Computer and Information Security Handbook -- Hardback (2 Rev ed)
[Book Description]
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.Features include: chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise; comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints and presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions.
[Table of Contents]
Foreword xix
Preface xx
Acknowledgments xxv
About the Editor xxvi
Contributors xxvii
Part I Overview of System and Network 1 (376)
Security: A Comprehensive Introduction
1 Building a Secure Organization 3 (22)
John Mallery
1 Obstacles to Security 3 (1)
2 Computers are Powerful and Complex 3 (1)
3 Current Trend is to Share, Not Protect 4 (2)
4 Security isn't about Hardware and 6 (2)
Software
5 Ten Steps to Building a Secure 8 (13)
Organization
6 Preparing for the Building of Security 21 (1)
Control Assessments
7 Summary 22 (3)
Chapter Review Questions/Exercises 23 (1)
Exercise 24 (1)
2 A Cryptography Primer 25 (22)
Scott R. Ellis
1 What is Cryptography? What is 26 (1)
Encryption?
2 Famous Cryptographic Devices 26 (1)
3 Ciphers 27 (6)
4 Modern Cryptography 33 (5)
5 The Computer Age 38 (3)
6 How AES Works 41 (3)
7 Selecting Cryptography: the Process 44 (1)
8 Summary 45 (2)
Chapter Review Questions/Exercises 45 (1)
Exercise 46 (1)
3 Detecting System Intrusions 47 (16)
Almantas Kakareka
1 Introduction 47 (1)
2 Monitoring Key Files in the System 47 (1)
3 Security Objectives 48 (3)
4 Oday Attacks 51 (1)
5 Good Known State 52 (1)
6 Rootkits 53 (1)
7 Low Hanging Fruit 54 (1)
8 Antivirus Software 55 (1)
9 Homegrown Intrusion Detection 55 (1)
10 Full-Packet Capture Devices 55 (2)
11 Out-of-Band Attack Vectors 57 (1)
12 Security Awareness Training 58 (1)
13 Data Correlation 58 (1)
14 SIEM 59 (1)
15 Other Weird Stuff on the System 59 (1)
16 Detection 60 (1)
17 Network-Based Detection of System 60 (1)
Intrusions (DSIs)
18 Summary 61 (2)
Chapter Review Questions/Exercises 62 (1)
Exercise 62 (1)
References 62 (1)
4 Preventing System Intrusions 63 (18)
Michael West
1 So, What is an Intrusion? 64 (1)
2 Sobering Numbers 64 (1)
3 Know Your Enemy: Hackers versus Crackers 65 (1)
4 Motives 66 (1)
5 The Crackers' Tools of the Trade 66 (1)
6 Bots 67 (1)
7 Symptoms of Intrusions 68 (1)
8 What Can You Do? 69 (2)
9 Security Policies 71 (1)
10 Risk Analysis 72 (1)
11 Tools of Your Trade 73 (2)
12 Controlling User Access 75 (2)
13 Intrusion Prevention Capabilities 77 (1)
14 Summary 77 (1)
Chapter Review Questions/Exercises 78 (1)
Exercise 78 (3)
5 Guarding Against Network Intrusions 81 (16)
Thomas M. Chen
Patrick J. Walsh
1 Traditional Reconnaissance and Attacks 81 (3)
2 Malicious Software 84 (2)
3 Defense in Depth 86 (1)
4 Preventive Measures 87 (4)
5 Intrusion Monitoring and Detection 91 (2)
6 Reactive Measures 93 (1)
7 Network-Based Intrusion Protection 94 (1)
8 Summary 94 (1)
Chapter Review Questions/Exercises 94 (1)
Exercise 95 (2)
6 Securing Cloud Computing Systems 97 (28)
Cem Gurkok
1 Cloud Computing Essentials: Examining 97 (6)
the Cloud Layers
2 Software as a Service (SaaS): Managing 103 (1)
Risks in the Cloud
3 Platform as a Service (PaaS): Securing 104 (3)
the Platform
4 Infrastructure as a Service (laaS) 107 (5)
5 Leveraging Provider-Specific Security 112 (1)
Options
6 Achieving Security in a Private Cloud 113 (4)
7 Meeting Compliance Requirements 117 (3)
8 Preparing for Disaster Recovery 120 (2)
9 Summary 122 (1)
Chapter Review Questions/Exercises 122 (1)
