ENGINEERING
INFORMATION
SECURITY


IEEE Press
445 Hoes Lane
Piscataway, NJ 08854
IEEE Press Editorial Board
Tariq Samad, Editor in Chief
George W. Arnold
Dmitry Goldgof
Ekram Hossain
Mary Lanzerotti

Vladimir Lumelsky
Pui-In Mak
Jeffrey Nanzer
Ray Perez

Linda Shafer
Zidong Wang
MengChu Zhou
George Zobrist

Kenneth Moore, Director of IEEE Book and Information Services (BIS)


ENGINEERING
INFORMATION
SECURITY

The Application of
Systems Engineering
Concepts to Achieve
Information Assurance
SECOND EDITION

Stuart Jacobs


Copyright  2016 by The Institute of Electrical and Electronics Engineers, Inc.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted
under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission
of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance
Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web
at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions
Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 7486008, or online at />Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or completeness
of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a
particular purpose. No warranty may be created or extended by sales representatives or written sales materials.
The advice and strategies contained herein may not be suitable for your situation. You should consult with a
professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any
other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 5723993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.

com.
Library of Congress Cataloging-in-Publication Data:
Jacobs, Stuart.
Engineering information security: The application of systems engineering concepts to achieve information
assurance/Stuart Jacobs.
p. cm.
ISBN 978-1-119-10160-4 (hardback)
1. Computer security. 2. Computer networks–Security measures. 3. Information technology–Security
measures. 4. Data protection. I. Title.
QA76.9.A25J325 2010
005.8–dc22
2010028408
Printed in United States of America
10 9 8 7 6

5 4 3 2

1


This book is dedicated to my wife, Eileen,
for her patience with my spending so much time at the keyboard
rather than with her



CONTENTS

Preface and Acknowledgments


xxiii

About the Companion Website

xxvii

1

WHAT IS SECURITY?

1

1.1 Introduction
1.2 The Subject of Security
1.2.1
Branches of Security
1.2.2
Defining Security by Function
1.2.2.1 Risk Avoidance
1.2.2.2 Deterrence
1.2.2.3 Prevention
1.2.2.4 Detection
1.2.2.5 Recovery
1.2.3
The Common Body of Knowledge (CBK) Security Domains
1.2.3.1 Access Control Systems and Methodology
1.2.3.2 Application and Systems Development Security
1.2.3.3 Business Continuity Planning and Disaster
Recovery Planning
1.2.3.4 Cryptography

1.2.3.5 Information Security and Risk Management
1.2.3.6 Legal, Regulations, Compliance, and Investigations
1.2.3.7 Operations Security
1.2.3.8 Physical Security
1.2.3.9 Security Architecture and Models
1.2.3.10 Telecommunications and Network Security
1.2.3.11 CBK Summary
1.3 A Twenty-First Century Tale
1.3.1
The Actors
1.3.1.1 Bob’s Story

1
2
2
5
5
5
6
7
7
8
8
9
10
10
11
11
12
13

14
14
15
15
15
15
vii


CONTENTS

viii

1.4

1.5
1.6
1.7

2

1.3.1.2 Carol’s Story
1.3.1.3 Alice’s Story
1.3.2
What Actually Occurred
1.3.3
How Could All This Have Been Prevented?
1.3.4
They Did Not Live Happily Ever After
Why Are You Important to Computer Security?

1.4.1
What Are the Threats to Your Computer?
1.4.2
As a User, What to Do?
1.4.3
The Reality of Cybercrime and Cyberwarfare
End of the Beginning
Chapter Summary
Further Reading and Resources

16
17
17
19
20
21
22
23
23
25
29
30

SYSTEMS ENGINEERING

31

2.1 So What Is Systems Engineering?
2.1.1
Similar Systems Engineering Process

2.1.1.1 Stating the Problem
2.1.1.2 Investigate Alternatives and Model the System
2.1.1.3 Develop/Integrate
2.1.1.4 Launch the System
2.1.1.5 Assess Performance
2.1.1.6 Re-evaluate
2.1.2
Another Systems Engineering View
2.1.3
Process Variations
2.2 Process Management
2.2.1
ISO 9000 Processes and Procedures
2.2.2
Capability Maturity Model (CMM)
2.3 Organization Environments
2.3.1
Economic, Legal, and Political Contexts
2.3.1.1 Regulations/Legislation
2.3.1.2 Market-Based Regulations
2.3.1.3 Technology Evolution
2.3.1.4 Customer Demands and Expectations
2.3.1.5 Legal Liability
2.3.1.6 Competition
2.3.1.7 Terrorism and Cybercrime
2.3.2
Business/Organizational Types
2.3.2.1 Commercial

