چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Computer Security Basics: Computer Security

Lehtinen, Rick;Russell, Deborah;Sr, G T Gangemi

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۰۶
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۰٫۴ مگابایت
شابک
9780596006693، 9781449317058، 9781449317423، 9781449384203، 0596006691، 1449317057، 1449317421، 144938420X

دربارهٔ کتاب

Table of Contents......Page 7 Part I, Security for Today......Page 11 Part IV, Other Types of Security......Page 12 Comments and Questions......Page 13 Acknowledgments......Page 14 Part I......Page 15 The New Insecurity......Page 17 Who You Gonna Call?......Page 18 Information Sharing and Analysis Centers......Page 19 Vulnerable broadband......Page 20 The Sorry Trail......Page 21 Computer crime......Page 22 What Is Computer Security?......Page 23 A Broader Definition of Security......Page 24 Accuracy, Integrity, and Authenticity......Page 25 Vulnerabilities......Page 26 Hardware and software vulnerabilities......Page 27 Human vulnerabilities......Page 28 Intentional threats......Page 29 Countermeasures......Page 31 Why Buy Security?......Page 32 Government Requirements......Page 33 Information Protection......Page 34 Summary......Page 35 Information and Its Controls......Page 36 Computer Security: Then and Now......Page 39 Early Computer Security Efforts......Page 41 Tiger Teams......Page 43 Research and Modeling......Page 44 Secure Systems Development......Page 45 Standards for Secure Systems......Page 46 National Computer Security Center......Page 48 Birth of the Orange Book......Page 49 Standards for Cryptography......Page 50 Computer Security Mandates and Legislation......Page 51 The Balancing Act......Page 52 Computer Fraud and Abuse Act......Page 53 Computer Security Act......Page 54 Recent Government Security Initiatives......Page 55 GASSP and GAISP Overview......Page 57 Privacy Considerations......Page 58 Summary......Page 59 Part II......Page 61 What Makes a System Secure?......Page 63 Identification and Authentication......Page 64 Login Processes......Page 65 Mutual authentication......Page 66 Tokens......Page 67 Remote access (TACACS and RADIUS)......Page 68 Kerberos......Page 69 Passwords......Page 70 Protecting passwords......Page 72 Protecting your login and password on entry......Page 73 Protecting your password in storage......Page 74 Authorization......Page 75 Sensitivity labels......Page 76 Access models......Page 78 Access Control in Practice......Page 79 Discretionary access control......Page 80 Access decisions......Page 83 Access control lists......Page 84 Email example......Page 86 About X.500......Page 87 Lightweight Directory Access Protocol......Page 88 Identity Management......Page 90 Summary......Page 91 Financial Effects of Malicious Programs......Page 93 Viruses, Worms, and Trojans (Oh, My!)......Page 94 Viruses......Page 95 The history of viruses......Page 97 Worms......Page 99 Trojan Horses......Page 101 Bombs......Page 102 Spoofs and Masquerades......Page 103 Who Writes Viruses?......Page 104 Antivirus......Page 106 The Virus Hype......Page 107 Summary......Page 108 Establishing and Maintaining a Security Policy......Page 110 Administrative Security......Page 111 Overall Planning and Administration......Page 112 What information do you have, and how important is it?......Page 113 What is the cost of losing or compromising the information?......Page 114 Who are you going to call?......Page 115 Planning for Disaster......Page 116 Day-to-Day Administration......Page 117 Performing Backups......Page 119 Hardware and Software Security Tools......Page 121 Performing a Security Audit......Page 122 Separation of Duties......Page 123 Summary......Page 124 About the Internet......Page 126 History of Data and Voice Communications......Page 127 Packets, Addresses, and Ports......Page 128 What Are the Network Protocols?......Page 130 Data Navigation Protocols......Page 131 Data Navigation Protocol Attacks......Page 132 Simple Mail Transfer Protocol......Page 133 Domain Name Service......Page 135 Dynamic Host Configuration Protocol......Page 136 Network Address Translation......Page 137 The Fragile Web......Page 138 Advanced Web Services......Page 139 What is a script?......Page 140 Client-side scripting languages......Page 141 Server-side scripting languages......Page 142 Client-side web attacks......Page 144 Server-side web attacks......Page 145 Summary......Page 147 Part III......Page 149 Encryption......Page 151 Some History......Page 