Computer security Books

Book SynopsisProvides 100% coverage of every objective on the 2022 CISM examThis integrated self-study guide enables you to take the 2022 version of the challenging CISM exam with complete confidence. Written by an expert in the field, the book offers exam-focused coverage of information security governance, information risk management, information security program development and management, and information security incident management.CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition features learning objectives, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. Special design elements throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference. Features complete coverage of all 2022 CISM exam domains Online co

Read more less

Book SynopsisA new edition of Shon Harrisâ bestselling exam prep guideâfully updated for the 2021 version of the CISSP examThoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam developed by the International Information Systems Security Certification Consortium (ISC)2 . CISSP All-in-One Exam Guide, Ninth Edition features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by leading experts in information security certification and training, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.Covers all 8 CISSP domains: Security and risk management Asset security Security architecture and engineering Communication and network security Identity and access ma

Read more less

Book SynopsisDr. William Stallings has authored 19 titles and, counting revised editions, more than 40 books on computer security, computer networking and computer architecture. His writings have appeared in numerous publications, including the Proceedings of the IEEE, ACM Computing Reviews and Cryptologia. He has 13 times received the award for the best Computer Science textbook of the year from the Text and Academic Authors Association. In over 30 years in the field, he has been a technical contributor, technical manager and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. As a consultant, he has advised government agencies, computer and software vendors, and major users on the design, selection and use of networking software and products. He created and maintains the

Read more less

Book SynopsisThis fully updated self-study guide delivers 100% coverage of all topics on the current version of the CCSP examThoroughly revised for the 2022 edition of the exam, this highly effective test preparation guide covers all six domains within the CCSP Body of Knowledge. The book offers clear explanations of every subject on the CCSP exam and features accurate practice questions and real-world examples. New, updated, or expanded coverage includes cloud data security, DevOps security, mobile computing, threat modeling paradigms, regulatory and legal frameworks, and best practices and standards.Written by a respected computer security expert, CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition is both a powerful study tool and a valuable reference that will serve professionals long after the test. To aid in self-study, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient p

Read more less

Book SynopsisThis fully-updated guide delivers complete coverage of every topic on the current version of the CompTIA PenTest+ certification exam.Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-002 from this comprehensive resource. Written by expert penetration testers, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.Covers all exam topics, including: Planning and engagement Information gathering Vulnerability scanning Network-based attacks Wireless and radio frequency attacks Web and database attacks Cloud attacks Specialized and fragile systems Social Engineering and physical attacks Post-exploitation tools and technique

Read more less

Book SynopsisUp-to-date practice questions that cover every topic on the 2022 version of the CISM examTake the current version of the challenging CISM exam with complete confidence using the detailed information contained in this fully updated self-study guide. Written by an expert in the field, the book features hundreds of practice exam questions that match those on the live test in content, format, tone, and feel. In-depth answer explanations are provided for both the correct and incorrect answer choices. CISM Certified Information Security Manager Practice Exams, Second Edition supplements the CISM All-in-One Exam Guide and completely covers every objective of the 2022 exam release. In total, the book contains more than 300 realistic practice questions.â  Offers 100% coverage of all four CISM exam domainsâ  Online content includes access to an additional 150 practice questions in the TotalTester

Read more less

Book Synopsis'This is a rip-roaring read, full of derring-do and sometimes comic, often foolhardy bravery. [Jenny] sounds an absolute hoot, and her book is never anything less' – Daily Mail ‘A fascinating and quirky take on how easily we can be hoodwinked and hacked. Next time you hear anyone complain about the cost of cyber-protection, hand them a copy of People Hacker. It could save them a fortune’ – The Times -------'From an early age, locked doors, high fences and the secrets kept by businesses, buildings and people, fascinated me. I wanted to find out what they wanted to hide away.' A burglar for hire, con-artist and expert in deception and physical infiltration – Jenny Radcliffe is a professional people hacker. After being schooled in the art of breaking and entering by her family, she became an expert social engineer, doing an insider’s job Trade Review'This is a rip-roaring read, full of derring-do and sometimes comic, often foolhardy bravery. [Jenny] sounds an absolute hoot, and her book is never anything less' * Daily Mail *‘A fascinating and quirky take on how easily we can be hoodwinked and hacked. Next time you hear anyone complain about the cost of cyber-protection, hand them a copy of People Hacker. It could save them a fortune’ * The Times *

Read more less

Book SynopsisProviding 100% coverage of the latest CSSLP exam, this self-study guide offers everything you need to ace the examGet complete coverage of all the material included on the Certified Secure Software Lifecycle Professional exam. CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2 . Youâll find learning objectives at the beginning of each chapter, exam tips, and practice questions with explanations. Designed to help you pass the exam with ease, this definitive resource also serves as an essential on-the-job reference.Covers all eight exam domains: Secure Software Concepts Secure Software Requirements Secure Software Architecture and Design Secure Software Implementation Secure Software Testing Secure Software Lifecycle Management Secure Soft

Read more less

Book SynopsisYou'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks so that you can uncover API bugs other hackers aren't finding and improve the security of applications on the web.Trade Review"Corey Ball takes you on a journey through the lifecycle of APIs in such a manner that you’re wanting to not only know more, but also anticipating trying out your newfound knowledge on the next legitimate target. From concepts to examples, through to identifying tools and demonstrating them in fine detail, this book has it all. It IS the motherload for API hacking, and should be found next to the desk, well-read by ANYONE wanting to take this level of adversarial research, assessment, or DevSecOps seriously."—Chris Roberts, @Sidragon1, vCISO/Researcher/Hacker"This book opens the doors to the field of API Hacking, a subject not very well understood. Using real-world examples that emphasize Access Control issues, this book will help you understand the ins and outs of securing APIs, hunt great bounties, and help organizations improve their API Security!"—Inon Shkedy, @InonShkedy, Security Researcher"Even though the internet is filled with information on any topic possible in cybersecurity, it is still hard to find solid insight on performing penetration tests on APIs. Corey's book satisfies this demand—not only for the beginner cybersecurity practitioner, but also for the seasoned expert."—Cristi Vlad, @CristiVlad25, Cybersecurity Researcher"Hacking APIs is extremely helpful for anyone who wants to get into penetration testing. In particular, this book gives you the tools to start testing the security of APIs, which are becoming a weak point for many modern web applications. Experienced security folks can get something out of the book too, as it features automation tips and protection bypass techniques that will up any pentesters' game."—Vickie Li, @vickieli7, Developer Evangelist, Author of Bug Bounty Bootcamp"[Hacking APIs is] the best source of API info I've seen. If you're curious about what APIs are and how they work, read it once. If you work with or create APIs, read it twice. If you break APIs, read it three times."—Graham Helton, @GrahamHelton3"One of the few books that is actually dedicated to API hacking. . . . a great resource for anyone who wants to learn more about API security and how to hack into web applications. It provides in-depth information on how to break through various types of APIs, as well as tips on how to stay ahead of the curve in this rapidly changing field." —Dana Epp, Security Boulevard"This book has more to offer than hacking APIs but sets down a solid foundation of tools and techniques that would benefit any developer or QA Engineer that has to develop, test, or otherwise work with APIs." —John Wenning, Cybersecurity Researcher, Fortra"A thorough guide to what APIs are, how they work, what technologies they use, the various common insecurities that APIs have, and, most importantly, how to exploit them. . . . I would recommend Hacking APIs as a great read for anyone interested in learning more about the vulnerable side of APIs."—Darlene Hibbs, Senior Cybersecurity Researcher, Fortra