31

32
34
35
36
37
38
38
38
41
41
41
43
46
47
47
49
51
51
51
51
52
52
53


CONTENTS

3

ix


2.3.2.2 Residential
2.3.2.3 Governments
2.3.2.4 Nongovernmental Organizations (NGOs)
2.3.3
National Critical Infrastructure
2.4 Chapter Summary
2.5 Further Reading and Resources

54
54
56
56
59
59

FOUNDATION CONCEPTS

61

3.1 Security Concepts and Goals
3.1.1
Subjects and Objects
3.1.2
What Is Trust?
3.1.3
Domains, Security, and Trust
3.1.4
Security Goals/Objectives
3.1.5

X.800 Security Services
3.1.5.1 Authentication
3.1.5.2 Access Control
3.1.5.3 Confidentiality
3.1.5.4 Data Integrity
3.1.5.5 Non-Repudiation
3.1.6
A Modern Definition of Security Services
3.1.6.1 Authentication
3.1.6.2 Authorization-Access Control
3.1.6.3 Integrity
3.1.6.4 Availability
3.1.6.5 Accountability
3.1.6.6 Privacy As a Security Service
3.1.6.7 Service Mapping and Application of Services
3.2 Role of Cryptography in Information Security
3.2.1
Cryptographic Hash Algorithms
3.2.1.1 HMAC-MD5 and HMAC-SHA1
3.2.2
Encryption Algorithms
3.2.2.1 Symmetric Encryption
3.2.2.2 Asymmetric Encryption
3.2.2.3 Encryption Algorithm Performance
3.2.3
Cryptanalysis and Other Key Issues
3.2.3.1 Cryptanalysis
3.2.3.2 Key Randomness

62

63
63
64
65
66
67
67
67
68
69
69
69
69
70
71
73
74
74
77
81
85
86
86
93
95
101
101
106



CONTENTS

x

4

3.2.3.3 Key Protection
3.2.3.4 Using Passwords with Cryptography
3.2.3.5 Using Passphrases with Cryptography
3.2.4
Key Management
3.2.4.1 Diffie–Hellmann Key Distribution
3.2.5
Cryptographic Authentication
3.2.5.1 Challenge–Response Technique
3.2.5.2 Message Authentication Code Technique
3.2.5.3 Digital Signature Authentication Technique
3.3 Key Management Revisited
3.4 Chapter Summary
3.5 Further Reading and Resources

106
107
108
108
110
112
113
116
119

120
121
122

AUTHENTICATION OF SUBJECTS

123

4.1 Authentication Systems
4.1.1
Kerberos-Based Authentication
4.1.2
Public-Key Infrastructure
4.1.2.1 X.509 Digital Certificates
4.1.2.2 Certificate Authority Hierarchies
4.1.2.3 Certificate Generation Requests
4.1.2.4 PKI Component Deployment
4.1.2.5 Digital Certificate Revocation and
Status Verification
4.1.2.6 Certificate Verification
4.1.3
Remote Authentication Dial-in User Service and EAP
4.1.4
Diameter
4.1.5
Secure Electronic Transactions (SET)
4.1.6
Authentication Systems Summary
4.2 Human Authentication
4.2.1

What the Subject Has Factor
4.2.2
What the Subject Knows Factor
4.2.3
What the Subject Is Factor
4.2.4
Where the Subject Is Factor
4.2.5
Combinations of Factors
4.2.6
Rainbow Tables
4.2.7
Proxies for Humans
4.2.7.1 Operating Systems

123
124
128
128
131
136
139
141
143
144
149
150
154
154
155

155
156
157
157
158
159
159


CONTENTS

5

xi

4.2.7.2 User Agents
4.2.7.3 Single Sign-On (SSO)
4.2.7.4 Shibboleth SSO Authentication
4.2.7.5 Identity Management (IdM)
4.3 Chapter Summary
4.4 Further Reading and Resources

