Computer Security Basics. 2nd Edition Rick Lehtinen, G. T. Gangemi

Computer Security Basics. 2nd Edition Rick Lehtinen, G. T. Gangemi - okladka książki

Autorzy:: Rick Lehtinen, G. T. Gangemi
Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 312
Dostępne formaty:: ePub

Mobi

Ebook

118,15 zł ~~139,00 zł~~ (-15%)

29,90 zł najniższa cena z 30 dni

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Poleć tę książkę znajomemu Poleć tę książkę znajomemu!!

Przenieś na półkę

Do przechowalni

Zostało Ci na świąteczne zamówienie

opcje wysyłki »

This is the must-have book for a must-know field. Today, general security knowledge is mandatory, and, if you who need to understand the fundamentals, Computer Security Basics 2nd Edition is the book to consult.

The new edition builds on the well-established principles developed in the original edition and thoroughly updates that core knowledge. For anyone involved with computer security, including security administrators, system administrators, developers, and IT managers, Computer Security Basics 2nd Edition offers a clear overview of the security concepts you need to know, including access controls, malicious software, security policy, cryptography, biometrics, as well as government regulations and standards.

This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing.

Topics include:

Computer security concepts
Security breaches, such as viruses and other malicious programs
Access controls
Security policy
Web attacks
Communications and network security
Encryption
Physical security and biometrics
Wireless network security
Computer security and requirements of the Orange Book
OSI Model and TEMPEST

Wybrane bestsellery

Ebooka "Computer Security Basics. 2nd Edition" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Oceny i opinie klientów: Computer Security Basics. 2nd Edition Rick Lehtinen, G. T. Gangemi

(0)

Szczegóły książki

ISBN Ebooka:: 978-14-493-1705-8, 9781449317058
Data wydania ebooka :: 2006-06-13 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 3MB
Rozmiar pliku Mobi:: 6.2MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking
Informatyka » Hacking » Bezpieczeństwo systemów
Informatyka » Hacking » Inne
Informatyka » Hacking » Bezpieczeństwo WWW
Informatyka » Hacking » Bezpieczeństwo sieci

Dostępność produktu

Produkt nie został jeszcze oceniony pod kątem ułatwień dostępu lub nie podano żadnych informacji o ułatwieniach dostępu lub są one niewystarczające. Prawdopodobnie Wydawca/Dostawca jeszcze nie umożliwił dokonania walidacji produktu lub nie przekazał odpowiednich informacji na temat jego dostępności.

Spis treści książki

Computer Security Basics, 2nd Edition
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
  - About This Book
  - Summary of Contents
    - Part I, Security for Today
    - Part II, Computer Security
    - Part III, Communications Security
    - Part IV, Other Types of Security
    - Part V, Appendixes
  - Using Code Examples
  - Comments and Questions
  - Safari Enabled
  - Acknowledgments
- I. Security for Today
  - 1. Introduction
    - The New Insecurity
      - Who You Gonna Call?
        
        Information Sharing and Analysis Centers
        
        Vulnerable broadband
        
        No computer is an island
      - The Sorry Trail
        
        Computer crime
    - What Is Computer Security?
      - A Broader Definition of Security
      - Secrecy and Confidentiality
      - Accuracy, Integrity, and Authenticity
      - Availability
    - Threats to Security
      - Vulnerabilities
        
        Physical vulnerabilities
        
        Natural vulnerabilities
        
        Hardware and software vulnerabilities
        
        Media vulnerabilities
        
        Emanation vulnerabilities
        
        Communications vulnerabilities
        
        Human vulnerabilities
        
        Exploiting vulnerabilities
      - Threats
        
        Natural and physical threats
        
        Unintentional threats
        
        Intentional threats
        
        Insiders and outsiders
      - Countermeasures
        
        Computer security
        
        Communications security
        
        Physical security
    - Why Buy Security?
      - Government Requirements
      - Information Protection
    - Whats a User to Do?
    - Summary
  - 2. Some Security History
    - Information and Its Controls
    - Computer Security: Then and Now
    - Early Computer Security Efforts
      - Tiger Teams
      - Research and Modeling
      - Secure Systems Development
    - Building Toward Standardization
      - Standards for Secure Systems
        
