Stuart Jacobs
Engineering Information Security
The Application of Systems Engineering Concepts to Achieve Information Assurance
Stuart Jacobs
Engineering Information Security
The Application of Systems Engineering Concepts to Achieve Information Assurance
- Gebundenes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Engineering Information Security covers all aspects of information security using a systematic engineering approach and focuses on the viewpoint of how to control access to information. * Includes a discussion about protecting storage of private keys, SCADA, Cloud, Sensor, and Ad Hoc networks * Covers internal operations security processes of monitors, review exceptions, and plan remediation * Over 15 new sections * Instructor resources such as lecture slides, assignments, quizzes, and a set of questions organized as a final exam If you are an instructor and adopted this book for your course,…mehr
Andere Kunden interessierten sich auch für
![WiMAX Security and Quality of Service]( "WiMAX Security and Quality of Service")
WiMAX Security and Quality of Service135,99 €![Wireless and Mobile Network Security]( "Wireless and Mobile Network Security")
Hakima ChaouchiWireless and Mobile Network Security413,99 €![Introduction to Antenna Placement and Installation]( "Introduction to Antenna Placement and Installation")
Thereza MacnamaraIntroduction to Antenna Placement and Installation186,99 €![The Engineering Design of Systems]( "The Engineering Design of Systems")
Dennis M BuedeThe Engineering Design of Systems145,99 €![Technologies for the Wireless Future, Volume 2]( "Technologies for the Wireless Future, Volume 2")
Rahim Tafazolli (ed.)Technologies for the Wireless Future, Volume 2212,99 €![Broadband Communications Via High Altitude Platforms]( "Broadband Communications Via High Altitude Platforms")
David GraceBroadband Communications Via High Altitude Platforms153,99 €![Next Generation Telecommunications]( "Next Generation Telecommunications")
Thomas PlevyakNext Generation Telecommunications171,99 €-
-
-
Engineering Information Security covers all aspects of information security using a systematic engineering approach and focuses on the viewpoint of how to control access to information. * Includes a discussion about protecting storage of private keys, SCADA, Cloud, Sensor, and Ad Hoc networks * Covers internal operations security processes of monitors, review exceptions, and plan remediation * Over 15 new sections * Instructor resources such as lecture slides, assignments, quizzes, and a set of questions organized as a final exam If you are an instructor and adopted this book for your course, please email ieeeproposals@wiley.com to get access to the additional instructor materials for this book.
Produktdetails
- Produktdetails
- Verlag: John Wiley & Sons / Wiley
- 2nd edition
- Seitenzahl: 784
- Erscheinungstermin: 14. Dezember 2015
- Englisch
- Abmessung: 240mm x 161mm x 46mm
- Gewicht: 1326g
- ISBN-13: 9781119101604
- ISBN-10: 1119101603
- Artikelnr.: 42852145
- Verlag: John Wiley & Sons / Wiley
- 2nd edition
- Seitenzahl: 784
- Erscheinungstermin: 14. Dezember 2015
- Englisch
- Abmessung: 240mm x 161mm x 46mm
- Gewicht: 1326g
- ISBN-13: 9781119101604
- ISBN-10: 1119101603
- Artikelnr.: 42852145
STUART JACOBS is a Lecturer at Boston University, teaching graduate courses on Network and Computer Security and Enterprise Information Security, along with advising on security curricula issues. Mr. Jacobs also serves as an Industry Security Subject Matter Expert for the Alliance for the Telecommunications Industry Solutions (ATIS) and as the Technical Editor of the ATIS Technical Report "Information and Communications Security for NGN Converged Services IP Networks and Infrastructure" and ITU-T M.3410, "Guidelines and Requirements for Security Management Systems". He holds an MSc degree and CISSP Certification, and is a member of IEEE and IEEE Computer Society, Association for Computing Machinery (ACM), International Information Systems Security Certification Consortium (ISC)2, Information Systems Security Association (ISSA) and InfraGuard.
Preface and Acknowledgments xxiii About the Companion Website xxvii 1 WHAT
IS SECURITY? 1 1.1 Introduction 1 1.2 The Subject of Security 2 1.2.1
Branches of Security 2 1.2.2 Defining Security by Function 5 1.2.3 The
Common Body of Knowledge (CBK) Security Domains 8 1.3 A Twenty-First
Century Tale 15 1.3.1 The Actors 15 1.3.2 What Actually Occurred 17 1.3.3
How Could All This Have Been Prevented? 19 1.3.4 They Did Not Live Happily
Ever After 20 1.4 Why Are You Important to Computer Security? 21 1.4.1 What
Are the Threats to Your Computer? 22 1.4.2 As a User, What to Do? 23 1.4.3
The Reality of Cybercrime and Cyberwarfare 23 1.5 End of the Beginning 25
1.6 Chapter Summary 29 1.7 Further Reading and Resources 30 2 SYSTEMS
ENGINEERING 31 2.1 So What Is Systems Engineering? 31 2.1.1 Similar Systems
Engineering Process 32 2.1.2 Another Systems Engineering View 38 2.1.3
Process Variations 41 2.2 Process Management 41 2.2.1 ISO 9000 Processes
and Procedures 41 2.2.2 Capability Maturity Model (CMM) 43 2.3 Organization
Environments 46 2.3.1 Economic, Legal, and Political Contexts 47 2.3.2
