+612 9045 4394
 
CHECKOUT
Broadband Network and Device Security : RSA Press S. - Benjamin M. Lail

Broadband Network and Device Security

RSA Press S.

Paperback

Published: 24th May 2002
Ships: 7 to 10 business days
7 to 10 business days
RRP $146.00
$103.25
29%
OFF
or 4 easy payments of $25.81 with Learn more

Design, build, and implement a secure broadband network infrastructure using this authoritative guide. Containing valuable insight from the experts at RSA Security Inc.-- the most trusted name in e-security -- this book will help you learn about common security protocols and prevent against common threats including eavesdropping and denial of service attacks.

Forewordp. xvii
Acknowledgmentsp. xix
Prefacep. xxi
Broadband Network Security Fundamentals
An Overview of Broadband Communicationp. 3
A Brief History of Telecommunicationp. 4
That Was Thenp. 6
This Is Nowp. 6
What is Broadband Access?p. 7
Existing Broadband Access Technologiesp. 7
Cablep. 8
DSLp. 9
Fixed Wirelessp. 9
Two-Way Satellitep. 10
The Future of Broadbandp. 10
Fiber Opticsp. 11
The Importance of Security in Broadband Networksp. 12
Security and the Average Userp. 12
Securing the Network Infrastructurep. 15
Referencesp. 16
Choosing the Right Tools: Security Services and Cryptographyp. 17
Security Services and Mechanismsp. 17
Confidentialityp. 18
Integrityp. 19
Authenticationp. 19
Nonrepudiationp. 19
Authorization and Access Controlp. 20
Availabilityp. 21
The Basics of Cryptographyp. 21
Random Number Generationp. 23
Symmetric-Key Cryptographyp. 25
Message Digestsp. 36
Public-Key Cryptographyp. 40
Public-Key Cryptography Standardsp. 48
Federal Information Processing Standards and Certificationp. 51
Store-and-Forward vs. Session-Based Encryptionp. 52
Choosing the Appropriate Cryptographic Toolsp. 53
Using Stream Ciphersp. 53
Using Block Ciphersp. 54
Using Message Digestsp. 56
Using Public-Key Algorithmsp. 56
Interoperability Notesp. 57
How Secure Is Too Secure?p. 57
Referencesp. 58
The Need for Security: Network Threats and Countermeasuresp. 61
Who, What, and Why? Attackers and Their Motivationsp. 62
When? "The Network Administrator Went Home Hours Ago..."p. 66
Where? The Internet's a Big Place!p. 67
Broadband Access vs. Dial-up Accessp. 67
Categorizing Common Attacksp. 68
Passive Attacks vs. Active Attacksp. 69
Eavesdroppingp. 69
Impersonationp. 73
Denial of Servicep. 75
Data Modificationp. 77
Packet Replayp. 79
Routing Attacksp. 80
TCP/IP-Specific Attacksp. 83
Address Spoofingp. 83
Session Hijackingp. 86
Countermeasures for Address-Spoofing and Session-Hijacking Attacksp. 89
TCP/IP Denial of Servicep. 90
IP and ICMP Fragmentationp. 92
Attacks on Cryptographyp. 95
Cryptanalysisp. 95
Testing for Weak Keysp. 97
Block Replayp. 97
Man-in-the-Middle Attacksp. 97
Countermeasures for Attacks Against Cryptographic Mechanismsp. 98
Social Engineering and Dumpster Divingp. 100
Referencesp. 100
Broadband Networking Technologiesp. 103
The Origins of Broadbandp. 104
The ISO/OSI Reference Modelp. 106
Layer 7--Applicationp. 107
Layer 6--Presentationp. 107
Layer 5--Sessionp. 107
Layer 4--Transportp. 107
Layer 3--Networkp. 108
Layer 2--Data Linkp. 108
Layer 1--Physicalp. 109
The TCP/IP Reference Modelp. 110
Data Encapsulationp. 111
Communication Protocol Characteristicsp. 113
Service Provider Networksp. 114
Cablep. 115
Digital Subscriber Linep. 120
Fixed Wireless Technologyp. 123
Two-Way Satellite Communicationp. 126
Quality of Servicep. 129
QoS Parametersp. 130
Degrees of QoSp. 136
The Great Debate: Cell-Relay vs. Standard Packet Switchingp. 136
Models for QoS over IP Networksp. 139
Referencesp. 143
A Survey of Existing Broadband Security Standards and Specificationsp. 145
Standards Bodies and the Role of Standardizationp. 146
ANSI (American National Standards Institute)p. 146
The BWIF (Broadband Wireless Internet Forum)p. 146
Cable Television Laboratoriesp. 147
The DVB (Digital Video Broadcasting) Projectp. 147
The DSL Forump. 147
ETSI (European Telecommunications Standards Institute)p. 147
The IETF (Internet Engineering Task Force)p. 148
The ITU (International Telecommunication Union)p. 148
The IEEE (Institute of Electrical and Electronics Engineers)p. 148
The ISO (International Standards Organization)p. 148
Current Broadband Security Standards and Specificationsp. 149
The DOCSIS 1.0 Baseline Privacy Interfacep. 149
The DOCSIS 1.1 Baseline Privacy Plus Interfacep. 151
The PacketCable Security Specificationp. 154
The H.235 Security Standardp. 154
The DVB Multimedia Home Platformp. 160
The OpenCable Copy Protection Systemp. 161
Security Gone Wrong--A Case Study of 802.11 WEP Encryptionp. 165
Referencesp. 168
Broadband Security Design Considerations
Existing Network Security Protocolsp. 171
IPSecp. 172
Transport and Tunnel Modesp. 174
Security Associationsp. 177
Security Policy Databasep. 179
Security Associations Databasep. 180
Authentication Headerp. 181
Encapsulating Security Payloadp. 186
Internet Key Exchangep. 191
SSL and TLSp. 197
A Brief History of SSLp. 198
SSL in Detailp. 198
Application Layer--Kerberosp. 216
Kerberos Authenticationp. 217
Cross-Realm Authenticationp. 219
Public-Key Authentication with Kerberosp. 220
Referencesp. 220
Placing Security Services and Mechanismsp. 223
Binding Security Services and Mechanisms to Datap. 223
Which Network Layer?p. 225
Application Transparencyp. 225
Extent of Coveragep. 230
Performancep. 232
Comparing Existing Security Protocolsp. 233
Security Protocol Implementationp. 234
Host-Based Security vs. Security Gatewaysp. 237
Extent of Coveragep. 238
Implementation, Configuration, and Maintenancep. 241
Securing Traffic Between a Large Number of Hosts or Applicationsp. 242
Distinct Traffic Flowsp. 243
User Contextsp. 243
Coordination with Existing Security Policyp. 244
A Final Word on Encryption and Protocol Headersp. 245
Referencesp. 245
Security Side Effectsp. 247
Network Performance and QoSp. 248
Embedded Device Constraintsp. 249
Cryptography and Performancep. 250
General Considerations for Choosing Cryptographic Algorithmsp. 251
Dedicated Cryptographic Hardwarep. 262
Encryption and Compressionp. 263
Security Protocol Tuningp. 264
Additional Tips for Improving Security in Real-Time Multimedia Applicationsp. 265
Manageabilityp. 266
Referencesp. 269
Case Studies
Securing Broadband Internet Access: DOCSIS BPI+p. 273
An Overview of the Baseline Privacy Plus Interfacep. 275
DOCSIS MAC Layer Frame Formatsp. 277
Baseline Privacy Key Management Protocolp. 279
Authorization State Machinep. 280
TEK State Machinep. 285
BPI+ Key Encryption, Traffic Encryption, and Authentication Algorithmsp. 289
DOCSIS 1.1 BPI+ X.509 Certificate Usage and PKI Hierarchiesp. 292
BPI+ Cable Modem Certificate Hierarchyp. 292
BPI+ Certificate Formatsp. 297
Certificate Validation on the CMTSp. 301
Certificate Revocation and Hot Listsp. 303
TFTP Configuration Filesp. 303
Signed Software Upgrade Verificationp. 304
Generation and Verification of Signed Software Upgrade Filesp. 307
Referencesp. 309
Securing Real-Time Multimedia: PacketCable Securityp. 311
Overview of PacketCable Securityp. 319
IPSecp. 322
Internet Key Exchangep. 325
SNMPv3 Securityp. 326
PacketCable's Use of kerberosp. 327
Kerberized Key Management for IPSec and SNMPv3p. 330
Cross-Realm Operationp. 336
Securing RTP and RTCPp. 337
Key Management for RTP and RTCPp. 341
PacketCable Security Certificate Usage and PKI Hierarchiesp. 345
PacketCable Certificate Validationp. 356
Physical Protection of Keying Materialp. 357
Secure Software Upgradesp. 358
Referencesp. 358
Securing Interactive Television: DVB MHP Securityp. 359
The Multimedia Home Platformp. 360
MHP Security Overviewp. 362
Authentication Messagesp. 363
Hash Filesp. 365
Signature Filesp. 366
Certificate Filesp. 368
The Object Authentication Processp. 369
MHP X.509 Certificate Usage and PKI Hierarchyp. 372
Storage and Management of Root Certificatesp. 373
Certificate Revocationp. 374
Application Security Policyp. 375
Permission Request Filep. 375
Return Channel Securityp. 379
Supported Java Security Classesp. 380
Referencesp. 381
Design Scenariosp. 383
Initial Design Stepsp. 383
Identify Your Assets and Assess Their Valuep. 384
Identifying the Threatsp. 385
Selecting the Appropriate Security Servicesp. 386
Choosing Suitable Security Mechanismsp. 388
Identifying the Need for Persistent Security Services and Mechanismsp. 390
Choosing a Network Layerp. 391
Choosing Between Host-Based Security and Security Gatewaysp. 391
Identifying Existing Security Protocols That Meet Your Needsp. 392
Designing a New Protocolp. 393
Sample Design Scenariosp. 394
A Flawed Designp. 394
Designing Security from the Ground Upp. 403
TCP/IP Primerp. 415
Encapsulationp. 416
Internet Protocolp. 417
IP Headersp. 419
IP Routingp. 423
Address Resolution Protocol and Reverse Address Resolution Protocolp. 425
Internet Control Message Protocolp. 426
Transmission Control Protocolp. 429
TCP Headersp. 430
Windowingp. 432
User Datagram Protocolp. 433
UDP Headersp. 434
Resourcesp. 435
Digital Certificates and Public-Key Infrastructurep. 437
Digital Certificatesp. 437
Certificate Types and Classesp. 439
Contents of a Digital Certificatep. 440
Validating a Digital Certificatep. 443
Certificate Revocationp. 445
Public-Key Infrastructurep. 448
CA Operationsp. 448
Trust Modelsp. 450
Path Discovery and Validationp. 454
Referencesp. 455
Indexp. 457
Table of Contents provided by Syndetics. All Rights Reserved.

ISBN: 9780072194241
ISBN-10: 0072194243
Series: RSA Press S.
Audience: Professional
Format: Paperback
Language: English
Number Of Pages: 508
Published: 24th May 2002
Publisher: McGraw-Hill Education - Europe
Country of Publication: US
Dimensions (cm): 22.86 x 18.42  x 3.18
Weight (kg): 1.02