        National Computer Security Center
        
        Birth of the Orange Book
      - Standards for Cryptography
      - Standards for Emanations
    - Computer Security Mandates and Legislation
      - The Balancing Act
      - Computer Fraud and Abuse Act
      - Computer Security Act
      - Searching for a Balance
      - Recent Government Security Initiatives
      - Modern Standards for Computer Security
      - GASSP and GAISP Overview
      - Privacy Considerations
    - Summary
- II. Computer Security
  - 3. Computer System Security and Access Controls
    - What Makes a System Secure?
    - System Access: Logging into Your System
      - Identification and Authentication
        
        Multifactor authentication
      - Login Processes
        
        Password Authentication Protocol
        
        Challenge Handshake Authentication Protocol (CHAP)
        
        Mutual authentication
        
        One-time password
        
        Per-session authentication
        
        Tokens
        
        Biometrics
        
        Remote access (TACACS and RADIUS)
        
        DIAMETER
        
        Kerberos
      - Passwords
        
        Protecting passwords
        
        Protecting your login and password on entry
        
        Protecting your password in storage
        
        Password attacks
      - Authorization
        
        Sensitivity labels
        
        Access models
        
        Bell-LaPadula model
        
        Biba model
      - Access Control in Practice
        
        Discretionary access control
        
        Ownership
        
        Self/group/public controls
        
        File permissions
        
        Mandatory access control
        
        Data import and export
        
        Access decisions
        
        Role-based access control
        
        Access control lists
      - Directory Services
        
        Email example
        
        About X.500
        
        Lightweight Directory Access Protocol
        
        The LDAP namespace
        
        Hierarchy
        
        LDAP storage capabilities
      - Identity Management
        
        Financial and legal pressures
    - Summary
  - 4. Viruses and Other Wildlife
    - Financial Effects of Malicious Programs
    - Viruses and Public Health
    - Viruses, Worms, and Trojans (Oh, My!)
      - Viruses
        
        The history of viruses
      - Worms
      - Trojan Horses
      - Bombs
      - Trap Doors
      - Spoofs and Masquerades
    - Who Writes Viruses?
    - Remedies
      - Firewalls
      - Antivirus
    - The Virus Hype
    - An Ounce of Prevention
    - Summary
  - 5. Establishing and Maintaining a Security Policy
    - Administrative Security
    - Overall Planning and Administration
      - Analyzing Costs and Risks
        
        What information do you have, and how important is it?
        
        How vulnerable is the information?
        
        What is the cost of losing or compromising the information?
        
        What is the cost of protecting the information?
        
        Who are you going to call?
      - Planning for Disaster
      - Setting Security Rules for Employees
      - Training Users
    - Day-to-Day Administration
      - Performing Backups
      - Hardware and Software Security Tools
      - Performing a Security Audit
    - Separation of Duties
    - Summary
  - 6. Web Attacks and Internet Vulnerabilities
    - About the Internet
      - History of Data and Voice Communications
      - Packets, Addresses, and Ports
    - What Are the Network Protocols?
      - Data Navigation Protocols
      - Data Navigation Protocol Attacks
      - Other Internet Protocols
        
        File Transfer Protocol
        
        Simple Mail Transfer Protocol
        
        SMTP and spam
        
        Domain Name Service
        
        Dynamic Host Configuration Protocol
        
        Network Address Translation
        
        Port Address Translation
    - The Fragile Web
      - How HTML Formats the Web
      - Advanced Web Services
        
        What is a script?
        
        Client-side scripting languages
        
        Server-side scripting languages
      - Web Attacks and Preventions
        
        Client-side web attacks
        
        General client-side attack preventatives
        
        Server-side web attacks
    - Summary
- III. Communications Security
  - 7. Encryption
    - Some History
    - What Is Encryption?
      - Why Encryption?
      - Transposition and Substitution Ciphers
        
        More about transposition
        
        More about substitution
      - Cryptographic Keys: Private and Public
        
        Private key cryptography
        
        Public key cryptography
      - Key Management and Distribution
      - One-Time Pad
      - End-to-End and Link Encryption
    - The Data Encryption Standard
      - What Is the DES?
      - Application of the DES
      - The Advanced Encryption Standard
      - Overview of the AES Development Effort
      - How AES Works
        