Business/Organizational Types 52 2.3.3 National Critical Infrastructure 56
2.4 Chapter Summary 59 2.5 Further Reading and Resources 59 3 FOUNDATION
CONCEPTS 61 3.1 Security Concepts and Goals 62 3.1.1 Subjects and Objects
63 3.1.2 What Is Trust? 63 3.1.3 Domains, Security, and Trust 64 3.1.4
Security Goals/Objectives 65 3.1.5 X.800 Security Services 66 3.1.6 A
Modern Definition of Security Services 69 3.2 Role of Cryptography in
Information Security 77 3.2.1 Cryptographic Hash Algorithms 81 3.2.2
Encryption Algorithms 86 3.2.3 Cryptanalysis and Other Key Issues 101 3.2.4
Key Management 108 3.2.5 Cryptographic Authentication 112 3.3 Key
Management Revisited 120 3.4 Chapter Summary 121 3.5 Further Reading and
Resources 122 4 AUTHENTICATION OF SUBJECTS 123 4.1 Authentication Systems
123 4.1.1 Kerberos-Based Authentication 124 4.1.2 Public-Key Infrastructure
128 4.1.3 Remote Authentication Dial-in User Service and EAP 144 4.1.4
Diameter 149 4.1.5 Secure Electronic Transactions (SET) 150 4.1.6
Authentication Systems Summary 154 4.2 Human Authentication 154 4.2.1 What
the Subject Has Factor 155 4.2.2 What the Subject Knows Factor 155 4.2.3
What the Subject Is Factor 156 4.2.4 Where the Subject Is Factor 157 4.2.5
Combinations of Factors 157 4.2.6 Rainbow Tables 158 4.2.7 Proxies for
Humans 159 4.3 Chapter Summary 167 4.4 Further Reading and Resources 168 5
SECURITY SYSTEMS ENGINEERING 169 5.1 Security Policy Development 170 5.2
Senior Management Oversight and Involvement 170 5.3 Security Process
Management and Standards 170 5.3.1 ISO 27002 172 5.3.2 ISO 27001 185 5.3.3
Policy Hierarchy 186 5.3.4 An Enterprise Security Policy Example 189 5.3.5
COBIT 189 5.3.6 Information Technology Infrastructure Library 194 5.3.7
Federal Information Security Management Act (FISMA) 196 5.4 Information
Security Systems Engineering Methodology 199 5.4.1 Existing Asset Inventory
and Classification 201 5.4.2 Vulnerabilities, Threats, and Risk 203 5.4.3
Dealing with Risk 224 5.4.4 Risk Management Framework 232 5.4.5 Risk
Assignment 240 5.5 Requirements Analysis and Decomposition 240 5.6 Access
Control Concepts 244 5.6.1 Subjects, Objects, and Access Operations 245
5.6.2 Mandatory Access Control using a Matrix or Lattice Approach 246 5.6.3
Discretionary Access Control using an Access Control List Approach 246
5.6.4 Mandatory Access Control using a Capability List Approach 247 5.6.5
Administrative Tasks in Access Control Methods 248 5.6.6 Role-Based Access
Control (RBAC) 249 5.7 Security Modeling and Security-Related Standards 251
5.7.1 Confidentiality Policies and Integrity Policies 252 5.7.2
Bell-LaPadula Model 253 5.7.3 Graham-Denning Confidentiality Model 254
5.7.4 Chinese Wall Multilateral Confidentiality Model 255 5.7.5 Biba
Integrity Model 256 5.7.6 Clark-Wilson Model 256 5.7.7 Security Model
Summary 258 5.7.8 Security Standards 259 5.8 Chapter Summary 265 5.8.1
Things to Remember 266 6 TRADITIONAL NETWORK CONCEPTS 269 6.1 Networking
Architectures 269 6.1.1 OSI Network Model 270 6.1.2 Internet Network Model
272 6.2 Types of Networks 274 6.2.1 Local Area Network (LAN) 274 6.2.2
Wireless LAN (WLAN) 277 6.2.3 Metropolitan Area Networks (MAN) 277 6.2.4
Wide Area Networks (WAN) 278 6.2.5 The Internet 279 6.2.6 Circuit Switched
Networks 279 6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems
284 6.2.8 Sensor Networks 288 6.2.9 Clouds 289 6.2.10 Cellular Networks 294
6.2.11 IEEE 802.16 Networks 295 6.2.12 Long-Term Evolution Networks 295 6.3
Network Protocols 295 6.3.1 Layer 1--Physical 296 6.3.2 Layer 2--Data Link
Protocols 296 6.3.3 Layer 3--Internetworking Layer Protocols 310 6.3.4
Layer 4--Transport 332 6.3.5 Layer 5--User Application Protocols 342 6.3.6
Layer 5--Signaling and Control Application Protocols 349 6.3.7 Layer
5--Management Application Protocols 363 6.4 Chapter Summary 368 6.5 Further
Reading and Resources 370 7 NEXT-GENERATION NETWORKS 371 7.1 Framework and
Topology of the NGN 372 7.1.1 Functional Entities and Groups 372 7.1.2
Domains 373 7.1.3 Interfaces 374 7.1.4 Protocol Layers, Functional Planes,
and Interfaces 376 7.2 The NGN Functional Reference Model 380 7.2.1 Strata
380 7.2.2 Management Functional Group 381 7.2.3 Application Functional
Group 381 7.2.4 The Transport Stratum 381 7.2.5 The Service Stratum 385
7.2.6 The Service Stratum and the IP Multimedia Subsystem (IMS) 385 7.3
Relationship Between NGN Transport and Service Domains 389 7.4 Enterprise
Role Model 390 7.5 Security Allocation within the NGN Transport Stratum
Example 393 7.6 Converged Network Management (TMN and eTOM) 393 7.7 General
Network Security Architectures 401 7.7.1 The ITU-T X.800 Generic
Architecture 402 7.7.2 The Security Frameworks (X.810-X.816) 402 7.7.3 The
ITU-T X.805 Approach to Security 403 7.8 Chapter Summary 405 7.9 Further
Reading and Resources 405 8 GENERAL COMPUTER SECURITY ARCHITECTURE 409 8.1
The Hardware Protects the Software 410 8.1.1 Processor States and Status
411 8.1.2 Memory Management 412 8.1.3 Interruption of Processor Activity
420 8.1.4 Hardware Encryption 421 8.2 The Software Protects Information 424
8.3 Element Security Architecture Description 426 8.3.1 The Kernel 429