Read more less

Book SynopsisToday, companies find themselves targeted by sophisticated nation state cyber attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players, the techniques they use, and the process of analysing their advanced attacks. Whether you're an individual researcher or part of a team within a Security Operations Center (SoC), you'll learn to approach, track, and attribute attacks to these advanced actors. Jon DiMaggio demonstrates some of the techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among others.Trade Review"Encompasses useful knowledge from the past and modern advanced threats seen today. Regardless of your expertise level, this book is an insightful read . . .”—Brittany Day, Director of Communications, Guardian Digital“For those looking for a guide to help them understand the new world of cyberwar, The Art of Cyberwarfare provides readers with a good overview of this expanding threat and what they can do to avoid being victims.”—Ben Rothke, Senior Information Security Manager, Tapad"An informative and explanatory guide for cybersecurity experts and an enlightening read for novices. DiMaggio effectively details both the history of cybercrime and how it is seen today."—Justice Levine, Communications Manager and Cloud Email Security Expert, Guardian Digital"This book deserves to find a place on the shelf of everyone whose role involves protecting networks."—Ian Barker, BetaNews"A cross between an IBM presentation . . . and a Tom Clancy novel!"—The Shepherdess, Amazon Reviewer

Read more less

Book SynopsisAn accessible introduction to cybersecurity concepts and practices Cybersecurity Essentials provides a comprehensive introduction to the field, with expert coverage of essential topics required for entry-level cybersecurity certifications.Table of ContentsIntroduction xix PART I SECURING THE INFRASTRUCTURE 1 Chapter 1 Infrastructure Security in the Real World 3 Security Challenges 3 Infrastructure Security Scenario 1 4 Infrastructure Security Scenario 2 6 Summary 8 Chapter 2 Understanding Access-Control and Monitoring Systems 9 A Quick Primer on Infrastructure Security 9 Access Control 12 Security Policies 14 Physical Security Controls 15 Locks and Keys 16 Standard Key-Locking Deadbolts 17 Solenoid-Operated Deadbolt Locks 18 Cipher Locks 19 Access-Control Gates 20 Sliding Gates 20 Swinging Gates 21 Control Relays 21 Authentication Systems 23 Magnetic Stripe Readers 24 Smart Cards 25 RFID Badges 26 Biometric Scanners 27 Remote-Access Monitoring 29 Opened- and Closed-Condition Monitoring 30 Automated Access-Control Systems 32 Hands-On Exercises 33 Discussion 34 Procedure 35 Review Questions 43 Chapter 3 Understanding Video Surveillance Systems 45 Video Surveillance Systems 45 Cameras 46 Hands-On Exercises 60 Discussion 61 Procedure 61 Review Questions 69 Chapter 4 Understanding Intrusion-Detection and Reporting Systems 71 Intrusion-Detection and Reporting Systems 71 Security Controllers 74 Sensors 77 Vehicle-Detection Sensors 82 Fire-Detection Sensors 85 Output Devices 87 Hands-On Exercises 90 Discussion 90 Procedure 92 Review Questions 94 Chapter 5 Infrastructure Security: Review Questions and Hands-On Exercises 97 Summary Points 97 Security Challenge Scenarios 101 Infrastructure Security Scenario 1 101 Infrastructure Security Scenario 2 102 Professional Feedback 102 Review Questions 107 Exam Questions 109 PART II SECURING LOCAL HOSTS 113 Chapter 6 Local Host Security in the Real World 115 Security Challenges 115 Computing Device Security Scenario 1 116 Computing Device Security Scenario 2 117 Summary 120 Chapter 7 Securing Devices 121 The Three Layers of Security 121 Securing Host Devices 123 Securing Outer-Perimeter Portals 124 Additional Inner-Perimeter Access Options 127 Hands-On Exercises 137 Objectives 137 Procedure 137 Review Questions 148 Chapter 8 Protecting the Inner Perimeter 149 The Inner Perimeter 149 Operating Systems 151 Operating System Security Choices 168 Common Operating System Security Tools 169 Using Local Administrative Tools 177 Implementing Data Encryption 182 Hands-On Exercises 188 Objectives 188 Resources 188 Discussion 189 Procedures 190 Tables 200 Lab Questions 201 Chapter 9 Protecting Remote Access 203 Protecting Local Computing Devices 203 Using a Secure Connection 204 Establishing and Using a Firewall 204 Installing and Using Anti-Malware Software 205 Removing Unnecessary Software 205 Disabling Nonessential Services 205 Disabling Unnecessary OS Default Features 205 Securing the Web Browser 205 Applying Updates and Patches 206 Requiring Strong Passwords 206 Implementing Local Protection Tools 206 Software-Based Local Firewalls 207 Using Local Intrusion-Detection Tools 209 Profile-Based Anomaly-Detection Systems 210 Threshold-Based Anomaly-Detection Systems 211 Configuring Browser Security Options 211 Configuring Security Levels 213 Configuring Script Support 214 Defending Against Malicious Software 218 Using Antivirus Programs 220 Using Antispyware 221 Hardening Operating Systems 222 Service Packs 222 Patches 222 Updates 223 Overseeing Application Software Security 223 Software Exploitation 223 Applying Software Updates and Patches 224 Hands-On Exercises 225 Objectives 225 Resources 225 Discussion 225 Procedures 226 Tables 241 Lab Questions 242 Chapter 10 Local Host Security: Review Questions and Hands-On Exercises 243 Summary Points 243 Security Challenge Scenarios 248 Computing Device Security Scenario 1 248 Computing Device Security Scenario 2 248 Professional Feedback 248 Review Questions 257 Exam Questions 259 PART III SECURING LOCAL NETWORKS 263 Chapter 11 Local Network Security in the Real World 265 Security Challenges 266 Local Network Security Scenario 1 266 Local Network Security Scenario 2 270 Summary 272 Chapter 12 Networking Basics 273 Understanding the Basics of Networking 273 Campus Area Networks or Corporate Area Networks (CANs) 274 Metropolitan Area Networks (MANs) 274 Wireless Local Area Networks (WLANs) 274 Storage Area Networks (SANs) 274 The OSI Networking Model 275 Layer 1: Physical 276 Layer 2: Data Link 276 Layer 3: Network 276 Layer 4: Transport 276 Layer 5: Session 276 Layer 6: Presentation 277 Layer 7: Application 277 Data Transmission Packets 277 OSI Layer Security 278 Network Topologies 280 Bus Topology 280 Ring Topology 280 Star Topology 281 Mesh Topology 282 Logical Topologies 282 Hands-On Exercises 283 Objectives 283 Resources 283 Discussion 283 Procedure 284 Lab Questions 295 Lab Answers 295 Chapter 13 Understanding Networking Protocols 297 The Basics of Networking Protocols 297 MAC Addresses 298 TCP/IP 299 Ethernet 309 Network Control Strategies 311 Hands-On Exercises 313 Objectives 313 Discussion 313 Procedures 314 Lab Questions 325 Lab Answers 326 Chapter 14 Understanding Network Servers 327 The Basics of Network Servers 327 Server Security 330 Network Administrators 331 Server Software Security 335 User Accounts 341 Network Authentication Options 347 Establishing Resource Controls 348 Maintaining Server Security 352 Vulnerability Scanning 358 Hands-On Exercises 361 Objectives 361 Resources 361 Discussion 362 Procedures 362 Lab Questions 382 Lab Answers 382 Chapter 15 Understanding Network Connectivity Devices 385 Network Switches 386 Routers 388 Gateways 390 Network Bridges 391 Wireless Network Connectivity 392 Network Connectivity Device Vulnerabilities 392 Network Connectivity Device Attacks 393 Network Connectivity Defense 397 Network Hardening 398 Hands-On Exercises 399 Objectives 399 Resources 399 Procedures 399 Lab Questions 404 Lab Answers 404 Chapter 16 Understanding Network Transmission Media Security 407 The Basics of Network Transmission Media 407 Copper Wire 408 Light Waves 410 Wireless Signals 412 Transmission Media Vulnerabilities 415 Securing Wireless Networks 415 Hands-On Exercises 417 Objectives 417 Resources 417 Procedure 417 Lab Questions 421 Lab Answers 421 Chapter 17 Local Network Security: Review Questions 423 Summary Points 423 Security Challenge Scenarios 432 Local Network Security Scenario 1 432 Local Network Security Scenario 2 432 Professional Feedback 432 Review Questions 443 PART IV SECURING THE PERIMETER 449 Chapter 18 Perimeter Security in the Real World 451 Security Challenges 451 Internet Security Scenario 1 451 Internet Security Scenario 2 454 Summary 455 Chapter 19 Understanding the Environment 457 The Basics of Internet Security 457 Understanding the Environment 460 Basic Internet Concepts 461 Internet Services 468 Standards and RFCs 470 Hands-On Exercises 471 Objectives 471 Resources 472 Discussion 472 Procedures 472 Lab Questions 486 Lab Answers 486 Chapter 20 Hiding the Private Network 487 Understanding Private Networks 487 Network Address Translation 488 Port Address Translation 489 Port Forwarding or Mapping 490 Network Segmentation 492 Software-Defined Networking 494 Hands-On Exercises 496 Objectives 496 Resources 496 Discussion 496 Procedure 497 Lab Questions 508 Lab Answers 509 Chapter 21 Protecting the Perimeter 511 Understanding the Perimeter 511 Firewalls 515 Firewall Considerations 517 Network Appliances 519 Proxy Servers 520 Demilitarized Zones (DMZs) 522 Single-Firewall DMZs 523 Dual-Firewall DMZs 524 Honeypots 525 Extranets 526 Hands-On Exercises 528 Objectives 528 Resources 528 Procedures 528 Lab Questions 534 Lab Answers 534 Chapter 22 Protecting Data Moving Through the Internet 535 Securing Data in Motion 535 Authentication 536 Encryption 542 Cryptography 543 Digital Certificates 545 Hash Tables 548 Cookies 548 CAPTCHAs 549 Virtual Private Networks 550 Hands-On Exercises 552 Objectives 552 Resources 552 Discussion 552 Procedures 552 Lab Questions 563 Lab Answers 563 Chapter 23 Tools and Utilities 565 Using Basic Tools 565 IFconfig/IPconfig 565 Whois 566 Nslookup 567 PING 567 Traceroute 568 Telnet 569 Secure Shell 570 Monitoring Tools and Software 570 Nagios 572 SolarWinds 572 Microsoft Network Monitor 572 Wireshark 572 Snort 573 Nmap 575 Nikto 575 OpenVAS 575 Metasploit 575 The Browser Exploitation Framework (BeEF) 576 Other Products 576 Hands-On Exercises 578 Objectives 578 Resources 578 Discussion 578 Procedures 579 Capturing a PING 583 Lab Questions 589 Lab Answers 589 Chapter 24 Identifying and Defending Against Vulnerabilities 591 Zero Day Vulnerabilities 591 Software Exploits 592 SQL Injection 594 Java 597 Other Software Exploits 599 Social Engineering Exploits 600 Phishing Attacks 600 Network Threats and Attacks 603 Broadcast Storms 603 Session-Hijacking Attacks 604 Dictionary Attacks 606 Denial of Service (DoS) Attacks 606 Tarpitting 611 Spam 612 Protecting Against Spam Exploits 613 Other Exploits 614 Transport Layer Security (TLS) Exploits 614 FREAK Exploits 615 Logjam Exploits 615 Hands-On Exercises 616 Objectives 616 Resources 616 Discussion 616 Procedures 616 Chapter 25 Perimeter Security: Review Questions and Hands-On Exercises 627 Summary Points 627 Security Scenario Review 637 Network Security Scenario 1 637 Network Security Scenario 2 637 Professional Feedback 637 Review Questions 644 Exam Questions 647 Appendix A 651 Appendix B 703 Appendix C 715 Index 727

