computer_security_principles_and_practice_3rd_edition, Esquemas de Técnicas Computacionais

Baixe computer_security_principles_and_practice_3rd_edition e outras Esquemas em PDF para Técnicas Computacionais, somente na Docsity!

Computer SeCurity

PrinciPles and Practice

Third Edition

William Stallings

Lawrie Brown

UNSW Canberra at the Australian Defence Force Academy

Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam CapeTown Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

For my loving wife,Tricia

—WS

To my extended family, who helped

make this all possible

—LB

This page intentionally left blank

• Chapter 0 Reader’s and Instructor’s Guide About the Authors xix
  • 0.1 Outline of this Book
  • 0.2 A Roadmap for Readers and Instructors
  • 0.3 Support for CISSP Certification
  • 0.4 Support for NSA/DHS Certification
  • 0.5 Support for ACM/IEEE Computer Society Computer Science Curricula
  • 0.6 Internet and Web Resources
  • 0.7 Standards
• Chapter 1 Overview
  • 1.1 Computer Security Concepts
  • 1.2 Threats, Attacks, and Assets
  • 1.3 Security Functional Requirements
  • 1.4 Fundamental Security Design Principles
  • 1.5 Attack Surfaces and Attack Trees
  • 1.6 Computer Security Strategy
  • 1.7 Recommended Reading
  • 1.8 Key Terms, Review Questions, and Problems
• Part One COmPuter SeCurity teChnOlOgy and PrinCiPleS
• Chapter 2 Cryptographic Tools
  • 2.1 Confidentiality with Symmetric Encryption
  • 2.2 Message Authentication and Hash Functions
  • 2.3 Public-Key Encryption
  • 2.4 Digital Signatures and Key Management
  • 2.5 Random and Pseudorandom Numbers
  • 2.6 Practical Application: Encryption of Stored Data
  • 2.7 Recommended Reading
  • 2.8 Key Terms, Review Questions, and Problems
• Chapter 3 User Authentication
  • 3.1 Electronic User Authentication Principles
  • 3.2 Password-Based Authentication
  • 3.3 Token-Based Authentication
  • 3.4 Biometric Authentication
  • 3.5 Remote User Authentication
  • 3.6 Security Issues for User Authentication vi Contents
  • 3.7 Practical Application: An Iris Biometric System
  • 3.8 Case Study: Security Problems for ATM Systems
  • 3.9 Recommended Reading
  • 3.10 Key Terms, Review Questions, and Problems
• Chapter 4 Access Control
  • 4.1 Access Control Principles
  • 4.2 Subjects, Objects, and Access Rights
  • 4.3 Discretionary Access Control
  • 4.4 Example: UNIX File Access Control
  • 4.5 Role-Based Access Control
  • 4.6 Attribute-Based Access Control
  • 4.7 Identity, Credential, and Access Management
  • 4.8 Trust Frameworks
  • 4.9 Case Study: RBAC System for a Bank
  • 4.10 Recommended Reading
  • 4.11 Key Terms, Review Questions, and Problems
• Chapter 5 Database and Cloud Security
  • 5.1 The Need for Database Security
  • 5.2 Database Management Systems
  • 5.3 Relational Databases
  • 5.4 SQL Injection Attacks
  • 5.5 Database Access Control
  • 5.6 Inference
  • 5.7 Database Encryption
  • 5.8 Cloud Computing
  • 5.9 Cloud Security Risks and Countermeasures
  • 5.10 Data Protection in the Cloud
  • 5.11 Cloud Security as a Service
  • 5.12 Recommended Reading
  • 5.13 Key Terms, Review Questions, and Problems
• Chapter 6 Malicious Software
  • 6.1 Types of Malicious Software (Malware)
  • 6.2 Advanced Persistent Threat
  • 6.3 Propagation—Infected Content—Viruses
  • 6.4 Propagation—Vulnerability Exploit—Worms
  • 6.5 Propagation—Social Engineering—Spam E-Mail, Trojans
  • 6.6 Payload—System Corruption
  • 6.7 Payload—Attack Agent—Zombie, Bots
  • 6.8 Payload—Information Theft—Keyloggers, Phishing, Spyware
  • 6.9 Payload—Stealthing—Backdoors, Rootkits
  • 6.10 Countermeasures
  • 6.11 Recommended Reading
  • 6.12 Key Terms, Review Questions, and Problems
• Chapter 7 Denial-of-Service Attacks Contents vii - 7.1 Denial-of-Service Attacks - 7.2 Flooding Attacks - 7.3 Distributed Denial-of-Service Attacks - 7.4 Application-Based Bandwidth Attacks - 7.5 Reflector and Amplifier Attacks - 7.6 Defenses Against Denial-of-Service Attacks - 7.7 Responding to a Denial-of-Service Attack - 7.8 Recommended Reading - 7.9 Key Terms, Review Questions, and Problems
• Chapter 8 Intrusion Detection - 8.1 Intruders - 8.2 Intrusion Detection - 8.3 Analysis Approaches - 8.4 Host-Based Intrusion Detection - 8.5 Network-Based Intrusion Detection - 8.6 Distributed or Hybrid Intrusion Detection - 8.7 Intrusion Detection Exchange Format - 8.8 Honeypots - 8.9 Example System: Snort - 8.10 Recommended Reading - 8.11 Key Terms, Review Questions, and Problems
• Chapter 9 Firewalls and Intrusion Prevention Systems - 9.1 The Need for Firewalls - 9.2 Firewall Characteristics and Access Policy - 9.3 Types of Firewalls - 9.4 Firewall Basing - 9.5 Firewall Location and Configurations - 9.6 Intrusion Prevention Systems - 9.7 Example: Unified Threat Management Products - 9.8 Recommended Reading - 9.9 Key Terms, Review Questions, and Problems
• Part twO SOftware SeCurity and truSted SyStemS
• Chapter 10 Buffer Overflow
  • 10.1 Stack Overflows
  • 10.2 Defending Against Buffer Overflows
  • 10.3 Other Forms of Overflow Attacks
  • 10.4 Recommended Reading
  • 10.5 Key Terms, Review Questions, and Problems