8.3.2 Security Contexts 430 8.3.3 Security-Critical Functions 432 8.3.4
Security-Related Functions 435 8.4 Operating System (OS) Structure 435
8.4.1 Security Management Function 437 8.4.2 Networking Subsystem Function
437 8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437 8.5.1
General Purpose (GP) OSs 438 8.5.2 Minimized General Purpose Operating
Systems 438 8.5.3 Embedded ("Real-Time") Operating Systems 449 8.5.4 Basic
Input-Output Systems (BIOS) 451 8.6 Chapter Summary 456 8.7 Further Reading
and Resources 460 9 COMPUTER SOFTWARE SECURITY 461 9.1 Specific Operating
Systems (OSs) 461 9.1.1 Unix and Linux Security 462 9.1.2 Solaris Operating
System and Role-Based Access Controls 473 9.1.3 Windows OSs 476 9.1.4
Embedded OSs 496 9.2 Applications 498 9.2.1 Application Security Issues 498
9.2.2 Malicious Software (Malware) 503 9.2.3 Anti-malware Applications 512
9.3 Chapter Summary 515 9.4 Further Reading and Resources 516 10 SECURITY
SYSTEMS DESIGN--DESIGNING NETWORK SECURITY 517 10.1 Introduction 517 10.2
Security Design for Protocol Layer 1 520 10.2.1 Wired and Optical Media 520
10.2.2 Wireless Media 522 10.3 Layer 2--Data Link Security Mechanisms 524
10.3.1 IEEE 802.1x 524 10.3.2 IEEE 802.1ae 525 10.3.3 IEEE 802.11 WPA and
802.11i 528 10.4 Security Design for Protocol Layer 3 530 10.4.1 IP
Security (IPsec) 530 10.5 IP Packet Authorization and Access Control 558
10.5.1 Network and Host Packet Filtering 559 10.5.2 The Demilitarized Zone
563 10.5.3 Application-Level Gateways 564 10.5.4 Deep-Packet Inspection
(DPI) 567 10.6 Chapter Summary 571 10.7 Further Reading and Resources 571
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573 11.1 Layer
4--Transport Security Protocols 573 11.1.1 TLS, DTLS, and SSL 574 11.1.2
Secure Shell (SSH) 581 11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581
11.2 Layer 5--User Service Application Protocols 582 11.2.1 Email 583
11.2.1.1 Pretty Good Privacy (PGP) 583 11.2.2 World Wide Web (Web) and
Identity Management 589 11.2.3 Voice over Internet Protocol (VoIP) 596
11.2.4 DNS Security Extensions 605 11.2.5 Instant Messaging and Chat 608
11.2.6 Peer-to-Peer Applications 615 11.2.7 Ad hoc Networks 616 11.2.8 Java
618 11.2.9 .NET 622 11.2.10 Common Object Request Broker Architecture
(CORBA) 624 11.2.11 Distributed Computing Environment 626 11.2.12 Dynamic
Host Configuration Protocol Security 630 11.3 Chapter Summary 632 11.4
Further Reading and Resources 632 12 SECURING MANAGEMENT AND MANAGING
SECURITY 633 12.1 Securing Management Applications 633 12.1.1 Management
Roots 633 12.1.2 The Telecommunications Management Network 634 12.1.3 TMN
Security 640 12.1.4 Management of Security Mechanisms 642 12.1.5 A Security
Management Framework 645 12.2 Operation, Administration, Maintenance, and
Decommissioning 648 12.2.1 Operational Security Mechanisms 649 12.2.2
Operations Security 654 12.2.3 Operations Compliance 664 12.3 Systems
Implementation or Procurement 671 12.3.1 Development 672 12.3.2 Procurement
673 12.3.3 Forensic Tools 681 12.4 Chapter Summary 681 12.5 Further Reading
and Resources 681 About the Author 683 Glossary 685 Index 725
IS SECURITY? 1 1.1 Introduction 1 1.2 The Subject of Security 2 1.2.1
Branches of Security 2 1.2.2 Defining Security by Function 5 1.2.3 The
Common Body of Knowledge (CBK) Security Domains 8 1.3 A Twenty-First
Century Tale 15 1.3.1 The Actors 15 1.3.2 What Actually Occurred 17 1.3.3
How Could All This Have Been Prevented? 19 1.3.4 They Did Not Live Happily
Ever After 20 1.4 Why Are You Important to Computer Security? 21 1.4.1 What
Are the Threats to Your Computer? 22 1.4.2 As a User, What to Do? 23 1.4.3
The Reality of Cybercrime and Cyberwarfare 23 1.5 End of the Beginning 25
1.6 Chapter Summary 29 1.7 Further Reading and Resources 30 2 SYSTEMS
ENGINEERING 31 2.1 So What Is Systems Engineering? 31 2.1.1 Similar Systems
Engineering Process 32 2.1.2 Another Systems Engineering View 38 2.1.3
Process Variations 41 2.2 Process Management 41 2.2.1 ISO 9000 Processes
and Procedures 41 2.2.2 Capability Maturity Model (CMM) 43 2.3 Organization
Environments 46 2.3.1 Economic, Legal, and Political Contexts 47 2.3.2
Business/Organizational Types 52 2.3.3 National Critical Infrastructure 56
2.4 Chapter Summary 59 2.5 Further Reading and Resources 59 3 FOUNDATION
CONCEPTS 61 3.1 Security Concepts and Goals 62 3.1.1 Subjects and Objects
63 3.1.2 What Is Trust? 63 3.1.3 Domains, Security, and Trust 64 3.1.4
Security Goals/Objectives 65 3.1.5 X.800 Security Services 66 3.1.6 A
Modern Definition of Security Services 69 3.2 Role of Cryptography in
Information Security 77 3.2.1 Cryptographic Hash Algorithms 81 3.2.2
Encryption Algorithms 86 3.2.3 Cryptanalysis and Other Key Issues 101 3.2.4
Key Management 108 3.2.5 Cryptographic Authentication 112 3.3 Key
Management Revisited 120 3.4 Chapter Summary 121 3.5 Further Reading and
Resources 122 4 AUTHENTICATION OF SUBJECTS 123 4.1 Authentication Systems
123 4.1.1 Kerberos-Based Authentication 124 4.1.2 Public-Key Infrastructure
128 4.1.3 Remote Authentication Dial-in User Service and EAP 144 4.1.4
Diameter 149 4.1.5 Secure Electronic Transactions (SET) 150 4.1.6
Authentication Systems Summary 154 4.2 Human Authentication 154 4.2.1 What
