Network infrastructure security

Network Infrastructure Security

Volumn , Issue , 2009, Pages 1-262

  Wong, Angus ^a   Yeung, Alan ^b  

^a MACAO POLYTECHNIC INSTITUTE   (Macao)

^b CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84892282714     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-1-4419-0166-8     Document Type: Book

References (99)

1. S. Deering, R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification, " RFC 2460, December 1998.
2. A. Chakrabarti and G. Manimaran, "Internet Infrastructure Security: A Taxonomy, " IEEE Network, vol.16, no.6, pp.13-21, Nov/Dec. 2002.
3. Thomas A. Longstaff, James T. Ellis, Shawn V. Hernan, Howard F. Lipson, Robert D. McMillan, Linda Hutz Pesante, and Derek Simmel, "Security of the Internet, " The Froehlich/Kent Encyclopedia of Telecommunications, vol. 15, pp. 231-255, 1997.
4. C.E Landwehr and D.M. Goldschlag, "Security issues in networks with Internet access, " Proceedings of the IEEE, vol. 85, issu. 12, Dec. 1997, pp. 2034-2051.
5. D. Farber, "Fame, but No Riches, For Cybersecurity, " IEEE Spectrum, vol. 40, iss. 1, Jan. 2003, pp. 51-52.
6. Allen Householder, Kevin Houle, and Chad Dougherty, "Computer Attack Trends Challenge Internet Security, " Security & Privacy, 2002, pp. 5-7.
7. William F. Slater, "The Internet Outage and Attacks of October 2002, " The Chicago Chapter of the Internet Society, http://www.isoc-chicago. org/internetoutage.pdf.
8. Bill Arbaugh, "Security: Technical, Social, and Legal Challenges, " Computer, vol. 35, no. 2, pp. 109-111, Feb., 2002.
9. Rolf Oppliger, "Internet Security Enters the Middle Ages, " Computer, vol. 28, no. 10, pp. 100-101, Oct., 1995.
10. Computer Emergency Response Team (CERT), http://www.cert.org/.
11. Wes Noonan, "Hardening Network Infrastructure, " McGraw-Hill Osborne Media, 1 edition, 2004.
12. Gaurab Raj Upadhaya, "FOSS: Network Infrastructure and Security, " UNDP-APDIP, Elsevier, 2007.
13. Kevin Beaver, "Hacking For Dummies, " For Dummies, 2nd edition, 2006.
14. Ed Skoudis, "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, " Prentice Hall PTR, 1st edition, 2001.
15. Erik Pace Birkholz, Brian Kenyon, and Steven Andres, "Security Sage's guide to hardening the network infrastructure, " Syngress, c2004.
16. Ryan Russell and Stace Cunningham, "Hack proofing your network: Internet tradecraft, " Syngress; 1 edition, 2000.
17. Ryan Russell, "Hack proofing your network, " Syngress, 2 edition, 2002.
18. Andrew Lockhart, "Network security hacks, " O'Reilly, 1 edition, 2004.
19. Nitesh Dhanjani and Justin Clarke, "Network Security Tools: Writing, Hacking, and Modifying Security Tools, " O'Reilly Media, 1 edition, 2005.
20. William Stallings, "Network Security Essentials, " Prentice Hall.
21. Steve A. Rouiller, "Virtual LAN Security-:weaknesses and countermeasures, " SANS Institute.
22. Sean Convery, "Hacking layer 2 fun with Ethernet switches, " http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf.
23. "Layer 2 switching attacks and mitigation, " Networker, Dec. 2002.
24. "Virtual LAN Security Best Practices, " http://www.cisco.com/ warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp-wp.pdf.
25. Eric Vyncke and Christopher Paggen, "LAN Switch Security: What Hackers Know About Your Switches, " Cisco Press, Sept. 2007.
26. Connie Howard, "Layer 2-the weakest link, " Packet, vol. 15, no. 1, first quarter 2003.
27. "Configuring Port Security, " http://www.cisco.com/en/US/docs/ switches/lan/catalyst2950/software/release/12.1-19-ea1/configuration/guide/ swtrafc.html#wp1038501.
