Network Security, Administration and Management: Advancing Technology and Practice
Book Citation Index

Network Security, Administration and Management: Advancing Technology and Practice

Dulal Chandra Kar (Texas A&M University, USA) and Mahbubur Rahman Syed (Minnesota State University, USA)
Indexed In: SCOPUS View 2 More Indices
Release Date: June, 2011|Copyright: © 2011 |Pages: 384
ISBN13: 9781609607777|ISBN10: 1609607775|EISBN13: 9781609607784|DOI: 10.4018/978-1-60960-777-7

Description

The explosive growth and deployment of networking technology poses many security challenges to networking professionals including network administrators and information systems managers. Often, network administrators and managers learn about specific tools and techniques that are applicable to specific systems or situations only, and hence, have a great deal of difficulty in applying their knowledge of security when a technology, a system, or a situation changes.

Network Security, Administration and Management: Advancing Technology and Practice identifies the latest technological solutions, practices and principles on network security while exposing possible security threats and vulnerabilities of contemporary software, hardware, and networked systems. This book is a collection of current research and practices in network security and administration to be used as a reference by practitioners as well as a text by academicians and trainers.

Topics Covered

The many academic areas covered in this publication include, but are not limited to:

  • Backup and Disaster Recovery
  • Email Security Services
  • Fundamentals of Network Security Administration
  • Licensing and Key Management Services
  • Proxy and Internet Security Acceleration (ISA) Servers
  • Public Key Infrastructure
  • Security Administration of Local and Wide Area Networks
  • User Authentication Administration

Reviews and Testimonials

Software security is becoming more complex and necessary as everyone makes more use of network resources. Members of the software security community frequently state that security must be built in, not added on, and this book does a good job explaining why. [...] Highly recommended. Upper-division undergraduates through professionals.

– J. Beidler, University of Scranton. Choice

Table of Contents and List of Contributors

Search this Book:
Reset

Preface

The explosive growth and deployment of networking technology that supports connectivity to a diverse range of computing devices running many network systems and applications poses many complex security challenges to networking and computer security professionals. To cope with such ever-increasing security challenges, professionals are often trained with knowledge to handle security problems for specific hardware and software systems, which may be inadequate and inapplicable if a situation or system changes. Having a broad background particularly in the contemporary development of network and information security issues and their solutions would certainly enhance one’s ability to adapt to a new situation quickly to handle security issues. However, contemporary research results on network and information security are not readily available in useful or comprehensible form to the people who need them in a timely manner. Accordingly, this book presents a body of literature based on the current research and trends in network and information security with contemporary security issues and solutions and preventive measures. This reference will be particularly useful for those who are in administration and Information Systems management, who are required to be up to date on the latest network and security concepts, protocols, algorithms, and issues relevant to modern network and Information Systems and services. This book presents a diverse set of viewpoints from diverse contributors, such as academics, researchers, and industry professionals.

Objectives of the Book

The main purpose of the book is to make current research results on network and information security available and coherent to networking and security professionals, managers, and administrators who often lack the necessary background to understand scholarly articles published in journals and conferences. The book is intended to bridge the gap in knowledge between research communities and security professionals. Specifically, the book aims to accomplish the following objectives:

  • To identify, accumulate, and disseminate worldwide, the latest technological solutions, practices, and principles on network and information security for management, administrative, and research purposes
  • To provide network security professionals and trainers, network systems designers and developers, and academicians with a book that can serve as a reference
  • To provide undergraduate and graduate students in Information Technology, management Information Systems, computer Information Systems, and information assurance with a book containing theoretical as well practical details of current network and information security practices
  • To highlight future security issues and challenges for ever-expanding and emerging network services and systems.
Target Audience

The book is a collection of chapters written by scholars/researchers and professionals well familiar with the state of the art in the area of computer and network security. The book provides a general coverage of network and information security issues, concerns, security protocols, architectures, and algorithms. Recent research results from existing literature on network and information security are reported in the book in a format understandable and usable by networking professionals including network administrators and Information Systems managers. The book will enable networking professionals grasp emerging technological developments in networking and to cope with the corresponding security challenges.  In addition, students and educators in computer science, Information Systems, and Information Technology can use the book as a reference for network and information security.  Network designers, network engineers, and network systems developers may use the book as a reference to design, develop, and deploy networking systems with appropriate considerations for security and ease of administration accordingly.

