Details

<p>Foreword xv</p> <p>Preface xvii</p> <p><b>Chapter 1 Fundamentals of Secure Proxies 1</b></p> <p>Security Must Protect and Empower Users 2</p> <p>The Birth of Shadow IT 2</p> <p>Internet of Things and Connected Consumer Appliances 3</p> <p>Conventional Security Solutions 5</p> <p>Traditional Firewalls: What Are Their Main Deficiencies? 5</p> <p>Firewall with DPI: A Better Solution? 9</p> <p>IDS/IPS and Firewall 11</p> <p>Unified Threat Management and Next?]Generation Firewall 14</p> <p>Security Proxy—A Necessary Extension of the End Point 15</p> <p>Transaction?]Based Processing 18</p> <p>The Proxy Architecture 19</p> <p>SSL Proxy and Interception 22</p> <p>Interception Strategies 24</p> <p>Certificates and Keys 28</p> <p>Certificate Pinning and OCSP Stapling 32</p> <p>SSL Interception and Privacy 33</p> <p>Summary 35</p> <p><b>Chapter 2 Proxy Deployment Strategies and Challenges 37</b></p> <p>Definitions of Proxy Types: Transparent Proxy and Explicit Proxy 38</p> <p>Inline Deployment of Transparent Proxy: Physical Inline and Virtual Inline 41</p> <p>Physical Inline Deployment 41</p> <p>Virtual Inline Deployment 43</p> <p>Traffic Redirection Methods: WCCP and PBR 44</p> <p>LAN Port and WAN Port 46</p> <p>Forward Proxy and Reverse Proxy 47</p> <p>Challenges of Transparent Interception 48</p> <p>Directionality of Connections 53</p> <p>Maintaining Traffic Paths 53</p> <p>Avoiding Interception 56</p> <p>Asymmetric Traffic Flow Detection and Clustering 58</p> <p>Proxy Chaining 62</p> <p>Summary 64</p> <p><b>Chapter 3 Proxy Policy Engine and Policy Enforcements 67</b></p> <p>Policy System Overview 69</p> <p>Conditions and Properties 70</p> <p>Policy Transaction 71</p> <p>Policy Ticket 73</p> <p>Policy Updates and Versioning System 77</p> <p>Security Implications 77</p> <p>Policy System in the Cloud Security Operation 80</p> <p>Policy Evaluation 82</p> <p>Policy Checkpoint 82</p> <p>Policy Execution Timing 84</p> <p>Revisiting the Proxy Interception Steps 86</p> <p>Enforcing External Policy Decisions 90</p> <p>Summary 91</p> <p><b>Chapter 4 Malware and Malware Delivery Networks 93</b></p> <p>Cyber Warfare and Targeted Attacks 94</p> <p>Espionage and Sabotage in Cyberspace 94</p> <p>Industrial Espionage 96</p> <p>Operation Aurora 96<br /><br />Watering Hole Attack 98</p> <p>Breaching the Trusted Third Party 100</p> <p>Casting the Lures 101</p> <p>Spear Phishing 102</p> <p>Pharming 102</p> <p>Cross?]Site Scripting 103</p> <p>Search Engine Poisoning 106</p> <p>Drive?]by Downloads and the Invisible iframe 109</p> <p>Tangled Malvertising Networks 113</p> <p>Malware Delivery Networks 114</p> <p>Fast?]Flux Networks 117</p> <p>Explosion of Domain Names 119</p> <p>Abandoned Sites and Domain Names 120</p> <p>Antivirus Software and End?]Point Solutions – The Losing Battle 121</p> <p>Summary 122</p> <p><b>Chapter 5 Malnet Detection Techniques 123</b></p> <p>Automated URL Reputation System 124</p> <p>Creating URL Training Sets 125</p> <p>Extracting URL Feature Sets 126</p> <p>Classifier Training 128</p> <p>Dynamic Webpage Content Rating 131</p> <p>Keyword Extraction for Category Construction 132</p> <p>Keyword Categorization 135</p> <p>Detecting Malicious Web Infrastructure 138</p> <p>Detecting Exploit Servers through Content Analysis 138</p> <p>Topology?]Based Detection of Dedicated Malicious Hosts 142</p> <p>Detecting C2 Servers 144</p> <p>Detection Based on Download Similarities 147</p> <p>Crawlers 148</p> <p>Detecting Malicious Servers with a Honeyclient 150</p> <p>High Interaction versus Low Interaction 151</p> <p>Capture?]HPC: A High?]Interaction Honeyclient 152</p> <p>Thug: A Low?]Interaction Honeyclient 154</p> <p>Evading Honeyclients 154</p> <p>Summary 158</p> <p><b>Chapter 6 Writing Policies 161</b></p> <p>Overview of the ProxySG Policy Language 162</p> <p>Scenarios and Policy Implementation 164</p> <p>Web Access 164</p> <p>Access Logging 167</p> <p>User Authentication 170</p> <p>Safe Content Retrieval 177</p> <p>SSL Proxy 181</p> <p>Reverse Proxy Deployment 183</p> <p>DNS Proxy 187</p> <p>Data Loss Prevention 188</p> <p>E?]mail Filtering 190</p> <p>A Primer on SMTP 191</p> <p>E?]mail Filtering Techniques 200</p> <p>Summary 202</p> <p><b>Chapter 7 The Art of Application Classification 203</b></p> <p>A Brief History of Classification Technology 204</p> <p>Signature Based Pattern Matching Classification 206</p> <p>Extracting Matching Terms – Aho?]Corasick Algorithm 208</p> <p>Prefix?]Tree Signature Representation 211</p> <p>Manual Creation of Application Signatures 214</p> <p>Automatic Signature Generation 216</p> <p>Flow Set Construction 218</p> <p>Extraction of Common Terms 220</p> <p>Signature Distiller 222</p> <p>Considerations 225</p> <p>Machine Learning?]Based Classification Technique 226</p> <p>Feature Selection 228</p> <p>Supervised Machine Learning Algorithms 232</p> <p>Naive Bayes Method 233</p> <p>Unsupervised Machine Learning Algorithms 236</p> <p>Expectation?]Maximization 237</p> <p>K?]Means Clustering 240</p> <p>Classifier Performance Evaluation 243</p> <p>Proxy versus Classifier 247</p> <p>Summary 250</p> <p><b>Chapter 8 Retrospective Analysis 251</b></p> <p>Data Acquisition 252</p> <p>Logs and Retrospective Analysis 253</p> <p>Log Formats 254</p> <p>Log Management and Analysis 255</p> <p>Packet Captures 259</p> <p>Capture Points 259</p> <p>Capture Formats 261</p> <p>Capture a Large Volume of Data 263</p> <p>Data Indexing and Query 264</p> <p>B?]tree Index 265</p> <p>B?]tree Search 267</p> <p>B?]tree Insertion 268</p> <p>Range Search and B+?]tree 270</p> <p>Bitmap Index 272</p> <p>Bitmap Index Search 273</p> <p>Bitmap Index Compression 276</p> <p>Inverted File Index 279</p> <p>Inverted File 279</p> <p>Inverted File Index Query 281</p> <p>Inverted File Compression 282</p> <p>Performance of a Retrospective Analysis System 283</p> <p>Index Sizes 283</p> <p>Index Building Overhead 285</p> <p>Query Response Delay 286</p> <p>Scalability 288</p> <p>Notes on Building a Retrospective Analysis System 289</p> <p>MapReduce and Hadoop 289</p> <p>MapReduce for Parallel Processing 292</p> <p>Hadoop 293</p> <p>Open Source Data Storage and Management Solution 295</p> <p>Why a Traditional RDBMS Falls Short 295</p> <p>NoSQL and Search Engines 296</p> <p>NoSQL and Hadoop 297</p> <p>Summary 298</p> <p><b>Chapter 9 Mobile Security 299</b></p> <p>Mobile Device Management, or Lack Thereof 300</p> <p>Mobile Applications and Their Impact on Security 303</p> <p>Security Threats and Hazards in Mobile Computing 304</p> <p>Cross?]Origin Vulnerability 305</p> <p>Near Field Communication 306</p> <p>Application Signing Transparency 307</p> <p>Library Integrity and SSL Verification Challenges 307</p> <p>Ad Fraud 308</p> <p>Research Results and Proposed Solutions 308</p> <p>Infrastructure?]Centric Mobile Security Solution 311</p> <p>Towards the Seamless Integration of WiFi and Cellular Networks 312</p> <p>Security in the Network 313</p> <p>Summary 315</p> <p>Bibliography 317</p> <p>Index 327</p>