28. Sean Whalen, "An Introduction to ARP Spoofing, " http://www.node99.org/projects/arpspoof/.
29. Mao, "Introduction to arp poison routing, " http://www.oxid.it/downloads/apr-intro.swf.
30. Sean Convery, "Network Security Architectures, " Cisco Press, 2004.
31. Connie Howard, "Layer 2-the weakest link, " Packet, vol. 15, no. 1, first quarter 2003.
32. Oleg K. Artemjev and Vladislav V. Myasnyankin, "Fun with the Spanning Tree Protocol, ".
33. "Understanding Spanning-Tree Protocol Topology Changes, " http://www.cisco.com/warp/public/473/17.html.
34. "Understanding Rapid Spanning Tree Protocol, " http://www.cisco.com/warp/public/473/146.html.
35. Guillermo Mario Marro, "Attacks at the data link layer, " MSc thesis in Computer Science of the University of California Davis, http://seclab.cs.ucdavis.edu/papers/Marro-masters-thesis.pdf.
36. "BPDU guard-Spanning Tree Portfast BPDU Guard Enhancement, " http://www.cisco.com/en/US/tech/tk389/tk621/technologies-tech- note09186a008009482f.shtml.
37. "Root Guard-Spanning Tree Portfast BPDU Guard Enhancement, " http://www.cisco.com/en/US/tech/tk389/tk621/technologies-tech- note09186a00800ae96b.shtml.
38. Andrew Vladimirov, Konstantin Gavrilenko and Andrei Mikhailovsky, "Protocol Exploitation in Cisco Networking Environments, " Hacking Exposed Cisco Networks-PART III, McGraw-Hill Osborne Media, 2005.
39. C. Hedrick, "Routing Information Protocol, " RFC 1058, June 1988.
40. J. Moy, "OSPF Version 2, " RFC 2328, April 1998.
41. Y. Rekhter, T. Li, and S. Hares, "A Border Gateway Protocol 4 (BGP-4), " RFC 4271, January 2006.
42. Bradley R. Smith, Shree Murthy, and J.J. Garcia-Luna-Aceves, "Securing distance-vector routing protocols, " Proc. Symp. Network and Distributed System Security (SNDSS), Feb. 1997, pp. 85-92.
43. Anirban Chakrabarti and G. Manimaran, "A Scalable Algorithm for Malicious Update Detection & Recovery in Distance Vector Protocols, " in DCNL Technical Report, July 2002.
44. Ralf Hauser, Tony Przygienda, and Gene Tsudik, "Lowering security overhead in link state routing, " Computer Network, vol. 31, iss. 9, April 1999, pp. 885-894.
45. Panagiotis Papadimitratos and Zygmunt J. Haas, "Securing the Internet routing infrastructure, " IEEE Communications Magazine, Oct. 2002, pp. 60-68.
46. Anirban Chakrabarti and G. Manimaran, "Internet Infrastructure Security A Taxonomy, " IEEE Network, vol.16, no.6, pp.13-21, Nov/Dec. 2002.
47. S. Murphy, O. Gudmundsson, R. Mundy, and B. Wellington, "Retrofitting security into Internet infrastructure protocols, " Proc. DARPA Information Survivability Conference and Exposition, vol. 1, 2000, pp. 3-17.
48. A. Chakrabarti and G. Manimaran, "An efficient algorithm for malicious update detection & recovery in distance vector protocols, " Proc. IEEE Int'l Conf. Communications (ICC'03), pp.1952-1956, 2003.
49. D. Pei, D. Massey, and L. Zhang, "Detection of invalid routing announcements in RIP protocol, " Proc. IEEE Global Telecommunications Conference (GLOBECOM '03), vol. 3, Dec. 2003, pp. 1450-1455.
50. S.L. Murphy and M.R. Badger, "Digital signature protection of the OSPF routing protocol, " Proc. Symp. Network and Distributed System Security, Feb. 1996, pp. 93-102.
51. Feiyi Wang and S. Felix Wu, "On the vulnerabilities and protection of OSPF routing protocol, " Proc. 7th Int'l Conf. Computer Communications and Networks, Oct. 1998, pp. 148-152.
52. Steven Cheung, "An Efficient Message Authentication Scheme for Link State Routing, " Proc. Computer Security Applications Conference, Dec. 1997, pp. 90-98.
