Security in Computing

Series
Prentice Hall
Author
Charles P. Pfleeger / Shari Lawrence Pfleeger / Jonathan Margulies  
Publisher
Pearson
Cover
Softcover
Edition
5
Language
English
Total pages
944
Pub.-date
January 2015
ISBN13
9780134085043
ISBN
0134085043


Product detail

Product Price CHF Available  
9780134085043
Security in Computing
140.10 approx. 7-9 days

Description

This book offers complete coverage of all aspects of computer security, including users, software, devices, operating systems, networks, law, and ethics. Reflecting rapidly evolving attacks, countermeasures, and computing environments, it introduces up-to-the-minute best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more.

Features

  • This classic text has been thoroughly updated to reflect today’s newest technologies, standards, and trends
  • Topics progress from simple and straightforward to complex and intricate
  • Easy-to-read descriptions of concepts and incidents
  • As of Oct, 2015, there are new, vastly improved PowerPoint slides for instructor use

New to this Edition

Cryptography is critical to computer security; it is an essential tool that students and professionals must know, appreciate and understand. But as with most tools, the user does not need to be a maker: using a screwdriver successfully is entirely separate from knowing how to forge the metal from which it is made. This edition will separate the use of cryptography from its underlying mathematical principles. It will introduce cryptography early in the book to provide a solid background on types of algorithms, appropriate uses of these different types, and advanced concepts such as digital signatures and cryptographic hash codes. It will also address how cryptography can fail. However, it will cover these topics without revealing the internals of cryptography; closer to the end of the book it will delve into the internals of specific algorithms. In this way, readers who want to know the details can study those (and can even read the later chapter early, out of the normal sequence), but it will not unnecessarily burden readers who, like most users, will never get closer to cryptography than an encrypt() function.

 

One strength of SiC4 has been its sidebars. Readers enjoy the brief examples of real life exploits. Fortunately, the news is full of stories of security failures, and it is important to connect these actual events to the strong pedagogy of the book. ACS, which was organized around attacks of different types, include many timely incident stories that we can pull into SiC5.


Cloud computing and mobile code and computing are not covered extensively in SiC4. Cloud computing appears as a six page interlude in ACS, but in the few years since ACS was written, the use of cloud computing has expanded, as well as the security ramifications. We intend to devote an entire chapter to cloud computing. Similarly, mobile code and mobile computing have grown. These topics appeared briefly in SiC4 and ACS, but we plan to expand mobile computing into its own chapter, as well.

 

The topic progression of SiC4 largely followed its predecessor editions, back to the first edition (1988). In 1988 networking was certainly neither as important nor pervasive as it has become. Trying to defer all coverage of network topics until Chapter 7, its position in SiC4 delays important content significantly and, perhaps more importantly, makes for a long and broad network security chapter. In 1988 readers had less direct contact with a network than now, and these readers had limited experience using a network prior to reading the book. Obviously readers in 2014 come with vastly more network exposure. This exposure is an asset: Readers now can appreciate  a network-delivered attack even before they study network security. SiC5 will take advantage of readers’ familiarity with networks, and present attacks delivered by a network-assisted attacker based on the primary source of vulnerability—software, operating system, protocol, user error—and not defer these topics to the networks chapter just because a network was involved in the attack.

 

Finally, privacy has been an important topic in the book in early editions, and its importance and coverage have grown as well. The authors will again expand the coverage of privacy, expanding on topics such as web tracking and social networking.
These additions cannot come without some pruning. Previously hot topics, such as trusted operating systems and multilevel databases, are being pared down. The authors will also reconsider topics such as economics and management which, although interesting and important, appeal to a relatively small target audience.

Table of Contents

Foreword   xix

Preface   xxv

Acknowledgments    xxxi

About the Authors    xxxiii

 

Chapter 1: Introduction   1

1.1 What Is Computer Security?   2

1.2 Threats   6

1.3 Harm   21

1.4 Vulnerabilities   28

1.5 Controls   28

1.6 Conclusion   31

1.7 What’s Next?   32

1.8 Exercises   34

 

Chapter 2: Toolbox: Authentication, Access Control, and Cryptography   36

2.1 Authentication   38

2.2 Access Control   72

2.3 Cryptography   86

2.4 Exercises   127

 

Chapter 3: Programs and Programming   131

3.1 Unintentional (Nonmalicious) Programming Oversights   133

3.2 Malicious Code—Malware   166

3.3 Countermeasures   196

 