the Subject Has Factor 155 4.2.2 What the Subject Knows Factor 155 4.2.3
What the Subject Is Factor 156 4.2.4 Where the Subject Is Factor 157 4.2.5
Combinations of Factors 157 4.2.6 Rainbow Tables 158 4.2.7 Proxies for
Humans 159 4.3 Chapter Summary 167 4.4 Further Reading and Resources 168 5
SECURITY SYSTEMS ENGINEERING 169 5.1 Security Policy Development 170 5.2
Senior Management Oversight and Involvement 170 5.3 Security Process
Management and Standards 170 5.3.1 ISO 27002 172 5.3.2 ISO 27001 185 5.3.3
Policy Hierarchy 186 5.3.4 An Enterprise Security Policy Example 189 5.3.5
COBIT 189 5.3.6 Information Technology Infrastructure Library 194 5.3.7
Federal Information Security Management Act (FISMA) 196 5.4 Information
Security Systems Engineering Methodology 199 5.4.1 Existing Asset Inventory
and Classification 201 5.4.2 Vulnerabilities, Threats, and Risk 203 5.4.3
Dealing with Risk 224 5.4.4 Risk Management Framework 232 5.4.5 Risk
Assignment 240 5.5 Requirements Analysis and Decomposition 240 5.6 Access
Control Concepts 244 5.6.1 Subjects, Objects, and Access Operations 245
5.6.2 Mandatory Access Control using a Matrix or Lattice Approach 246 5.6.3
Discretionary Access Control using an Access Control List Approach 246
5.6.4 Mandatory Access Control using a Capability List Approach 247 5.6.5
Administrative Tasks in Access Control Methods 248 5.6.6 Role-Based Access
Control (RBAC) 249 5.7 Security Modeling and Security-Related Standards 251
5.7.1 Confidentiality Policies and Integrity Policies 252 5.7.2
Bell-LaPadula Model 253 5.7.3 Graham-Denning Confidentiality Model 254
5.7.4 Chinese Wall Multilateral Confidentiality Model 255 5.7.5 Biba
Integrity Model 256 5.7.6 Clark-Wilson Model 256 5.7.7 Security Model
Summary 258 5.7.8 Security Standards 259 5.8 Chapter Summary 265 5.8.1
Things to Remember 266 6 TRADITIONAL NETWORK CONCEPTS 269 6.1 Networking
Architectures 269 6.1.1 OSI Network Model 270 6.1.2 Internet Network Model
272 6.2 Types of Networks 274 6.2.1 Local Area Network (LAN) 274 6.2.2
Wireless LAN (WLAN) 277 6.2.3 Metropolitan Area Networks (MAN) 277 6.2.4
Wide Area Networks (WAN) 278 6.2.5 The Internet 279 6.2.6 Circuit Switched
Networks 279 6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems
284 6.2.8 Sensor Networks 288 6.2.9 Clouds 289 6.2.10 Cellular Networks 294
6.2.11 IEEE 802.16 Networks 295 6.2.12 Long-Term Evolution Networks 295 6.3
Network Protocols 295 6.3.1 Layer 1--Physical 296 6.3.2 Layer 2--Data Link
Protocols 296 6.3.3 Layer 3--Internetworking Layer Protocols 310 6.3.4
Layer 4--Transport 332 6.3.5 Layer 5--User Application Protocols 342 6.3.6
Layer 5--Signaling and Control Application Protocols 349 6.3.7 Layer
5--Management Application Protocols 363 6.4 Chapter Summary 368 6.5 Further
Reading and Resources 370 7 NEXT-GENERATION NETWORKS 371 7.1 Framework and
Topology of the NGN 372 7.1.1 Functional Entities and Groups 372 7.1.2
Domains 373 7.1.3 Interfaces 374 7.1.4 Protocol Layers, Functional Planes,
and Interfaces 376 7.2 The NGN Functional Reference Model 380 7.2.1 Strata
380 7.2.2 Management Functional Group 381 7.2.3 Application Functional
Group 381 7.2.4 The Transport Stratum 381 7.2.5 The Service Stratum 385
7.2.6 The Service Stratum and the IP Multimedia Subsystem (IMS) 385 7.3
Relationship Between NGN Transport and Service Domains 389 7.4 Enterprise
Role Model 390 7.5 Security Allocation within the NGN Transport Stratum
Example 393 7.6 Converged Network Management (TMN and eTOM) 393 7.7 General
Network Security Architectures 401 7.7.1 The ITU-T X.800 Generic
Architecture 402 7.7.2 The Security Frameworks (X.810-X.816) 402 7.7.3 The
ITU-T X.805 Approach to Security 403 7.8 Chapter Summary 405 7.9 Further
Reading and Resources 405 8 GENERAL COMPUTER SECURITY ARCHITECTURE 409 8.1
The Hardware Protects the Software 410 8.1.1 Processor States and Status
411 8.1.2 Memory Management 412 8.1.3 Interruption of Processor Activity
420 8.1.4 Hardware Encryption 421 8.2 The Software Protects Information 424
8.3 Element Security Architecture Description 426 8.3.1 The Kernel 429
8.3.2 Security Contexts 430 8.3.3 Security-Critical Functions 432 8.3.4
Security-Related Functions 435 8.4 Operating System (OS) Structure 435
8.4.1 Security Management Function 437 8.4.2 Networking Subsystem Function
437 8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437 8.5.1
General Purpose (GP) OSs 438 8.5.2 Minimized General Purpose Operating
Systems 438 8.5.3 Embedded ("Real-Time") Operating Systems 449 8.5.4 Basic
Input-Output Systems (BIOS) 451 8.6 Chapter Summary 456 8.7 Further Reading
and Resources 460 9 COMPUTER SOFTWARE SECURITY 461 9.1 Specific Operating
Systems (OSs) 461 9.1.1 Unix and Linux Security 462 9.1.2 Solaris Operating
System and Role-Based Access Controls 473 9.1.3 Windows OSs 476 9.1.4
Embedded OSs 496 9.2 Applications 498 9.2.1 Application Security Issues 498
9.2.2 Malicious Software (Malware) 503 9.2.3 Anti-malware Applications 512
9.3 Chapter Summary 515 9.4 Further Reading and Resources 516 10 SECURITY
SYSTEMS DESIGN--DESIGNING NETWORK SECURITY 517 10.1 Introduction 517 10.2
Security Design for Protocol Layer 1 520 10.2.1 Wired and Optical Media 520
