A Practical Introduction to Enterprise Network and Security Management - Bongsik Shin

A Practical Introduction to Enterprise Network and Security Management

(Autor)

Buch | Hardcover
594 Seiten
2017
Productivity Press (Verlag)
978-1-4987-8797-0 (ISBN)
149,60 inkl. MwSt
zur Neuauflage
  • Titel erscheint in neuer Auflage
  • Artikel merken
Zu diesem Artikel existiert eine Nachauflage
The book is written for students studying Management Information Systems, Accounting Information Systems or Computer Science, and exposed to the subject for the first time.
Computer networking and cybersecurity are challenging subjects, partly because of the constant rise and fall of related technologies and IT paradigms. As the title implies, much focus of this book is on providing the audience with practical, as well as, theoretical knowledge necessary to build a solid ground for a successful professional career.

A Practical Introduction to Enterprise Network and Security Management contains 12 chapters of the correct amount of coverage for a semester or quarter. It balances introductory and fairly advanced subjects on computer networking and cybersecurity to deliver effectively technical and managerial knowledge. It explains sometimes challenging concepts in a manner that students can follow with careful reading.

A Practical Introduction to Enterprise Network and Security Management is designed to offer impactful, hands-on learning experiences without relying on a computer lab. First, each chapter comes with practical exercise questions. In the class setting, they are good as individual or group assignments. Many of them are based on simulated or real cases, and take advantage of actual industry products and systems for a reader to better relate theories to practice. Second, there are a number of information-rich screen shots, figures, and tables in each chapter carefully constructed to solidify concepts and thus enhance visual learning.

A Practical Introduction to Enterprise Network and Security Management:



Is written for students studying management information systems, accounting information systems, or computer science in a semester of 15 to 16 weeks, and exposed to the subject for the first time



Takes advantage of many real cases and examples, and actual industry products and services (software, hardware, and configurations) so that students can better relate concepts and theories to practice



Explains subjects in a systematic, but very practical manner that students can follow through



Provides students with practical understanding of both computer networking and cybersecurity



Contains highly practical exercise questions, which can be individual or group assignments within or without the class, included in each chapter to reinforce learning.

In addition to the thorough technical details, managerial issues including, enterprise network planning, design, and management from the practitioner’s perspective are embedded throughout the text to assist balanced learning. Bearing in mind of the critical importance of security in today’s enterprise networks, the text discusses the implications of network design and management on enterprise security whenever appropriate. Lastly, to reinforce knowledge in security management further, two chapters introduce the fundamentals of cybersecurity in terms of threat types and defense techniques.

Bongsik Shin is a professor of Management Information Systems at San Diego State University. He earned a Ph.D. from the University of Arizona and was an assistant professor at the University of Nebraska at Omaha before joining San Diego State University. He has taught computer network & cybersecurity management, business intelligence (data warehousing & data mining, statistics), decision support systems, electronic commerce, and IT management & strategy. Especially, he has been teaching computer networking and cybersecurity continuously over 20 years. His academic activities in pursuit of teaching and research excellence have been funded by more than 25 internal and external grants. His recent research efforts have been all about cybersecurity on subjects related to cyber threat intelligence, ransomware, authentication & access control and countermeasures of phishing. Recently, his team, he as the principal investigator, has been awarded a grant by the Department of Defense of the US to conduct research on "Actionable Intelligence-Oriented Cyber Threat Modeling." He has published more than 30 articles in such high impact journals as MIS Quarterly, IEEE Transactions on Engineering Management, IEEE Transactions on Systems, Man, and Cybernetics, Communications of the ACM, Journal of Association for Information Systems, European Journal of Information Systems, Journal of Management Information Systems, Information Systems Journal, Information & Management, and Decision Support Systems. In 2016, he served as a conference co-chair of Americas Conference on Information Systems, one of the three largest MIS conferences with attendees from 40+ countries.

Preface

Author

Chapter 1: Fundamental Concepts 1










Introduction



Network Elements





Host





Client–Server Mode



P2P Mode



Network Interface Card




Intermediary Device



Network Link



Application



Data/Message



Protocol




Modes of Communication





Methods of Data Distribution





Unicasting



Broadcasting



Multicasting




Directionality in Data Exchange





Simplex



Duplex






Network Topology





Point-to-Point Topology



Bus Topology



Ring Topology



Star (Hub-and-Spoke) Topology



Mesh Topology



Tree (or Hierarchical) Topology




Classification of Networks





Personal Area Network



Local Area Network



Metropolitan Area Network



Wide Area Network



Rise of Internet of Things




Subnetwork versus Inter-network



Measures of Network Performance





Capacity





Data Types and Data Rate




Delay



Reliability



Quality of Service




Numbering Systems





Binary versus Decimal



Binary versus Hexadecimal







v

vi Contents










Network Addressing





Characterizing Network Addressing



MAC Address



IP Address



Pairing of MAC and IP Addresses Chapter Summary







Key Terms

Chapter Review Questions

Chapter 2: Architectures and Standards










Introduction



TCP/IP versus OSI





Standard Architecture



Standard and Protocol



Protocol Data Unit




Layer Functions: An Analogy



Layer Processing



Application Layer (Layer 5)