Organization of the Book

The book is comprised of fifteen self-contained chapters and divided into the following five sections:
Section I: Network Systems Security
Section II:  Authentication and Data Privacy: Passwords and Keys
Section III: Network Security Auditing, Assessment, and Manageability Security
Section IV: Sensor Network Security
Section V: Security Architectures, Algorithms, and Protocols
Section I: Network Systems Security

This section introduces the readers with basic device, protocol, network, system, and inter-domain security issues and solutions.

Networking devices are integral parts of a computer network and often become targets for attackers and if successful, can make the whole network vulnerable. Internet vulnerabilities of these devices arise from limited capacity of the devices in terms of memory and processing power, limitations of their operating protocols and principles, incorrect configurations, and flaws in hardware and software design and implementation. Chapter  1, “Basic device  and protocols security,” by Bruce Hartpence, addresses security issues of all common networking devices such as hubs, switches, access points, and routers, as well as vulnerable protocols such as ARP (Address Resolution Protocol), SRP (Spanning Tree Protocol), ICMP(Internet Control Message Protocol), and DHCP (Dynamic Host Configuration Protocol). In addition, the chapter examines and exposes security issues in common routing protocols such as RIP (Routing Information Protocol), BGP (Border Gateway Protocol), and OSPF (Open Shortest Path First) protocols as well as network management protocols such as SNMP (Simple Network Management Protocol) and CDP (Cisco Discovery Protocol) protocols. Finally, the chapter suggests ways to ensure device security, as well as protocol security, to mitigate possible attacks.

Recent technological development in security software, hardware, and mechanisms, such as anti-virus programs, firewalls, intrusion detection systems, cryptosystems, and automated patch delivery systems, have successfully mitigated risks and attacks on cyber based systems and services. However, cyber attackers are devising more sophisticated attacks to exploit new vulnerabilities that are often overlooked, as network or systems administrators are only concerned defending their networks, operating systems, and services on known vulnerabilities. Often such attacks use a blended threat approach in which an attacker uses a number of methods simultaneously to infect and take control of a target system. Chapter 2, by Dr. Christophe Veltsos, “Mitigating the Blended Threat: Protecting and Educating Users,” examines this evolving threat, discusses limitations of traditional security technologies and controls to mitigate this threat, and presents new security controls to mitigate this type of new evolving risks. In addition, the chapter proposes security awareness education and training programs for common users to mitigate the blended treat.

Multi-domain resource reservation involves provisioning and allocation of network services over multiple federations of networks or services. One such example is bandwidth and queue allocations at the network elements for providing QoS over multiple domains. Cooperating components that are responsible for provisioning services over multiple domains must ensure inter-domain security during negotiation of resource reservations, as well as intra-domain security during initiation and realization of a resource reservation. Chapter 3, “Security Issues for Multi-Domain Resource Reservation,” by Christos Bouras and Kostas Stamos addresses such security issues in this context and provides architectures and procedures to handle multi-domain user authentication, trusted communications between inter-domain modules or components, and multi-domain user authorization. Particularly, the chapter presents security requirements and procedures for protecting against various types of attacks on a networked system for differentiated services and “bandwidth on demand” services over multiple domains.

Section II:  Authentication and Data Privacy: Passwords and Keys

In this section, we present three chapters that deal with vulnerabilities of password-based authentication mechanisms due to social engineering attacks, as well as key management mechanisms and infrastructures currently used for data privacy and other cryptographic services.