Exercise 122 (3)
References 123 (2)
7 Fault Tolerance and Resilience in Cloud 125 (18)
Computing Environments
Ravi Jhawar
Vincenzo Piuri
1 Introduction 125 (1)
2 Cloud Computing Fault Model 126 (2)
3 Basic Concepts on Fault Tolerance 128 (2)
4 Different Levels of Fault Tolerance in 130 (1)
Cloud Computing
5 Fault Tolerance against Crash Failures 131 (1)
in Cloud Computing
6 Fault Tolerance against Byzantine 132 (2)
Failures in Cloud Computing
7 Fault Tolerance as a Service in Cloud 134 (5)
Computing
8 Summary 139 (1)
Chapter Review Questions/Exercises 139 (1)
Exercise 140 (3)
Acknowledgments 140 (1)
References 140 (3)
8 Securing Web Applications, Services, and 143 (22)
Servers
Gerald Beuchelt
1 Setting the Stage 143 (1)
2 Basic Security for HTTP Applications 144 (2)
and Services
3 Basic Security for SOAP Services 146 (3)
4 Identity Management and Web Services 149 (5)
5 Authorization Patterns 154 (1)
6 Security Considerations 155 (5)
7 Challenges 160 (1)
8 Summary 160 (2)
Chapter Review Questions/Exercises 162 (1)
Exercise 162 (3)
9 Unix and Linux Security 165 (18)
Gerald Beuchelt
1 Unix and Security 165 (1)
2 Basic Unix Security Overview 166 (3)
3 Achieving Unix Security 169 (1)
4 Protecting User Accounts and 170 (3)
Strengthening Authentication
5 Limiting Superuser Privileges 173 (1)
6 Securing Local and Network File Systems 174 (2)
7 Network Configuration 176 (2)
8 Improving the Security of Linux and 178 (1)
Unix Systems
9 Additional Resources 178 (2)
10 Summary 180 (1)
Chapter Review Questions/Exercises 180 (1)
Exercise 181 (2)
10 Eliminating the Security Weakness of 183 (14)
Linux and Unix Operating Systems
Mario Santana
1 Introduction to Linux and Unix 183 (4)
2 Hardening Linux and Unix 187 (7)
3 Proactive Defense for Linux and Unix 194 (2)
4 Summary 196 (1)
Chapter Review Questions/Exercises 196 (1)
Exercise 196 (1)
11 Internet Security 197 (26)
Jesse Walker
1 Internet Protocol Architecture 197 (7)
2 An Internet Threat Model 204 (5)
3 Defending against Attacks on the 209 (12)
internet
4 Internet Security Checklist 221 (1)
5 Summary 221 (1)
Chapter Review Questions/Exercises 222 (1)
Exercise 222 (1)
12 The Botnet Problem 223 (16)
Daniel Ramsbrock
Xinyuan Wang
1 Introduction 223 (1)
2 Botnet Overview 224 (2)
3 Typical Bot Life Cycle 226 (1)
4 The Botnet Business Model 227 (1)
5 Botnet Defense 228 (4)
6 Botmaster Traceback 232 (3)
7 Preventing Botnets 235 (1)
8 Summary 236 (1)
Chapter Review Questions/Exercises 236 (2)
Exercise 238 (1)
13 Intranet Security 239 (24)
Bill Mansoor
1 Smartphones and Tablets in the Intranet 242 (3)
2 Security Considerations 245 (2)
3 Plugging the Gaps: NAC and Access 247 (1)
Control
4 Measuring Risk: Audits 248 (2)
5 Guardian at the Gate: Authentication 250 (1)
and Encryption
6 Wireless Network Security 250 (1)
7 Shielding the Wire: Network Protection 251 (2)
8 Weakest Link in Security: User Training 253 (1)
9 Documenting the Network: Change 253 (1)
Management
10 Rehearse the Inevitable: Disaster 254 (2)
Recovery
11 Controlling Hazards: Physical and 256 (1)
Environmental Protection
12 Know Your Users: Personnel Security 257 (1)
13 Protecting Data Flow: Information and 258 (1)
System Integrity
14 Security Assessments 258 (1)
15 Risk Assessments 259 (1)
16 Intranet Security Implementation 260 (1)
Process Checklist
17 Summary 260 (1)
Chapter Review Questions/Exercises 260 (1)
Exercise 261 (2)
14 Local Area Network Security 263 (22)
Dr. Pramod Pandya
1 Identify Network Threats 264 (1)