HTTP Demonstration



Select Application Layer Protocols




Transport Layer (Layer 4)





Provision of Data Integrity





Error Control



Flow Control



TCP and Data Integrity



UDP and Data Integrity




Session Management





Session versus No Session



Session Management by TCP



TCP Session in Real Setting



Additional Notes




Port Management





Port Types and Ranges



Source versus Destination Port



Socket






Internet Layer (Layer 3)





Packet Creation and Routing Decision





Packet Creation



Packet Routing Decision




Performing Supervisory Functions




Data Link Layer (Layer 2)





LAN Data Link





Frame and Switching



Link Types



Technology Standard(s)



Single Active Delivery Path



Frame’s MAC Addresses




WAN Data Link




Physical Layer (Layer 1)



Layer Implementation





Application Layer



Transport and Internet Layers



Data link and Physical Layers







Chapter Summary Key Terms

Chapter Review Questions

Chapter 3: Intermediary Devices










Introduction



Intermediary Devices





Operational Layers



Operating System





General Attributes



Access to Operating System






Hub (Multiport Repeater)



Bridge and Wireless Access Point



Switch





General Features



Switch Port



Switch Table





Switch Table Entries



Switch Learning



Aging of Entries




Switch Types





Nonmanaged versus Managed Switches



Store-and-Forward versus Cut-Through Switches



Symmetric versus Asymmetric Switches



Layer 2 versus Layer 3 Switches



Fixed, Stackable, and Modular Switches



Power over Ethernet




Security Issues





Safeguarding Switch Ports



Port Mirroring






Routers





Two Primary Functions





Routing Table Development and Its Update



Packet Forwarding




Router Components



Router Ports and Naming



Router Configuration





Basic Features



Advanced Features






Switching versus Routing





Data Link Layer versus Internet Layer



Connection-Oriented versus Connectionless



Single Delivery versus Multiple Delivery Paths




Address Resolution Protocol





Background



ARP Usage Scenarios




Choice of Intermediary Devices



Collision versus Broadcast Domains





Collision Domain





Collision Domain Types



Collision Domain and Network Design



CSMA/CD




Broadcast Domain







viii Contents

Chapter Summary Key Terms

Chapter Review Questions

Chapter 4: Elements of Data Transmissions










Introduction



Data Transmission Elements





Digital Signaling





On/Off Signaling



Voltage Signaling




Analog Signaling





Properties of Analog Signal



Modulation




Signaling Devices





Modem and Analog Signaling



CSU/DSU and Digital Signaling




Bandwidth and Related Concepts





Bandwidth



Baseband and Broadband




Synchronous versus Asynchronous Transmissions





Asynchronous Transmission



Synchronous Transmission




Multiplexing





Frequency Division Multiplexing



FDM Example: ADSL



Time Division Multiplexing



TDM Example: T-1 Line



Spread Spectrum




Digital Speed Hierarchies





Digital Signal



Optical Carrier/Synchronous Transport Module






Networking Media





Propagation Effects





Attenuation



Distortion




Twisted Pairs





UTP versus STP



Cable Structure and Categories



Twisted-Pair Patch Cable




Optical Fibers





Advantages



Physical Structure



Single Mode versus Multimode



Fiber Patch Cable




LAN Cabling Standards




Structured Cabling





Background



Structured Cabling System Chapter Summary







Key Terms

Chapter Review Questions

Chapter 5: IP Address Planning and Management










Introduction



Governance of IP Address Space



Structure of the IP Address





Binary versus Decimal Value Conversion



Structure of the IP Address




Classful IP: Legacy





Class A Network



Class B Network



Class C Network




Classless IP: Today



Special IP Address Ranges





Loopback





Internal Testing of TCP/IP Stack



Off-Line Testing of an Application




Broadcasting





Limited Broadcasting



Directed Broadcasting



Security Risk of Directed Broadcasting




Multicasting



Private IP and NAT





NAT: One-to-One IP Mapping



NAT: Many-to-One IP Mapping



Pros and Cons of NAT






Subnetting





Defining Subnet Boundary (Review)



Subnetwork Addressing




Subnet Mask





Subnet Mask



Subnetting Address Space



Broadcasting within a Subnet




Supernetting



Managing IP Address SPACE





Determining Number of Nodes



Determining Subnets





Managing Security with DMZ Subnet



Developing IP Assignment Policy Chapter Summary









Key Terms

Chapter Review Questions

Hands-On Exercise: Enterprise IP Management at Atlas Co.

