本書是網(wǎng)絡(luò)安全方面的一本入門書籍，系統(tǒng)地介紹了網(wǎng)絡(luò)安全的基礎(chǔ)知識，包括構(gòu)成網(wǎng)絡(luò)安全原理所必需的密碼學(xué)知識、網(wǎng)絡(luò)安全原理和主要的工業(yè)標(biāo)準(zhǔn)與應(yīng)用。全書分為三大部分。第一部分為密碼學(xué)，主要介紹對稱加密方法、公鑰密碼學(xué)原理和消息認(rèn)證方法；第二部分為網(wǎng)絡(luò)安全應(yīng)用，主要介紹網(wǎng)絡(luò)安全解決方案中的密鑰分配、用戶認(rèn)證、網(wǎng)絡(luò)訪問控制、云安全、傳輸層安全、無線網(wǎng)絡(luò)安全、電子郵件安全和IP層安全等方面的重要協(xié)議或工業(yè)標(biāo)準(zhǔn)；第三部分為系統(tǒng)安全，主要介紹互聯(lián)網(wǎng)系統(tǒng)中的惡意軟件、入侵者和防火墻等方面內(nèi)容。

Preface 7

About the Author 13

Chapter 1 Introduction 1

Computer Security Concepts 4

The OSI Security Architecture 8

Security Attacks 9

Security Services 11

Security Mechanisms 15

A Model for Network Security 16

Standards 19

Outline of This Book 19

Recommended Reading 20

Internet and Web Resources 20

Key Terms, Review Questions, and Problems 21

PART ONE CRyPTOgRAPhy 23

Chapter 2 Symmetric Encryption and Message Confidentiality 23

Symmetric Encryption Principles 25

Symmetric Block Encryption Algorithms 30

Random and Pseudorandom Numbers 36

Stream Ciphers and RC4 41

Cipher Block Modes of Operation 46

Recommended Reading 51

Key Terms, Review Questions, and Problems 52

Chapter 3 Public-Key Cryptography and Message Authentication 57

Approaches to Message Authentication 59

Secure Hash Functions 63

Message Authentication Codes 70

Public-Key Cryptography Principles 76

Public-Key Cryptography Algorithms 79

Digital Signatures 87

Recommended Reading 88

Key Terms, Review Questions, and Problems 88

PART TWO NETWORk SECuRiTy APPliCATiONS 95

Chapter 4 Key Distribution and User Authentication 95

Symmetric Key Distribution Using Symmetric Encryption 96

Kerberos 98

Key Distribution Using Asymmetric Encryption 111

X.509 Certificates 113

Public-Key Infrastructure 121

Federated Identity Management 123

Recommended Reading 129

Key Terms, Review Questions, and Problems 130

Chapter 5 Network Access Control and Cloud Security 135

Network Access Control 136

Extensible Authentication Protocol 139

IEEE 802.1X Port-Based Network Access Control 143

Cloud Computing 145

Cloud Security Risks and Countermeasures 152

Data Protection in the Cloud 154

Cloud Security as a Service 157

Recommended Reading 160

Key Terms, Review Questions, and Problems 161

Chapter 6 Transport-Level Security 162

Web Security Considerations 163

Secure Sockets Layer (SSL) 165

Transport Layer Security (TLS) 179

HTTPS 183

Secure Shell (SSH) 184

Recommended Reading 195

Key Terms, Review Questions, and Problems 196

Chapter 7 Wireless Network Security 198

Wireless Security 199

Mobile Device Security 202

IEEE 802.11 Wireless LAN Overview 206

IEEE 802.11i Wireless LAN Security 212

Recommended Reading 226

Key Terms, Review Questions, and Problems 227

Chapter 8 Electronic Mail Security 230

Pretty Good Privacy (PGP) 231

S/MIME 239

DomainKeys Identified Mail (DKIM) 255

Recommended Reading 262

Key Terms, Review Questions, and Problems 262

Chapter 9 IP Security 264

IP Security Overview 266

IP Security Policy 270

Encapsulating Security Payload 276

Combining Security Associations 283

Internet Key Exchange 287

Cryptographic Suites 295

Recommended Reading 297

Key Terms, Review Questions, and Problems 297

Contents 5

PART ThREE SySTEm SECuRiTy 299

Chapter 10 Malicious Software 299

Types of Malicious Software (Malware) 300

Propagation—Infected Content—Viruses 303

Propagation—Vulnerability Exploit—Worms 308

Propagation—Social Engineering—SPAM E-mail, Trojans 313

Payload—System Corruption 315

Payload—Attack Agent—Zombie, Bots 316

Payload—Information Theft—Keyloggers, Phishing, Spyware 318

Payload—Stealthing—Backdoors, Rootkits 319

Countermeasures 321

Distributed Denial of Service Attacks 327

Recommended Reading 332

Key Terms, Review Questions, and Problems 333

Chapter 11 Intruders 336

Intruders 338

Intrusion Detection 342

Password Management 357

Recommended Reading 368

Key Terms, Review Questions, and Problems 369

Chapter 12 Firewalls 373

The Need for Firewalls 374

Firewall Characteristics 375

Types of Firewalls 377

Firewall Basing 383

Firewall Location and Configurations 386

Recommended Reading 391

Key Terms, Review Questions, and Problems 391

APPENDICES 395

Appendix A Some Aspects of Number Theory 395

Prime and Relatively Prime Numbers 396

Modular Arithmetic 398

Appendix B Projects for Teaching Network Security 400

Research Projects 401

Hacking Project 402

Programming Projects 402

Laboratory Exercises 403

Practical Security Assessments 403

Firewall Projects 403

Case Studies 404

Writing Assignments 404

Reading/Report Assignments 404

References 405

Index 412