• Chapter 11 Software Security
  • 11.1 Software Security Issues
  • 11.2 Handling Program Input
  • 11.3 Writing Safe Program Code viii Contents
  • 11.4 Interacting with the Operating System and Other Programs
  • 11.5 Handling Program Output
  • 11.6 Recommended Reading
  • 11.7 Key Terms, Review Questions, and Problems
• Chapter 12 Operating System Security
  • 12.1 Introduction to Operating System Security
  • 12.2 System Security Planning
  • 12.3 Operating Systems Hardening
  • 12.4 Application Security
  • 12.5 Security Maintenance
  • 12.6 Linux/Unix Security
  • 12.7 Windows Security
  • 12.8 Virtualization Security
  • 12.9 Recommended Reading
  • 12.10 Key Terms, Review Questions, and Problems
• Chapter 13 Trusted Computing and Multilevel Security
  • 13.1 The Bell-LaPadula Model for Computer Security
  • 13.2 Other Formal Models for Computer Security
  • 13.3 The Concept of Trusted Systems
  • 13.4 Application of Multilevel Security
  • 13.5 Trusted Computing and the Trusted Platform Module
  • 13.6 Common Criteria for Information Technology Security Evaluation
  • 13.7 Assurance and Evaluation
  • 13.8 Recommended Reading
  • 13.9 Key Terms, Review Questions, and Problems
• Part three management iSSueS
• Chapter 14 IT Security Management and Risk Assessment
  • 14.1 IT Security Management
  • 14.2 Organizational Context and Security Policy
  • 14.3 Security Risk Assessment
  • 14.4 Detailed Security Risk Analysis
  • 14.5 Case Study: Silver Star Mines
  • 14.6 Recommended Reading
  • 14.7 Key Terms, Review Questions, and Problems
• Chapter 15 IT Security Controls, Plans, and Procedures
  • 15.1 IT Security Management Implementation
  • 15.2 Security Controls or Safeguards
  • 15.3 IT Security Plan
  • 15.4 Implementation of Controls
  • 15.5 Monitoring Risks
  • 15.6 Case Study: Silver Star Mines
  • 15.7 Recommended Reading
  • 15.8 Key Terms, Review Questions, and Problems
• Chapter 16 Physical and Infrastructure Security Contents ix
  • 16.1 Overview
  • 16.2 Physical Security Threats
  • 16.3 Physical Security Prevention and Mitigation Measures
  • 16.4 Recovery From Physical Security Breaches
  • 16.5 Example: A Corporate Physical Security Policy
  • 16.6 Integration of Physical and Logical Security
  • 16.7 Recommended Reading
  • 16.8 Key Terms, Review Questions, and Problems
• Chapter 17 Human Resources Security
  • 17.1 Security Awareness, Training, and Education
  • 17.2 Employment Practices and Policies
  • 17.3 E-Mail and Internet Use Policies
  • 17.4 Computer Security Incident Response Teams
  • 17.5 Recommended Reading
  • 17.6 Key Terms, Review Questions, and Problems
• Chapter 18 Security Auditing
  • 18.1 Security Auditing Architecture
  • 18.2 Security Audit Trail
  • 18.3 Implementing the Logging Function
  • 18.4 Audit Trail Analysis
  • 18.5 Example: An Integrated Approach
  • 18.6 Recommended Reading
  • 18.7 Key Terms, Review Questions, and Problems
• Chapter 19 Legal and Ethical Aspects
  • 19.1 Cybercrime and Computer Crime
  • 19.2 Intellectual Property
  • 19.3 Privacy
  • 19.4 Ethical Issues
  • 19.5 Recommended Reading
  • 19.6 Key Terms, Review Questions, and Problems
• Part fOur CryPtOgraPhiC algOrithmS
• Chapter 20 Symmetric Encryption and Message Confidentiality
  • 20.1 Symmetric Encryption Principles
  • 20.2 Data Encryption Standard
  • 20.3 Advanced Encryption Standard
  • 20.4 Stream Ciphers and RC4
  • 20.5 Cipher Block Modes of Operation
  • 20.6 Location of Symmetric Encryption Devices
  • 20.7 Key Distribution
  • 20.8 Recommended Reading
  • 20.9 Key Terms, Review Questions, and Problems
• Chapter 21 Public-Key Cryptography and Message Authentication x Contents
  • 21.1 Secure Hash Functions
  • 21.2 HMAC
  • 21.3 The RSA Public-Key Encryption Algorithm
  • 21.4 Diffie-Hellman and Other Asymmetric Algorithms
  • 21.5 Recommended Reading
  • 21.6 Key Terms, Review Questions, and Problems
• Part five netwOrk SeCurity
• Chapter 22 Internet Security Protocols and Standards
  • 22.1 Secure E-Mail and S/MIME
  • 22.2 DomainKeys Identified Mail
  • 22.3 Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
  • 22.4 HTTPS
  • 22.5 IPv4 and IPv6 Security
  • 22.6 Recommended Reading
  • 22.7 Key Terms, Review Questions, and Problems
• Chapter 23 Internet Authentication Applications
  • 23.1 Kerberos
  • 23.2 X.509
  • 23.3 Public-Key Infrastructure
  • 23.4 Recommended Reading
  • 23.5 Key Terms, Review Questions, and Problems
• Chapter 24 Wireless Network Security
  • 24.1 Wireless Security
  • 24.2 Mobile Device Security
  • 24.3 IEEE 802.11 Wireless LAN Overview
  • 24.4 IEEE 802.11i Wireless LAN Security
  • 24.5 Recommended Reading
  • 24.6 Key Terms, Review Questions, and Problems
• Appendix A Projects and Other Student Exercises for Teaching Computer Security - A.1 Hacking Project - A.2 Laboratory Exercises - A.3 Security Education (SEED) Projects - A.4 Research Projects - A.5 Programming Projects - A.6 Practical Security Assessments - A.7 Firewall Projects - A.8 Case Studies - A.9 Reading/Report Assignments - A.10 Writing Assignments - A.11 Webcasts for Teaching Computer Security
• Acronyms
• References
• Index