Chapter 6: Fundamentals of Packet Routing










Introduction



Routing Mechanism



Routing Table





Background



Routing Table Elements




Packet Forwarding Decision



Entry Types of Routing Table





Directly Connected Routes



Static Routes







x Contents














Static Routes of a Router



Static Routes of a Host




















Dynamic Routes
















Dynamic Routing Protocols
















Protocol Categories





Interior Gateway Protocols



Exterior Gateway Protocols




Delivery of Advertisement



Determination of Dynamic Routes



Security Management



Static versus Dynamic Routing
















Inter-domain Routing



Perspectives on Packet Routing Chapter Summary





Key Terms

Chapter Review Questions

Chapter 7: Ethernet LAN










Introduction



Standard Layers



Ethernet Frame





Frame Structure



Addressing Modes




Ethernet LAN Design





Flat versus Hierarchical Design



Access Layer



Distribution and Core Layers



Benefits of Hierarchical Design




Spanning Tree Protocol





Link Redundancy



Protocols and Mechanism




Link Aggregation Review Questions



Virtual LANs (VLANs)





Background: Without VLANs



VLAN Concept




VLAN Scenarios





Without VLANs



With VLANs



How VLANs Work



VLAN ID versus Subnet Addressing




VLAN Tagging/Trunking (IEEE802.1Q)





Background



VLAN Tagging



VLAN Tagging/Untagging Process




VLAN Types





Default VLAN



Data VLAN
7.10.2.1 Data VLAN and Security




Voice VLAN




Inter-VLAN Routing





A Router Interface per VLAN


















Scenario 1



Scenario 2
















Sub-Interfaces/Ports (Advanced)














VLANS and Network Management Chapter Summary





Key Terms

Chapter Review Questions

Chapter 8: Wireless LAN (WiFi)










Introduction



Standard Layers and Wireless Cards



WiFi Setup Modes





Ad Hoc Mode



Infrastructure Mode




Wireless Access Points





AP in Infrastructure Mode



AP in Non-infrastructure Modes





Repeater Mode



Bridge Mode






SSID, BSS, and ESS





Service Set Identifier



BSS versus ESS





Basic Service Set



Extended Service Set






Media Access Control





CSMA/CA



RTS/CTS




WiFi Frames





Data Frame



Management Frame



Control Frame




WiFi and Radio Frequency





Radio Spectrum





Low versus High Radio Frequency



Governance



Licensed versus Unlicensed Radio




WiFi Channels



Planning Basic Service Sets




Authentication and Association





Three-Stage Process



Authentication Methods of a Station





Open Authentication



Pre-shared Key Authentication



Authentication Server



Additional Notes on Security






WiFi Standards





8.10.1 IEEE802.11n












Throughput Modes



2.4/5.0 GHz Bands



Single-User MIMO



QoS Support
















IEEE802.11ac









5.0 GHz Band



Throughput Modes



Multi-user MIMO


















WiFi Mesh Network (IEEE802.11s)