10.2.2 Wireless Media 522 10.3 Layer 2--Data Link Security Mechanisms 524
10.3.1 IEEE 802.1x 524 10.3.2 IEEE 802.1ae 525 10.3.3 IEEE 802.11 WPA and
802.11i 528 10.4 Security Design for Protocol Layer 3 530 10.4.1 IP
Security (IPsec) 530 10.5 IP Packet Authorization and Access Control 558
10.5.1 Network and Host Packet Filtering 559 10.5.2 The Demilitarized Zone
563 10.5.3 Application-Level Gateways 564 10.5.4 Deep-Packet Inspection
(DPI) 567 10.6 Chapter Summary 571 10.7 Further Reading and Resources 571
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573 11.1 Layer
4--Transport Security Protocols 573 11.1.1 TLS, DTLS, and SSL 574 11.1.2
Secure Shell (SSH) 581 11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581
11.2 Layer 5--User Service Application Protocols 582 11.2.1 Email 583
11.2.1.1 Pretty Good Privacy (PGP) 583 11.2.2 World Wide Web (Web) and
Identity Management 589 11.2.3 Voice over Internet Protocol (VoIP) 596
11.2.4 DNS Security Extensions 605 11.2.5 Instant Messaging and Chat 608
11.2.6 Peer-to-Peer Applications 615 11.2.7 Ad hoc Networks 616 11.2.8 Java
618 11.2.9 .NET 622 11.2.10 Common Object Request Broker Architecture
(CORBA) 624 11.2.11 Distributed Computing Environment 626 11.2.12 Dynamic
Host Configuration Protocol Security 630 11.3 Chapter Summary 632 11.4
Further Reading and Resources 632 12 SECURING MANAGEMENT AND MANAGING
SECURITY 633 12.1 Securing Management Applications 633 12.1.1 Management
Roots 633 12.1.2 The Telecommunications Management Network 634 12.1.3 TMN
Security 640 12.1.4 Management of Security Mechanisms 642 12.1.5 A Security
Management Framework 645 12.2 Operation, Administration, Maintenance, and
Decommissioning 648 12.2.1 Operational Security Mechanisms 649 12.2.2
Operations Security 654 12.2.3 Operations Compliance 664 12.3 Systems
Implementation or Procurement 671 12.3.1 Development 672 12.3.2 Procurement
673 12.3.3 Forensic Tools 681 12.4 Chapter Summary 681 12.5 Further Reading
and Resources 681 About the Author 683 Glossary 685 Index 725
Preface and Acknowledgments xxiii About the Companion Website xxvii 1 WHAT
IS SECURITY? 1 1.1 Introduction 1 1.2 The Subject of Security 2 1.2.1
Branches of Security 2 1.2.2 Defining Security by Function 5 1.2.3 The
Common Body of Knowledge (CBK) Security Domains 8 1.3 A Twenty-First
Century Tale 15 1.3.1 The Actors 15 1.3.2 What Actually Occurred 17 1.3.3
How Could All This Have Been Prevented? 19 1.3.4 They Did Not Live Happily
Ever After 20 1.4 Why Are You Important to Computer Security? 21 1.4.1 What
Are the Threats to Your Computer? 22 1.4.2 As a User, What to Do? 23 1.4.3
The Reality of Cybercrime and Cyberwarfare 23 1.5 End of the Beginning 25
1.6 Chapter Summary 29 1.7 Further Reading and Resources 30 2 SYSTEMS
ENGINEERING 31 2.1 So What Is Systems Engineering? 31 2.1.1 Similar Systems
Engineering Process 32 2.1.2 Another Systems Engineering View 38 2.1.3
Process Variations 41 2.2 Process Management 41 2.2.1 ISO 9000 Processes
and Procedures 41 2.2.2 Capability Maturity Model (CMM) 43 2.3 Organization
Environments 46 2.3.1 Economic, Legal, and Political Contexts 47 2.3.2
Business/Organizational Types 52 2.3.3 National Critical Infrastructure 56
2.4 Chapter Summary 59 2.5 Further Reading and Resources 59 3 FOUNDATION
CONCEPTS 61 3.1 Security Concepts and Goals 62 3.1.1 Subjects and Objects
63 3.1.2 What Is Trust? 63 3.1.3 Domains, Security, and Trust 64 3.1.4
Security Goals/Objectives 65 3.1.5 X.800 Security Services 66 3.1.6 A
Modern Definition of Security Services 69 3.2 Role of Cryptography in
Information Security 77 3.2.1 Cryptographic Hash Algorithms 81 3.2.2
Encryption Algorithms 86 3.2.3 Cryptanalysis and Other Key Issues 101 3.2.4
Key Management 108 3.2.5 Cryptographic Authentication 112 3.3 Key
Management Revisited 120 3.4 Chapter Summary 121 3.5 Further Reading and
Resources 122 4 AUTHENTICATION OF SUBJECTS 123 4.1 Authentication Systems
123 4.1.1 Kerberos-Based Authentication 124 4.1.2 Public-Key Infrastructure
128 4.1.3 Remote Authentication Dial-in User Service and EAP 144 4.1.4
Diameter 149 4.1.5 Secure Electronic Transactions (SET) 150 4.1.6
Authentication Systems Summary 154 4.2 Human Authentication 154 4.2.1 What
the Subject Has Factor 155 4.2.2 What the Subject Knows Factor 155 4.2.3
What the Subject Is Factor 156 4.2.4 Where the Subject Is Factor 157 4.2.5
Combinations of Factors 157 4.2.6 Rainbow Tables 158 4.2.7 Proxies for
Humans 159 4.3 Chapter Summary 167 4.4 Further Reading and Resources 168 5
SECURITY SYSTEMS ENGINEERING 169 5.1 Security Policy Development 170 5.2
Senior Management Oversight and Involvement 170 5.3 Security Process
Management and Standards 170 5.3.1 ISO 27002 172 5.3.2 ISO 27001 185 5.3.3
Policy Hierarchy 186 5.3.4 An Enterprise Security Policy Example 189 5.3.5
COBIT 189 5.3.6 Information Technology Infrastructure Library 194 5.3.7
Federal Information Security Management Act (FISMA) 196 5.4 Information
Security Systems Engineering Methodology 199 5.4.1 Existing Asset Inventory
and Classification 201 5.4.2 Vulnerabilities, Threats, and Risk 203 5.4.3
Dealing with Risk 224 5.4.4 Risk Management Framework 232 5.4.5 Risk