prefaCe

what’S new in the third editiOn

Since the second edition of this book was published, the field has seen continued innovations and improvements. In this new edition, we try to capture these changes while maintaining a broad and comprehensive coverage of the entire field. To begin the process of revision, the second edition of this book was extensively reviewed by a number of professors who teach the subject and by professionals working in the field. The result is that in many places the narrative has been clarified and tightened, and illustrations have been improved. Beyond these refinements to improve pedagogy and user-friendliness, there have been major substantive changes throughout the book. The most noteworthy changes are as follows:

• Fundamental security design principles: Chapter 1 includes a new section discussing the security design principles listed as fundamental by the National Centers of Academic Excellence in Information Assurance/Cyber Defense, which is jointly sponsored by the U.S. National Security Agency and the U.S. Department of Homeland Security.
• Attack surfaces and attack trees: Chapter 1 includes a new section describing these two concepts, which are useful in evaluating and classifying security threats.
• User authentication model: Chapter 3 includes a new description of a general model for user authentication, which helps to unify the discussion of the various approaches to user authentication.
• Attribute-based access control (ABAC): Chapter 4 has a new section devoted to ABAC, which is becoming increasingly widespread.
• Identity, credential, and access management (ICAM): Chapter 4 includes a new sec- tion on ICAM, which is a comprehensive approach to managing and implementing digital identities (and associated attributes), credentials, and access control.
• Trust frameworks: Chapter 4 includes a new section on the Open Identity Trust Framework, which is an open, standardized approach to trustworthy identity and attri- bute exchange that is becoming increasingly widespread.
• SQL injection attacks: Chapter 5 includes a new section on the SQL injection attack, which is one of the most prevalent and dangerous network-based security threats.
• Cloud security: The material on cloud security in Chapter 5 has been updated and expanded to reflect its importance and recent developments.
• Malware: The material on Malware, and on categories of intruders, has been revised to reflect the latest developments, including details of Advanced Persistent Threats, which are most likely due to nation state actors.
• Intrusion detection/intrusion prevention systems: The material on IDS/IPS has been updated to reflect new developments in the field, including the latest developments in Host-Based Intrusion Detection Systems that assist in implementing a defense-in-depth strategy.