Read more less

Book SynopsisMatt Bishop is a professor in the Department of Computer Science at the University of California at Davis. His main research interest is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in the areas of network security, including the study of denial of service attacks and defenses, policy modeling, software assurance testing, resilience, and formal modeling of access control. He was co-chair of the Joint Task Force that developed the Cybersecurity Curricula 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity, released in December 2017. He earned his Ph.D. in computer science from Purdue University in 1984.Table of ContentsPreface xxix Acknowledgments xlv About the Author xlix Part I: Introduction 1 Chapter 1: An Overview of Computer Security 3 1.1 The Basic Components 3 1.2 Threats 6 1.3 Policy and Mechanism 9 1.4 Assumptions and Trust 11 1.5 Assurance 12 1.6 Operational Issues 16 1.7 Human Issues 20 1.8 Tying It All Together 22 1.9 Summary 24 1.10 Research Issues 24 1.11 Further Reading 25 1.12 Exercises 25 Part II: Foundations 29 Chapter 2: Access Control Matrix 31 2.1 Protection State 31 2.2 Access Control Matrix Model 32 2.3 Protection State Transitions 37 2.4 Copying, Owning, and the Attenuation of Privilege 42 2.5 Summary 44 2.6 Research Issues 44 2.7 Further Reading 44 2.8 Exercises 45 Chapter 3: Foundational Results 49 3.1 The General Question 49 3.2 Basic Results 51 3.3 The Take-Grant Protection Model 56 3.4 Closing the Gap: The Schematic Protection Model 68 3.5 Expressive Power and the Models 81 3.6 Comparing Security Properties of Models 94 3.7 Summary 101 3.8 Research Issues 102 3.9 Further Reading 102 3.10 Exercises 103 Part III: Policy 107 Chapter 4: Security Policies 109 4.1 The Nature of Security Policies 109 4.2 Types of Security Policies 113 4.3 The Role of Trust 115 4.4 Types of Access Control 117 4.5 Policy Languages 118 4.6 Example: Academic Computer Security Policy 126 4.7 Security and Precision 131 4.8 Summary 136 4.9 Research Issues 136 4.10 Further Reading 137 4.11 Exercises 138 Chapter 5: Confidentiality Policies 141 5.1 Goals of Confidentiality Policies 141 5.2 The Bell-LaPadula Model 142 5.3 Tranquility 161 5.4 The Controversy over the Bell-LaPadula Model 164 5.5 Summary 169 5.6 Research Issues 169 5.7 Further Reading 170 5.8 Exercises 171 Chapter 6: Integrity Policies 173 6.1 Goals 173 6.2 The Biba Model 175 6.3 Lipner’s Integrity Matrix Model 178 6.4 Clark-Wilson Integrity Model 183 6.5 Trust Models 189 6.6 Summary 196 6.7 Research Issues 196 6.8 Further Reading 197 6.9 Exercises 198 Chapter 7: Availability Policies 201 7.1 Goals of Availability Policies 201 7.2 Deadlock 202 7.3 Denial of Service Models 203 7.4 Example: Availability and Network Flooding 215 7.5 Summary 222 7.6 Research Issues 222 7.7 Further Reading 223 7.8 Exercises 224 Chapter 8: Hybrid Policies 227 8.1 Chinese Wall Model 227 8.2 Clinical Information Systems Security Policy 236 8.3 Originator Controlled Access Control 239 8.4 Role-Based Access Control 244 8.5 Break-the-Glass Policies 249 8.6 Summary 250 8.7 Research Issues 250 8.8 Further Reading 251 8.9 Exercises 252 Chapter 9: Noninterference and Policy Composition 255 9.1 The Problem 255 9.2 Deterministic Noninterference 259 9.3 Nondeducibility 271 9.4 Generalized Noninterference 274 9.5 Restrictiveness 277 9.6 Side Channels and Deducibility 280 9.7 Summary 282 9.8 Research Issues 283 9.9 Further Reading 283 9.10 Exercises 285 Part IV: Implementation I: Cryptography 287 Chapter 10: Basic Cryptography 289 10.1 Cryptography 289 10.2 Symmetric Cryptosystems 291 10.3 Public Key Cryptography 306 10.4 Cryptographic Checksums 315 10.5 Digital Signatures 318 10.6 Summary 323 10.7 Research Issues 324 10.8 Further Reading 325 10.9 Exercises 326 Chapter 11: Key Management 331 11.1 Session and Interchange Keys 332 11.2 Key Exchange 332 11.3 Key Generation 341 11.4 Cryptographic Key Infrastructures 343 11.5 Storing and Revoking Keys 353 11.6 Summary 359 11.7 Research Issues 360 11.8 Further Reading 361 11.9 Exercises 362 Chapter 12: Cipher Techniques 367 12.1 Problems 367 12.2 Stream and Block Ciphers 370 12.3 Authenticated Encryption 377 12.4 Networks and Cryptography 381 12.5 Example Protocols 384 12.6 Summary 410 12.7 Research Issues 411 12.8 Further Reading 411 12.9 Exercises 413 Chapter 13: Authentication 415 13.1 Authentication Basics 415 13.2 Passwords 416 13.3 Password Selection 418 13.4 Attacking Passwords 426 13.5 Password Aging 434 13.6 Challenge-Response 438 13.7 Biometrics 441 13.8 Location 445 13.9 Multifactor Authentication 446 13.10 Summary 448 13.11 Research Issues 449 13.12 Further Reading 450 13.13 Exercises 451 Part V: Implementation II: Systems 453 Chapter 14: Design Principles 455 14.1 Underlying Ideas 455 14.2 Principles of Secure Design 457 14.3 Summary 466 14.4 Research Issues 466 14.5 Further Reading 467 14.6 Exercises 468 Chapter 15: Representing Identity 471 15.1 What Is Identity? 