Assignment 240 5.5 Requirements Analysis and Decomposition 240 5.6 Access
Control Concepts 244 5.6.1 Subjects, Objects, and Access Operations 245
5.6.2 Mandatory Access Control using a Matrix or Lattice Approach 246 5.6.3
Discretionary Access Control using an Access Control List Approach 246
5.6.4 Mandatory Access Control using a Capability List Approach 247 5.6.5
Administrative Tasks in Access Control Methods 248 5.6.6 Role-Based Access
Control (RBAC) 249 5.7 Security Modeling and Security-Related Standards 251
5.7.1 Confidentiality Policies and Integrity Policies 252 5.7.2
Bell-LaPadula Model 253 5.7.3 Graham-Denning Confidentiality Model 254
5.7.4 Chinese Wall Multilateral Confidentiality Model 255 5.7.5 Biba
Integrity Model 256 5.7.6 Clark-Wilson Model 256 5.7.7 Security Model
Summary 258 5.7.8 Security Standards 259 5.8 Chapter Summary 265 5.8.1
Things to Remember 266 6 TRADITIONAL NETWORK CONCEPTS 269 6.1 Networking
Architectures 269 6.1.1 OSI Network Model 270 6.1.2 Internet Network Model
272 6.2 Types of Networks 274 6.2.1 Local Area Network (LAN) 274 6.2.2
Wireless LAN (WLAN) 277 6.2.3 Metropolitan Area Networks (MAN) 277 6.2.4
Wide Area Networks (WAN) 278 6.2.5 The Internet 279 6.2.6 Circuit Switched
Networks 279 6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems
284 6.2.8 Sensor Networks 288 6.2.9 Clouds 289 6.2.10 Cellular Networks 294
6.2.11 IEEE 802.16 Networks 295 6.2.12 Long-Term Evolution Networks 295 6.3
Network Protocols 295 6.3.1 Layer 1--Physical 296 6.3.2 Layer 2--Data Link
Protocols 296 6.3.3 Layer 3--Internetworking Layer Protocols 310 6.3.4
Layer 4--Transport 332 6.3.5 Layer 5--User Application Protocols 342 6.3.6
Layer 5--Signaling and Control Application Protocols 349 6.3.7 Layer
5--Management Application Protocols 363 6.4 Chapter Summary 368 6.5 Further
Reading and Resources 370 7 NEXT-GENERATION NETWORKS 371 7.1 Framework and
Topology of the NGN 372 7.1.1 Functional Entities and Groups 372 7.1.2
Domains 373 7.1.3 Interfaces 374 7.1.4 Protocol Layers, Functional Planes,
and Interfaces 376 7.2 The NGN Functional Reference Model 380 7.2.1 Strata
380 7.2.2 Management Functional Group 381 7.2.3 Application Functional
Group 381 7.2.4 The Transport Stratum 381 7.2.5 The Service Stratum 385
7.2.6 The Service Stratum and the IP Multimedia Subsystem (IMS) 385 7.3
Relationship Between NGN Transport and Service Domains 389 7.4 Enterprise
Role Model 390 7.5 Security Allocation within the NGN Transport Stratum
Example 393 7.6 Converged Network Management (TMN and eTOM) 393 7.7 General
Network Security Architectures 401 7.7.1 The ITU-T X.800 Generic
Architecture 402 7.7.2 The Security Frameworks (X.810-X.816) 402 7.7.3 The
ITU-T X.805 Approach to Security 403 7.8 Chapter Summary 405 7.9 Further
Reading and Resources 405 8 GENERAL COMPUTER SECURITY ARCHITECTURE 409 8.1
The Hardware Protects the Software 410 8.1.1 Processor States and Status
411 8.1.2 Memory Management 412 8.1.3 Interruption of Processor Activity
420 8.1.4 Hardware Encryption 421 8.2 The Software Protects Information 424
8.3 Element Security Architecture Description 426 8.3.1 The Kernel 429
8.3.2 Security Contexts 430 8.3.3 Security-Critical Functions 432 8.3.4
Security-Related Functions 435 8.4 Operating System (OS) Structure 435
8.4.1 Security Management Function 437 8.4.2 Networking Subsystem Function
437 8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437 8.5.1
General Purpose (GP) OSs 438 8.5.2 Minimized General Purpose Operating
Systems 438 8.5.3 Embedded ("Real-Time") Operating Systems 449 8.5.4 Basic
Input-Output Systems (BIOS) 451 8.6 Chapter Summary 456 8.7 Further Reading
and Resources 460 9 COMPUTER SOFTWARE SECURITY 461 9.1 Specific Operating
Systems (OSs) 461 9.1.1 Unix and Linux Security 462 9.1.2 Solaris Operating
System and Role-Based Access Controls 473 9.1.3 Windows OSs 476 9.1.4
Embedded OSs 496 9.2 Applications 498 9.2.1 Application Security Issues 498
9.2.2 Malicious Software (Malware) 503 9.2.3 Anti-malware Applications 512
9.3 Chapter Summary 515 9.4 Further Reading and Resources 516 10 SECURITY
SYSTEMS DESIGN--DESIGNING NETWORK SECURITY 517 10.1 Introduction 517 10.2
Security Design for Protocol Layer 1 520 10.2.1 Wired and Optical Media 520
10.2.2 Wireless Media 522 10.3 Layer 2--Data Link Security Mechanisms 524
10.3.1 IEEE 802.1x 524 10.3.2 IEEE 802.1ae 525 10.3.3 IEEE 802.11 WPA and
802.11i 528 10.4 Security Design for Protocol Layer 3 530 10.4.1 IP
Security (IPsec) 530 10.5 IP Packet Authorization and Access Control 558
10.5.1 Network and Host Packet Filtering 559 10.5.2 The Demilitarized Zone
563 10.5.3 Application-Level Gateways 564 10.5.4 Deep-Packet Inspection
(DPI) 567 10.6 Chapter Summary 571 10.7 Further Reading and Resources 571
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573 11.1 Layer
4--Transport Security Protocols 573 11.1.1 TLS, DTLS, and SSL 574 11.1.2
Secure Shell (SSH) 581 11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581
11.2 Layer 5--User Service Application Protocols 582 11.2.1 Email 583
11.2.1.1 Pretty Good Privacy (PGP) 583 11.2.2 World Wide Web (Web) and
Identity Management 589 11.2.3 Voice over Internet Protocol (VoIP) 596