Chapter 4: The Web—User Side   232

4.1 Browser Attacks   234

4.2 Web Attacks Targeting Users   245

4.3 Obtaining User or Website Data   260

4.4 Email Attacks   267

4.5 Conclusion   277

4.6 Exercises   278

 

Chapter 5: Operating Systems    280

5.1 Security in Operating Systems   280

5.2 Security in the Design of Operating Systems   308

5.3 Rootkit   329

5.4 Conclusion   338

5.5 Exercises   339

 

Chapter 6: Networks   341

6.1 Network Concepts  342

Part I—War on Networks: Network Security Attacks   353

6.2 Threats to Network Communications   354

6.3 Wireless Network Security   374

6.4 Denial of Service   396

6.5 Distributed Denial-of-Service   421

Part II—Strategic Defenses: Security Countermeasures   432

6.6 Cryptography in Network Security   432

6.7 Firewalls   451

6.8 Intrusion Detection and Prevention Systems   474

6.9 Network Management 489

6.10 Conclusion   496

6.11 Exercises   496

 

Chapter 7: Databases 501

7.1 Introduction to Databases   502

7.2 Security Requirements of Databases   507

7.3 Reliability and Integrity   513

7.4 Database Disclosure   518

7.5 Data Mining and Big Data   535

7.6 Conclusion   549

 

Chapter 8: Cloud Computing   551

8.1 Cloud Computing Concepts   551

8.2 Moving to the Cloud   553

8.3 Cloud Security Tools and Techniques   560

8.4 Cloud Identity Management   568

8.5 Securing IaaS   579

8.6 Conclusion   583

8.7 Exercises   584

 

Chapter 9: Privacy   586

9.1 Privacy Concepts   587

9.2 Privacy Principles and Policies   596

9.3 Authentication and Privacy   610

9.4 Data Mining   616

9.5 Privacy on the Web   619

9.6 Email Security   632

9.7 Privacy Impacts of Emerging Technologies   636

9.8 Where the Field Is Headed   644

9.9 Conclusion   645

9.10 Exercises   645

 

Chapter 10: Management and Incidents   647

10.1 Security Planning   647

10.2 Business Continuity Planning   658

10.3 Handling Incidents   662

10.4 Risk Analysis   668

10.5 Dealing with Disaster   686

10.6 Conclusion   699

10.7 Exercises   700

 

Chapter 11: Legal Issues and Ethics   702

11.1 Protecting Programs and Data   704

11.2 Information and the Law   717

11.3 Rights of Employees and Employers   725

11.4 Redress for Software Failures   728

11.5 Computer Crime   733

11.6 Ethical Issues in Computer Security   744

11.7 Incident Analysis with Ethics   750

 

Chapter 12: Details of Cryptography   768

12.1 Cryptology   769

12.2 Symmetric Encryption Algorithms   779

12.3 Asymmetric Encryption with RSA   795

12.4 Message Digests   799

12.5 Digital Signatures   802

12.6 Quantum Cryptography   807

12.7 Conclusion   811

 

Chapter 13: Emerging Topics   813

13.1 The Internet of Things   814

13.2 Economics   821

13.3 Electronic Voting   834

13.4 Cyber Warfare   841

13.5 Conclusion  850

 

Bibliography 851

 

Index   877

 

Author

Charles Pfleeger is an internationally known expert on computer and communications security. He was originally a professor at the University of Tennessee, leaving there to join computer security research and consulting companies Trusted Information Systems and Arca Systems (later Exodus Communications and Cable and Wireless). With Trusted Information Systems he was Director of European Operations and Senior Consultant. With Cable and Wireless he was Director of Research and a member of the staff of the Chief Security Officer.  He was chair of the IEEE Computer Society Technical Committee on Security and Privacy.


Shari Lawrence Pfleeger is widely known as a software engineering and computer security researcher, most recently as a Senior Computer Scientist with the Rand Corporation and as Research Director of the Institute for Information Infrastructure Protection. She is currently Editor in Chief of IEEE Security & Privacy magazine.


Jonathan Margulies is the CTO of Qmulos, a cybersecurity consulting firm. After receiving his Masters Degree in Computer Science from Cornell University, Mr. Margulies spent nine years at Sandia National Labs, researching and developing solutions to protect national security and critical infrastructure systems from advanced persistent threats. He then went on to NIST's National Cybersecurity Center of Excellence, where he worked with a variety of critical infrastructure companies to create industry-standard security architectures. In his free time, Mr. Margulies edits the “Building Security In” section of  IEEE Security & Privacy magazine.