2 Establish Network Access Controls 264 (1)
3 Risk Assessment 265 (1)
4 Listing Network Resources 265 (1)
5 Threats 265 (1)
6 Security Policies 265 (1)
7 The Incident-Handling Process 266 (1)
8 Secure Design Through Network Access 266 (1)
Controls
9 IDS Defined 267 (1)
10 NIDs: Scope and Limitations 267 (1)
11 A Practical Illustration of NIDS 268 (2)
12 Firewalls 270 (4)
13 Dynamic NAT Configuration 274 (1)
14 The Perimeter 274 (1)
15 Access List Details 275 (1)
16 Types of Firewalls 276 (1)
17 Packet Filtering: IP Filtering Routers 276 (1)
18 Application-Layer Firewalls: Proxy 276 (1)
Servers
19 Stateful Inspection Firewalls 277 (1)
20 NIDs Complements Firewalls 277 (1)
21 Monitor and Analyze System Activities 277 (1)
22 Signature Analysis 278 (1)
23 Statistical Analysis 278 (1)
24 Signature Algorithms 278 (3)
25 Local Area Network Security 281 (1)
Countermeasures Implementation Checklist
26 Summary 281 (1)
Chapter Review Questions/Exercises 282 (1)
Exercise 282 (3)
15 Wireless Network Security 285 (16)
Chunming Rong
Gansen Zhao
Liang Yan
Erdal Cayirci
Hongbing Cheng
1 Cellular Networks 286 (1)
2 Wireless Ad hoc Networks 287 (1)
3 Security Protocols 288 (1)
4 WEP 288 (3)
5 Secure Routing 291 (2)
6 ARAN 293 (1)
7 SLSP 293 (1)
8 Key Establishment 294 (1)
9 ING 295 (2)
10 Management Countermeasures 297 (1)
11 Summary 298 (1)
Chapter Review Questions/Exercises 298 (1)
Exercise 299 (2)
References 299 (2)
16 Wireless Sensor Network Security 301 (22)
Harsh Kupwade Path
Thomas M. Chen
1 Introduction to the Wireless Sensor 301 (3)
Network (WSN)
2 Threats to Privacy 304 (4)
3 Security Measures for WSN 308 (6)
4 Secure Routing in WSN 314 (1)
5 Routing Classifications in WSN 314 (6)
6 WSN Security Framework and Standards 320 (1)
7 Summary 320 (1)
Chapter Review Questions/Exercises 320 (1)
Exercise 321 (2)
References 321 (2)
17 Cellular Network Security 323 (22)
Peng Liu
Thomas F. La Porta
Kameswari Kotapati
1 Introduction 323 (1)
2 Overview of Cellular Networks 323 (3)
3 The State of the Art of Cellular 326 (2)
Network Security
4 Cellular Network Attack Taxonomy 328 (6)
5 Cellular Network Vulnerability Analysis 334 (7)
6 Summary 341 (1)
Chapter Review Questions/Exercises 342 (1)
Exercise 342 (3)
References 343 (2)
18 RFID Security 345 (18)
Chunming Rong
Gansen Zhao
Liang Yan
Erdal Cayirci
Hongbing Cheng
1 RFID Introduction 345 (4)
2 RFID Challenges 349 (4)
3 RFID Protections 353 (6)
4 Summary 359 (1)
Chapter Review Questions/Exercises 359 (1)
Exercise 359 (4)
References 360 (3)
19 Optical Network Security 363 (8)
Lauren Collins
1 Optical Networks 363 (3)
2 Securing Optical Networks 366 (1)
3 Identifying Vulnerabilities 367 (1)
4 Corrective Actions 368 (1)
5 Summary 369 (1)
Chapter Review Questions/Exercises 369 (1)
Exercise 370 (1)
References 370 (1)
20 Optical Wireless Security 371 (6)
Scott R. Ellis
1 Optical Wireless Systems Overview 371 (1)
2 Deployment Architectures 372 (1)
3 High Bandwidth 373 (1)
4 Low Cost 373 (1)
5 Implementation 373 (1)
6 Surface Area 373 (2)
7 Summary 375 (1)
Chapter Review Questions/Exercises 375 (1)
Exercise 376 (1)
Part II Managing Information Security 377 (190)
21 Information Security Essentials for IT 379 (30)
Managers: Protecting Mission-Critical
Systems
Albert Caballero
1 Information Security Essentials for IT 379 (6)
Managers, Overview
2 Protecting Mission-Critical Systems 385 (4)
3 Information Security from the Ground Up 389 (13)
4 Security Monitoring and Effectiveness 402 (3)
5 Summary 405 (1)
Chapter Review Questions/Exercises 406 (1)
Exercise 407 (2)
22 Security Management Systems 409 (6)
James T. Harmening
1 Security Management System Standards 409 (1)
2 Training Requirements 409 (1)
3 Principles of Information Security 410 (1)
4 Roles and Responsibilities of Personnel 410 (1)
5 Security Policies 410 (1)
6 Security Controls 411 (1)
7 Network Access 411 (1)
8 Risk Assessment 411 (1)
9 Incident Response 411 (2)
10 Summary 413 (1)
Chapter Review Questions/Exercises 413 (1)
Exercise 413 (2)
23 Policy-driven System Management 415 (34)
Henrik Plate
Cataldo Basile
Stefano Paraboschi
1 Introduction 415 (1)
2 Security and Policy-based Management 415 (6)
3 Classification and Languages 421 (9)
4 Controls for Enforcing Security 430 (5)
Policies in Distributed Systems
5 Products and Technologies 435 (4)
6 Research Projects 439 (6)
7 Summary 445 (1)
Chapter Review Questions/Exercises 446 (1)
Exercise 446 (3)
Acknowledgments 446 (1)
References 447 (2)
24 Information Technology Security 449 (10)
Management
Rahul Bhaskar
Bhushan Kapoor
1 Information Security Management 449 (1)
Standards
2 Other Organizations Involved in 450 (1)
Standards
3 Information Technology Security Aspects 450 (4)
4 Summary 454 (4)
Chapter Review Questions/Exercises 458 (1)
Exercise 458 (1)
25 Online Identity and User Management 459 (26)
Services
Tewfiq El Maliki
Jean-Marc Seigneur
1 Introduction 459 (1)
2 Evolution of Identity Management 459 (4)
Requirements
3 The Requirements Fulfilled by Identity 463 (1)
Management Technologies
4 Identity Management 1.0 463 (12)
5 Social Login and User Management 475 (2)
6 Identity 2.0 for Mobile Users 477 (5)
7 Summary 482 (1)
Chapter Review Questions/Exercises 482 (1)
Exercise 483 (2)
References 483 (2)
26 Intrusion Prevention and Detection 485 (14)
Systems
Christopher Day
1 What is an `Intrusion' Anyway? 485 (1)
2 Physical Theft 485 (1)
3 Abuse of Privileges (The Insider Threat) 485 (1)
4 Unauthorized Access by Outsider 486 (1)
5 Malware Infection 486 (1)
6 The Role of the `0-Day' 487 (1)
7 The Rogue's Gallery: Attackers and 487 (1)
Motives
8 A Brief Introduction to TCP/IP 488 (1)
9 The TCP/IP Data Architecture and Data 489 (2)
Encapsulation
10 Survey of Intrusion Detection and 491 (1)
Prevention Technologies
11 Anti-Malware Software 492 (1)
12 Network-Based Intrusion Detection 493 (1)
Systems
13 Network-Based Intrusion Prevention 494 (1)
Systems
14 Host-Based Intrusion Prevention Systems 494 (1)
15 Security Information Management Systems 495 (1)
16 Network Session Analysis 495 (1)
17 Digital Forensics 496 (1)
18 System Integrity Validation 496 (1)
19 Summary 497 (1)
Chapter Review Questions/Exercises 497 (1)
Exercise 498 (1)
References 498 (1)
27 TCP/IP Packet Analysis 499 (14)
Pramod Pandya
1 The Internet Model 499 (12)
2 Summary 511 (1)
Chapter Review Questions/Exercises 511 (1)
Exercise 512 (1)
28 The Enemy (The Intruder's Genesis) 513 (12)
Dr. Pramod Pandya
1 Introduction 513 (1)
2 Active Reconnaissance 514 (4)
3 Enumeration 518 (1)
4 Penetration and Gain Access 518 (3)
5 Maintain Access 521 (1)
6 Defend Network Against Unauthorized 522 (1)
Access
7 Summary 522 (1)
Chapter Review Questions/Exercises 523 (1)
Exercise 524 (1)
29 Firewalls (online chapter) 525 (2)
Dr. Errin W. Fulp
30 Penetration Testing 527 (14)
Sanjay Bavisi
1 Introduction 527 (1)
2 What is Penetration Testing? 527 (1)
3 How Does Penetration Testing Differ 528 (1)
from an Actual "Hack?"
4 Types of Penetration Testing 529 (1)
5 Phases of Penetration Testing 530 (2)
6 Defining What's Expected 532 (1)
7 The Need for a Methodology 532 (1)
8 Penetration Testing Methodologies 533 (1)
9 Methodology in Action 533 (3)
10 Penetration Testing Risks 536 (1)
11 Liability Issues 536 (1)
12 Legal Consequences 536 (1)
13 "Get Out of Jail Free" Card 537 (1)
14 Penetration Testing Consultants 537 (1)
15 Required Skill Sets 538 (1)
16 Accomplishments 538 (1)
17 Hiring a Penetration Tester 538 (1)
18 Why Should a Company Hire You? 539 (1)
19 Summary 539 (1)
Chapter Review Questions/Exercises 540 (1)
Exercise 540 (1)
31 What is Vulnerability Assessment? 541 (12)
Almantas Kakareka
1 Introduction 541 (1)
2 Reporting 541 (1)
3 The "It Won't Happen to US" Factor 542 (1)
4 Why Vulnerability Assessment? 542 (1)
5 Penetration Testing Versus 542 (1)
Vulnerability Assessment
6 Vulnerability Assessment Goal 543 (1)
7 Mapping the Network 543 (1)
8 Selecting the Right Scanners 544 (1)
9 Central Scans Versus Local Scans 545 (1)
10 Defense in Depth Strategy 546 (1)
11 Vulnerability Assessment Tools 546 (1)
12 SARA 547 (1)
13 SAINT 547 (1)
14 MBSA 547 (1)
15 Scanner Performance 547 (1)
16 Scan Verification 547 (1)
17 Scanning Cornerstones 547 (1)
18 Network Scanning Countermeasures 547 (1)
19 Vulnerability Disclosure Date 548 (1)
20 Proactive Security Versus Reactive 549 (1)
Security
21 Vulnerability Causes 550 (1)
22 DIY Vulnerability Assessment 551 (1)
23 Summary 551 (1)
Chapter Review Questions/Exercises 551 (1)
Exercise 552 (1)
32 Security Metrics: An Introduction and 553 (14)
Literature Review
George O.M. Yee
1 Introduction 553 (1)
2 Why Security Metrics? 554 (1)
3 The Nature of Security Metrics 555 (3)
4 Getting Started with Security Metrics 558 (1)
5 Metrics in Action--Towards an 559 (1)
Intelligent Security Dashboard
6 Security Metrics in the Literature 559 (5)
7 Summary 564 (1)
Chapter Review Questions/Exercises 565 (1)
Exercise 565 (2)
References 566 (1)
Part III Cyber, Network, and Systems 567 (94)
Forensics Security and Assurance
33 Cyber Forensics 569 (32)
Scott R. Ellis
1 What is Cyber Forensics? 569 (1)
2 Analysis of Data 570 (2)
3 Cyber Forensics in the Court System 572 (1)
4 Understanding Internet History 573 (1)
5 Temporary Restraining Orders and Labor 574 (12)
Disputes
6 First Principles 586 (1)
7 Hacking a Windows XP Password 586 (2)
8 Network Analysis 588 (2)
9 Cyber Forensics Applied 590 (1)
10 Tracking, Inventory, Location of 590 (2)
Files, Paperwork, Backups, and so on
11 Testifying as an Expert 592 (3)
12 Beginning to End in Court 595 (3)
13 Summary 598 (1)
Chapter Review Questions/Exercises 598 (1)
Exercise 599 (2)
34 Cyber Forensics and Incident Response 601 (22)
Cem Gurkok
1 Introduction to Cyber Forensics 601 (1)
2 Handling Preliminary Investigations 602 (2)
3 Controlling an Investigation 604 (1)
4 Conducting Disk-Based Analysis 605 (3)
5 Investigating Information-Hiding 608 (3)
Techniques
6 Scrutinizing Email 611 (1)
7 Validating Email Header Information 612 (1)
8 Tracing Internet Access 613 (2)
9 Searching Memory in Real Time 615 (5)
10 Summary 620 (1)
Chapter Review Questions/Exercises 620 (1)
Exercise 621 (2)
References 621 (2)
35 Securing e-Discovery 623 (26)
Scott R. Ellis
1 Information Management 625 (1)
2 Legal and Regulatory Obligation 626 (21)
3 Summary 647 (1)
Chapter Review Questions/Exercises 648 (1)
Exercise 648 (1)
36 Network Forensics 649 (12)
Yong Guan
1 Scientific Overview 649 (1)
2 The Principles of Network Forensics 649 (2)
3 Attack Traceback and Attribution 651 (5)
4 Critical Needs Analysis 656 (1)
5 Research Directions 657 (1)
6 Summary 658 (2)
Chapter Review Questions/Exercises 660 (1)
Exercise 660 (1)
Part IV Encryption Technology 661 (76)
37 Data Encryption 663 (26)
Dr. Bhushan Kapoor
Dr. Pramod Pandya
1 Need for Cryptography 663 (1)
2 Mathematical Prelude to Cryptography 664 (1)
3 Classical Cryptography 664 (3)
4 Modern Symmetric Ciphers 667 (2)
5 Algebraic Structure 669 (3)
6 The Internal Functions of Rijndael in 672 (4)
AES Implementation
7 Use of Modern Block Ciphers 676 (1)
8 Public-Key Cryptography 677 (3)
9 Cryptanalysis of RSA 680 (1)
10 Diffie-Hellman Algorithm 681 (1)
11 Elliptic Curve Cryptosystems 682 (1)
12 Message Integrity and Authentication 683 (2)
13 Triple Data Encryption Algorithm 685 (1)
(TDEA) Block Cipher
14 Summary 686 (1)
Chapter Review Questions/Exercises 686 (1)
Exercise 686 (3)
References 687 (2)
38 Satellite Encryption 689 (14)
Daniel S. Soper
1 Introduction 689 (1)
2 The Need for Satellite Encryption 690 (1)
3 Implementing Satellite Encryption 691 (4)
4 Pirate Decryption of Satellite 695 (2)
Transmissions
5 Satellite Encryption Policy 697 (1)
6 Satellite Encryption Service 698 (1)
7 The Future of Satellite Encryption 699 (1)
8 Summary 699 (1)
Chapter Review Questions/Exercises 700 (1)
Exercise 701 (2)
39 Public Key Infrastructure (online 703 (2)
chapter)
Terence Spies
40 Password-based Authenticated Key 705 (16)
Establishment Protocols
Jean Lancrenon
Dalia Khader
Peter Y.A. Ryan
Feng Hao
1 Introduction to Key Exchange 705 (4)
2 Password-Authenticated Key Exchange 709 (2)
3 Concrete Protocols 711 (7)
4 Summary 718 (1)
Chapter Review Questions/Exercises 718 (1)
Exercise 719 (2)
References 719 (2)
41 Instant-Messaging Security 721 (16)
Samuel J.J. Curry
1 Why Should I Care about Instant 721 (1)
Messaging?