471 15.2 Files and Objects 472 15.3 Users 473 15.4 Groups and Roles 475 15.5 Naming and Certificates 476 15.6 Identity on the Web 484 15.7 Anonymity on the Web 490 15.8 Summary 501 15.9 Research Issues 502 15.10 Further Reading 503 15.11 Exercises 504 Chapter 16: Access Control Mechanisms 507 16.1 Access Control Lists 507 16.2 Capabilities 518 16.3 Locks and Keys 526 16.4 Ring-Based Access Control 531 16.5 Propagated Access Control Lists 533 16.6 Summary 535 16.7 Research Issues 535 16.8 Further Reading 536 16.9 Exercises 536 Chapter 17: Information Flow 539 17.1 Basics and Background 539 17.2 Nonlattice Information Flow Policies 542 17.3 Static Mechanisms 548 17.4 Dynamic Mechanisms 562 17.5 Integrity Mechanisms 566 17.6 Example Information Flow Controls 567 17.7 Summary 574 17.8 Research Issues 574 17.9 Further Reading 575 17.10 Exercises 576 Chapter 18: Confinement Problem 579 18.1 The Confinement Problem 579 18.2 Isolation 582 18.3 Covert Channels 594 18.4 Summary 619 18.5 Research Issues 620 18.6 Further Reading 620 18.7 Exercises 622 Part VI: Assurance 625 Contributed by Elisabeth Sullivan and Michelle Ruppel Chapter 19: Introduction to Assurance 627 19.1 Assurance and Trust 627 19.2 Building Secure and Trusted Systems 634 19.3 Summary 645 19.4 Research Issues 645 19.5 Further Reading 646 19.6 Exercises 647 Chapter 20: Building Systems with Assurance 649 20.1 Assurance in Requirements Definition and Analysis 649 20.2 Assurance during System and Software Design 662 20.3 Assurance in Implementation and Integration 685 20.4 Assurance during Operation and Maintenance 695 20.5 Summary 696 20.6 Research Issues 696 20.7 Further Reading 697 20.8 Exercises 698 Chapter 21: Formal Methods 699 21.1 Formal Verification Techniques 699 21.2 Formal Specification 702 21.3 Early Formal Verification Techniques 705 21.4 Current Verification Systems 713 21.5 Functional Programming Languages 721 21.6 Formally Verified Products 722 21.7 Summary 723 21.8 Research Issues 724 21.9 Further Reading 725 21.10 Exercises 725 Chapter 22: Evaluating Systems 727 22.1 Goals of Formal Evaluation 727 22.2 TCSEC: 1983-1999 730 22.3 International Efforts and the ITSEC: 1991-2001 737 22.4 Commercial International Security Requirements: 1991 742 22.5 Other Commercial Efforts: Early 1990s 744 22.6 The Federal Criteria: 1992 744 22.7 FIPS 140: 1994-Present 746 22.8 The Common Criteria: 1998-Present 749 22.9 SSE-CMM: 1997-Present 765 22.10 Summary 768 22.11 Research Issues 769 22.12 Further Reading 769 22.13 Exercises 770 Part VII: Special Topics 773 Chapter 23: Malware 775 23.1 Introduction 775 23.2 Trojan Horses 776 23.3 Computer Viruses 780 23.4 Computer Worms 790 23.5 Bots and Botnets 793 23.6 Other Malware 796 23.7 Combinations 803 23.8 Theory of Computer Viruses 803 23.9 Defenses 808 23.10 Summary 820 23.11 Research Issues 820 23.12 Further Reading 821 23.13 Exercises 822 Chapter 24: Vulnerability Analysis 825 24.1 Introduction 825 24.2 Penetration Studies 827 24.3 Vulnerability Classification 845 24.4 Frameworks 849 24.5 Standards 864 24.6 Gupta and Gligor’s Theory of Penetration Analysis 868 24.7 Summary 873 24.8 Research Issues 874 24.9 Further Reading 875 24.10 Exercises 876 Chapter 25: Auditing 879 25.1 Definition 879 25.2 Anatomy of an Auditing System 880 25.3 Designing an Auditing System 884 25.4 A Posteriori Design 893 25.5 Auditing Mechanisms 897 25.6 Examples: Auditing File Systems 900 25.7 Summary 910 25.8 Research Issues 911 25.9 Further Reading 912 25.10 Exercises 913 Chapter 26: Intrusion Detection 917 26.1 Principles 917 26.2 Basic Intrusion Detection 918 26.3 Models 920 26.4 Architecture 942 26.5 Organization of Intrusion Detection Systems 948 26.6 Summary 954 26.7 Research Issues 954 26.8 Further Reading 955 26.9 Exercises 956 Chapter 27: Attacks and Responses 959 27.1 Attacks 959 27.2 Representing Attacks 960 27.3 Intrusion Response 971 27.4 Digital Forensics 987 27.5 Summary 996 27.6 Research Issues 997 27.7 Further Reading 998 27.8 Exercises 999 Part VIII: Practicum 1003 Chapter 28: Network Security 1005 28.1 Introduction 1005 28.2 Policy Development 1006 28.3 Network Organization 1011 28.4 Availability 1026 28.5 Anticipating Attacks 1027 28.6 Summary 1028 28.7 Research Issues 1028 28.8 Further Reading 1029 28.9 Exercises 1030 Chapter 29: System Security 1035 29.1 Introduction 1035 29.2 Policy 1036 29.3 Networks 1042 29.4 Users 1048 29.5 Authentication 1053 29.6 Processes 1055 29.7 Files 1061 29.8 Retrospective 1066 29.9 Summary 1068 29.10 Research Issues 1068 29.11 Further Reading 1069 29.12 Exercises 1070 Chapter 30: User Security 1073 30.1 Policy 1073 30.2 Access 1074 30.3 Files and Devices 1080 30.4 Processes 1087 30.5 Electronic Communications 1092 30.6 Summary 1094 30.7 Research Issues 1095 30.8 Further Reading 1095 30.9 Exercises 1096 Chapter 31: Program Security 1099 31.1 Problem 1099 31.2 Requirements and Policy 1100 31.3 Design 1104 31.4 Refinement and Implementation 1111 31.5 Common Security-Related Programming Problems 1117 31.6 Testing, Maintenance, and Operation 1141 31.7 Distribution 1146 31.8 Summary 1147 31.9 Research Issues 1147 31.10 Further Reading 1148 31.11 Exercises 1148 Part IX: Appendices 1151 Appendix A: Lattices 1153 A.1 Basics 1153 A.2 Lattices 1154 A.3 Exercises 1155 Appendix B: The Extended Euclidean Algorithm 1157 B.1 The Euclidean Algorithm 1157 B.2 The Extended Euclidean Algorithm 1158 B.3 Solving ax mod n = 1 1160 B.4 Solving ax mod n = b 1161 B.5 Exercises 1161 Appendix C: Entropy and Uncertainty 1163 C.1 Conditional and Joint Probability 1163 C.2 Entropy and Uncertainty 1165 C.3 Joint and Conditional Entropy 1166 C.4 Exercises 1169 Appendix D: Virtual Machines 1171 D.1 Virtual Machine Structure 1171 D.2 Virtual Machine Monitor 1171 D.3 Exercises 1176 Appendix E: Symbolic Logic 1179 E.1 Propositional Logic 1179 E.2 Predicate Logic 1184 E.3 Temporal Logic Systems 1186 E.4 Exercises 1188 Appendix F: The Encryption Standards 1191 F.1 Data Encryption Standard 1191 F.2 Advanced Encryption Standard 1196 F.3 Exercises 1205 Appendix G: Example Academic Security Policy 1207 G.1 Acceptable Use Policy 1207 G.2 University of California Electronic Communications Policy 1212 G.3 User Advisories 1234 G.4 Electronic Communications—Allowable Use 1241 Appendix H: Programming Rules 1247 H.1 Implementation Rules 1247 H.2 Management Rules 1249 References 1251 Index 1341

