
9.2.2 Malicious Software (Malware) 503
9.2.3 Anti-malware Applications 512
C O N T E N T S xix
10 SECURITY SYSTEMS DESIGN—DESIGNING NETWORK SECURITY 517
10.1 Introduction 517
10.2 Security Design for Protocol Layer 1 520
10.2.1 Wired and Optical Media 520
10.2.1.1 Link-Bulk Encryption 520
10.2.1.2 Dial-back Modems 522
10.2.2 Wireless Media 522
10.2.2.1 Fast Frequency Hopping 523
10.3 Layer 2—Data Link Security Mechanisms 524
10.3.1 IEEE 802.1x 524
10.3.2 IEEE 802.1ae 525
10.3.3 IEEE 802.11 WPA and 802.11i 528
10.4 Security Design for Protocol Layer 3 530
10.4.1 IP Security (IPsec) 530
10.4.1.1 IPsec Architecture 531
10.4.1.2 IPsec Key Management and Key Exchange 536
10.4.1.3 IKE Operation 537
10.4.1.4 IPsec Security Associations (SAs) 541
10.4.1.5 Combining Security Associations 542
10.4.1.6 IPsec Authentication Header (AH) Transform 544
10.4.1.7 The IPsec Encapsulating Security Payload (ESP) Transform
545
10.4.1.8 The Various ESP Transforms 545
10.4.1.9 IPsec Processing 545
10.4.1.10 IPsec Policy Management 547
10.4.1.11 IPsec and Network Address Translation 549
10.4.1.12 IPsec Implementation Availability 554
10.4.1.13 IPsec and Fault-Tolerant Network Designs 554
10.4.1.14 IPsec and PKI 556
10.4.1.15 IPsec Summary and Observations 557
10.5 IP Packet Authorization and Access Control 558
10.5.1 Network and Host Packet Filtering 559
10.5.2 The Demilitarized Zone 563
10.5.3 Application-Level Gateways 564
10.5.4 Deep-Packet Inspection (DPI) 567
10.6 Chapter Summary 571
10.7 Further Reading and Resources 571
xx C O N T E N T S
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573
11.1 Layer 4—Transport Security Protocols 573
11.1.1 TLS, DTLS, and SSL 574
11.1.1.3 TLS and SSL Security Items 579
11.2 Layer 5—User Service Application Protocols 582
11.2.2.1 eXtensible Markup Language Security (XML) 589
11.1.1.1 TLS Session Establishment 576
11.2.1 Email
11.2.2.5 Security Assertion Markup Language (SAML) 594
11.2.2.4 SOAP 593
11.2.2.3 Web Services 593
11.2.2.2 Service-Oriented Architecture (SOA) 590
11.2.2 World Wide Web (Web) and Identity Management 589
11.1.1.4 SSL Virtual Private Networks 579
11.1.1.2 TLS Operational Activities 579
11.2.1.3 S/MIME and OpenPGP Differences 587
586
11.2.1.2 Secure/Multipurpose Internet Mail Extensions (S/MIME)
11.2.1.1 Pretty Good Privacy (PGP) 583
583
11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581
11.1.2 Secure Shell (SSH) 581
11.2.1.4 Email Attacks 587
11.2.3 Voice over Internet Protocol (VoIP) 596
11.2.4 DNS Security Extensions 605
11.2.5 Instant Messaging and Chat 608
11.2.6 Peer-to-Peer Applications 615
11.2.7 Ad hoc Networks 616
11.2.8 Java 618
11.2.8.1 Basic Concepts 619
11.2.8.2 Java 2 Cryptographic Architecture 620
11.2.9 .NET
622
11.2.3.6 VoIP and NAT 604
11.2.3.5 VoIP Device Security 602
11.2.3.4 VoIP Session Border Control 602
11.2.3.3 VoIP Media Security 601
11.2.3.1 VoIP Signaling Security 599
11.2.3.2 Real-Time Protocol 599 C O N T E N T S xxi
11.2.9.1 Role-Based Security 622
11.2.9.2 Web Application Security 622
11.2.9.3 Evidence-Based Security 622
11.2.9.4 Cryptography Available in .NET 623
11.2.9.5 Security Policy Administration in .NET 623
11.2.10 Common Object Request Broker Architecture (CORBA) 624
11.2.11 Distributed Computing Environment 626
11.2.12 Dynamic Host Configuration Protocol Security 630
11.3 Chapter Summary 632
11.4 Further Reading and Resources 632
12 SECURING MANAGEMENT AND MANAGING SECURITY 633
12.1 Securing Management Applications 633
12.1.1 Management Roots 633
12.1.2 The Telecommunications Management Network 634
12.1.2.1 Telecommunications Management Network Structure
635
12.1.2.2 Element, Network Management Systems, and Operations Systems
636
12.1.3 TMN Security 640
12.1.4 Management of Security Mechanisms 642
12.1.4.1 EMS Security Needs 643
12.1.4.2 NMS Security Additions 644
12.1.4.3 Selected OSS/EMS Security Services 644
12.1.5 A Security Management Framework 645
12.2 Operation, Administration, Maintenance, and Decommissioning 648
12.2.1 Operational Security Mechanisms 649
12.2.1.1 Separation of Duties and Roles 649
12.2.1.2 Operational Guidelines and Procedures 650
12.2.1.3 Independent Auditing and Review 651
12.2.1.4 Human Resources and Legal Aspects 653
12.2.1.5 Accountability 653
12.2.1.6 Documentation 653
12.2.1.7 Acceptance Testing, Field Testing, and Operational Readiness
653
12.2.2 Operations Security 654
12.2.2.1 Third-Party Access 655
C O N T E N T S xxii
12.2.2.3 Senior Security Management Mechanisms 657
12.2.2.4 Operational Reviews 657
12.2.2.5 Accreditation and Certification 658