Social engineering attacks exploit inherent human characteristics such as kindness, mutual trust, willingness to help, et cetera to gain access to unauthorized private information, systems, and services. A hospital or a healthcare facility is very susceptible to social engineering attacks as unauthorized attackers can easily befriend healthcare workers or providers in such an environment. Chapter 4, “Healthcare Employees and Passwords: An Entry Point for Social Engineering Attacks,” by Dawn Medlin, Douglas May, and Ken Corley provides an account of security breaches in healthcare industry and discusses violations of HIPAA (Health Insurance Portability and Accountability Act) regulations.  In addition, the chapter provides an analysis of research results on the choice of passwords characteristically based on human psychological traits and memorization ability and exposes severe deficiencies in passwords used by common masses, as they are very predictable or obtainable easily by social engineering means. Specifically, the chapter focuses on research on the choice and usage of passwords by employees in five different hospitals and reports significant findings that employees are very likely to share their passwords with their family members and other healthcare employees. These findings underscore the need for stringent control and aggressive policy, not only in healthcare industry, but also in other similar industries as well.

Security of modern cryptography relies upon secrecy of keys. Public key infrastructure plays the crucial role in the storage management, distribution, and verification of such keys in cryptography. Chapter 5 by Reed Petty, Jiang Brian, and Remzi Seker entitled ”Public Key Infrastructure,” presents a comprehensive overview of popular public key algorithms, their applications in key exchange and digital signatures, and their vulnerabilities and weaknesses. The chapter identifies several key management challenges based on the very basic foundation of trust upon which the public key infrastructure relies. In addition, emerging technologies such as quantum computing that can make public key cryptographic techniques useless are also discussed. However, quantum cryptography can offer new solutions to all of our cryptographic needs instead, as stated in the chapter.

Public key cryptography has eliminated the need for a separate secure channel for transmission of the secret key to be shared by the communicating entities. However, the straightforward application of public key cryptography for key exchange is vulnerable to man-in-the-middle attacks. The problem is solved with a public key infrastructure (PKI) that serves as a certifying authority for all public keys. But managing public key certificates is rather complex as it requires one or more certification authorities, and the process involves excessive computation and communication cost. Alternatively, identity based cryptography simplifies the process as it eliminates the need for public certificate verification. Chapter 6 by Chuan-Kun Wu, “Key Management” provides a survey of current key management schemes and discusses key management issues under various application domains such as mobile ad hoc networks, wireless sensor networks, and mobile telecommunication systems. Subsequently, the chapter covers in detail the mechanisms of public key infrastructure, key escrow systems, and the key management aspects in the PGP email system. In addition, the chapter covers password-based key management as well as secret sharing scheme based key management schemes. Finally, the author critically delineates limitations in various key management methodologies.

Section III: Network Security Auditing, Assessment, and Manageability Security

This section deals with managerial aspects of network security such as standards, frameworks, and procedures for assessment and auditing of network security as well as security issues of manageability hardware and software technologies.

Network systems are complex, and hence, require a reference framework to account for all possible threats and for assessment of security with a good degree of confidence. Chapter 7, “Security Assessment of Networks” by Aftab Ahmad stresses the need for a framework for security assessment and proposes an assessment model for network systems. Particularly, the chapter shows how the ITU-T Network Security Framework (X.805) can be utilized in a performance model for assessing a security system. As an example, the chapter uses the model to assess the security of the popular sensor network standard IEEE 802.15.4. The model can be applied to assess security using security metrics addressing vulnerabilities threats such as destruction of information, corruption of information, loss of information, information disclosure, and service interruption.