159
159
164
164
167
168

SECURITY SYSTEMS ENGINEERING


169

5.1 Security Policy Development
5.2 Senior Management Oversight and Involvement
5.3 Security Process Management and Standards
5.3.1
ISO 27002
5.3.1.1 Establishing Organizational Security Policy
(Section 5)
5.3.1.2 Organizational Security Infrastructure (Section 6)
5.3.1.3 Asset Classification and Control (Section 7)
5.3.1.4 Personnel Security (Section 8)
5.3.1.5 Physical and Environmental Security (Section 9)
5.3.1.6 Communications and Operations Management
(Section 10)
5.3.1.7 Access Controls (Section 11)
5.3.1.8 Information Systems Acquisition, Development,
and Maintenance (Section 12)
5.3.1.9 Information Security Incident Management
(Section 13)
5.3.1.10 Business Continuity Management (Section 14)
5.3.1.11 Compliance (Section 15)
5.3.1.12 ISO 27002 Summary
5.3.2
ISO 27001
5.3.3
Policy Hierarchy
5.3.4
An Enterprise Security Policy Example

5.3.5
COBIT
5.3.6
Information Technology Infrastructure Library
5.3.7
Federal Information Security Management Act (FISMA)
5.4 Information Security Systems Engineering Methodology
5.4.1
Existing Asset Inventory and Classification
5.4.1.1 Physical Assets
5.4.1.2 Logical Assets

170
170
170
172
172
173
175
176
178
179
180
181
182
182
183
185
185
186

189
189
194
196
199
201
201
202


CONTENTS

xii

5.4.1.3 Conceptual Assets
Vulnerabilities, Threats, and Risk
5.4.2.1 Asset Vulnerabilities
5.4.2.2 Organization Threat Profile(s)
5.4.3
Dealing with Risk
5.4.3.1 ITU-T View of Risk Mitigation Approach
5.4.3.2 STRIDE Mitigation Approach
5.4.3.3 ISO 27005 Approach to Managing Risk
5.4.3.4 Common Criteria (CC) Mitigation Approach
5.4.3.5 ETSI Security-Related Vulnerability and
Threat Analysis Efforts
5.4.4
Risk Management Framework
5.4.4.1 Impact Analysis
5.4.4.2 Risk Assessment Analysis

5.4.4.3 Risk Assessment—Asset Definition and
Inventorying
5.4.4.4 Risk Assessment–Threats
5.4.5
Risk Assignment
5.5 Requirements Analysis and Decomposition
5.6 Access Control Concepts
5.6.1
Subjects, Objects, and Access Operations
5.6.2
Mandatory Access Control using a Matrix or
Lattice Approach
5.6.3
Discretionary Access Control using an Access
Control List Approach
5.6.4
Mandatory Access Control using a Capability List Approach
5.6.5
Administrative Tasks in Access Control Methods
5.6.5.1 Groups and Permissions
5.6.5.2 Protection Rings
5.6.6
Role-Based Access Control (RBAC)
5.7 Security Modeling and Security-Related Standards
5.7.1
Confidentiality Policies and Integrity Policies
5.7.2
Bell–LaPadula Model
5.7.3
Graham–Denning Confidentiality Model

5.7.4
Chinese Wall Multilateral Confidentiality Model
5.7.5
Biba Integrity Model
5.7.6
Clark–Wilson Model
5.7.7
Security Model Summary
5.7.8
Security Standards
5.4.2

202
203
204
204
224
224
226
226
227
230
232
233
234
236
237
240
240
244

245
246
246
247
248
248
249
249
251
252
253
254
255
256
256
258
259


CONTENTS

xiii

5.7.8.1
5.7.8.2
5.7.8.3
5.7.8.4
5.7.8.5
5.7.8.6
5.7.8.7

5.7.8.8
5.7.8.9
5.7.8.10
5.7.8.11

6

Public-Key Cryptography Standards
Third-Generation Partnership Project
Third-Generation Partnership Project 2
Alliance for Telecommunications Industry Solutions
Cable Television Laboratories, Inc.
European Telecommunications Standards Institute
International Organization for Standardization
ITU Telecommunication Standardization Sector
Internet Engineering Task Force
Object Management Group
Organization for the Advancement of Structured
Information Standards
5.7.8.12 Parlay Group
5.7.8.13 TeleManagement Forum
5.7.8.14 World Wide Web Consortium
5.8 Chapter Summary
5.8.1
Things to Remember
5.8.1.1 Subjects and Objects
5.8.1.2 Mandatory Access Controls
5.8.1.3 Discretionary Access Controls

260

260
260
262
262
263
263
263
264
264

TRADITIONAL NETWORK CONCEPTS

269

6.1 Networking Architectures
6.1.1
OSI Network Model
6.1.2
Internet Network Model
6.2 Types of Networks
6.2.1
Local Area Network (LAN)
6.2.2
Wireless LAN (WLAN)
6.2.3
Metropolitan Area Networks (MAN)
6.2.4
Wide Area Networks (WAN)
6.2.5
The Internet

6.2.6
Circuit Switched Networks
6.2.7
Supervisory Control and Data Acquisition (SCADA) Systems
6.2.8
Sensor Networks
6.2.9
Clouds
6.2.9.1 Hardware as a Service
6.2.9.2 Infrastructure as a Service

269
270
272
274
274
277
277
278
279
279
284
288
289
290
291

264
265
265

265
265
266
266
267
267


xiv

CONTENTS

6.2.9.3 Applications as a Service
6.2.9.4 Public versus Private Clouds
6.2.10 Cellular Networks
6.2.11 IEEE 802.16 Networks
6.2.12 Long-Term Evolution Networks
6.3 Network Protocols
6.3.1
Layer 1—Physical
6.3.2
Layer 2—Data Link Protocols
6.3.2.1 Ethernet
6.3.2.2 Virtual Ethernets
6.3.2.3 Wireless Networking
6.3.2.4 MultiProtocol Label Switching
6.3.2.5 Asynchronous Transfer Mode and Frame Relay
6.3.2.6 Digital Subscriber Lines
6.3.2.7 Optical Networking
6.3.2.8 Security in Data Link Layer Protocols

6.3.3
Layer 3—Internetworking Layer Protocols
6.3.3.1 Address Resolution Protocol
6.3.3.2 IP Version 4
6.3.3.3 Internet Control Management Protocol
6.3.3.4 IPv4 Fragmentation and Related Attacks
6.3.3.5 IP Version 6
6.3.3.6 Security in Internetworking Layer Protocols
6.3.4
Layer 4—Transport
6.3.4.1 Transmission Control Protocol
6.3.4.2 User Datagram Protocol
6.3.4.3 Stream Control Transmission Protocol
6.3.4.4 Open Shortest Path First
6.3.4.5 Security in Transport Layer Protocols
6.3.5
Layer 5—User Application Protocols
6.3.5.1 Initial Internet User Application Protocols
6.3.5.2 HyperText Transfer Protocol
6.3.5.3 X Windows
6.3.5.4 eXtensible Markup Language
6.3.5.5 Security in User Application Protocols
6.3.6
Layer 5—Signaling and Control Application Protocols
6.3.6.1 MPLS Signaling Protocols
6.3.6.2 Border Gateway Protocol

292
293
294

295
295
295
296
296
297
299
300
301
304
304
305
310
310
310
320
325
327
329
332
332
334
338
339
340
342
342
344
344
346

348
349
349
351
352


CONTENTS

xv

6.3.6.3
6.3.6.4
6.3.6.5
6.3.6.6
6.3.6.7
6.3.6.8
6.3.6.9

7

Mobile IP Routing
Dynamic Host Configuration Protocol
Network Time Protocols
Domain Name System
Lightweight Directory Access Protocol
Active Directory
Security in Signaling and Control Application
Protocols
6.3.7

Layer 5—Management Application Protocols
6.3.7.1 Simple Network Management Protocol
6.3.7.2 Customer Premise Equipment WAN Management
Protocol
6.3.7.3 Remote Monitoring
6.3.7.4 Security in Management Application Protocols
6.4 Chapter Summary
6.5 Further Reading and Resources

352
355
359
359
361
362

NEXT-GENERATION NETWORKS

371

7.1 Framework and Topology of the NGN
7.1.1
Functional Entities and Groups
7.1.2
Domains
7.1.2.1 Customer Domain
7.1.2.2 SP Access Domain
7.1.2.3 SP Core/Services Domain
7.1.3
Interfaces

7.1.4
Protocol Layers, Functional Planes, and Interfaces
7.2 The NGN Functional Reference Model
7.2.1
Strata
7.2.2
Management Functional Group
7.2.3
Application Functional Group
7.2.4
The Transport Stratum
7.2.5
The Service Stratum
7.2.6
The Service Stratum and the IP Multimedia
Subsystem (IMS)
7.3 Relationship Between NGN Transport and Service Domains
7.4 Enterprise Role Model
7.5 Security Allocation within the NGN Transport Stratum Example

372
372
373
374
374
374
374
376
380
380

381
381
381
385

363
363
363
367
368
368
368
370

385
389
390
393


CONTENTS

xvi

8

7.6 Converged Network Management (TMN and eTOM)
7.7 General Network Security Architectures
7.7.1
The ITU-T X.800 Generic Architecture