Read more less

Book SynopsisIn Black Hat Go, you'll learn how to write powerful and effective penetration testing tools in Go, a language revered for its speed and scalability. Start off with an introduction to Go fundamentals like data types, control structures, and error handling; then, dive into the deep end of Go's offensive capabilities. Black Hat Go will show you how to build powerful security tools to pen test huge networks, fast.Trade Review"It’s been incredibly fun having these kinds of projects, where you’re not just learning syntax, you’re not just learning the mechanics of Go, but you have things to build that are kind of fun." —Johnny Boursiquot, Go Time Podcast Table of ContentsChapter 1: Go Fundamentals and ConceptsChapter 2: TCP and Go: Scanners and ProxiesChapter 3: HTTP Clients: Remote Interaction with ToolsChapter 4: HTTP Servers: Routing and MiddlewareChapter 5: Exploiting DNS: Recon and MoreChapter 6: SMB and NTLM: A Peek Down the Rabbit HoleChapter 7: Databases and Filesystems: Pilfering and AbusingChapter 8: Packet Processing: Living on the WireChapter 9: Exploit Code: Writing and PortingChapter 10: Extendable Tools: Using Go Plugins and LUAChapter 11: Cryptography: Implementing and AttackingChapter 12: Windows: System Interaction and AnalysisChapter 13: Steganography: Hiding DataChapter 14: Command and Control: Building a RAT

Read more less

Book SynopsisThis book provides a comprehensive survey of state-of-the-art techniques for the security of critical infrastructures, addressing both logical and physical aspects from an engineering point of view. Recently developed methodologies and tools for CI analysis as well as strategies and technologies for CI protection are investigated in the following strongly interrelated and multidisciplinary main fields: - Vulnerability analysis and risk assessment - Threat prevention, detection and response - Emergency planning and management Each of the aforementioned topics is addressed considering both theoretical aspects and practical applications. Emphasis is given to model-based holistic evaluation approaches as well as to emerging protection technologies, including smart surveillance through networks of intelligent sensing devices. Critical Infrastructure Security can be used as a self-contained reference handbook for both practitioners and researchers or even as a textbook for master/doctoral degree students in engineering or related disciplines.More specifically, the topic coverage of the book includes: - Historical background on threats to critical infrastructures - Model-based risk evaluation and management approaches - Security surveys and game-theoretic vulnerability assessment - Federated simulation for interdependency analysis - Security operator training and emergency preparedness - Intelligent multimedia (audio-video) surveillance - Terahertz body scanners for weapon and explosive detection - Security system design (intrusion detection / access control) - Dependability and resilience of computer networks (SCADA / cyber-security) - Wireless smart-sensor networks and structural health monitoring - Information systems for crisis response and emergency management - Early warning, situation awareness and decision support softwareTable of ContentsContents Fundamentals of Security Risk and Vulnerability Assessment Model-based risk analysis for critical infrastructures; Introduction; The critical infrastructure problem; Tools; Multi-criterion tools (CARVER and MSRAM); CARVER; MSRAM; CI/KR as a Network; MBRA; KDAS; Resource allocation; Network science; An illustration; Conclusion; Physical vulnerability assessment; Introduction; Terminology; What a VA is not; Common techniques for finding vulnerabilities; Security Survey; Security Audit; Design Basis Threat (DBT); CARVER Method; Delphi Method; Fault Tree Analysis; Software tools; Adversarial Vulnerability Assessments; VA best practices; VA personnel; Brainstorming; Common security mistakes; The VA report: Delivering the "bad news"; Vulnerability myths and mistakes Part II Modeling and Simulation Tools for Critical Infrastructures; Modeling and simulation of critical infrastructures; Introduction; Interdependency modelling; Holistic approaches; Critical Infrastructures as Complex Systems; Topological analysis; Functional analysis; Simulative approaches; Agent-based approaches; Multilayer approaches; Conclusions; Graphical formalisms for modelling critical infrastructures; Introduction; Requirements for CI modelling and simulation; Graphical formalisms for CI modelling and simulation; Graph-based techniques; Petri Nets (PNs); General simulation environments; Agent-based modelling and simulation; Discussion of requirements; Practical experiences in modelling CIs: meeting the requirements with SAN; CRUTIAL and HIDENETS: a brief introduction; On the usage of SAN to match requirement R4; On the usage of SAN to match requirement R6; Conclusions; Semantic interoperability among federated simulators of critical infrastructures - DIESIS project; Introduction; Related works and initiatives; DIESIS project; Managerial, legal and economic features; Technical features; Conclusion; Game theory in infrastructure security; Introduction; Game-theoretic models; Simultaneous AD games; Sequential DA games; Sequential AD games; Sequential DAD games; Simultaneous DD games; Limitations of game-theoretic models; Conclusion Part III Cybersecurity in Information and SCADA Systems Modelling, measuring and managing information technology risks; Introduction; What is risk with respect to information systems?; Threats; Vulnerabilities; Why is it important to manage risk?; Managing risk at the organizational level; How is risk assessed?; Quantitative risk assessment'; Qualitative risk assessment; How is risk managed?; Strategies for managing individual risks; High-level risk management strategies; Communicating risks and risk management strategies; Implementing risk management strategies; What are some common risk assessment/management methodologies and tools?; NIST methodology; OCTAVE(R); FRAP; GRC tools; Summary; Trustworthiness evaluation of critical information infrastructures; Introduction; Dependability and security evaluation approaches; A taxonomy for evaluation approaches; Common evaluation approaches and applications; On the evaluation of Financial Infrastructure Protection (FIP); FCI: Trustworthiness evaluation trends; FIP trustworthiness requirements and key components; FIP example: CoMiFin as a FCI wrapper; Metric-based FIP trustworthiness evaluation; On the evaluation of CIIP; Design requirements for CIIP; Peer-to-Peer (P2P)-based CIIP; Mitigation strategy for node crashes; Mitigation strategy for illicit SCADA data modification; Evaluation of P2P-based CIIP; Conclusion; Network resilience; Introduction; A component-based framework for improving network resilience in CIs; Intrusion detection and reaction in satellite networks; Detection and remediation of a distributed attack over an IP-based network; Diagnosis-driven reconfiguration of WSNs; Conclusions; Wireless sensor networks for critical infrastructure protection; Introduction; Security threat analysis; Adversary models; Risk assessment; Survey of the state of the art; Sensor node protection; Dependable sensor networking; Dependable sensor network services; Conclusions and identification of further research topics Part IV Monitoring and Surveillance Technologies Intelligent video surveillance; Introduction; Architecture of an IVS system; Examples of applications; LAICA project; THIS project; Other examples; Conclusions; Audio surveillance; Introduction; Sound recognition for audio surveillance; A representative picture of the related literature; Evaluation of audio surveillance frameworks; Privacy; Conclusion; Terahertz for weapon and explosive detection; Introduction; Terahertz technology; Overview; THz systems; Terahertz for weapons detection; Terahertz for explosive detection; Discussion; Structural health monitoring; Introduction; Structural evaluation; Sensor selection; Accelerometers; Strain sensors; Tilt sensors; Displacement sensors; Corrosion sensors; Fiber Bragg Gratings (FBGs); Acoustic emission sensors; Additional technologies; System design and integration; Data acquisition; Review and interpretation of the data; Summary; Networks of simple sensors for detecting emplacement of improvised explosive devices; Introduction; Clues to IED emplacement; Cameras versus nonimaging sensors; Prior probabilities for emplacement; Anomalous behaviour; Goal changing and coordinated activity; Sensor management; Experiments; Conclusions Part V Security Systems Integration and Alarm Management Security systems design and integration; Introduction; The intrusion detection system; Sensors; Internal sensors; External sensors; The access control system; The video surveillance system; The communication network; Integration of security systems: The supervision and control system; Conclusions; Multisource information fusion for critical infrastructure situation awareness; Introduction; Joint Directors of Laboratories (JDL) data fusion process model; Comments on the state of the art; Human-centric information fusion; Implications for infrastructure situation awareness; Summary; Simulation-based learning in the physical security industry; Introduction; Simulation overview; Security simulation; Security simulation domains; Computation simulators; Interactive simulation; Simulation in a training environment; Systematic approach to training for simulation; Interactive simulators and simulation learning theory; Learning retention; Security simulation and vulnerability assessment; Historical adoption curve of use of simulators; Conclusion; Frameworks and tools for emergency response and crisis management; Introduction; CATS; CATS architecture; Model descriptions; Consequence assessment; Summary and conclusions

Read more less

Book SynopsisUse this practical, step-by-step guide for developers and entrepreneurs to create and run your own cryptocurrency. Author Slava Gomzin has created two cryptocurrencies and describes in this book the technology and economics of cryptocurrencies as preparation for crypto trading, investing, and other business activities. A detailed overview of special topics includes security, privacy, and usability of crypto as a mainstream payment system.Part I, Understanding Crypto, explains the technology and economic, security, and usability aspects of crypto. This is an introduction to the world of cryptography, blockchain tech, and other elements of crypto such as security, privacy, and a detailed review of payment processing.Part II, Using Crypto, provides the practical knowledge you need to dive into the crypto business such as investment, trading, and even creating your own crypto project.Part III, Creating Your Own Crypto, teaches you how to launch your own crypto projeTable of ContentsForewordPrefaceIntroductionPart 1Chapter 1: How Cryptography WorksChapter 2: How Bitcoin WorksChapter 3: How Other Crypto WorksChapter 4: Cryptosecurity Chapter 5: Crypto PrivacyChapter 6: How Monero WorksChapter 7: Crypto PaymentsPart 2Chapter 8: How to Choose the WalletChapter 9: Getting Crypto for FreeChapter 10: How Crypto Exchanges WorkChapter 11: Crypto Investment and TradingPart 3Chapter 12: Creating a TokenChapter 13: How to Start the Crypto ProjectChapter 14: Running A Crypto ProjectConclusion

Read more less

Book SynopsisThe only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world.Table of ContentsIntroduction xxi Part I Getting Started 1 Chapter 1 Dive In and Threat Model! 3 Learning to Threat Model 4 Threat Modeling on Your Own 26 Checklists for Diving In and Threat Modeling 27 Summary 28 Chapter 2 Strategies for Threat Modeling 29 “What’s Your Threat Model?” 30 Brainstorming Your Threats 31 Structured Approaches to Threat Modeling 34 Models of Software 43 Summary 56 Part II Finding Threats 59 Chapter 3 STRIDE 61 Understanding STRIDE and Why It’s Useful 62 Spoofing Threats 64 Tampering Threats 67 Repudiation Threats 68 Information Disclosure Threats 70 Denial-of-Service Threats 72 Elevation of Privilege Threats 73 Extended Example: STRIDE Threats against Acme-DB 74 STRIDE Variants 78 Exit Criteria 85 Summary 85 Chapter 4 Attack Trees 87 Working with Attack Trees 87 Representing a Tree 91 Example Attack Tree 94 Real Attack Trees 96 Perspective on Attack Trees 98 Summary 100 Chapter 5 Attack Libraries 101 Properties of Attack Libraries 101 CAPEC 104 OWASP Top Ten 108 Summary 108 Chapter 6 Privacy Tools 111 Solove’s Taxonomy of Privacy 112 Privacy Considerations for Internet Protocols 114 Privacy Impact Assessments (PIA) 114 The Nymity Slider and the Privacy Ratchet 115 Contextual Integrity 117 LINDDUN 120 Summary 121 Part III Managing and Addressing Threats 123 Chapter 7 Processing and Managing Threats 125 Starting the Threat Modeling Project 126 Digging Deeper into Mitigations 130 Tracking with Tables and Lists 133 Scenario-Specifi c Elements of Threat Modeling 138 Summary 143 Chapter 8 Defensive Tactics and Technologies 145 Tactics and Technologies for Mitigating Threats 145 Addressing Threats with Patterns 159 Mitigating Privacy Threats 160 Summary 164 Chapter 9 Trade-Off s When Addressing Threats 167 Classic Strategies for Risk Management 168 Selecting Mitigations for Risk Management 170 Threat-Specific Prioritization Approaches 178 Mitigation via Risk Acceptance 184 Arms Races in Mitigation Strategies 185 Summary 186 Chapter 10 Validating That Threats Are Addressed 189 Testing Threat Mitigations 190 Checking Code You Acquire 192 QA’ing Threat Modeling 195 Process Aspects of Addressing Threats 197 Tables and Lists 198 Summary 202 Chapter 11 Threat Modeling Tools 203 Generally Useful Tools 204 Open-Source Tools 206 Commercial Tools 208 Tools That Don’t Exist Yet 213 Summary 213 Part IV Threat Modeling in Technologies and Tricky Areas 215 Chapter 12 Requirements Cookbook 217 Why a “Cookbook”? 218 The Interplay of Requirements, Threats, and Mitigations 219 Business Requirements 220 Prevent/Detect/Respond as a Frame for Requirements 221 People/Process/Technology as a Frame for Requirements 227 Development Requirements vs. Acquisition Requirements 228 Compliance-Driven Requirements 229 Privacy Requirements 231 The STRIDE Requirements 234 Non-Requirements 240 Summary 242 Chapter 13 Web and Cloud Threats 243 Web Threats 243 Cloud Tenant Threats 246 Cloud Provider Threats 249 Mobile Threats 250 Summary 251 Chapter 14 Accounts and Identity 253 Account Life Cycles 254 Authentication 259 Account Recovery 271 Names, IDs, and SSNs 282 Summary 290 Chapter 15 Human Factors and Usability 293 Models of People 294 Models of Software Scenarios 304 Threat Elicitation Techniques 311 Tools and Techniques for Addressing Human Factors 316 User Interface Tools and Techniques 322 Testing for Human Factors 327 Perspective on Usability and Ceremonies 329 Summary 331 Chapter 16 Threats to Cryptosystems 333 Cryptographic Primitives 334 Classic Threat Actors 341 Attacks against Cryptosystems 342 Building with Crypto 346 Things to Remember about Crypto 348 Secret Systems: Kerckhoffs and His Principles 349 Summary 351 Part V Taking It to the Next Level 353 Chapter 17 Bringing Threat Modeling to Your Organization 355 How To Introduce Threat Modeling 356 Who Does What? 359 Threat Modeling within a Development Life Cycle 367 Overcoming Objections to Threat Modeling 379 Summary 383 Chapter 18 Experimental Approaches 385 Looking in the Seams 386 Operational Threat Models 387 The “Broad Street” Taxonomy 392 Adversarial Machine Learning 398 Threat Modeling a Business 399 Threats to Threat Modeling Approaches 400 How to Experiment 404 Summary 405 Chapter 19 Architecting for Success 407 Understanding Flow 407 Knowing the Participants 413 Boundary Objects 414 The Best Is the Enemy of the Good 415 Closing Perspectives 416 Summary 419 Now Threat Model 420 Appendix A Helpful Tools 421 Common Answers to “What’s Your Threat Model?” 421 Appendix B Threat Trees 429 STRIDE Threat Trees 430 Other Threat Trees 470 Appendix C Attacker Lists 477 Attacker Lists 478 Appendix D Elevation of Privilege: The Cards 501 Spoofing 501 Tampering 503 Repudiation 504 Information Disclosure 506 Denial of Service 507 Elevation of Privilege (EoP) 508 Appendix E Case Studies 511 The Acme Database 512 Acme’s Operational Network 519 Phones and One-Time Token Authenticators 525 Sample for You to Model 528 Glossary 533 Bibliography 543 Index 567

Read more less

Book SynopsisJohnny Long's last book sold 12,000 units worldwide. Kevin Mitnick's last book sold 40,000 units in North America. As the cliché goes, information is power. In this age of technology, an increasing majority of the world's information is stored electronically. It makes sense then that we rely on high-tech electronic protection systems to guard that information. As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their goal has always been the same: extract the information using any means necessary. After hundreds of jobs, they have discovered the secrets to bypassing every conceivable high-tech security system. This book reveals those secrets; as the title suggests, it has nothing to do with high technology.Table of Contents1: Reading People 2: Social Engineering 3: Shoulder Surfing 4: Dumpster Diving 5: Physical Security 6: Death of a Road Warrior 7: Google and P2P Hacking 8: Anatomy of a Break-In

Read more less

Book SynopsisIn this practical guide, machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems.