152 What Is Encryption?......Page 155 Transposition and Substitution Ciphers......Page 157 More about substitution......Page 158 Public key cryptography......Page 160 Key Management and Distribution......Page 162 One-Time Pad......Page 164 End-to-End and Link Encryption......Page 165 The Data Encryption Standard......Page 167 What Is the DES?......Page 168 Application of the DES......Page 172 Overview of the AES Development Effort......Page 174 Row shift and mix columns......Page 175 Other Cryptographic Algorithms......Page 177 AES Round 1 Candidate Algorithms......Page 178 The RSA Algorithm......Page 179 Digital Signatures and Certificates......Page 180 Certificate Authorities......Page 181 Government Algorithms......Page 182 Message Authentication......Page 183 NIST......Page 184 Cryptographic Export Restrictions......Page 185 Summary......Page 186 Communications and Network Security......Page 187 What Makes Communication Secure?......Page 188 Communications Vulnerabilities......Page 189 Communications Threats......Page 190 Modems......Page 191 Network Terms......Page 193 Protocols and layers......Page 195 Some Network History......Page 197 Network Media......Page 198 Fiber-optic cable......Page 199 Satellite......Page 200 Network Security......Page 201 Mandatory access control......Page 202 Perimeters and Gateways......Page 203 Encrypted Communications......Page 204 Through the Tunnel......Page 205 VPN tunneling protocols......Page 208 Network Security Tasks......Page 209 Denial of service......Page 210 Internet Protocol Security (IPSec)......Page 211 Kerberos......Page 212 Summary......Page 213 Part IV......Page 215 Physical Security and Biometrics......Page 217 Physical Security......Page 218 Climate......Page 219 Electricity......Page 220 Locks and Keys: Old and New......Page 221 Types of Locks......Page 223 Challenge-Response Systems......Page 224 Cards: Smart and Dumb......Page 225 Biometrics......Page 226 Retina Patterns......Page 229 Fingerprints......Page 230 Voice Patterns......Page 231 Gentle Reminder......Page 232 Summary......Page 233 How We Got Here......Page 234 Today’s Wireless Infrastructure......Page 235 Wireless Costs......Page 237 How Wireless Works......Page 239 Playing the Fields......Page 242 Keeping the Waves Inside......Page 243 What Is This dB Stuff?......Page 245 Why Does All This Matter?......Page 246 Physical Layer Wireless Attacks......Page 247 Hardening Wireless Access Points......Page 248 The Tie That Binds......Page 250 Sophisticated Physical Layer Attacks......Page 251 Forced Degradation Attacks......Page 252 Eavesdropping Attacks......Page 253 Eavesdropping Defenses......Page 254 Advanced Eavesdropping Attacks......Page 255 Rogue Access Points......Page 256 Summary......Page 259 Part V......Page 261 OSI Model......Page 263 The Problem of Emanations......Page 266 The TEMPEST Program......Page 267 Source Suppression......Page 269 Hard As You Try......Page 270 The Orange Book, FIPS PUBS, and the Common Criteria......Page 272 About the Orange Book......Page 273 Orange Book Security Concepts......Page 274 Accountability......Page 275 Assurance......Page 276 Documentation......Page 277 Rating by the Book......Page 278 Labels......Page 280 Exportation of labeled information......Page 281 C1 Systems: Discretionary Security Protection......Page 283 B1 Systems: Labeled Security Protection......Page 285 B3 Systems: Security Domains......Page 286 FIPS by the Numbers......Page 287 I Don’t Want You Smelling My Fish......Page 292 Common Criteria Evaluation Assurance Levels (EALs)......Page 293 Index......Page 297 Table of Contents 7 Preface 11 About This Book 11 Summary of Contents 11 Part I, Security for Today 11 Part II, Computer Security 12 Part III, Communications Security 12 Part IV, Other Types of Security 12 Part V, Appendixes 13 Using Code Examples 13 Comments and Questions 13 Safari® Enabled 14 Acknowledgments 14 Part I 15 Introduction 17 The New Insecurity 17 Who You Gonna Call? 18 Information Sharing and Analysis Centers 19 Vulnerable broadband 20 No computer is an island 21 The Sorry Trail 21 Computer crime 22 What Is Computer Security? 23 A Broader Definition of Security 24 Secrecy and Confidentiality 25 Accuracy, Integrity, and Authenticity 25 Availability 26 Threats to Security 26 Vulnerabilities 26 Physical vulnerabilities 27 Natural vulnerabilities 27 Hardware and software vulnerabilities 27 Media vulnerabilities 28 Emanation vulnerabilities 28 Communications vulnerabilities 28 Human vulnerabilities 28 Exploiting vulnerabilities 29 Threats 29 Natural and physical threats 29 Unintentional threats 29 Intentional threats 29 Insiders and outsiders 31 Countermeasures 31 Computer security 32 Communications security 32 Physical security 32 Why Buy Security? 