7.7.2
The Security Frameworks (X.810–X.816)
7.7.3
The ITU-T X.805 Approach to Security
7.8 Chapter Summary
7.9 Further Reading and Resources

393
401
402
402
403
405
405

GENERAL COMPUTER SECURITY ARCHITECTURE

409

8.1 The Hardware Protects the Software
8.1.1
Processor States and Status
8.1.1.1 Protection on the Motorola 68000
8.1.1.2 Protection on the Intel 80386/80486
8.1.2
Memory Management
8.1.2.1 Fence
8.1.2.2 Relocation
8.1.2.3 Base/Bounds Registers
8.1.2.4 Segmentation

8.1.2.5 Paging
8.1.2.6 Combining Segmentation and Paging
(Virtual Memory)
8.1.3
Interruption of Processor Activity
8.1.4
Hardware Encryption
8.1.4.1 Hardware Security Modules
8.1.4.2 Hardware Acceleration Cards
8.1.4.3 Hardware Acceleration USB Devices
8.1.4.4 Smartcards
8.2 The Software Protects Information
8.3 Element Security Architecture Description
8.3.1
The Kernel
8.3.2
Security Contexts
8.3.3
Security-Critical Functions
8.3.3.1 Security Policy Decision Function (SPDF)
8.3.3.2 Authentication Function
8.3.3.3 Audit Function
8.3.3.4 Process Scheduling Function

410
411
411
412
412
413

413
414
416
418
419
420
421
421
422
422
423
424
426
429
430
432
432
433
433
434


CONTENTS

xvii

8.3.3.5

8.4


8.5

8.6
8.7

9

Device Management Functions and
Device Controllers
8.3.4
Security-Related Functions
Operating System (OS) Structure
8.4.1
Security Management Function
8.4.2
Networking Subsystem Function
Security Mechanisms for Deployed Operating Systems (OSs)
8.5.1
General Purpose (GP) OSs
8.5.1.1 Hardware Mechanisms for GP OS Usage
8.5.1.2 Software Functional Entities for General
Purpose (GP) OS Contexts
8.5.2
Minimized General Purpose Operating Systems
8.5.2.1 Hardware Mechanisms for Minimized
GP OS Usage
8.5.2.2 Software Mechanisms for Minimized
GP OS Usage
8.5.3
Embedded (“Real-Time”) Operating Systems

8.5.3.1 Hardware Mechanisms for Embedded OS Usage
8.5.3.2 Software Mechanisms for Embedded OS Usage
8.5.4
Basic Input–Output Systems (BIOS)
8.5.4.1 Hardware Mechanisms for BIOS Usage
8.5.4.2 Software Mechanisms for BIOS Usage
Chapter Summary
Further Reading and Resources

434
435
435
437
437
437
438
438
438
438
449
449
449
449
451
451
451
451
456
460


COMPUTER SOFTWARE SECURITY

461

9.1 Specific Operating Systems (OSs)
9.1.1
Unix and Linux Security
9.1.1.1 Login and User Accounts
9.1.1.2 Group Accounts
9.1.1.3 Set User ID (setuid) and Set Group ID (setgid)
9.1.1.4 Access Control
9.1.1.5 Audit Logs and Intrusion Detection
9.1.1.6 inetd and TCP Wrappers
9.1.1.7 Log Files and Unix Disk Partitions
9.1.2
Solaris Operating System and Role-Based Access Controls
9.1.3
Windows OSs

461
462
462
463
463
464
467
469
470
473
476



CONTENTS

xviii

9.1.3.1
9.1.3.2
9.1.3.3
9.1.3.4
9.1.3.5
9.1.3.6
9.1.3.7
9.1.3.8
9.1.3.9
9.1.3.10
9.1.3.11
9.1.3.12
9.1.3.13

Users and Groups
Access Control Model
Access Tokens
Access Control Lists
Access Control Entries
Access Rights and Access Masks
Security Identifiers
The Registry
Domains and Trust Relationships
Active Directory