12.2.2.6 Life-cycle Review 661
12.2.2.7 Withdrawal from Service 661
12.2.3 Operations Compliance 664
12.2.3.1 Example Security Tools 667
12.2.3.2 Penetration Testing 669
12.3 Systems Implementation or Procurement 671
12.3.1 Development 672
12.3.1.1 CMMI and ISO-9001 Processes 672
12.3.1.2 Coding 672
12.3.1.3 Testing 673
12.3.2 Procurement 673
12.3.2.1 Requests for Information/Proposals (RFIs/RFPs) 673
12.3.2.2 Standards Compliance 679
12.3.2.3 Acceptance Testing and Review 681
12.3.3 Forensic Tools 681
12.4 Chapter Summary 681
12.5 Further Reading and Resources 681
About the Author 683 Glossary 685 Index 725
PREFACE AND ACKNOWLEDGMENTS APPROACH
This book focuses on information security (information assurance) from the viewpoint of how to control access to information in a systematic manner. Many books on security primarily cover specific security mechanisms such as authentication protocols, encryp- tion algorithms, and security-related protocols. Other books on security are use case oriented, providing specific contexts for discussing vulnerabilities, threats, and counter- measures. Few books on security consider the planning, operations, and management aspects of protecting information. Unlike these other books that focus on security mechanisms, threats, and vulnerabilities, this book presents a methodology for address- ing security concerns in any organization. The methodology is based on a set of concepts called systems engineering that are designed to methodologically examine, analyze, and document objectives and the functional and performance capabilities (requirements) that need to exist to achieve the stated goals. Systems engineering concepts provide:
- a framework for developing capabilities and solutions that ensure compliance with the aforementioned requirements;
- traceability starting at objectives, progressing through requirements development, solution design/development/procurement into, and during, operation and admin- istration; and
- support for compliance evaluation of deployed systems and how these systems are used.
Another critical aspect of the systems methodology is the necessity to consider all aspects of a system, not just the technical components. All information processing infrastructures (networks and computing devices) exist within a context defined by:
- how the deploying organization operates,
- what the deploying organization provides as services or products,
- who competes with the deploying organization,
- what legal and regulatory burdens the deploying organization has to accommo- date, and
P R E F A C E A N D A C K N O W L E D G M E N T S xxiv
- who may target the deploying organization with the intent of personal or financial gain, political advantage, or ideological objectives.
Over time the technologies used for the processing, storage, and communicating of information have changed dramatically and rapidly. By presenting a systems engineering approach to information security, this book will assist security practitioners to cope with these rapid changes. Achieving information security is not a matter of dealing with specific technologies, rather information security is a process of managing technologies to ensure that information is only accessible to valid users.
ORGANIZATION
The coverage of information security by this book includes all aspects of security in a systematic engineering approach:
- Chapter 1 considers why information security is needed, how security problems can have widespread impacts, and what are the more common ways security is discussed and the deficiencies/limitations of these views.
- Chapter 2 discusses the many legal, technical, competitive, criminal and consumer forces, and influences that are rapidly changing our information-dependent society, along with exploring the concepts of systems engineering and the value these concepts provide to the development of new products and services along with the maintenance and evolution to existing products and services.
- Chapter 3 reviews fundamental security concepts of subjects, objects, security services, and the role of cryptography in information security.
- Chapter 4 considers different approaches for achieving authentication of indi- viduals and systems.
- Chapter 5 delves into how to establish and manage an information security program, evaluate vulnerabilities, threats, and risks, and develop security require- ments, and the chapter considers the value and impact of security standards and the major organizations involved with developing these standards.