53. Ho-Yen Chang, S. Felix Wu, and Y. Frank Jou, "Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks, " ACM Transactions on Information and System Security (TISSEC), vol. 4, iss. 1, Feb. 2001, pp. 1-36.
54. Kirk A. Bradley, Steven Cheung, Nick Puketza, Biswanath Mukherjee, and Ronald A. Olsson, "Detecting Disruptive Routers A Distributed Network Monitoring, " http://www.cs.ucdavis.edu/research/tech-reports/1997/CSE-97- 17.pdf.
55. Kan Zhang, "Efficient Protocols for Signing Routing Messages, " http://www.isoc.org/isoc/conferences/ndss/98/zhang.pdf.
56. G. Siganos and M. Faloutsos, "Detection of BGP routing misbehavior against Cyber-Terrorism, " IEEE Military Communications Conference (MILCOM 2005), Oct. 2005, vol. 2, pp. 923-929.
57. Kevin Butler, Toni Farley, Patrick Mcdaniel, and Jennifer Rexford, "A Survey of BGP Security Issues and Solutions, " http://www. patrickmcdaniel.org/pubs/td-5ugj33.pdf.
58. Stephen Kent, Charles Lynn, and Karen Seo, "Secure Border Gateway Protocol (S-BGP), " IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, April 2000.
59. Bradley R. Smith and J.J. Garcia-Luna-Aceves, "Securing the Border Gateway Routing Protocol, " Proc. Global Telecommunications Conference (GLOBECOM '96), Nov. 1996, pp. 81-85.
60. Russ White, Danny McPherson, and Srihari Sangli, "Practical BGP, " Addison-Wesley Professional, 2004.
61. Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick McDaniel, and Aviel Rubin, "Working Around BGP An Incremental Approach to Improving Security and Accuracy of Interdomain Routing, " http://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/5.pdf.
62. L He, "Recent developments in securing Internet routing protocols, " BT Technology Journal, vol. 24, iss. 4, Oct. 2006, pp. 180-196.
63. O. Nordström and C. Dovrolis, "Beware of BGP attacks, " SIGCOMM Computer Communication Review, vol. 34, iss. 2, Apr. 2004, pp. 1-8.
64. J. Kim, S.Y. Ko, D.M. Nicol, X.A. Dimitropoulos, and G.F. Riley, "A BGP attack against traffic engineering, " Proc. Simulation Conference, 2004, vol. 1, Dec. 2004.
65. Stephen, T. Kent, "Securing the Border Gateway Protocol, " The Internet Protocol Journal, Sept. 2003, vol. 6, no. 3, pp.2-14.
66. Russ White, "Securing BGP Through Secure Origin BGP, " The Internet Protocol Journal, Sept. 2003, vol. 6, no. 3, pp.15-22.
67. P. Mockapetris, "Domain Names-Concepts And Facilities, " RFC 1034, November 1987.
68. P. Mockapetris, "Domain Names-Implementation And Specification, " RFC 1035, November 1987.
69. P. Vixie, S. Thomson, Y. Rekhter, and J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE), " RFC 2136, April 1997.
70. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "Resource Records for the DNS Security Extensions, " RFC 4034, Mar. 2005.
71. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "Protocol Modifications for the DNS Security Extensions, " RFC 4035, Mar. 2005.
72. P. Vixie, O. Gudmundsson, D. Eastlake, and B. Wellington, "Secret Key Transaction Authentication for DNS (TSIG), " RFC 2845, May 2000.
73. Rik Farrow, "DHCP: Another Untrustworthy Service, " Network Magazine, Apr 5, 2002.
74. R. Droms, "Dynamic Host Configuration Protocol, " RFC 2131, March 1997.
75. S. Alexander, "DHCP Options and BOOTP Vendor Extensions, " RFC2132, March 1997.
76. Ralph Droms, "Automated configuration of TCPIP with DHCP, " IEEE Internet Computing, vol. 3, iss. 4, Jul.-Aug. 1999, pp. 45-53.