2 What is Instant Messaging? 721 (1)
3 The Evolution of Networking Technologies 722 (1)
4 Game Theory and Instant Messaging 723 (2)
5 The Nature of the Threat 725 (4)
6 Common IM Applications 729 (1)
7 Defensive Strategies 730 (1)
8 Instant-Messaging Security Maturity and 730 (2)
Solutions
9 Processes 732 (1)
10 Summary 732 (2)
Chapter Review Questions/Exercises 734 (1)
Exercise 735 (2)
Part V Privacy and Access Management 737 (150)
42 Privacy on the Internet 739 (16)
Marco Cremonini
Chiara Braghin
Claudio Agostino Ardagna
1 Privacy in the Digital Society 739 (3)
2 The Economics of Privacy 742 (2)
3 Privacy-Enhancing Technologies 744 (3)
4 Network Anonymity 747 (3)
5 Summary 750 (1)
Chapter Review Questions/Exercises 750 (1)
Exercise 751 (4)
References 751 (4)
43 Privacy-Enhancing Technologies 755 (18)
Simone Fischer-Hbner
Stefan Berthold
1 The Concept of Privacy 755 (1)
2 Legal Privacy Principles 756 (1)
3 Classification of PETs 757 (1)
4 Traditional Privacy Goals of PETs 758 (1)
5 Privacy Metrics 758 (2)
6 Data Minimization Technologies 760 (7)
7 Transparency-Enhancing Tools 767 (3)
8 Summary 770 (1)
Chapter Review Questions/Exercises 770 (1)
Exercise 771 (2)
References 771 (2)
44 Personal Privacy Policies 773 (20)
George O.M. Yee
Larry Korba
1 Introduction 773 (1)
2 Content of Personal Privacy Policies 774 (2)
3 Semiautomated Derivation of Personal 776 (3)
Privacy Policies
4 Specifying Well-Formed Personal Privacy 779 (3)
Policies
5 Preventing Unexpected Negative Outcomes 782 (2)
6 The Privacy Management Model 784 (4)
7 Discussion and Related Work 788 (3)
8 Summary 791 (1)
Chapter Review Questions/Exercises 791 (1)
Exercise 792 (1)
45 Detection of Conflicts in Security 793 (20)
Policies
Cataldo Basile
Matteo Maria Casalino
Simone Mutti
Stefano Paraboschi
1 Introduction 793 (1)
2 Conflicts in Security Policies 793 (4)
3 Conflicts in Executable Security 797 (3)
Policies
4 Conflicts in Network Security Policies 800 (1)
5 Query-Based Conflict Detection 801 (6)
6 Semantic Web Technology for Conflict 807 (3)
Detection
7 Summary 810 (1)
Chapter Review Questions/Exercises 810 (1)
Exercise 811 (2)
Acknowledgments 811 (1)
References 811 (2)
46 Supporting User Privacy Preferences in 813 (22)
Digital Interactions
Sara Foresti
Pierangela Samarati
1 Introduction 813 (1)
2 Basic Concepts and Desiderata 814 (4)
3 Cost-Sensitive Trust Negotiation 818 (2)
4 Point-Based Trust Management 820 (2)
5 Logical-Based Minimal Credential 822 (3)
Disclosure
6 Privacy Preferences in Credential-Based 825 (4)
Interactions
7 Fine-Grained Disclosure of Sensitive 829 (3)
Access Policies
8 Open Issues 832 (1)
9 Summary 832 (1)
Chapter Review Questions/Exercises 832 (1)
Exercise 833 (2)
Acknowledgments 833 (1)
References 833 (2)
47 Privacy and Security in Environmental 835 (20)
Monitoring Systems: Issues and Solutions
Angelo Genovese
Giovanni Livraga
Vincenzo Piuri
Fabio Scotti
1 Introduction 835 (1)
2 System Architectures 836 (2)
3 Environmental Data 838 (1)
4 Security and Privacy Issues in 839 (2)
Environmental Monitoring
5 Countermeasures 841 (9)
6 Summary 850 (1)
Chapter Review Questions/Exercises 850 (1)
Exercise 851 (4)
Acknowledgments 851 (1)
References 851 (4)
48 Virtual Private Networks 855 (14)
James T. Harmening