xii

PrefaCe xiii

• Human resources: Security lapses due to human factors and social engineering are of increasing concern, including several recent cases of massive data exfiltration by insid- ers. Addressing such lapses requires a complex mix of procedural and technical con- trols, which we review in several significantly revised sections.
• Mobile device security: Mobile device security has become an essential aspect of enter- prise network security, especially for devices in the category known as bring your own device (BYOD). A new section in Chapter 24 covers this important topic.
• SHA-3: This recently adopted cryptographic hash standard is covered in a new appendix.

BaCkgrOund

Interest in education in computer security and related topics has been growing at a dramatic rate in recent years. This interest has been spurred by a number of factors, two of which stand out:

1. As information systems, databases, and Internet-based distributed systems and commu- nication have become pervasive in the commercial world, coupled with the increased intensity and sophistication of security-related attacks, organizations now recognize the need for a comprehensive security strategy. This strategy encompasses the use of specialized hardware and software and trained personnel to meet that need. 2. Computer security education, often termed information security education or informa- tion assurance education , has emerged as a national goal in the United States and other countries, with national defense and homeland security implications. The NSA/DHS National Center of Academic Excellence in Information Assurance/Cyber Defense is spearheading a government role in the development of standards for computer secu- rity education. Accordingly, the number of courses in universities, community colleges, and other insti- tutions in computer security and related areas is growing.

OBjeCtiveS

The objective of this book is to provide an up-to-date survey of developments in computer security. Central problems that confront security designers and security administrators include defining the threats to computer and network systems, evaluating the relative risks of these threats, and developing cost-effective and user friendly countermeasures. The following basic themes unify the discussion:

• Principles: Although the scope of this book is broad, there are a number of basic prin- ciples that appear repeatedly as themes and that unify this field. Examples are issues relating to authentication and access control. The book highlights these principles and examines their application in specific areas of computer security.
• Design approaches: The book examines alternative approaches to meeting specific computer security requirements.
• Standards: Standards have come to assume an increasingly important, indeed domi- nant, role in this field. An understanding of the current status and future direction of technology requires a comprehensive discussion of the related standards.

The book is also accompanied by a number of online chapters and appendices that provide more detail on selected topics. The book includes an extensive glossary, a list of frequently used acronyms, and a bib- liography. Each chapter includes homework problems, review questions, a list of key words, and suggestions for further reading.

inStruCtOr SuPPOrt materialS

The major goal of this text is to make it as effective a teaching tool for this exciting and fast-moving subject as possible. This goal is reflected both in the structure of the book and in the supporting material. The text is accompanied by the following supplementary material to aid the instructor:

• Projects manual: Project resources including documents and portable software, plus sug- gested project assignments for all of the project categories listed in the following section.
• Solutions manual: Solutions to end-of-chapter Review Questions and Problems.
• PowerPoint slides: A set of slides covering all chapters, suitable for use in lecturing.
• PDF files: Reproductions of all figures and tables from the book.
• Test bank: A chapter-by-chapter set of questions.
• Sample syllabuses: The text contains more material than can be conveniently covered in one semester. Accordingly, instructors are provided with several sample syllabuses that guide the use of the text within limited time. These samples are based on real- world experience by professors with the first edition. All of these support materials are available at the Instructor Resource Center (IRC) for this textbook, which can be reached through the publisher’s Web site www.pearsonhighered .com/stallings or by clicking on the link labeled Pearson Resources for Instructors at this book’s Companion Web site at WilliamStallings.com/ComputerSecurity. To gain access to the IRC, please contact your local Pearson sales representative via pearsonhighered.com/educator/ replocator/requestSalesRep.page or call Pearson Faculty Services at 1-800-526-0485. The Companion Web Site , at WilliamStallings.com/ComputerSecurity (click on the Instructor Resources link), includes the following:
• Links to Web sites for other courses being taught using this book.
• Sign-up information for an Internet mailing list for instructors using this book to exchange information, suggestions, and questions with each other and with the author.