11.2.4 DNS Security Extensions 605 11.2.5 Instant Messaging and Chat 608
11.2.6 Peer-to-Peer Applications 615 11.2.7 Ad hoc Networks 616 11.2.8 Java
618 11.2.9 .NET 622 11.2.10 Common Object Request Broker Architecture
(CORBA) 624 11.2.11 Distributed Computing Environment 626 11.2.12 Dynamic
Host Configuration Protocol Security 630 11.3 Chapter Summary 632 11.4
Further Reading and Resources 632 12 SECURING MANAGEMENT AND MANAGING
SECURITY 633 12.1 Securing Management Applications 633 12.1.1 Management
Roots 633 12.1.2 The Telecommunications Management Network 634 12.1.3 TMN
Security 640 12.1.4 Management of Security Mechanisms 642 12.1.5 A Security
Management Framework 645 12.2 Operation, Administration, Maintenance, and
Decommissioning 648 12.2.1 Operational Security Mechanisms 649 12.2.2
Operations Security 654 12.2.3 Operations Compliance 664 12.3 Systems
Implementation or Procurement 671 12.3.1 Development 672 12.3.2 Procurement
673 12.3.3 Forensic Tools 681 12.4 Chapter Summary 681 12.5 Further Reading
and Resources 681 About the Author 683 Glossary 685 Index 725
IS SECURITY? 1 1.1 Introduction 1 1.2 The Subject of Security 2 1.2.1
Branches of Security 2 1.2.2 Defining Security by Function 5 1.2.3 The
Common Body of Knowledge (CBK) Security Domains 8 1.3 A Twenty-First
Century Tale 15 1.3.1 The Actors 15 1.3.2 What Actually Occurred 17 1.3.3
How Could All This Have Been Prevented? 19 1.3.4 They Did Not Live Happily
Ever After 20 1.4 Why Are You Important to Computer Security? 21 1.4.1 What
Are the Threats to Your Computer? 22 1.4.2 As a User, What to Do? 23 1.4.3
The Reality of Cybercrime and Cyberwarfare 23 1.5 End of the Beginning 25
1.6 Chapter Summary 29 1.7 Further Reading and Resources 30 2 SYSTEMS
ENGINEERING 31 2.1 So What Is Systems Engineering? 31 2.1.1 Similar Systems
Engineering Process 32 2.1.2 Another Systems Engineering View 38 2.1.3
Process Variations 41 2.2 Process Management 41 2.2.1 ISO 9000 Processes
and Procedures 41 2.2.2 Capability Maturity Model (CMM) 43 2.3 Organization
Environments 46 2.3.1 Economic, Legal, and Political Contexts 47 2.3.2
Business/Organizational Types 52 2.3.3 National Critical Infrastructure 56
2.4 Chapter Summary 59 2.5 Further Reading and Resources 59 3 FOUNDATION
CONCEPTS 61 3.1 Security Concepts and Goals 62 3.1.1 Subjects and Objects
63 3.1.2 What Is Trust? 63 3.1.3 Domains, Security, and Trust 64 3.1.4
Security Goals/Objectives 65 3.1.5 X.800 Security Services 66 3.1.6 A
Modern Definition of Security Services 69 3.2 Role of Cryptography in
Information Security 77 3.2.1 Cryptographic Hash Algorithms 81 3.2.2
Encryption Algorithms 86 3.2.3 Cryptanalysis and Other Key Issues 101 3.2.4
Key Management 108 3.2.5 Cryptographic Authentication 112 3.3 Key
Management Revisited 120 3.4 Chapter Summary 121 3.5 Further Reading and
Resources 122 4 AUTHENTICATION OF SUBJECTS 123 4.1 Authentication Systems
123 4.1.1 Kerberos-Based Authentication 124 4.1.2 Public-Key Infrastructure
128 4.1.3 Remote Authentication Dial-in User Service and EAP 144 4.1.4
Diameter 149 4.1.5 Secure Electronic Transactions (SET) 150 4.1.6
Authentication Systems Summary 154 4.2 Human Authentication 154 4.2.1 What
the Subject Has Factor 155 4.2.2 What the Subject Knows Factor 155 4.2.3
What the Subject Is Factor 156 4.2.4 Where the Subject Is Factor 157 4.2.5
Combinations of Factors 157 4.2.6 Rainbow Tables 158 4.2.7 Proxies for
Humans 159 4.3 Chapter Summary 167 4.4 Further Reading and Resources 168 5
SECURITY SYSTEMS ENGINEERING 169 5.1 Security Policy Development 170 5.2
Senior Management Oversight and Involvement 170 5.3 Security Process
Management and Standards 170 5.3.1 ISO 27002 172 5.3.2 ISO 27001 185 5.3.3
Policy Hierarchy 186 5.3.4 An Enterprise Security Policy Example 189 5.3.5
COBIT 189 5.3.6 Information Technology Infrastructure Library 194 5.3.7
Federal Information Security Management Act (FISMA) 196 5.4 Information
Security Systems Engineering Methodology 199 5.4.1 Existing Asset Inventory
and Classification 201 5.4.2 Vulnerabilities, Threats, and Risk 203 5.4.3
Dealing with Risk 224 5.4.4 Risk Management Framework 232 5.4.5 Risk
Assignment 240 5.5 Requirements Analysis and Decomposition 240 5.6 Access
Control Concepts 244 5.6.1 Subjects, Objects, and Access Operations 245
5.6.2 Mandatory Access Control using a Matrix or Lattice Approach 246 5.6.3
Discretionary Access Control using an Access Control List Approach 246
5.6.4 Mandatory Access Control using a Capability List Approach 247 5.6.5
Administrative Tasks in Access Control Methods 248 5.6.6 Role-Based Access
Control (RBAC) 249 5.7 Security Modeling and Security-Related Standards 251
5.7.1 Confidentiality Policies and Integrity Policies 252 5.7.2
Bell-LaPadula Model 253 5.7.3 Graham-Denning Confidentiality Model 254
5.7.4 Chinese Wall Multilateral Confidentiality Model 255 5.7.5 Biba
Integrity Model 256 5.7.6 Clark-Wilson Model 256 5.7.7 Security Model
Summary 258 5.7.8 Security Standards 259 5.8 Chapter Summary 265 5.8.1
Things to Remember 266 6 TRADITIONAL NETWORK CONCEPTS 269 6.1 Networking
Architectures 269 6.1.1 OSI Network Model 270 6.1.2 Internet Network Model
272 6.2 Types of Networks 274 6.2.1 Local Area Network (LAN) 274 6.2.2
