Introduction to Computer Networks and Cybersecurity

If a network is not secure, how valuable is it? Introduction to Computer Networks and Cybersecurity takes an integrated approach to networking and cybersecurity, highlighting the interconnections so that you quickly understand the complex design issues in modern networks. This full-color book uses a wealth of examples and illustrations to effectively connect the principles of networks and networking protocols with the relevant cybersecurity issues. Get the Fundamentals of Internet Architecture and the Protocol Layers Organized into six parts, the book walks you through the fundamentals, starting with the way most people first encounter computer networks-through the Internet architecture. Part 1 covers the most important Internet applications and the methods used to develop them. Part 2 discusses the network edge, consisting of hosts, access networks, LANs, and the physical media used with the physical and link layers. Part 3 explores the network core, including packet/circuit switches, routers, and the Internet backbone, and Part 4 examines reliable transport and the management of network congestion. Learn about Malware and Security Systems Building on the concepts and principles, the book then delves into state-of-the-art cybersecurity mechanisms in Part 5. It reviews the types of malware and the various security systems, made up of firewalls, intrusion detection systems, and other components. Crucially, it provides a seamless view of an information infrastructure in which security capabilities are built in rather than treated as an add-on feature. The book closes with a look at emerging technologies, including virtualization and data center and cloud computing unified communication. Understand Cyber Attacks-and What You Can Do to Defend against Them This comprehensive text supplies a carefully designed introduction to both the fundamentals of networks and the latest advances in Internet security. Addressing cybersecurity from an Internet perspective, it prepares you to better understand the motivation and methods of cyber attacks and what you can do to protect the networks and the applications that run on them. Pedagogical Features The book's modular design offers exceptional flexibility, whether you want to use it for quick reference, self-study, or a wide variety of one- or two-semester courses in computer networks, cybersecurity, or a hybrid of both. Learning goals in each chapter show you what you can expect to learn, and end-of-chapter problems and questions test your understanding. Throughout, the book uses real-world examples and extensive illustrations and screen captures to explain complicated concepts simply and clearly. Ancillary materials, including PowerPoint (R) animations, are available to instructors with qualifying course adoption. "Introduction to Computer Networks and Cybersecurity is much more than an introductory book. ... It is a well written, organized, and comprehensive book regarding the security in the Internet. The authors present analytically a useful manual concerning wireless security, malware defense, and the applications in Web security. The book helps readers to follow their own paths of learning while it is structured in distinctive modules that allow for flexible reading. It is a well-informed, revised, and comprehensible educational book that addresses not only professionals but also students or anybody else interested in cyber security and needs an integrated source." -Nicolas Sklavos, Information Security Journal: A Global Perspective (April 2014) "This book touches every corner of the topic of computer network and cybersecurity. It explains thoroughly the concept of network layers. There are detailed instructions and illustrations on the design of each network layer employing the newest Cisco technology. In addition, the book discusses the security issues in the context of computer networks. Then it presents different prevention algorithms and techniques, starting with cryptographic techniques. Firewalls, intrusion detection/prevention systems, authentication using hash, secure socket layer, virtual private network, and wireless network security are some of the security topics, which are described with real-life scenarios. The strength of the book lies in the fact that it also includes the recent and emerging Internet Engineering Task Force and Institute of Electrical and Electronic Engineers standards and drafts that govern computer network and security technologies. Both the Instructor and the students would be able to maintain an up-to-date knowledge on the state-of-the-art technologies regarding network security. ... The text