Network manageability deals with remote administration, management, and service of network devices and any other devices connected to a network such as servers, laptop computers, PDAs, and cell phones. Manageability hardware and software technologies allow an administrator through an out of band channel to remotely access and troubleshoot a system regardless of the conditions or the power state of the system. Chapter 8, “Network Manageability” by Salvador Mandujano analyzes a number of manageability frameworks, protocols, and services for various platforms such as desktops, laptops, servers, and mobile devices. Manageability technologies are also vulnerable to attacks and misuses on the system such as firmware tampering, device tracking, device reconfiguration, loss of administrative control, and so on. Several manageability protocols are discussed in this chapter including the OMA (Open Mobile Alliance) device management protocol for mobile devices that can be used to perform firmware updates and change configurations. The chapter also discusses IPMI (Intelligent Platform Management Interface) standard to monitor and reconfigure server platforms such as AMT (Active Management Technology) solution on a chipset created by Intel Corporation for laptop and desktop systems and DASH (Desktop and Mobile Architecture for System Hardware) as a standard that makes remote administration of hardware over a TCP/IP network. Finally, it describes and discusses security issues of SNMP (Simple Network Management Protocol).

Existing security technologies such as firewalls, intrusion detection systems, and cryptography, though they have greatly boosted security for networks and computer systems, are often insufficient to deter and prevent certain types of attacks, such as Web-based attacks, hidden backdoors, et cetera. Network security auditing is a process to assess policies, procedures, and controls to identify security risks or vulnerabilities in network systems. Network security auditing can expose threats from such attacks by setting appropriate security policies, procedures, and controls. Chapter 9, “Network Security Auditing” by Yin Pan, Bo Yuan, and Sumita Mishra introduces network auditing process, procedure, standards, and frameworks. A detailed discussion of procedures and technologies to identify various network security threats and vulnerabilities is provided in this chapter. State of the art techniques and procedures for determination and management of risks are also discussed. Through a series of procedural steps for a case study, the chapter illustrates different phases of network discovery, network penetration, network threat analysis, and audit reporting.

Section IV: Sensor Network Security

Wireless sensor networks belong to a class of ad hoc networks that are very vulnerable to various attacks due to unique characteristics of sensor devices of limited processing power, limited battery life, and limited memory capacity. Accordingly, this section provides a survey of security concerns, attacks, and solutions for existing, as well as emerging applications of wireless sensor networks. In addition, it includes a new data privacy protocol that allows in-network data aggregation.

Chapter 10 by Murat Al and Kenji Yoshigoe, “Security and Attacks in Wireless Sensor Networks,” provides an overview of vulnerabilities, attacks, and countermeasures in wireless sensor networks, compares salient characteristics and applications of wireless sensor networks with those of common wireless technologies, describes characteristics of attacks and corresponding countermeasures as proposed in literature, and qualitatively provides a comparative analysis of the attacks on wireless sensor networks. Identifying security vulnerabilities is an essential step to devise a security solution. The chapter provides an exhaustive list of attacks and corresponding defense mechanisms to mitigate or prevent such attacks. Many of these attacks are found in wireless networks. However, additional attacks such as denial of sleep attacks just to drain battery life, attacks on data aggregation, and node capturing and tampering are very possible on sensor networks due to their characteristics. System constraints and security design issues using current security solutions such as cryptographic techniques and other means are also discussed in this chapter.

Wireless sensor networking technology has found extensive applications in many sectors. Despite wide applicability, security is a big concern as their environment of deployment is often easily accessible, making a wireless sensor network very vulnerable to attacks. Chapter 11: “Wireless Sensor Networks: Emerging Applications and Security Solutions” by Sumita Mishra addresses security concerns and discusses existing and possible security solutions particularly for emerging applications of wireless sensor networks. Existing security solutions are found to be inadequate for many emerging sensor network applications involving collection of highly sensitive data that requires stringent privacy. It is very challenging to design a robust and efficient security scheme for wireless sensor networks due to limited processing power and battery life of sensor nodes. In particular, the chapter exposes security issues in Body Area Networks (BAN), Smart Grid Networks, and Area Surveillance Networks, and finally, addresses security requirements for such emerging sensor network applications in terms of secure data storage, key establishment and management, key establishment and management, access control, and link layer security.