More on Trust Relationships
Identification and Authentication
Windows Server 2003—Role-Based Access
Control (RBAC)
9.1.4
Embedded OSs
9.2 Applications
9.2.1
Application Security Issues
9.2.1.1 Buffer Overflows
9.2.1.2 Exception Handling, Bounds Checking, and
Shared Libraries
9.2.1.3 Shared Libraries
9.2.1.4 Application Development Security
9.2.1.5 Static Code Security Analysis
9.2.1.6 Dynamic Code Security Analysis
9.2.2
Malicious Software (Malware)
9.2.2.1 Viruses
9.2.2.2 Worms
9.2.2.3 Trojan Horses, Rootkits, and Backdoors
9.2.2.4 Spyware and Botnets
9.2.2.5 Linux, Unix, and Mac OS X Malware
9.2.3
Anti-malware Applications
9.2.3.1 Malware and Spyware Scanners
9.2.3.2 Host-Based Firewalls
9.2.3.3 Modification Scanners
9.2.3.4 Host-Based Intrusion Detection
9.3 Chapter Summary

9.4 Further Reading and Resources

477
478
478
479
481
481
481
482
485
487
489
492
493
496
498
498
499
500
500
501
502
503
503
505
507
507
510
512

512
512
513
514
515
515
516


CONTENTS

10

xix

SECURITY SYSTEMS DESIGN—DESIGNING NETWORK SECURITY

517

10.1 Introduction
10.2 Security Design for Protocol Layer 1
10.2.1 Wired and Optical Media
10.2.1.1 Link-Bulk Encryption
10.2.1.2 Dial-back Modems
10.2.2 Wireless Media
10.2.2.1 Fast Frequency Hopping
10.3 Layer 2—Data Link Security Mechanisms
10.3.1 IEEE 802.1x
10.3.2 IEEE 802.1ae
10.3.3 IEEE 802.11 WPA and 802.11i

10.4 Security Design for Protocol Layer 3
10.4.1 IP Security (IPsec)
10.4.1.1 IPsec Architecture
10.4.1.2 IPsec Key Management and Key Exchange
10.4.1.3 IKE Operation
10.4.1.4 IPsec Security Associations (SAs)
10.4.1.5 Combining Security Associations
10.4.1.6 IPsec Authentication Header (AH) Transform
10.4.1.7 The IPsec Encapsulating Security Payload (ESP)
Transform
10.4.1.8 The Various ESP Transforms
10.4.1.9 IPsec Processing
10.4.1.10 IPsec Policy Management
10.4.1.11 IPsec and Network Address Translation
10.4.1.12 IPsec Implementation Availability
10.4.1.13 IPsec and Fault-Tolerant Network Designs
10.4.1.14 IPsec and PKI
10.4.1.15 IPsec Summary and Observations
10.5 IP Packet Authorization and Access Control
10.5.1 Network and Host Packet Filtering
10.5.2 The Demilitarized Zone
10.5.3 Application-Level Gateways
10.5.4 Deep-Packet Inspection (DPI)
10.6 Chapter Summary
10.7 Further Reading and Resources

517
520
520
520

522
522
523
524
524
525
528
530
530
531
536
537
541
542
544
545
545
545
547
549
554
554
556
557
558
559
563
564
567
571

571


CONTENTS

xx

11

TRANSPORT AND APPLICATION SECURITY DESIGN AND USE

573

11.1 Layer 4—Transport Security Protocols
11.1.1 TLS, DTLS, and SSL
11.1.1.1 TLS Session Establishment
11.1.1.2 TLS Operational Activities
11.1.1.3 TLS and SSL Security Items
11.1.1.4 SSL Virtual Private Networks
11.1.2 Secure Shell (SSH)
11.1.3 Comparison of SSL, TLS, DTLS, and IPsec
11.2 Layer 5—User Service Application Protocols
11.2.1 Email
11.2.1.1 Pretty Good Privacy (PGP)
11.2.1.2 Secure/Multipurpose Internet Mail Extensions
(S/MIME)
11.2.1.3 S/MIME and OpenPGP Differences
11.2.1.4 Email Attacks
11.2.2 World Wide Web (Web) and Identity Management
11.2.2.1 eXtensible Markup Language Security (XML)

11.2.2.2 Service-Oriented Architecture (SOA)
11.2.2.3 Web Services
11.2.2.4 SOAP
11.2.2.5 Security Assertion Markup Language (SAML)
11.2.3 Voice over Internet Protocol (VoIP)
11.2.3.1 VoIP Signaling Security
11.2.3.2 Real-Time Protocol
11.2.3.3 VoIP Media Security
11.2.3.4 VoIP Session Border Control
11.2.3.5 VoIP Device Security
11.2.3.6 VoIP and NAT
11.2.4 DNS Security Extensions
11.2.5 Instant Messaging and Chat
11.2.6 Peer-to-Peer Applications
11.2.7 Ad hoc Networks
11.2.8 Java
11.2.8.1 Basic Concepts
11.2.8.2 Java 2 Cryptographic Architecture
11.2.9 .NET