book presents a comprehensive overview of the fundamental concepts as well as state-of-the-art technologies in computer networks and security in cyber domain. The modular structure of the book makes it easy to adapt it for a variety of programs, including computer engineering, computer science, computer networks, computer security, and security systems, with different student backgrounds." -Nazrul Islam, Farmingdale State College, New York, USA, Journal of Applied Security Research (January 2014) "This book represents one of the most comprehensive overviews of computer security I have seen recently. The reader can quickly identify and learn about various cyber attacks, and become familiar with terminology of attacks, authentication, and protocols (chain of trust, phishing attacks, cross-site request forgery attacks, bonnet attacks, DNSSEC, DKIM, SNMP, ...). ... The coupling of networking protocols and networks with their corresponding cybersecurity issues is a very good idea." -Milos Manic, University of Idaho, Idaho Falls, USA "This book combines good technical details with higher-level insights designed to help the reader focus on the right things and to understand them sufficiently. ... an up-to-date and well-written book on an exciting area of computing that forms the foundation for our modern, connected lives." -Tim Watson, Cyber Security Centre, De Montfort University, Leicester, UK "This book is an invaluable resource for students at all levels interested in computer cybersecurity. It also serves as an excellent reference in cybersecurity for professionals in this fast-evolving and critical field. This is an excellent text, content is very refreshing, informative, and easy to follow for students ranging from novice to advanced levels. It contains an impressive collection of up-to-date cybersecurity issues and analysis." -Simon Y. Foo, Florida State University, Tallahassee, USA "... this book offers a full and comprehensive view of the state of the art on computer networks and cyber security issues and could serve as a sort of handbook for this area by providing clear and detailed explanations of the related various topics." -Huijun Gao, Institute of Intelligent Control and Systems, Harbin Institute of Technology, China "Easy-to-read, current and very well-written text." -Jayantha Herath, St. Cloud State University, Minnesota, USA "One cannot deal with cybersecurity without being familiar with networking (and systems and programming for that matter) but I cannot remember seeing them in the same book, especially treated at that level of detail." -Phil Janson, EPFL (Swiss Federal Institute of Technology, Lausanne), Switzerland "Every chapter presents its own goals, giving the students the proper perspective. Identifying learning goals is the first step to proper learning. ... [This book] makes cybersecurity a concrete object that students can touch and feel, rather than just an abstract concept." -Alptekin Kupcu, Koc University, Istanbul, Turkey "This book by Wu and Irwin is one-stop shopping for a book that covers introduction to computer networks and to network security. Based on their industrial experience the authors selected the most important topics of both areas and created a text that can be used to learn about issues of network secur

An Introduction to Information Networks Introduction The Internet Architecture Access Networks The Network Core Circuit Switching vs. Packet Switching Packet Switching Delays and Congestion The Protocol Stack Providing the Benefits of Circuit Switching to Packet Switching Cyber Security History of the Internet Concluding Remarks References Problems SECTION 1 - APPLICATIONS The Application Layer Overview Client/Server and Peer-to-Peer Architectures Inter-process Communication through the Internet Sockets Transport Layer Services The Hypertext Transfer Protocol (http) Cookies: Providing States to HTTP The Design of Efficient Information Delivery through Use of a Proxy The File Transfer Protocol (FTP) Electronic Mail Concluding Remarks References Problems DNS and Active Directory The Domain Name Service (DNS) Active Directory (AD) Concluding Remarks References Problems XML-Based Web Services Overview of XML-Based Web Applications Client/Server Web Application Development The PHP Server Script AJAX XML XML Schema The XML Document Object Model (DOM) Concluding Remarks References Problems Socket Programming Motivation Socket Concepts TCP Socket Programming Single-Thread TCP Socket Programming Multi-thread TCP Socket Programming UDP Socket Programming Multi-thread UDP Socket Programming IPv6 Socket Programming Concluding Remarks References Problems Peer-to-Peer (P2P) Networks and Applications