Wireless LAN (WLAN) 277 6.2.3 Metropolitan Area Networks (MAN) 277 6.2.4
Wide Area Networks (WAN) 278 6.2.5 The Internet 279 6.2.6 Circuit Switched
Networks 279 6.2.7 Supervisory Control and Data Acquisition (SCADA) Systems
284 6.2.8 Sensor Networks 288 6.2.9 Clouds 289 6.2.10 Cellular Networks 294
6.2.11 IEEE 802.16 Networks 295 6.2.12 Long-Term Evolution Networks 295 6.3
Network Protocols 295 6.3.1 Layer 1--Physical 296 6.3.2 Layer 2--Data Link
Protocols 296 6.3.3 Layer 3--Internetworking Layer Protocols 310 6.3.4
Layer 4--Transport 332 6.3.5 Layer 5--User Application Protocols 342 6.3.6
Layer 5--Signaling and Control Application Protocols 349 6.3.7 Layer
5--Management Application Protocols 363 6.4 Chapter Summary 368 6.5 Further
Reading and Resources 370 7 NEXT-GENERATION NETWORKS 371 7.1 Framework and
Topology of the NGN 372 7.1.1 Functional Entities and Groups 372 7.1.2
Domains 373 7.1.3 Interfaces 374 7.1.4 Protocol Layers, Functional Planes,
and Interfaces 376 7.2 The NGN Functional Reference Model 380 7.2.1 Strata
380 7.2.2 Management Functional Group 381 7.2.3 Application Functional
Group 381 7.2.4 The Transport Stratum 381 7.2.5 The Service Stratum 385
7.2.6 The Service Stratum and the IP Multimedia Subsystem (IMS) 385 7.3
Relationship Between NGN Transport and Service Domains 389 7.4 Enterprise
Role Model 390 7.5 Security Allocation within the NGN Transport Stratum
Example 393 7.6 Converged Network Management (TMN and eTOM) 393 7.7 General
Network Security Architectures 401 7.7.1 The ITU-T X.800 Generic
Architecture 402 7.7.2 The Security Frameworks (X.810-X.816) 402 7.7.3 The
ITU-T X.805 Approach to Security 403 7.8 Chapter Summary 405 7.9 Further
Reading and Resources 405 8 GENERAL COMPUTER SECURITY ARCHITECTURE 409 8.1
The Hardware Protects the Software 410 8.1.1 Processor States and Status
411 8.1.2 Memory Management 412 8.1.3 Interruption of Processor Activity
420 8.1.4 Hardware Encryption 421 8.2 The Software Protects Information 424
8.3 Element Security Architecture Description 426 8.3.1 The Kernel 429
8.3.2 Security Contexts 430 8.3.3 Security-Critical Functions 432 8.3.4
Security-Related Functions 435 8.4 Operating System (OS) Structure 435
8.4.1 Security Management Function 437 8.4.2 Networking Subsystem Function
437 8.5 Security Mechanisms for Deployed Operating Systems (OSs) 437 8.5.1
General Purpose (GP) OSs 438 8.5.2 Minimized General Purpose Operating
Systems 438 8.5.3 Embedded ("Real-Time") Operating Systems 449 8.5.4 Basic
Input-Output Systems (BIOS) 451 8.6 Chapter Summary 456 8.7 Further Reading
and Resources 460 9 COMPUTER SOFTWARE SECURITY 461 9.1 Specific Operating
Systems (OSs) 461 9.1.1 Unix and Linux Security 462 9.1.2 Solaris Operating
System and Role-Based Access Controls 473 9.1.3 Windows OSs 476 9.1.4
Embedded OSs 496 9.2 Applications 498 9.2.1 Application Security Issues 498
9.2.2 Malicious Software (Malware) 503 9.2.3 Anti-malware Applications 512
9.3 Chapter Summary 515 9.4 Further Reading and Resources 516 10 SECURITY
SYSTEMS DESIGN--DESIGNING NETWORK SECURITY 517 10.1 Introduction 517 10.2
Security Design for Protocol Layer 1 520 10.2.1 Wired and Optical Media 520
10.2.2 Wireless Media 522 10.3 Layer 2--Data Link Security Mechanisms 524
10.3.1 IEEE 802.1x 524 10.3.2 IEEE 802.1ae 525 10.3.3 IEEE 802.11 WPA and
802.11i 528 10.4 Security Design for Protocol Layer 3 530 10.4.1 IP
Security (IPsec) 530 10.5 IP Packet Authorization and Access Control 558
10.5.1 Network and Host Packet Filtering 559 10.5.2 The Demilitarized Zone
563 10.5.3 Application-Level Gateways 564 10.5.4 Deep-Packet Inspection
(DPI) 567 10.6 Chapter Summary 571 10.7 Further Reading and Resources 571
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 573 11.1 Layer
4--Transport Security Protocols 573 11.1.1 TLS, DTLS, and SSL 574 11.1.2
Secure Shell (SSH) 581 11.1.3 Comparison of SSL, TLS, DTLS, and IPsec 581
11.2 Layer 5--User Service Application Protocols 582 11.2.1 Email 583
11.2.1.1 Pretty Good Privacy (PGP) 583 11.2.2 World Wide Web (Web) and
Identity Management 589 11.2.3 Voice over Internet Protocol (VoIP) 596
11.2.4 DNS Security Extensions 605 11.2.5 Instant Messaging and Chat 608
11.2.6 Peer-to-Peer Applications 615 11.2.7 Ad hoc Networks 616 11.2.8 Java
618 11.2.9 .NET 622 11.2.10 Common Object Request Broker Architecture
(CORBA) 624 11.2.11 Distributed Computing Environment 626 11.2.12 Dynamic
Host Configuration Protocol Security 630 11.3 Chapter Summary 632 11.4
Further Reading and Resources 632 12 SECURING MANAGEMENT AND MANAGING
SECURITY 633 12.1 Securing Management Applications 633 12.1.1 Management
Roots 633 12.1.2 The Telecommunications Management Network 634 12.1.3 TMN
Security 640 12.1.4 Management of Security Mechanisms 642 12.1.5 A Security
Management Framework 645 12.2 Operation, Administration, Maintenance, and
Decommissioning 648 12.2.1 Operational Security Mechanisms 649 12.2.2
Operations Security 654 12.2.3 Operations Compliance 664 12.3 Systems
Implementation or Procurement 671 12.3.1 Development 672 12.3.2 Procurement
673 12.3.3 Forensic Tools 681 12.4 Chapter Summary 681 12.5 Further Reading
and Resources 681 About the Author 683 Glossary 685 Index 725