Security in Computing - Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies

Security in Computing

Buch | Hardcover
944 Seiten
2015 | 5th Revised edition
Prentice Hall (Verlag)
978-0-13-408504-3 (ISBN)
145,44 inkl. MwSt
Zu diesem Artikel existiert eine Nachauflage
  • This classic text has been thoroughly updated to reflect today’s newest technologies, standards, and trends
  • Topics progress from simple and straightforward to complex and intricate
  • Easy-to-read descriptions of concepts and incidents

This book offers complete coverage of all aspects of computer security, including users, software, devices, operating systems, networks, law, and ethics. Reflecting rapidly evolving attacks, countermeasures, and computing environments, it introduces up-to-the-minute best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more.
The New State of the Art in Information Security: Now Covers Cloud Computing, the Internet of Things, and Cyberwarfare.

Students and IT and security professionals have long relied on Security in Computing as the definitive guide to computer security attacks and countermeasures.

Now, the authors have thoroughly updated this classic to reflect today's newest technologies, attacks, standards, and trends. Security in Computing, Fifth Edition, offers complete, timely coverage of all aspects of computer security, including users, software, devices, operating systems, networks, and data.

Reflecting rapidly evolving attacks, countermeasures, and computing environments, this new edition introduces best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more. More than two hundred end-of-chapter exercises help the student to solidify lessons learned in each chapter. Combining breadth, depth, and exceptional clarity, this comprehensive guide builds carefully from simple to complex topics, so you always understand all you need to know before you move forward.

You'll start by mastering the field's basic terms, principles, and concepts. Next, you'll apply these basics in diverse situations and environments, learning to "think like an attacker" and identify exploitable weaknesses. Then you will switch to defense, selecting the best available solutions and countermeasures. Finally, you'll go beyond technology to understand crucial management issues in protecting infrastructure and data.

New coverage includes
  • A full chapter on securing cloud environments and managing their unique risks
  • Extensive new coverage of security issues associated with user-web interaction
  • New risks and techniques for safeguarding the Internet of Things
  • A new primer on threats to privacy and how to guard it
  • An assessment of computers and cyberwarfare-recent attacks and emerging risks
  • Security flaws and risks associated with electronic voting systems

Charles Pfleeger is an internationally known expert on computer and communications security. He was originally a professor at the University of Tennessee, leaving there to join computer security research and consulting companies Trusted Information Systems and Arca Systems (later Exodus Communications and Cable and Wireless). With Trusted Information Systems he was Director of European Operations and Senior Consultant. With Cable and Wireless he was Director of Research and a member of the staff of the Chief Security Officer. He was chair of the IEEE Computer Society Technical Committee on Security and Privacy.

Shari Lawrence Pfleeger is widely known as a software engineering and computer security researcher, most recently as a Senior Computer Scientist with the Rand Corporation and as Research Director of the Institute for Information Infrastructure Protection. She is currently Editor in Chief of IEEE Security & Privacy magazine.

Jonathan Margulies is the CTO of Qmulos, a cybersecurity consulting firm. After receiving his Masters Degree in Computer Science from Cornell University, Mr. Margulies spent nine years at Sandia National Labs, researching and developing solutions to protect national security and critical infrastructure systems from advanced persistent threats. He then went on to NIST's National Cybersecurity Center of Excellence, where he worked with a variety of critical infrastructure companies to create industry-standard security architectures. In his free time, Mr. Margulies edits the "Building Security In" section of IEEE Security & Privacy magazine.