P2P-vs-Client/Server Types of P2P Networks Pure P2P: Gnutella Networks Partially Centralized Architectures Hybrid Decentralized (or Centralized) P2P Structured vs. Unstructured P2P Skype P2P Client Software Peer-to-Peer Name Resolution (PNRP) Apple's Bonjour Wi-Fi Direct Devices and P2P Technology P2P Security Internet Relay Chat (IRC) Concluding Remarks References Problems SECTION 2 - LINK AND PHYSICAL LAYERS The Data Link Layer and Physical Layer The Physical Layer Link Layer Functions Link Layer Realization Multiple Access Protocols The Link Layer Address MAC Layer Frame Format The 802.2 Logic Link Control (LLC) Sublayer Loop Prevention and Multipathing Error Detection Concluding Remarks References Problems The Ethernet and Switches Ethernet Overview The 802.3 Medium Access Control and Physical Layers The Ethernet Carrier Sense Multiple Access/Collision Detection Algorithm Ethernet Hubs Minimum Ethernet Frame Length Ethernet Cables and Connectors Gigabit Ethernet and Beyond Bridges and Switches A Layer 2 (L2) Switch and Layer 3 (L3) Switch/Router Design Issues in Network Processors (NPs) and ASICs Design Issues for the Packet Buffer/Memory and Switch Fabric Cut-Through or Store-and-Forward Ethernet for Low-Latency Switching Switch Management Concluding Remarks References Problems Virtual LAN, Class of Service, and Multilayer Networks The Virtual LAN (VLAN-802.11q) Class of Service (CoS-802.11p) Switch Design Issues in CoS, Queues and Switch Fabric Asynchronous Transfer Mode (ATM) Classical IP over ATM Multiprotocol Label Switching (MPLS) Multilayer Network (MLN) Architectures Concluding Remarks References Problems Wireless and Mobile Networks An Overview of Wireless Networks 802.11 Wireless LANs Wireless Personal Area Network (WPAN) WLANs and WPANs Comparison WiMAX (802.16) Cellular Networks Concluding Remarks References Problems SECTION 3 - NETWORK LAYER The Network Layer Network Layer Overview Connection-Oriented Networks Connectionless Datagram Forwarding Datagram Networks vs. Virtual Circuit ATM Networks Network Layer Functions in the Protocol Stack The IPv4 Header IP Datagram Fragmentation/Reassembly Type of Service (ToS) The IPv4 Address The Dynamic Host Configuration Protocol (DHCP) IP Multicast Routing between LANs Multiprotocol Label Switching (MPLS) Network Address Translation (NAT) The Internet Control Message Protocol (ICMP) The Mobile Internet Protocol Concluding Remarks References Problems IPv6 The Need for IPv6 The IPv6 Packet Format IPv6 Addresses The Transition from IPv4 to IPv6 IPv6 Configuration and Testing Concluding Remarks References Problems Routing and Interior Gateways Routing Protocol Overview Configuring a Router VLAN Routing Open Shortest Path First (OSPF) The OSPF Routing Algorithm The Routing Information Protocol (RIP) OSPF-vs.-RIP Concluding Remarks References Problems Border Gateway Routing Autonomous Systems Border Gateway Protocol (BGP) Overview A Real-World BGP Case BGP Route Advertisements BGP Route Selection BGP Import and Export Policies BGP Security Concluding Remarks References Problems SECTION 4 - TRANSPORT LAYER The Transport Layer Transport Layer Overview The Socket The User Datagram Protocol (UDP) A Reliable Transport Protocol: TCP The TCP Packet Header and Options The Buffer and Sliding Window Features of the Stream Control Transmission Protocol (SCTP) The SCTP Packet Format SCTP Association Establishment The SCTP SHUTDOWN SCTP Multi-Homing Concluding Remarks References Problems Packet Loss Recovery Packet Acknowledgment (ACK) and Retransmission Round Trip Time and Retransmission Timeout Cumulative ACK and Duplicate ACK The Sliding Window and Cumulative ACK Delayed ACK Fast Retransmit Lost Synchronization (SYN) Packet and Recovery The Silly Window Syndrome/Solution The TCP Selective Acknowledgment (SACK) Option Concluding Remarks References Problems TCP Congestion Control TCP Flow Control TCP Congestion Control Standard TCP End-to-end Congestion Control Methods TCP Tahoe and TCP Reno in Request for Comment (RFC) 2001 An Improvement for the Reno algorithm-RFC 2581 and RFC 5681 TCP NewReno TCP Throughput for a Real-World Download in Microsoft's Windows XP A Selective Acknowledgment (SACK)-Based Loss Recovery Algorithm High-Speed TCP (HSTCP) Congestion Control Design Issues CUBIC TCP Loss-Based TCP End-to-End Congestion Control Summary Delay-Based Congestion Control Algorithms Compound TCP (CTCP) The Adaptive Receive Window Size TCP Explicit Congestion Control and Its Design Issues The Absence of Congestion Control in UDP and TCP Compatibility Concluding Remarks References Problems SECTION 5 - CYBER SECURITY Cyber Security Overview Introduction Security from a Global Perspective