<p><b>Qing Li</b> is Chief Scientist and Vice President of Advanced Technologies for Blue Coat Systems, a worldwide provider of security and network systems. He has 17 issued patents, has received multiple industry awards and has been an active speaker at industry conferences and an active voice in the technology media around the world. <b>Gregory Clark</b> is currently the CEO of Blue Coat Systems, a worldwide provider of security and network systems.

<p><b>Identify, deploy, and secure your enterprise</b> <p><i>Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges</i> is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, formulating the best deployment strategies, and verifying the solution by analyzing security incidents and divulging hidden breaches. <p>This guide provides detailed coverage of key enterprise security topics while demystifying technologies such as Next Generation Firewall. Through an in-depth look at proxy design and its policy enforcement engine, malware, malnets, and application proxies, you'll easily discover the foundation needed for a careful analysis while gaining deeper comprehension of security policies for application-specific proxies, application classification and control, security data analysis, and mobile security. You will learn the most effective solutions, technologies, and methodologies that can be implemented to monitor for, guard against, and mitigate security threats. <p><i>Security Intelligence</i> makes enterprise security concepts, solutions, and practices accessible to all security engineers, developers, and corporate IT staff and shows you how to: <ul> <li> Identify relevant solutions to secure critical infrastructure</li> <li> Construct policies that provide flexibility to the users and ensure productivity</li> <li> Deploy effective defenses against rapidly-evolving web threats</li> <li> Implement solutions that comply with relevant rules and regulations</li> <li> Build new security solutions, policies, and products within the enterprise context</li> </ul>

<p>“This book should help any developer, researcher, designer, architect, and even strategist to develop not just solutions, but good solutions, in this dense and evolving area…It could be used as a foundation to certify newcomers to the (security) field and will challenge (professionals) on a horizon of skills beyond security, networking, software design, and system architecture.”<br />—<b>Arnaud Taddei</b>, Director of Security Solutions Architecture, Symantec</p> <p>“I was looking forward to reading <i>Security Intelligence: A Practitioner’s Guide to Solving Enterprise </i>Security Challenges as a way to learn about the Symantec Blue Coat Security Proxy in support of my work at Symantec. However, I was soon pleased to discover that the book is much more than that. While the coverage of security proxies is indeed comprehensive, the book more broadly takes on the task of guiding the reader to an understanding of network security as a whole…</p> The book is clearly written in an approachable conversational style that is careful not to slip into undefined jargon or assume specialized background of the reader, making it an excellent entrée to what is sometimes an inaccessible field.”<br />—<b>Michael Spertus</b>, Symantec Fellow at Symantec and Adjunct Professor, University of Chicago

US