Communication activities are excessively more energy consuming than computation in wireless sensor networks. Data aggregation, or in-network processing of data in a wireless sensor network, is an attempt to reduce communication overhead to extend the life of the network for an application. However, data privacy is a big concern since a data aggregating node along a path to the base station can reveal the data in plaintext. Accordingly, Chapter 12:  “Privacy Preserving Data Gathering in Wireless Sensor Networks” by Md. Golam Kaosar and Xun Li presents a computational model as well as a protocol that can be used to maintain data privacy while performing data aggregation operations by intermediate nodes on data en route to the base station from a sensor node. According to the computational model, a sensor node perturbs its data, generates two fragments from the data, and uploads the fragments to two separate semi-trusted servers, from which a data collector or a base station can collect and combine them.  Security proofs provided by the authors shows that any of the servers or any intermediate sensor node neither can discover any individual data nor can associate any data to an individual. Beyond sensor networks, the scheme has many other content-privacy sensitive applications such auction, voting and feedback collection, and privacy preserving data mining.

Section V: Security Architectures, Algorithms, and Protocols

This final section presents new research results on security architectures, algorithms, and protocols for detection and prevention of intrusions and distributed denial of service attacks, as well as for controlling of spams and worms in instant messages.

Many Intrusion Detection Systems for traditional wired networks often use anomaly detection techniques in their core to detection intrusions by comparing an abnormal traffic behavior or pattern with the normal traffic behavior or pattern. In contrast, such comparison of traffic patterns becomes very challenging in an ad hoc networking environment due to node mobility and lack of a fixed infrastructure within the network. Chapter 13: “BANBAD: A centralized anomaly detection technique for Ad Hoc networks” by Rajeev Agrawal, Chaoli Cai, Ajay Gupta, Rajib Paul, and Raed Salih proposes a new algorithm for anomaly detection that is found to be very suitable for ad hoc networks. The anomaly detection algorithm is based on statistical Belief Networks (BN) that builds a normal profile during training by using system features and checks deviation during testing.  As ad hoc networks are very dynamic in nature due to mobility of their nodes, they may hinder any on-going data collection process for intrusion detection, which can in turn cause a great deal of difficulty in accurate profile generation by an intrusion detection scheme. As such, existing intrusion detection schemes will not work, due to constantly changing network configuration and/or incomplete information. As reported in the chapter, the proposed anomaly detection algorithm is found to detect anomalies even if data is incomplete or missing in such a dynamic environment.

Distributed Denial of Service (DDoS) attacks on a target host can be launched remotely by an adversary using freely available attacking tools. Categorically, three types of DDoS attacks are possible: 1) a master node recruits a multitude of agent nodes by exploiting their vulnerabilities and carries out a well-coordinated attack on the target simultaneously, 2) a single malicious node that launches the attack by spoofing its IP address, and 3) in a hybrid attack, a master node recruits and configures each agent machine for address spoofing for its outgoing packets.
Chapter 14: “Data Regulation Protocol for Source-End Mitigation of Distributed Denial of Service Attacks” by Nirav Shah and Dijiang Huang proposes a new data regulation protocol that utilizes packet filtering at the source end to mitigate distributed denial of service attacks. The protocol provides a target controlled traffic mechanism implemented at the source gateway in contrast with target-end filtering network using firewalls. The underlying assumption of the protocol is that the gateway at the source as well as the target can be under attack, but not compromised. The security analysis of the protocol shows its robustness under various attack scenarios such as source address spoofing, distributed attacks, and spoofed acknowledgements. A proof of the concept implementation verifies the claims made by the authors in the chapter. The proposed protocol holds the gateway of the source network accountable for all of the egress traffic leaving the network thus providing an incentive for source-end filtering.

Instant Messaging (IM) is a popular and efficient communication mechanism that allows users to chat from desktops to cellphones and hand held devices. Though simple and convenient, contrary to email and other similar systems, IM systems face a new security challenges due to their real-time characteristics. Chapter 15: “Instant Messaging Security,” by Zhijun Liu, Guoqiang Shu, and David Lee provides a review of the architectures and protocols of today’s IM systems, identifies threats to IM services such as IM spam and IM worm, provides a survey of various defense methods, and eventually, proposes new, effective solutions for filtering IM spam and controlling IM worm, including smart worm. In this chapter, several spam detection, controlling, and filtering mechanisms such as challenge-response filtering, fingerprint vector based filtering, Bayesian filtering, and collaborative feedback based filtering are discussed and evaluated for IM systems. In addition, the authors provide a mathematical model for IM worm behavior and correspondingly propose defense mechanisms including a topology aware throttling scheme to slow down worm propagation.