Trends in the Types of Attacks and Malware The Types of Malware Vulnerability Naming Schemes and Security Configuration Settings Obfuscation and Mutations in Malware The Attacker's Motivation and Tactics Zero-Day Vulnerabilities Attacks on the Power Grid and Utility Networks Network and Information Infrastructure Defense Overview Concluding Remarks References Problems Firewalls Overview Unified Threat Management Firewalls Stateless Packet Filtering Stateful/Session Filtering Application-Level Gateways Circuit-Level Gateways A Comparison of Four Types of Firewalls The Architecture for a Primary-Backup Firewall The Windows 7/Vista Firewall as a Personal Firewall The Cisco Firewall as an Enterprise Firewall The Small Office/Home Office Firewall Emerging Firewall Technology Concluding Remarks References Problems Intrusion Detection/Prevention System Overview The Approaches Used for IDS/IPS Network-Based IDS/IPS Host-Based IDS/IPS Honeypots The Detection of Polymorphic/Metamorphic Worms Distributed Intrusion Detection Systems and Standards SNORT The TippingPoint IPS The McAfee Approach to IPS The Security Community's Collective Approach to IDS/IPS Concluding Remarks References Problems Hash and Authentication Authentication Overview Hash Functions The Hash Message Authentication Code (HMAC) Password-Based Authentication The Password-Based Encryption Standard The Automated Password Generator Standard Password-Based Security Protocols The One-Time Password and Token Open Identification (OpenID) and Open Authorization (OAuth) Concluding Remarks References Problems Symmetric Key Ciphers and Wireless LAN Security Block Ciphers Stream Ciphers The US Government's Cryptography Module Standards Side Channel Attacks and the Defensive Mechanisms Concluding Remarks References Problems Public Key Cryptography, Infrastructure and Certificates Introduction The Digital Signature Concept Public Key Cryptography Characteristics Elliptic Curve Cryptography (ECC) Certificates and the Public Key Infrastructure Public Key Cryptography Standards (PKCS) X.509 certificate and Private Key File Formats U.S. Government Standards Attacks Which Target the Public Key Infrastructure and Certificates Email Security Concluding Remarks References Problems Secure Socket Layer/Transport Layer Security (SSL/TLS) Protocols for Transport Layer Security Introductory Overview The Handshake Protocol Attacks on the Handshake Protocol The Record Protocol SSL/TLS Cryptography Datagram Transport Layer Security (DTLS) US Government Recommendations Extended Validation SSL (EV-SSL) Establishing a Certificate Authority (CA) Web Server's Certificate Setup and Client Computer Configuration A Certificate Authority's Self-Signed Root Certificate Browser Security Configurations Concluding Remarks References Problems Virtual Private Networks for Network Layer Security Network Security Overview Internet Protocol Security (IPsec) The Internet Key Exchange (IKE) Data Link Layer VPN Protocols VPN Configuration Procedure Examples Concluding Remarks References Problems Network Access Control and Wireless Network Security An Overview of Network Access Control (NAC) Kerberos The Trusted Platform Module (TPM) Multiple Factor Authentications: Cryptographic Tokens and TPM 802.1X Enterprise Wireless Network Security Protocols Concluding Remarks References Problems Cyber Threats and Their Defense Domain Name System (DNS) Protection Router Security Spam/Email Defensive Measures Phishing Defensive Measures Web-Based Attacks Database Defensive Measures Botnet Attacks and Applicable Defensive Techniques Concluding Remarks References Problems SECTION 6 - EMERGING TECHNOLOGIES Network and Information Infrastructure Virtualization Virtualization Overview The Virtualization Architecture Virtual Machine Monitor (VMM) Architecture Options CPU Virtualization Techniques Memory Virtualization I/O Virtualization Server Virtualization Virtual Networking Data Center Virtualization Cloud Computing Concluding Remarks References Problems Unified Communications and Multimedia Protocols Unified Communications (UC)/Unified Messaging (UM) Internet Protocol Telephony and Public Service Telephone Network Integration Implementations of Unified Communications The Session Initiation Protocol (SIP) The SIP Distributed Architecture Intelligence in Unified Communications The Media in a Session Initiation Protocol Session The Real-Time Protocol (RTP) and Its Packet Format The Real-Time Control Protocol (RTCP) and Quality of Service (QoS) Integrated Services in the Internet The Real-Time Streaming Protocol (RTSP) Unified Communication/Unified Messaging Security Concluding Remarks References Problems Glossary of Acronyms Index