32 Government Requirements 33 Information Protection 34 What’s a User to Do? 35 Summary 35 Some Security History 36 Information and Its Controls 36 Computer Security: Then and Now 39 Early Computer Security Efforts 41 Tiger Teams 43 Research and Modeling 44 Secure Systems Development 45 Building Toward Standardization 46 Standards for Secure Systems 46 National Computer Security Center 48 Birth of the Orange Book 49 Standards for Cryptography 50 Standards for Emanations 51 Computer Security Mandates and Legislation 51 The Balancing Act 52 Computer Fraud and Abuse Act 53 Computer Security Act 54 Searching for a Balance 55 Recent Government Security Initiatives 55 Modern Standards for Computer Security 57 GASSP and GAISP Overview 57 Privacy Considerations 58 Summary 59 Part II 61 Computer System Security and Access Controls 63 What Makes a System Secure? 63 System Access: Logging into Your System 64 Identification and Authentication 64 Multifactor authentication 65 Login Processes 65 Password Authentication Protocol 66 Challenge Handshake Authentication Protocol (CHAP) 66 Mutual authentication 66 One-time password 67 Per-session authentication 67 Tokens 67 Biometrics 68 Remote access (TACACS and RADIUS) 68 DIAMETER 69 Kerberos 69 Passwords 70 Protecting passwords 72 Protecting your login and password on entry 73 Protecting your password in storage 74 Password attacks 75 Authorization 75 Sensitivity labels 76 Access models 78 Access Control in Practice 79 Discretionary access control 80 Mandatory access control 83 Access decisions 83 Role-based access control 84 Access control lists 84 Directory Services 86 Email example 86 About X.500 87 Lightweight Directory Access Protocol 88 Identity Management 90 Financial and legal pressures 91 Summary 91 Viruses and Other Wildlife 93 Financial Effects of Malicious Programs 93 Viruses and Public Health 94 Viruses, Worms, and Trojans (Oh, My!) 94 Viruses 95 The history of viruses 97 Worms 99 Trojan Horses 101 Bombs 102 Trap Doors 103 Spoofs and Masquerades 103 Who Writes Viruses? 104 Remedies 106 Firewalls 106 Antivirus 106 The Virus Hype 107 An Ounce of Prevention 108 Summary 108 Establishing and Maintaining a Security Policy 110 Administrative Security 111 Overall Planning and Administration 112 Analyzing Costs and Risks 113 What information do you have, and how important is it? 113 How vulnerable is the information? 114 What is the cost of losing or compromising the information? 114 What is the cost of protecting the information? 115 Who are you going to call? 115 Planning for Disaster 116 Setting Security Rules for Employees 117 Training Users 117 Day-to-Day Administration 117 Performing Backups 119 Hardware and Software Security Tools 121 Performing a Security Audit 122 Separation of Duties 123 Summary 124 Web Attacks and Internet Vulnerabilities 126 About the Internet 126 History of Data and Voice Communications 127 Packets, Addresses, and Ports 128 What Are the Network Protocols? 130 Data Navigation Protocols 131 Data Navigation Protocol Attacks 132 Other Internet Protocols 133 File Transfer Protocol 133 Simple Mail Transfer Protocol 133 Domain Name Service 135 Dynamic Host Configuration Protocol 136 Network Address Translation 137 Port Address Translation 138 The Fragile Web 138 How HTML Formats the Web 139 Advanced Web Services 139 What is a script? 140 Client-side scripting languages 141 Server-side scripting languages 142 Web Attacks and Preventions 144 Client-side web attacks 144 Server-side web attacks 145 Summary 147 Part III 149 Encryption 151 Some History 152 What Is Encryption? 155 Why Encryption? 157 Transposition and Substitution Ciphers 157 More about transposition 158 More about substitution 158 Cryptographic Keys: Private and Public 160 Private key cryptography 160 Public key cryptography 160 Key Management and Distribution 162 One-Time Pad 164 End-to-End and Link Encryption 165 The Data Encryption Standard 167 What Is the DES? 168 Application of the DES 172 The Advanced Encryption Standard 174 Overview of the AES Development Effort 174 How AES Works 175 SubBytes 175 Row shift and mix columns 175 Round keys 177 Do it again 177 Other Cryptographic Algorithms 177 AES Round 1 Candidate Algorithms 178 Public Key Algorithms 179 The RSA Algorithm 179 Digital Signatures and Certificates 180 Certificates 181 Certificate Authorities 181 Government Algorithms 182 Message Authentication 183 Government Cryptographic Programs 184 NSA 184 NIST 184 Treasury 185 Cryptographic Export Restrictions 185 Summary 186 Communications and Network Security 187 What Makes Communication Secure? 188 Communications Vulnerabilities 189 Communications Threats 190 Modems 191 Networks 193 Network Terms 193 Protocols and layers 195 Some Network History 197 Network Media 198 Twisted pair cable 199 Coaxial cable 199 Fiber-optic cable 199 Microwave 200 Satellite 200 Network Security 201 Access Control Methods 202 Discretionary access control 202 Role-based access control 202 Mandatory access control 202 Auditing 203 Perimeters and Gateways 203 Security in Heterogeneous Environments 204 Encrypted Communications 204 End-to-end encryption 205 Link encryption 205 Through the Tunnel 205 VPNs for remote access 208 VPNs for internetworking 208 VPNs inside the firewall 208 VPN tunneling protocols 208 Network Security Tasks 209 Communications integrity 210 Denial of service 210 Compromise protection 211 Securing Communications 211 Internet Protocol Security (IPSec) 211 Kerberos 212 Summary 213 Part IV 215 Physical Security and Biometrics 217 Physical Security 218 Natural Disasters 219 Fire and smoke 219 Climate 219 Earthquakes and vibration 220 Water 220 Electricity 220 Lightning 221 Risk Analysis and Disaster Planning 221 Locks and Keys: Old and New 221 Types of Locks 223 Tokens 224 Challenge-Response Systems 224 Cards: Smart and Dumb 225 Biometrics 226 Retina Patterns 229 Iris Scans 230 Fingerprints 230 Handprints 231 Voice Patterns 231 Keystrokes 232 Signature and Writing Patterns 232 Gentle Reminder 232 Summary 233 Wireless Network Security 234 How We Got Here 234 Today’s Wireless Infrastructure 235 Wireless Costs 237 How Wireless Works 239 Playing the Fields 242 Keeping the Waves Inside 243 What Is This dB Stuff? 245 Why Does All This Matter? 246 Encouraging Diversity 247 Physical Layer Wireless Attacks 247 Hardening Wireless Access Points 248 The Tie That Binds 250 Sophisticated Physical Layer Attacks 251 Forced Degradation Attacks 252 Eavesdropping Attacks 253 Eavesdropping Defenses 254 Advanced Eavesdropping Attacks 255 Rogue Access Points 256 Summary 259 Part V 261 OSI Model 263 TEMPEST 266 The Problem of Emanations 266 The TEMPEST Program 267 Faraday Screens 269 Source Suppression 269 TEMPEST Standards 270 Hard As You Try 270 The Orange Book, FIPS PUBS, and the Common Criteria 272 About the Orange Book 273 Orange Book Security Concepts 274 Security policy 275 Accountability 275 Assurance 276 Documentation 277 Rating by the Book 278 Discretionary and Mandatory Access Control 280 Object Reuse 280 Labels 280 Label integrity 281 Exportation of labeled information 281 Subject sensitivity labels 283 Device labels 283 Summary of Orange Book Classes 283 D Systems: Minimal Security 283 C1 Systems: Discretionary Security Protection 283 C2 Systems: Controlled Access Protection 285 B1 Systems: Labeled Security Protection 285 B2 Systems: Structured Protection 286 B3 Systems: Security Domains 286 A1 Systems: Verified Design 287 Complaints About the Orange Book 287 FIPS by the Numbers 287 I Don’t Want You Smelling My Fish 292 Common Criteria Evaluation Assurance Levels (EALs) 293 Index 297 This is the must-have book for a must-know field. Today, general security knowledge is mandatory, and, if you who need to understand the fundamentals, __Computer Security Basics__ 2nd Edition is the book to consult. The new edition builds on the well-established principles developed in the original edition and thoroughly updates that core knowledge. For anyone involved with computer security, including security administrators, system administrators, developers, and It managers, __Computer Security Basics__ 2nd Edition offers a clear overview of the security concepts you need to know, including access controls, malicious software, security policy, cryptography, biometrics, as well as government regulations and standards. This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing. Topics include: * Computer security concepts * Security breaches, such as viruses and other malicious programs * Access controls * Security policy * Web attacks * Communications and network security * Encryption * Physical security and biometrics * Wireless network security * Computer security and requirements of the Orange Book * Osi Model and Tempest

قیمت نهایی

۴۴٬۰۰۰ تومان