573
574
576
579
579
579
581
581
582
583

583
586
587
587
589
589
590
593
593
594
596
599
599
601
602
602
604
605
608
615
616
618
619
620
622


CONTENTS

12


xxi

11.2.9.1 Role-Based Security
11.2.9.2 Web Application Security
11.2.9.3 Evidence-Based Security
11.2.9.4 Cryptography Available in .NET
11.2.9.5 Security Policy Administration in .NET
11.2.10 Common Object Request Broker Architecture (CORBA)
11.2.11 Distributed Computing Environment
11.2.12 Dynamic Host Configuration Protocol Security
11.3 Chapter Summary
11.4 Further Reading and Resources

622
622
622
623
623
624
626
630
632
632

SECURING MANAGEMENT AND MANAGING SECURITY

633

12.1 Securing Management Applications

12.1.1 Management Roots
12.1.2 The Telecommunications Management Network
12.1.2.1 Telecommunications Management Network
Structure
12.1.2.2 Element, Network Management Systems, and
Operations Systems
12.1.3 TMN Security
12.1.4 Management of Security Mechanisms
12.1.4.1 EMS Security Needs
12.1.4.2 NMS Security Additions
12.1.4.3 Selected OSS/EMS Security Services
12.1.5 A Security Management Framework
12.2 Operation, Administration, Maintenance, and Decommissioning
12.2.1 Operational Security Mechanisms
12.2.1.1 Separation of Duties and Roles
12.2.1.2 Operational Guidelines and Procedures
12.2.1.3 Independent Auditing and Review
12.2.1.4 Human Resources and Legal Aspects
12.2.1.5 Accountability
12.2.1.6 Documentation
12.2.1.7 Acceptance Testing, Field Testing, and
Operational Readiness
12.2.2 Operations Security
12.2.2.1 Third-Party Access
12.2.2.2 Security Event Response and Forensics

633
633
634
635

636
640
642
643
644
644
645
648
649
649
650
651
653
653
653
653
654
655
655


CONTENTS

xxii

12.2.2.3 Senior Security Management Mechanisms
12.2.2.4 Operational Reviews
12.2.2.5 Accreditation and Certification
12.2.2.6 Life-cycle Review
12.2.2.7 Withdrawal from Service

12.2.3 Operations Compliance
12.2.3.1 Example Security Tools
12.2.3.2 Penetration Testing
12.3 Systems Implementation or Procurement
12.3.1 Development
12.3.1.1 CMMI and ISO-9001 Processes
12.3.1.2 Coding
12.3.1.3 Testing
12.3.2 Procurement
12.3.2.1 Requests for Information/Proposals (RFIs/RFPs)
12.3.2.2 Standards Compliance
12.3.2.3 Acceptance Testing and Review
12.3.3 Forensic Tools
12.4 Chapter Summary
12.5 Further Reading and Resources

657
657
658
661
661
664
667
669
671
672
672
672
673
673

673
679
681
681
681
681

About the Author

683

Glossary

685

Index

725


PREFACE AND
ACKNOWLEDGMENTS

APPROACH
This book focuses on information security (information assurance) from the viewpoint of
how to control access to information in a systematic manner. Many books on security
primarily cover specific security mechanisms such as authentication protocols, encryption algorithms, and security-related protocols. Other books on security are use case
oriented, providing specific contexts for discussing vulnerabilities, threats, and countermeasures. Few books on security consider the planning, operations, and management
aspects of protecting information. Unlike these other books that focus on security
mechanisms, threats, and vulnerabilities, this book presents a methodology for addressing security concerns in any organization. The methodology is based on a set of concepts

called systems engineering that are designed to methodologically examine, analyze, and
document objectives and the functional and performance capabilities (requirements) that
need to exist to achieve the stated goals. Systems engineering concepts provide:
• a framework for developing capabilities and solutions that ensure compliance with
the aforementioned requirements;
• traceability starting at objectives, progressing through requirements development,
solution design/development/procurement into, and during, operation and administration; and
• support for compliance evaluation of deployed systems and how these systems are
used.
Another critical aspect of the systems methodology is the necessity to consider all
aspects of a system, not just the technical components. All information processing
infrastructures (networks and computing devices) exist within a context defined by:
•
•
•
•

how the deploying organization operates,
what the deploying organization provides as services or products,
who competes with the deploying organization,
what legal and regulatory burdens the deploying organization has to accommodate, and
xxiii


PREFACE AND ACKNOWLEDGMENTS

xxiv

• who may target the deploying organization with the intent of personal or financial
gain, political advantage, or ideological objectives.