77. Jenq-Haur Wang and Tzao-Lin Lee, "Enhanced Intranet Management in a DHCP-enabled Environment, " Proc. 26th Annual International Computer Software and Applications Conference, pp. 26-29, Aug. 2002, pp. 893-898.
78. T. Komori and T. Saito, "The secure DHCP system with user authentication, " Proceedings of the 27th Annual IEEE Conference on Local Computer Networks, 6-8 Nov. 2002, pp. 123-131.
79. Diane Davidowicz and Paul Vixie, "Securing the Domain Name System, " Network Magazine, Jan. 2000, vol. 15, no. 1, pp. 92-97.
80. Ibrahim Haddad and David Gordon, "The Basics of DNSSEC, " O'Reilly ONLamp.com, http://www.onlamp.com/pub/a/onlamp/2004/10/14/dnssec.html.
81. Ramaswamy Chandramouli and Scott Rose, "Secure Domain Name System (DNS) Deployment Guide, " National Institute of Standards and Technology, Special Publication 800-81, http://csrc.nist.gov/publications/nistpubs/800-81/ SP800-81.pdf.
82. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "DNS Security Introduction and Requirements, " RFC 4033, 2005.
83. Giuseppe Ateniese and Stefan Mangard, "A New Approach to DNS Security (DNSSEC), " In Eighth ACM Conference on Computer and Communications Security (ACM CCS-8), Nov. 2001.
84. Xunhua Wang, Yih Huang, Y. Desmedt, and D. Rine, "Enabling secure on-line DNS dynamic update, " Proc. 16th Annual Conference on Computer Security Applications (ACSAC '00), Dec. 2000, pp. 52-58.
85. D. Eastlake, "Domain Name System Security Extensions, " RFC 2535, Mar. 1999.
86. D. Atkins and R. Austein, "Threat Analysis of the Domain Name System (DNS), " RFC 3833, Aug. 2004.
87. Eric Vyncke and Christopher Paggen, "LAN Switch Security: What Hackers Know About Your Switches, " Cisco Press, Sep 2007.
88. Andrew A. Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky, and Janis N. Vizulis, "Hacking Exposed Cisco Networks: Cisco Security Secrets and Solutions, " McGraw-Hill Osborne, Jan 2006.
89. Stuart McClure, Joel Scambray, and George Kurtz, "Hacking Exposed: Network Security Secrets and Solutions, " McGraw-Hill Osborne, 5 edition, 1 May 2005.
90. Angela Orebaugh, Gilbert Ramirez, and Jay Beale, "Wireshark & Ethereal Network Protocol Analyzer Toolkit, " Syngress, Sept. 2006.
91. The writing of this chapter is PARTly supported by Hong Kong Government General Research Fund numbered CityU-123608 and City University of Hong Kong Strategic Research Grants numbered 7001941 and 7001764.
92. K. H. Yeung and T. C. Leung "Building Secure Network Infrastructure for LANs", IPSI Transactions on Advance Research, vol. 2, no. 2, July 2006, pp.32-37.
93. K. H. Yeung, F. Yan and T. C. Leung, "Improving Network Infrastructure Security by PARTitioning Networks Running Spanning Tree Protocol", Proc. Int'l Conf. Internet Surveillance and Protection, France, Aug. 2006.
94. Shon Harris, Allen Haper, Chris Eagle, Jonathan Ness and Michael Lester, "Gray Hat Hacking: The Ethical Hacker's Hanbook, " McGraw-Hill Osborne Media, 2004.
95. Andrew Whitaker and Daniel Newman, "Penetration Testing and Network Defense, " Cisco Press, 2006.
96. Wesley J. Noonan, "Hardening Network Infrastructure, " McGraw-Hill Osborne Media, 2004.
97. F. Yan and K. H. Yeung, "The Development of Novel Switching Devices by Using Embedded Microprocessing System Running Linux, " Proc. International Parallel and Distributed Processing Symposium 2008, Workshop on Security in Systems and Networks, Miami, Florida, April 2008.
98. Klaus Whrle, Frank Pahlke Hartmut Ritter, Daniel Muller, and Marc Bechler, "The linux networking architecture, " Prentice Hall, 2005.
99. Christian Benvenuti, "Understanding Linux Network Internals, " O'Reilly, 2005.