The concept of computer networking started with the purposes of communication, sharing of hardware, data files, and software. The chapters in this book demonstrate how the increase in complexity of the nature of services provided by networking and rise in the malicious intent of some participants has made security issues and security management a very core area in communication. The readers will be familiar with network security administration, its current trends and issues, and find that as wonderful and useful as networking is for sharing resources and saving cost and time, it has to be secure to even be considered a solution. Else, it would be creating more problems than it is solving.  

Dulal C. Kar
Mahbubur Rahman Syed
Editors

Author(s)/Editor(s) Biography

Dulal C. Kar is currently an Associate Professor in the Department of Computing Sciences at Texas A&M University--Corpus Christi, Texas. Previously, he was a faculty in the Department of Computer Science at Virginia Polytechnic Institute and State University, Virginia; Mountain State University, West Virginia; and Bangladesh University of Engineering and Technology, Bangladesh. He received the B.Sc.Engg. and the M.Sc.Engg. degrees from Bangladesh University of Engineering and Technology, Dhaka, Bangladesh and the MS and the Ph.D. degrees from North Dakota State University, Fargo, North Dakota. He is in the editorial board of the International Journal of Distance Education Technologies published by IGI Global. His research interests include wireless sensor networks, signal and image processing algorithms, network architecture and performance measurement, network and information security, information retrieval, and educational technology. He has published over fifty refereed journal and conference articles in those areas. His research works have been supported by various grants from NSF, DoD, NASA, and Cisco Systems.
Mahbubur Rahman Syed is currently a professor of Information Systems and Technology at Minnesota State University, Mankato (MSU), USA. He has about 30 years of experience in teaching, in industry, in research, and in academic leadership in the field of computer science, engineering, and Information Technology/Systems. Earlier, he worked in the Electrical and Computer Engineering Department at the North Dakota State University in USA, in the School of Computing and Information Technology at Monash University in Australia, in the Department of Computer Science and Engineering at Bangladesh University of Engineering and Technology (BUET) in Bangladesh, and in Ganz Electric Works in Hungary. He was a founding member of the Department of Computer Science and Engineering at BUET and served as Head of this Department during 1986-92. He served as the General Secretary of Bangladesh Computer Society and also as the General Secretary of BUET Teacher's Association. He received the UNESCO/ROSTSCA' 85 award for South and Central Asia region in the field of Informatics and Computer Applications in Scientific Research. He won several other awards. He has co-edited several books in the area of e-commerce, software agents, distance education, multimedia systems, and networking. He has more than 100 papers published in journals and conference proceedings. He has been serving in different roles such as co-editor-in chief, as associate editors, in editorial review committees, and as member of review board in several international journals. Dr. Syed has been involved in international professional activities including organizing conferences and serving as conference and program committee chair.

Indices

Editorial Board

  • Dr. Luther Troell, Rochester Institute of Technology, USA
  • Dr. Iuon-Chang Lin  , National Chung Hsing University, Taiwan, R.O.C.
  • Dr. Christos Bouras, University of Patras, Greece
  • Dr. Gregorio Martinez, University of Murcia , Spain
  • Dr. Timothy J. McGuire, Sam Houston State University, USA
  • Dr. Chuan-Kun Wu , Chinese Academy of Sciences, China
  • Dr. Muhammad Nadzir Marsono , Universiti Teknologi, Malaysia
  • Dr. Mario Garcia, Texas A&M University-Corpus Christi, USA
  • Dr. Jim Holt, Freescale Semiconductor, Inc., USA
  • Dr. John Fernandez, Texas A&M University-Corpus Christi, USA