1 History 856 (3)
2 Who is in Charge? 859 (1)
3 VPN Types 860 (3)
4 Authentication Methods 863 (1)
5 Symmetric Encryption 863 (1)
6 Asymmetric Cryptography 864 (1)
7 Edge Devices 864 (1)
8 Passwords 864 (1)
9 Hackers and Crackers 865 (1)
10 Mobile VPN 865 (1)
11 VPN Deployments 865 (1)
12 Summary 866 (1)
Chapter Review Questions/Exercises 866 (1)
Exercise 867 (2)
Resources 867 (2)
49 Identity Theft (online chapter) 869 (2)
Markus Jakobsson
Alex Tsow
50 VoIP Security 871 (16)
Harsh Kupwade Patil
Dan Wing
Thomas M. Chen
1 Introduction 871 (2)
2 Overview of Threats 873 (5)
3 Security in VoIP 878 (2)
4 Future Trends 880 (4)
5 Summary 884 (1)
Chapter Review Questions/Exercises 885 (1)
Exercise 886 (1)
Part VI Storage Security 887 (42)
51 SAN Security (online chapter) 889 (2)
John McGowan
Jeffrey Bardin
John McDonald
52 Storage Area Networking Security Devices 891 (14)
Robert Rounsavall
1 What is a SAN? 891 (1)
2 San Deployment Justifications 891 (1)
3 The Critical Reasons for SAN Security 892 (1)
4 SAN Architecture and Components 893 (1)
5 SAN General Threats and Issues 894 (9)
6 Summary 903 (1)
Chapter Review Questions/Exercises 903 (1)
Exercise 904 (1)
53 Risk Management 905 (24)
Sokratis K. Katsikas
1 The Concept of Risk 906 (1)
2 Expressing and Measuring Risk 906 (3)
3 The Risk Management Methodology 909 (12)
4 Risk Management Laws and Regulations 921 (3)
5 Risk Management Standards 924 (2)
6 Summary 926 (1)
Chapter Review Questions/Exercises 926 (1)
Exercise 927 (2)
Part VII Physical Security 929 (62)
54 Physical Security Essentials 931 (16)
William Stallings
1 Overview 931 (1)
2 Physical Security Threats 932 (4)
3 Physical Security Prevention and 936 (2)
Mitigation Measures
4 Recovery from Physical Security Breaches 938 (1)
5 Threat Assessment, Planning, and Plan 938 (1)
Implementation
6 Example: A Corporate Physical Security 939 (1)
Policy
7 Integration of Physical and Logical 939 (6)
Security
8 Physical Security Checklist 945 (1)
9 Summary 945 (1)
Chapter Review Questions/Exercises 945 (1)
Exercise 945 (2)
55 Disaster Recovery 947 (10)
Scott R. Ellis
Lauren Collins
1 Introduction 947 (1)
2 Measuring Risk and Avoiding Disaster 947 (2)
3 The Business Impact Assessment (BIA) 949 (5)
4 Summary 954 (1)
Chapter Review Questions/Exercises 954 (1)
Exercise 955 (2)
56 Biometrics 957 (16)
Luther Martin
1 Relevant Standards 958 (1)
2 Biometric System Architecture 958 (7)
3 Using Biometric Systems 965 (2)
4 Security Considerations 967 (4)
5 Summary 971 (1)
Chapter Review Questions/Exercises 971 (1)
Exercise 971 (2)
57 Homeland Security (online chapter) 973 (2)
Rahul Bhaskar
Bhushan Kapoor
58 Cyber Warfare 975 (16)
Anna Granova
Marco Slaviero
1 Cyber Warfare Model 975 (1)
2 Cyber Warfare Defined 976 (1)
3 CW: Myth or Reality? 977 (2)
4 Cyber Warfare: Making CW Possible 979 (6)
5 Legal Aspects of CW 985 (4)
6 Holistic View of Cyber Warfare 989 (1)
7 Summary 989 (1)
Chapter Review Questions/Exercises 989 (1)
Exercise 990 (1)
Part VIII Practical Security 991 (48)
59 System Security 993 (8)
Lauren Collins
1 Foundations of Security 993 (4)
2 Basic Countermeasures 997 (2)
3 Summary 999 (1)
Chapter Review Questions/Exercises 1000 (1)
Exercise 1000 (1)
60 Securing the Infrastructure 1001 (14)