Foreword xix

Preface xxv

Acknowledgments xxxi

About the Authors xxxiii



Chapter 1: Introduction 1

1.1 What Is Computer Security? 2

1.2 Threats 6

1.3 Harm 21

1.4 Vulnerabilities 28

1.5 Controls 28

1.6 Conclusion 31

1.7 What’s Next? 32

1.8 Exercises 34



Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 36

2.1 Authentication 38

2.2 Access Control 72

2.3 Cryptography 86

2.4 Exercises 127



Chapter 3: Programs and Programming 131

3.1 Unintentional (Nonmalicious) Programming Oversights 133

3.2 Malicious Code—Malware 166

3.3 Countermeasures 196



Chapter 4: The Web—User Side 232

4.1 Browser Attacks 234

4.2 Web Attacks Targeting Users 245

4.3 Obtaining User or Website Data 260

4.4 Email Attacks 267

4.5 Conclusion 277

4.6 Exercises 278



Chapter 5: Operating Systems 280

5.1 Security in Operating Systems 280

5.2 Security in the Design of Operating Systems 308

5.3 Rootkit 329

5.4 Conclusion 338

5.5 Exercises 339



Chapter 6: Networks 341

6.1 Network Concepts 342

Part I—War on Networks: Network Security Attacks 353

6.2 Threats to Network Communications 354

6.3 Wireless Network Security 374

6.4 Denial of Service 396

6.5 Distributed Denial-of-Service 421

Part II—Strategic Defenses: Security Countermeasures 432

6.6 Cryptography in Network Security 432

6.7 Firewalls 451

6.8 Intrusion Detection and Prevention Systems 474

6.9 Network Management 489

6.10 Conclusion 496

6.11 Exercises 496



Chapter 7: Databases 501

7.1 Introduction to Databases 502

7.2 Security Requirements of Databases 507

7.3 Reliability and Integrity 513

7.4 Database Disclosure 518

7.5 Data Mining and Big Data 535

7.6 Conclusion 549



Chapter 8: Cloud Computing 551

8.1 Cloud Computing Concepts 551

8.2 Moving to the Cloud 553

8.3 Cloud Security Tools and Techniques 560

8.4 Cloud Identity Management 568

8.5 Securing IaaS 579

8.6 Conclusion 583

8.7 Exercises 584



Chapter 9: Privacy 586

9.1 Privacy Concepts 587

9.2 Privacy Principles and Policies 596

9.3 Authentication and Privacy 610

9.4 Data Mining 616

9.5 Privacy on the Web 619

9.6 Email Security 632

9.7 Privacy Impacts of Emerging Technologies 636

9.8 Where the Field Is Headed 644

9.9 Conclusion 645

9.10 Exercises 645



Chapter 10: Management and Incidents 647

10.1 Security Planning 647

10.2 Business Continuity Planning 658

10.3 Handling Incidents 662

10.4 Risk Analysis 668

10.5 Dealing with Disaster 686

10.6 Conclusion 699

10.7 Exercises 700



Chapter 11: Legal Issues and Ethics 702

11.1 Protecting Programs and Data 704

11.2 Information and the Law 717

11.3 Rights of Employees and Employers 725

11.4 Redress for Software Failures 728

11.5 Computer Crime 733

11.6 Ethical Issues in Computer Security 744

11.7 Incident Analysis with Ethics 750



Chapter 12: Details of Cryptography 768

12.1 Cryptology 769

12.2 Symmetric Encryption Algorithms 779

12.3 Asymmetric Encryption with RSA 795

12.4 Message Digests 799

12.5 Digital Signatures 802

12.6 Quantum Cryptography 807

12.7 Conclusion 811



Chapter 13: Emerging Topics 813

13.1 The Internet of Things 814

13.2 Economics 821

13.3 Electronic Voting 834

13.4 Cyber Warfare 841

13.5 Conclusion 850



Bibliography 851



Index 877

New to this Edition: Cryptography is critical to computer security; it is an essential tool that students and professionals must know, appreciate and understand. But as with most tools, the user does not need to be a maker: using a screwdriver successfully is entirely separate from knowing how to forge the metal from which it is made. This edition will separate the use of cryptography from its underlying mathematical principles. It will introduce cryptography early in the book to provide a solid background on types of algorithms, appropriate uses of these different types, and advanced concepts such as digital signatures and cryptographic hash codes. It will also address how cryptography can fail. However, it will cover these topics without revealing the internals of cryptography; closer to the end of the book it will delve into the internals of specific algorithms. In this way, readers who want to know the details can study those (and can even read the later chapter early, out of the normal sequence), but it will not unnecessarily burden readers who, like most users, will never get closer to cryptography than an encrypt() function. One strength of SiC4 has been its sidebars. Readers enjoy the brief examples of real life exploits. Fortunately, the news is full of stories of security failures, and it is important to connect these actual events to the strong pedagogy of the book. ACS, which was organized around attacks of different types, include many timely incident stories that we can pull into SiC5. Cloud computing and mobile code and computing are not covered extensively in SiC4. Cloud computing appears as a six page interlude in ACS, but in the few years since ACS was written, the use of cloud computing has expanded, as well as the security ramifications. We intend to devote an entire chapter to cloud computing. Similarly, mobile code and mobile computing have grown. These topics appeared briefly in SiC4 and ACS, but we plan to expand mobile computing into its own chapter, as well. The topic progression of SiC4 largely followed its predecessor editions, back to the first edition (1988). In 1988 networking was certainly neither as important nor pervasive as it has become. Trying to defer all coverage of network topics until Chapter 7, its position in SiC4 delays important content significantly and, perhaps more importantly, makes for a long and broad network security chapter. In 1988 readers had less direct contact with a network than now, and these readers had limited experience using a network prior to reading the book. Obviously readers in 2014 come with vastly more network exposure. This exposure is an asset: Readers now can appreciate a network-delivered attack even before they study network security. SiC5 will take advantage of readers’ familiarity with networks, and present attacks delivered by a network-assisted attacker based on the primary source of vulnerability—software, operating system, protocol, user error—and not defer these topics to the networks chapter just because a network was involved in the attack. Finally, privacy has been an important topic in the book in early editions, and its importance and coverage have grown as well. The authors will again expand the coverage of privacy, expanding on topics such as web tracking and social networking. These additions cannot come without some pruning. Previously hot topics, such as trusted operating systems and multilevel databases, are being pared down. The authors will also reconsider topics such as economics and management which, although interesting and important, appeal to a relatively small target audience.

Erscheint lt. Verlag 19.2.2015
Verlagsort Upper Saddle River
Sprache englisch
Maße 179 x 240 mm
Gewicht 1282 g
Einbandart gebunden
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Schlagworte Computersicherheit • Kryptographie
ISBN-10 0-13-408504-3 / 0134085043
ISBN-13 978-0-13-408504-3 / 9780134085043
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Wie bewerten Sie den Artikel?
Bitte geben Sie Ihre Bewertung ein:
Bitte geben Sie Daten ein:
Mehr entdecken
aus dem Bereich
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel …

Buch (2022)
Hanser, Carl (Verlag)
69,99