Over time the technologies used for the processing, storage, and communicating of
information have changed dramatically and rapidly. By presenting a systems engineering
approach to information security, this book will assist security practitioners to cope with
these rapid changes. Achieving information security is not a matter of dealing with
specific technologies, rather information security is a process of managing technologies
to ensure that information is only accessible to valid users.

ORGANIZATION
The coverage of information security by this book includes all aspects of security in a
systematic engineering approach:
• Chapter 1 considers why information security is needed, how security problems
can have widespread impacts, and what are the more common ways security is
discussed and the deficiencies/limitations of these views.
• Chapter 2 discusses the many legal, technical, competitive, criminal and consumer
forces, and influences that are rapidly changing our information-dependent
society, along with exploring the concepts of systems engineering and the value
these concepts provide to the development of new products and services along
with the maintenance and evolution to existing products and services.
• Chapter 3 reviews fundamental security concepts of subjects, objects, security
services, and the role of cryptography in information security.
• Chapter 4 considers different approaches for achieving authentication of individuals and systems.
• Chapter 5 delves into how to establish and manage an information security
program, evaluate vulnerabilities, threats, and risks, and develop security requirements, and the chapter considers the value and impact of security standards and the
major organizations involved with developing these standards.
• Chapter 6 describes the different forms and types of networks currently in use
along with the protocols relied upon that are the cause of many security problems.
All protocol layers are considered, and any security capabilities are analyzed for
effectiveness and usability.
• Chapter 7 focuses on the near future of next-generation network concepts and
services defined within the developing Internet multimedia services framework.

• Chapter 8 provides an in-depth discussion of computer hardware that impacts
information security and the role of operating systems in supporting information
security, and what security mechanisms an operating system should include.
• Chapter 9 provides an examination of security capabilities in the major commercially available operating system (unix variants, Windows variants, and real time)


PREFACE AND ACKNOWLEDGMENTS

xxv

and then considers security issues within applications software. This chapter
concludes with a review of the different forms of malicious software (malware)
encountered today and a number of anti-malware applications currently available.
• Chapters 10 and 11 provide descriptions and analysis of the available networking
security mechanisms within each protocol layer of networks. Both stand-alone
applications (including their associated protocols) and the major application
frameworks (e.g., Java, .NET, CORBA, and DCE) are discussed from a security
capabilities perspective.
• Chapter 12 explores the security issues within the management of networks,
especially the management of security and considers the organizational needs for
effective security management, operational security mechanisms, security operations, and other life cycle security issues. This chapter concludes with consideration of security within development, integration, and component purchasing
activity areas.
Available for instructors, from the publisher, are (1) a set of assignments and
associated grading rubrics, (2) lecture power point slides, (3) a set of quizzes and
associated grading rubrics, and a final examination and associated grading rubric.

SECOND EDITION CHANGES
Chapterwise changes in this 2nd edition include the following:
• Errors found in each chapter have been corrected.
• Chapter 3: Revision of Section 3.1.5 to more clearly explain types and purposes of

security services, including description of data integrity being based on use of a
protected digest. Addition of discussion about protecting storage of private keys.
• Chapter 4: Revisions to Sections 4.1.5, 4.2, and 4.2.7 regarding need to control
identities.
• Chapter 5: Revision of Sections 5.1 through 5.3.3 to discuss Governance followed
by ISO 27001 and ISO 27002 for policy, and then provide discussion of COBIT,
ITIL, and FISMA with revised discussion of requirements.
• Chapter 7: Major revision of material to include discussion of SCADA, Cloud,
Sensor, and Ad Hoc networks.
• Chapter 9: Expansion of Section 9.2.1 to include coverage of code reviews, code
scanning tools, and testing.
• Chapter 11: Added discussion in Section 11.1.1.3 regarding SSL VPNs and TLS
lack of rekeying capabilities. Discussion in Section 11.2.2 of HTTP Basic and
Digest authentication.
• Chapter 12: Rework of Section 12.1.1. Added Section 12.2.3.3 to discuss internal
operations security process of monitor, review exceptions, plan remediation, and
obtain either budget or exception.