        SubBytes
        
        Row shift and mix columns
        
        Round keys
        
        Do it again
    - Other Cryptographic Algorithms
      - AES Round 1 Candidate Algorithms
      - Public Key Algorithms
      - The RSA Algorithm
      - Digital Signatures and Certificates
        
        Certificates
        
        Certificate Authorities
      - Government Algorithms
    - Message Authentication
    - Government Cryptographic Programs
      - NSA
      - NIST
      - Treasury
    - Cryptographic Export Restrictions
    - Summary
  - 8. Communications and Network Security
    - What Makes Communication Secure?
      - Communications Vulnerabilities
      - Communications Threats
    - Modems
    - Networks
      - Network Terms
        
        Protocols and layers
      - Some Network History
      - Network Media
        
        Twisted pair cable
        
        Coaxial cable
        
        Fiber-optic cable
        
        Microwave
        
        Satellite
    - Network Security
      - Access Control Methods
        
        Discretionary access control
        
        Role-based access control
        
        Mandatory access control
      - Auditing
      - Perimeters and Gateways
      - Security in Heterogeneous Environments
      - Encrypted Communications
        
        End-to-end encryption
        
        Link encryption
      - Through the Tunnel
        
        VPNs for remote access
        
        VPNs for internetworking
        
        VPNs inside the firewall
        
        VPN tunneling protocols
      - Network Security Tasks
        
        Communications integrity
        
        Denial of service
        
        Compromise protection
      - Securing Communications
        
        Internet Protocol Security (IPSec)
      - Kerberos
    - Summary
- IV. Other Types of Security
  - 9. Physical Security and Biometrics
    - Physical Security
      - Natural Disasters
        
        Fire and smoke
        
        Climate
        
        Earthquakes and vibration
        
        Water
        
        Electricity
        
        Lightning
      - Risk Analysis and Disaster Planning
    - Locks and Keys: Old and New
      - Types of Locks
      - Tokens
      - Challenge-Response Systems
      - Cards: Smart and Dumb
    - Biometrics
      - Retina Patterns
      - Iris Scans
      - Fingerprints
      - Handprints
      - Voice Patterns
      - Keystrokes
      - Signature and Writing Patterns
    - Gentle Reminder
    - Summary
  - 10. Wireless Network Security
    - How We Got Here
    - Todays Wireless Infrastructure
      - Wireless Costs
    - How Wireless Works
    - Playing the Fields
      - Keeping the Waves Inside
    - What Is This dB Stuff?
    - Why Does All This Matter?
    - Encouraging Diversity
    - Physical Layer Wireless Attacks
      - Hardening Wireless Access Points
      - The Tie That Binds
      - Sophisticated Physical Layer Attacks
      - Forced Degradation Attacks
      - Eavesdropping Attacks
      - Eavesdropping Defenses
      - Advanced Eavesdropping Attacks
      - Rogue Access Points
    - Summary
- V. Appendixes
  - A. OSI Model
  - B. TEMPEST
    - The Problem of Emanations
    - The TEMPEST Program
      - Faraday Screens
      - Source Suppression
    - TEMPEST Standards
    - Hard As You Try
  - C. The Orange Book, FIPS PUBS, and the Common Criteria
    - About the Orange Book
      - Orange Book Security Concepts
        
        Security policy
        
        Accountability
        
        Assurance
        
        Life-cycle assurance.
        
        Documentation
    - Rating by the Book
      - Discretionary and Mandatory Access Control
      - Object Reuse
      - Labels
        
        Label integrity
        
        Exportation of labeled information
        
        Subject sensitivity labels
        
        Device labels
    - Summary of Orange Book Classes
      - D Systems: Minimal Security
      - C1 Systems: Discretionary Security Protection
      - C2 Systems: Controlled Access Protection
      - B1 Systems: Labeled Security Protection
      - B2 Systems: Structured Protection
      - B3 Systems: Security Domains
      - A1 Systems: Verified Design
      - Complaints About the Orange Book
    - FIPS by the Numbers
    - I Dont Want You Smelling My Fish
      - Common Criteria Evaluation Assurance Levels (EALs)
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly