Cyber Security and IT Infrastructure Protection
[Book Description]
This book serves as a security practitioner's guide to today's most crucial issues in cyber security and IT infrastructure. It offers in-depth coverage of theory, technology, and practice as they relate to established technologies as well as recent advancements. It explores practical solutions to a wide range of cyber-physical and IT infrastructure protection issues. Composed of 11 chapters contributed by leading experts in their fields, this highly useful book covers disaster recovery, biometrics, homeland security, cyber warfare, cyber security, national infrastructure security, access controls, vulnerability assessments and audits, cryptography, and operational and organizational security, as well as an extensive glossary of security terms and acronyms. Written with instructors and students in mind, this book includes methods of analysis and problem-solving techniques through hands-on exercises and worked examples as well as questions and answers and the ability to implement practical solutions through real-life case studies. For example, the new format includes the following pedagogical elements: checklists throughout each chapter to gauge understanding; chapter Review Questions/Exercises and Case Studies; and, ancillaries: Solutions Manual; slide package; and figure files. This format will be attractive to universities and career schools as well as federal and state agencies, corporate security training programs, ASIS certification, and more. It includes chapters by leaders in the field on theory and practice of cyber security and IT infrastructure protection, allowing the reader to develop a new level of technical expertise. It offers comprehensive and up-to-date coverage of cyber security issues that allows the reader to remain current and fully informed from multiple viewpoints. It presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions.
[Table of Contents]
Acknowledgments xi
About the Editor xiii
Contributors xv
Introduction xvii
1 Fault Tolerance and Resilience in Cloud 1 (28)
Computing Environments
Ravi Jhawar
Vincenzo Piuri
1 Introduction 1 (1)
2 Cloud Computing Fault Model 2 (5)
3 Basic Concepts on Fault Tolerance 7 (3)
4 Different Levels of Fault Tolerance in 10 (2)
Cloud Computing
5 Fault Tolerance against Crash Failures 12 (2)
in Cloud Computing
6 Fault Tolerance against Byzantine 14 (3)
Failures in Cloud Computing
7 Fault Tolerance as a Service in Cloud 17 (8)
Computing
8 Summary 25 (4)
Chapter Review Questions/Exercises 25 (1)
Exercise 26 (1)
Acknowledgments 27 (1)
References 27 (2)
2 Data Encryption 29 (46)
Dr. Bhushan Kapoor
Dr. Pramod Pandya
1 Need for Cryptography 30 (1)
2 Mathematical Prelude to Cryptography 30 (2)
3 Classical Cryptography 32 (6)
4 Modern Symmetric Ciphers 38 (4)
5 Algebraic Structure 42 (6)
6 The Internal Functions of Rijndael in 48 (7)
AES Implementation
7 Use of Modern Block Ciphers 55 (1)
8 Public-Key Cryptography 56 (5)
9 Cryptanalysis of RSA 61 (2)
10 Diffie-Hellman Algorithm 63 (1)
11 Elliptic Curve Cryptosystems 64 (2)
12 Message Integrity and Authentication 66 (3)
13 Triple Data Encryption Algorithm 69 (2)
(TDEA) Block Cipher
14 Summary 71 (4)
Chapter Review Questions/Exercises 71 (1)
Exercise 72 (1)
References 73 (2)
3 Public Key Infrastructure 75 (34)
Terence Spies
1 Cryptographic Background 75 (3)
2 Overview of PKI 78 (1)
3 The X.509 Model 79 (2)
4 X.509 Implementation Architectures 81 (2)
5 X.509 Certificate Validation 83 (3)
6 X.509 Certificate Revocation 86 (2)
7 Server-Based Certificate Validity 88 (1)
Protocol