Student reSOurCeS

For this new edition, a tremendous amount of original supporting material for students has been made available online, at two Web locations. The Companion Web Site , at WilliamStallings.com/ ComputerSecurity (click on the Student Resources link), includes a list of relevant links organized by chapter and an errata sheet for the book.

PrefaCe xv

Purchasing this textbook now grants the reader 12-months of access to the Premium Content Site , which includes the following materials:

• Online chapters: To limit the size and cost of the book, two chapters of the book are provided in PDF format. The chapters are listed in this book’s table of contents.
• Online appendices: There are numerous interesting topics that support material found in the text but whose inclusion is not warranted in the printed text. A total of nine appendices cover these topics for the interested student. The appendices are listed in this book’s table of contents.
• Homework problems and solutions: To aid the student in understanding the material, a separate set of homework problems with solutions is available. These enable the stu- dents to test their understanding of the text. To access the Premium Content site, click on the Premium Content link at the Companion Web site or at pearsonhighered.com/stallings and enter the student access code found on the card in the front of the book.

PrOjeCtS and Other Student exerCiSeS

For many instructors, an important component of a computer security course is a project or set of projects by which the student gets hands-on experience to reinforce concepts from the text. This book provides an unparalleled degree of support for including a projects com- ponent in the course. The instructor’s support materials available through Pearson not only include guidance on how to assign and structure the projects but also include a set of user’s manuals for various project types plus specific assignments, all written especially for this book. Instructors can assign work in the following areas:

• Hacking exercises: Two projects that enable students to gain an understanding of the issues in intrusion detection and prevention.
• Laboratory exercises: A series of projects that involve programming and experiment- ing with concepts from the book.
• Security education (SEED) projects: The SEED projects are a set of hands-on exer- cises, or labs, covering a wide range of security topics.
• Research projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report.
• Programming projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform.
• Practical security assessments: A set of exercises to examine current infrastructure and practices of an existing organization.
• Firewall projects: A portable network firewall visualization simulator is provided, together with exercises for teaching the fundamentals of firewalls.
• Case studies: A set of real-world case studies, including learning objectives, case description, and a series of case discussion questions.

xvi PrefaCe

notation

Symbol Expression Meaning D, K D( K, Y ) Symmetric decryption of ciphertext Y using secret key K D, PRa D( PRa , Y ) Asymmetric decryption of ciphertext Y using A’s private key PRa D, PUa D( PUa , Y ) Asymmetric decryption of ciphertext Y using A’s public key PUa E, K E( K, X ) Symmetric encryption of plaintext X using secret key K E, PRa E( PRa , X ) Asymmetric encryption of plaintext X using A’s private key PRa E, PUa E( PUa , X ) Asymmetric encryption of plaintext X using A’s public key PUa K Secret key PRa Private key of user A PUa Public key of user A H H( X ) Hash function of message X

• x + y Logical OR: x OR y

• x • y Logical AND: x AND y ~ ~ x Logical NOT: NOT x C A characteristic formula, consisting of a logical formula over the values of attributes in a database X X ( C ) Query set of C , the set of records satisfying C  , X  X ( C )  Magnitude of^ X ( C^ ): the number of records in^ X ( C^ ) ¨ X ( C ) ¨ X ( D ) Set intersection: the number of records in both X ( C ) and X ( D )  x  y x^ concatenated with^ y

xviii

about the authorS

Dr. William Stallings authored 18 textbooks, and, counting revised editions, a total of 70 books on various aspects of these subjects. His writings have appeared in numerous ACM and IEEE publications, including the Proceedings of the IEEE and ACM Computing Reviews. He has 11 times received the award for the best Computer Science textbook of the year from the Text and Academic Authors Association. In over 30 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Currently he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He created and maintains the Computer Science Student Resource Site at Computer ScienceStudent.com. This site provides documents and links on a variety of subjects of general interest to computer science students (and professionals). He is a member of the editorial board of Cryptologia , a scholarly journal devoted to all aspects of cryptology. His articles appear regularly at http://www.networking.answers.com, where he is the Networking Category Expert Writer.

Dr. Lawrie Brown is a senior lecturer in the School of Engineering and Information Technology, UNSW Canberra at the Australian Defence Force Academy. His professional interests include communications and computer systems security and cryptography, including research on client authentication using proxy certificates, trust and security in eCommerce and Web environments, the design of secure remote code execution environments using the functional language Erlang, and on the design and implementation of the LOKI family of block ciphers. He currently teaches courses on cyber-security and data structures, and has previously presented courses on cryptography, data communications, and programming in Java.

xix