WiFi Home/SOHO Network





DSL/Cable Modem



Wireless Access Router



IP Configuration



Case: Wireless Access Router Configuration Chapter Summary







Key Terms

Chapter Review Questions

Chapter 9: Wide Area Network










Introduction



WAN and Enterprise Networks





WAN Connection Scenarios



Service-Level Agreement



CPE versus SPF





Demarcation Point




WAN Design Considerations




Layers of WAN Standards





Physical Layer



Data Link Layer





Circuit Switching



Packet Switching




Comparison: WAN versus LAN




IP Addressing for WAN Links





Leased Lines



Packet Switched Data Network





One Subnet between Two Locations



One Subnet for All Locations






Physical Layer Options: Leased Lines





T-Carrier/E-Carrier





T1 and T3 Circuits




SONET/SDH




Data Link Standard: Leased Lines





PPP Frame Structure



Router Authentication





PAP versus CHAP






Data Link Standards: PSDN





General Attributes





Shared Capacity



Customization of Subscribed Speeds



Support for Data and Voice



Frame Multiplexing



Unreliable Transmission




Virtual Circuits





WAN Switch Table



PVC versus SVC



Access Link Speeds






Frame Relay





General Characteristics





Frame Structure



Data Link Connection Identifier







How DLCI Works



FR Switch Table



Multiple VCs and DLCIs






Mapping IP Addresses




Asynchronous Transfer Mode





Background



Cell Switching



Quality of Service




Carrier Ethernet





Background



Strengths



Service Transport




Multi-Protocol Label Switching





Labels and Label Information Base



Benefits of MPLS




Wireless WAN: Cellular Network





General Architecture





Cell



Base Station



Mobile Terminal Switching Office



Call Channels




Multiple Access Technologies





Frequency Division Multiple Access



Time Division Multiple Access



Code Division Multiple Access



Orthogonal Frequency Division Multiple Access




Generations of Cellular Standards



LTE and Future





Long-Term Evolution



What Does the Future Hold? Chapter Summary









Key Terms

Chapter Review Questions

Chapter 10: The Internet and Client–Server

Systems










Introduction



Internet Architecture





Internet Service Provider





National ISPs



Regional/Local ISPs



ISP Network Architecture




Internet Exchange Point



Autonomous System



World Wide Web and Search Engine





World Wide Web



Deep Web






VPN for Secure Communications





Technology





Background



VPN Technology




















Benefits of VPN





Cost-Effectiveness



Accessibility and Scalability



Flexibility




Risks of VPN





Reliability



Security




Types of VPN





Remote-Access VPN



Site-to-Site VPN




VPN Standards



IP Security





Tunnel Mode



Transport Mode




Secure Socket Layer





Broad Acceptance



VPN Implementation



SSL and Internet Commerce




IPSec versus SSL
















IPv6 (IP Next Generation)
















Background



IP Packet Structure



IP Addressing





Subnet Address Bits



Host Address Bits




Address Abbreviation



IPv6 versus IPv4 Standards



Transition Approaches





Dual IP Stacks within a Node



Direct Address Conversion



Packet Tunneling


















Client–Server Applications





Domain Name System





Domain and Name Resolution



Domain Hierarchy



DNS Architecture




Dynamic Host Configuration Protocol





The Process View






Server Virtualization





Traditional Computing Model



Virtualization Concept



Virtualization Approaches





Hosted Virtualization



Hypervisor-Based Virtualization




Shared Infrastructure



Summary: Benefits Realized Chapter Summary







Key Terms

Chapter Review Questions

Chapter 11: Cybersecurity: Threats










Introduction



Malicious Codes: Malware














Virus



Worm



Trojan



Bot



Other Malware Types



Malware Issues














Password Cracking





Brute Force Method



Dictionary Method




Spoofing





Source Address Spoofing





IP Spoofing



MAC Spoofing




Email Spoofing



Web (or HTTP) Spoofing




Denial of Service





Pinging and SYN Requests





Pinging



SYN Requests



Distributed DOS




MAC Address Flooding




Packet Sniffing





Packet Sniffing with Wireshark




Port Scanning





Port Scanning with Zenmap




Social Engineering



Man-in-the-Middle





MITM with Bogus DHCP Server




Spam



Poisoning





ARP Poisoning (ARP Spoofing)



DNS Poisoning (DNS Spoofing)




Zero-Day Attack



WiFi Threats





Wardriving



Denial of Service



Rogue AP



MITM Chapter Summary Key Terms







Chapter Review Questions

Chapter 12: Cybersecurity: Defenses










Introduction



Security Requirements and Solutions





Security Requirements





Confidentiality (Privacy)



Data Integrity



Authentication



Access Control/Authorization



Availability




Technology Solutions




Principles in Architecting Defense










Layering



Limiting



Simplicity






Firewall







Firewall and DMZ





Separating Firewall and Border Router




Firewall Functions and Management





Firewall Functions



Managing Firewall




Stateless versus Stateful Filtering





Stateless Filtering



Stateful Filtering



Scenario (XYZ Company)








Access Control List







How Many ACLs?



ACL Filtering versus Packet Routing






Cryptography







Cryptography System





Basic Components



How It Works




Symmetric-Key Cryptography



Asymmetric-Key Cryptography





How It Works



Pros and Cons




Hybrid Approach



Hashing Cryptography






Digital Signature



Digital Certificate







Digital Certificate



Certificate Authority






Security Protocol







WiFi Security Standards





Wired Equivalent Privacy



WiFi Protected Access (WPA and WPA2)



Enterprise Mode versus Personal Mode Chapter Summary









Key Terms

Chapter Review Questions

Glossary

Acronyms

Index

Erscheinungsdatum
Zusatzinfo 100 Illustrations, black and white
Verlagsort Portland
Sprache englisch
Maße 178 x 254 mm
Gewicht 1300 g
Themenwelt Mathematik / Informatik Informatik Netzwerke
ISBN-10 1-4987-8797-5 / 1498787975
ISBN-13 978-1-4987-8797-0 / 9781498787970
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
das umfassende Handbuch für den Einstieg in die Netzwerktechnik

von Martin Linten; Axel Schemberg; Kai Surendorf

Buch | Hardcover (2023)
Rheinwerk (Verlag)
29,90
das Praxisbuch für Admins und DevOps-Teams

von Michael Kofler

Buch | Hardcover (2023)
Rheinwerk (Verlag)
39,90