8 X.509 Bridge Certification Systems 89 (2)
9 X.509 Certificate Format 91 (5)
10 PKI Policy Description 96 (1)
11 PKI Standards Organizations 97 (1)
12 PGP Certificate Formats 98 (1)
13 PGP PKI Implementations 99 (1)
14 W3C 100 (1)
15 Is PKI Secure? 100 (1)
16 Alternative PKI Architectures 101 (1)
17 Modified X.509 Architectures 101 (1)
18 Alternative Key Management Models 102 (1)
19 Summary 103 (6)
Chapter Review Questions/Exercises 105 (1)
Exercise 106 (1)
References 106 (3)
4 Physical Security Essentials 109 (26)
William Stallings
1 Overview 109 (2)
2 Physical Security Threats 111 (6)
3 Physical Security Prevention and 117 (3)
Mitigation Measures
4 Recovery from Physical Security Breaches 120 (1)
5 Threat Assessment, Planning, and Plan 121 (2)
Implementation
6 Example: A Corporate Physical Security 123 (1)
Policy
7 Integration of Physical and Logical 123 (6)
Security
8 Physical Security Checklist 129 (2)
9 Summary 131 (4)
Chapter Review Questions/Exercises 132 (1)
Exercise 133 (2)
5 Disaster Recovery 135 (16)
Scott R. Ellis
Lauren Collins
1 Introduction 135 (1)
2 Measuring Risk and Avoiding Disaster 135 (4)
3 The Business Impact Assessment (BIA) 139 (7)
4 Summary 146 (5)
Chapter Review Questions/Exercises 147 (1)
Exercise 148 (3)
6 Biometrics 151 (28)
Luther Martin
1 Relevant Standards 153 (2)
2 Biometric System Architecture 155 (10)
3 Using Biometric Systems 165 (3)
4 Security Considerations 168 (7)
5 Summary 175 (4)
Chapter Review Questions/Exercises 175 (1)
Exercise 176 (3)
7 Homeland Security 179 (26)
Rahul Bhaskar
Bhushan Kapoor
1 Statutory Authorities 179 (11)
2 Homeland Security Presidential 190 (1)
Directives
3 Organizational Actions 191 (9)
4 Summary 200 (5)
Chapter Review Questions/Exercises 201 (2)
Exercise 203 (2)
8 Cyber Warfare 205 (28)
Anna Granova
Marco Slaviero
1 Cyber Warfare Model 206 (1)
2 Cyber Warfare Defined 207 (1)
3 CW: Myth or Reality? 208 (5)
4 Cyber Warfare: Making CW Possible 213 (9)
5 Legal Aspects of CW 222 (7)
6 Holistic View of Cyber Warfare 229 (1)
7 Summary 230 (3)
Chapter Review Questions/Exercises 230 (1)
Exercise 231 (2)
9 System Security 233 (14)
Lauren Collins
1 Foundations of Security 233 (8)
2 Basic Countermeasures 241 (3)
3 Summary 244 (3)
Chapter Review Questions/Exercises 245 (1)
Exercise 246 (1)
10 Securing the Infrastructure 247 (22)
Lauren Collins
1 Communication Security Goals 247 (12)
2 Attacks and Countermeasures 259 (5)
3 Summary 264 (5)
Chapter Review Questions/Exercises 266 (1)
Exercise 267 (2)
11 Access Controls 269 (12)
Lauren Collins
1 Infrastructure Weaknesses: DAC, MAC, 269 (6)
and RBAC
2 Strengthening the Infrastructure: 275 (3)
Authentication Systems
3 Summary 278 (3)
Chapter Review Questions/Exercises 279 (1)
Exercise 280 (1)
12 Assessments and Audits 281 (14)
Lauren Collins
1 Assessing Vulnerabilities and Risk: 281 (6)
Penetration Testing and Vulnerability
Assessments
2 Risk Management: Quantitative Risk 287 (3)
Measurements
3 Summary 290 (5)
Chapter Review Questions/Exercises 292 (1)
Exercise 293 (2)
13 Fundamentals of Cryptography 295 (14)
Scott R. Ellis
1 Assuring Privacy with Encryption 295 (10)
2 Summary 305 (4)
Chapter Review Questions/Exercises 306 (1)
Exercise 307 (2)
14 Satellite Cyber Attack Search and Destroy 309 (16)
Jeffrey Bardin
1 Hacks, Interference, and Jamming 310 (10)
2 Summary 320 (5)
Chapter Review Questions/Exercises 321 (1)
Exercise 322 (1)
References 322 (3)
15 Advanced Data Encryption 325 (20)
Pramod Pandya
1 Mathematical Concepts Reviewed 325 (8)
2 The RSA Cryptosystem 333 (9)
3 Summary 342 (3)
Chapter Review Questions/Exercises 344 (1)
Exercise 345 (1)
References 345 (2)
Index 347
新书报道