- Chapter 6 describes the different forms and types of networks currently in use along with the protocols relied upon that are the cause of many security problems. All protocol layers are considered, and any security capabilities are analyzed for effectiveness and usability.
- Chapter 7 focuses on the near future of next-generation network concepts and services defined within the developing Internet multimedia services framework.
- Chapter 8 provides an in-depth discussion of computer hardware that impacts information security and the role of operating systems in supporting information security, and what security mechanisms an operating system should include.
- Chapter 9 provides an examination of security capabilities in the major commer- cially available operating system (unix variants, Windows variants, and real time)
and then considers security issues within applications software. This chapter concludes with a review of the different forms of malicious software (malware) encountered today and a number of anti-malware applications currently available.
- Chapters 10 and 11 provide descriptions and analysis of the available networking security mechanisms within each protocol layer of networks. Both stand-alone applications (including their associated protocols) and the major application frameworks (e.g., Java, .NET, CORBA, and DCE) are discussed from a security capabilities perspective.
- Chapter 12 explores the security issues within the management of networks, especially the management of security and considers the organizational needs for effective security management, operational security mechanisms, security opera- tions, and other life cycle security issues. This chapter concludes with considera- tion of security within development, integration, and component purchasing activity areas.
Available for instructors, from the publisher, are (1) a set of assignments and associated grading rubrics, (2) lecture power point slides, (3) a set of quizzes and associated grading rubrics, and a final examination and associated grading rubric.
SECOND EDITION CHANGES
Chapterwise changes in this 2nd edition include the following: • Errors found in each chapter have been corrected.
- Chapter 3: Revision of Section 3.1.5 to more clearly explain types and purposes of security services, including description of data integrity being based on use of a protected digest. Addition of discussion about protecting storage of private keys.
- Chapter 4: Revisions to Sections 4.1.5, 4.2, and 4.2.7 regarding need to control identities.
- Chapter 5: Revision of Sections 5.1 through 5.3.3 to discuss Governance followed by ISO 27001 and ISO 27002 for policy, and then provide discussion of COBIT, ITIL, and FISMA with revised discussion of requirements.
- Chapter 7: Major revision of material to include discussion of SCADA, Cloud, Sensor, and Ad Hoc networks.
- Chapter 9: Expansion of Section 9.2.1 to include coverage of code reviews, code scanning tools, and testing.
- Chapter 11: Added discussion in Section 11.1.1.3 regarding SSL VPNs and TLS lack of rekeying capabilities. Discussion in Section 11.2.2 of HTTP Basic and Digest authentication.
- Chapter 12: Rework of Section 12.1.1. Added Section 12.2.3.3 to discuss internal operations security process of monitor, review exceptions, plan remediation, and obtain either budget or exception.
P R E F A C E A N D A C K N O W L E D G M E N T S xxvi • Appendix A: Minor revisions.
- Appendix B: Minor revisions.
- Appendix C: Minor revisions.
- Appendix D: Minor revisions.
- Appendix E: Minor revisions.
- Appendix F: Minor revisions.
- Appendix G: New set of tables for asset inventory construction for risk management.
- Inclusion of a glossary of terms.
TARGET AUDIENCE
The major audience for this book include graduate and undergraduate students studying, but not limited to, computer/information sciences/engineering systems engineering, technology management, and public safety. The book is also written for professionals in the sciences, engineering, communications, and other fields that rely on reliable and trustable information processing and communications systems and infrastructures. The subject of information security (information assurance, computer security, and network security) is routinely covered as a set of individual subjects and rarely addressed from an engineering perspective. Most professional and academic books focus on the common
2
body of knowledge promulgated by organizations, such as the (ISO) and ISSA, or target-specific subjects (database management systems, incident response/forensics, common criteria, risks, encryption, Java, windows, etc.).
This book considers the complete security life cycle of products and services starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning.
ACKNOWLEDGMENTS
I would like to thank Thomas Plevyak for encouraging me to write this book, all of my former Verizon co-workers who routinely challenged my opinions regarding security, and Verizon’s management who, over the years, provided me with many challenging and interesting security-related assignments. I would also like to recognize Allen H. Levesque, Richard Stanley, Fred Kotler, and George Wilson, who were instrumental in my mastering systems engineering concepts.
ABOUT THE COMPANION WEBSITE
This book is accompanied by a companion website:
www.wiley.com/go/informationsecurity2jacobs
The website includes:
- Appendix A • Appendix B • Appendix C • Appendix D • Appendix E • Appendix F • Appendix G
1 WHAT IS SECURITY?
1.1 INTRODUCTION