Lauren Collins
1 Communication Security Goals 1001 (7)
2 Attacks and Countermeasures 1008 (3)
3 Summary 1011 (1)
Chapter Review Questions/Exercises 1012 (1)
Exercise 1013 (2)
61 Access Controls 1015 (8)
Lauren Collins
1 Infrastructure Weaknesses: DAC, MAC, 1015 (3)
and RBAC
2 Strengthening the Infrastructure: 1018 (2)
Authentication Systems
3 Summary 1020 (1)
Chapter Review Questions/Exercises 1021 (1)
Exercise 1021 (2)
62 Assessments and Audits 1023 (8)
Lauren Collins
1 Assessing Vulnerabilities and Risk: 1023 (4)
Penetration Testing and Vulnerability
Assessments
2 Risk Management: Quantitative Risk 1027 (1)
Measurements
3 Summary 1028 (2)
Chapter Review Questions/Exercises 1030 (1)
Exercise 1030 (1)
63 Fundamentals of Cryptography 1031 (8)
Scott R. Ellis
1 Assuring Privacy with Encryption 1031 (6)
2 Summary 1037 (1)
Chapter Review Questions/Exercises 1037 (1)
Exercise 1038 (1)
Part IX Advanced Security 1039 (100)
64 Security Through Diversity 1041 (12)
Kevin Noble
1 Ubiquity 1042 (1)
2 Example Attacks Against Uniformity 1043 (1)
3 Attacking Ubiquity with Antivirus Tools 1044 (1)
4 The Threat of Worms 1044 (2)
5 Automated Network Defense 1046 (1)
6 Diversity and the Browser 1047 (1)
7 Sandboxing and Virtualization 1048 (1)
8 DNS Example of Diversity Through 1048 (1)
Security
9 Recovery from Disaster is Survival 1049 (1)
10 Summary 1049 (1)
Chapter Review Questions/Exercises 1050 (1)
Exercise 1051 (2)
65 Online e-Reputation Management Services 1053 (20)
Jean-Marc Seigneur
1 Introduction 1053 (1)
2 The Human Notion of Reputation 1054 (2)
3 Reputation Applied to the Computing 1056 (3)
World
4 State of the Art of Attack-Resistant 1059 (4)
Reputation Computation
5 Overview of Current Online Reputation 1063 (7)
Service
6 Summary 1070 (1)
Chapter Review Questions/Exercises 1071 (1)
Exercise 1071 (2)
Bibliography 1072 (1)
66 Content Filtering (online chapter) 1073 (2)
Pete Nicoletti
67 Data Loss Protection 1075 (18)
Ken Perkins
1 Precursors of DLP 1076 (1)
2 What is DLP? 1077 (5)
3 Where to Begin? 1082 (1)
4 Data is Like Water 1082 (2)
5 You Don't Know What You Don't Know 1084 (1)
6 How Do DLP Applications Work? 1085 (1)
7 Eat Your Vegetables 1086 (3)
8 IT's a Family Affair, Not Just IT 1089 (1)
Security's Problem
9 Vendors, Vendors Everywhere! Who do you 1089 (1)
Believe?
10 Summary 1090 (1)
Chapter Review Questions/Exercises 1091 (1)
Exercise 1091 (2)
68 Satellite Cyber Attack Search and Destroy 1093 (10)
Jeffrey Bardin
1 Hacks, Interference, and Jamming 1093 (7)
2 Summary 1100 (1)
Chapter Review Questions/Exercises 1100 (1)
Exercise 1101 (2)
References 1101 (2)
69 Verifiable Voting Systems 1103 (24)
Thea Peacock
Peter Y.A. Ryan
Steve Schneider
Zhe Xia
1 Introduction 1103 (1)
2 Security Requirements 1103 (2)
3 Verifiable Voting Schemes 1105 (1)
4 Building Blocks 1106 (7)
5 Survey of Noteworthy Schemes 1113 (8)
6 Threats to Verifiable Voting Systems 1121 (1)
7 Summary 1121 (1)
Chapter Review Questions/Exercises 1122 (1)
Exercise 1123 (4)
References 1123 (4)
70 Advanced Data Encryption 1127 (12)
Pramod Pandya
1 Mathematical Concepts Reviewed 1127 (4)
2 The RSA Cryptosystem 1131 (5)
3 Summary 1136 (1)
Chapter Review Questions/Exercises 1136 (2)
Exercise 1138 (1)
References 1138 (1)
Index 1139
新书报道