Read more less

Book SynopsisIncident response is the method by which organisations take steps to identify and recover from an information security incident, with as little impact as possible on business as usual. Digital forensics is what follows - a scientific investigation into the causes of an incident with the aim of bringing the perpetrators to justice. These two disciplines have a close but complex relationship and require a balancing act to get right, but both are essential when an incident occurs. In this practical guide, the relationship between incident response and digital forensics is explored and you will learn how to undertake each and balance them to meet the needs of an organisation in the event of an information security incident. Best practice tips and real-life examples are included throughout.Trade Review‘A great book which I could see on the shelf of any investigator or included in the book lists of digital forensic and cyber security students at university’. -- Dale McGleenon * Cyber Forensics & Network Incident Response *'A fantastic summary of cyber incident response and digital forensics for existing practitioners and managers which covers the all-important impact on people! This a great book to whet the appetite of those aspiring to get into the field.' -- Martin Heyde * Senior Manager - Cyber Incident Response, Deloitte LLP *Table of ContentsPreface Introduction Part 1: Incident Response Chapter 1: Understanding Information Security Incidents Chapter 2: Before The Incident Chapter 3: The Incident Response Process Chapter 4: Things To Avoid During Incident Response Chapter 5: After The Incident Chapter 6: The Business of Incident Response Part 2: Digital Forensics Chapter 7: Introducing The Digital Forensics Investigation Chapter 8: The Laws and Ethics of Digital Forensics Chapter 9: Digital Forensic Tools Chapter 10: Evidence Acquisition Basics Chapter 11: Capturing A Moving Target Chapter 12: Memory Forensics Chapter 13: Cloud Forensics Chapter 14: Mobile Device Forensics Chapter 15: Reporting and Presenting Your Findings Chapter 16: The Human Elements of Investigation

Read more less

Book Synopsis"This book is a comprehensive roadmap to the most crucial fix for today's broken Internet." - Brian Behlendorf, GM for Blockchain, Healthcare and Identity at the Linux Foundation In a world of changing privacy regulations, identity theft, and online anonymity, identity is a precious and complex concept. Self-Sovereign Identity (SSI) is a set of technologies that move control of digital identity from third party “identity providers”directly to individuals, and it promises to be one of the most important trendsfor the coming decades. Now in Self-Sovereign Identity, privacy and personal data experts Drummond Reed and Alex Preukschat lay out a roadmap for a futureof personal sovereignty powered by the Blockchain and cryptography. Cutting through the technical jargon with dozens of practical use cases from experts across all major industries, it presents a clear and compelling argument for why SSI is a paradigm shift, and shows how you can be ready to be prepared forit. about the technology Trust onthe internet is at an all-time low. Large corporations and institutions control our personal data because we've never had a simple, safe, strong way to prove who we are online. Self-sovereign identity (SSI) changes all that. about the book In Self-Sovereign Identity: Decentralized digital identity and verifiable credentials, you'll learn how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. It combines a clear, jargon-free introduction to this blockchain-inspired paradigm shift with interesting essays written by its leading practitioners. Whether for property transfer, ebanking, frictionless travel, or personalized services, the SSI model for digital trust will reshape our collective future. what's inside · The architecture of SSI software and services · The technical, legal, and governance concepts behind SSI · How SSI affects global business industry-by-industry · Emerging standards for SSI about the reader For technology and business readers. No prior SSI, cryptography, or blockchain experience required. aboutthe author Drummond Reed is the Chief Trust Officer at Evernym, a technology leader in SSI. Alex Preukschat is the co-founder of SSIMeetup.org and AlianzaBlockchain.org. Trade Review“This book is a comprehensive roadmap to the most crucial fix for today's broken Internet.” Brian Behlendorf, GM for Blockchain, Healthcare and Identity at the Linux Foundation “If trusted relationships over the Internet are important to youor your business, this book is for you.” John Jordan, Executive Director,Trust over IP Foundation “Decentralized identity represents not only a wide range of trust-enabling technologies, but also a paradigm shift in our increasingly digital-first world.” Rouven Heck, Executive Director, Decentralized Identity Foundation

Read more less

Book SynopsisThe first edition, published November 2016, was targeted at the directors and senior managers of SMEs and larger organisations that have not yet paid sufficient attention to cybersecurity and possibly did not appreciate the scale or severity of permanent risk to their businesses.The book was an important wake-up call and primer and proved a significant success, including wide global reach and diverse additional use of the chapter content through media outlets.The new edition, targeted at a similar readership, will provide more detailed information about the cybersecurity environment and specific threats. It will offer advice on the resources available to build defences and the selection of tools and managed services to achieve enhanced security at acceptable cost. A content sharing partnership has been agreed with major technology provider Alien Vault and the 2017 edition will be a larger book of approximately 250 pages.

Read more less

Book SynopsisPrepare for the CompTIA CySA+â certification exam using this fully updated self-study resourceTake the current version of the challenging CompTIA CySA+â certification exam with confidence using the detailed information contained in this up-to-date integrated study system. Based on proven pedagogy, the book contains detailed explanations, real-world examples, step-by-step exercises, and exam-focused special elements that teach and reinforce practical skills.CompTIA CySA+â Cybersecurity Analyst Certification All-in-One Exam Guide, Third Edition (Exam CS0-003) covers 100% of 2023 exam objectives and features re-structured content and new topics. Online content enables you to test yourself with full-length, timed practice exams or create customized quizzes by chapter or exam domain. Designed to help you pass the exam with ease, this comprehensive guide also serves as an essential on-the-job reference.Includes access to the TotalTester

Read more less

Book SynopsisCryptography is a part of everyday life for almost all of us, though we may not realise we''re using it.We are a far cry from the historical prediction that cryptography would only be used by militaries and governments. With vast quantities of sensitive information transferred online by individuals, companies, organizations, and nation states, cryptography is increasingly important to everyone, and most of us, often without realising, use it daily. Cryptography: A Very Short Introduction demystifies the art of cryptography by tracing its historical use, explaining how it works, and providing examples of its practical use. These include online shopping, chip and PIN bank cards, and communicating via mobile phone. While many of these uses have been mainstream for some time now, the development and deployment of cryptography has changed enormously in the last twenty years.In this second edition, Sean Murphy and Rachel Player highlight the important advances in both academic cryptography research and its everyday use. Using non-technical language and without assuming advanced mathematical knowledge, they introduce symmetric and public-key cryptography and provide a detailed discussion of the design of cryptographic algorithms that are secure against quantum computers and the development of cryptographic algorithms with advanced functionalities. They also consider the new applications of cryptography such as blockchain, secure messaging apps, and electronic voting.ABOUT THE SERIES: The Very Short Introductions series from Oxford University Press contains hundreds of titles in almost every subject area. These pocket-sized books are the perfect way to get ahead in a new subject quickly. Our expert authors combine facts, analysis, perspective, new ideas, and enthusiasm to make interesting and challenging topics highly readable.

Read more less

Book SynopsisTrade ReviewCyber Persistence Theory is an important addition to our collective understanding of the dynamics of cyberspace and its implications for national security. It provides sound insight and excellent analysis on how we can meet the challenges of cyber in the hyper-connected, digitally driven world we find ourselves in today. Excellent work on a topic of increasing importance to all! * Admiral Michael S. Rogers, USN (ret) former Commander, US Cyber Command and Director, National Security Agency (2014-2018) *This timely new book is destined to go down as a major milestone in the development of new strategic thought for twenty-first century. With admirable clarity and powerful prose, the authors first dismantle the deterrence-focused paradigm that has so far guided US defense strategy in cyber space and then formulate a new organizing concept. Anyone interested in cyber security must come to terms with this new thinking. * Brad Roberts, Center for Global Security Research *Michael Fischerkeller, Emily Goldman, and Richard Harknett have once again made an incredibly valuable contribution to the development of American cyber policy and strategy through the writing of Cyber Persistence Theory. The authors push its readership to think beyond classical deterrence theory to new concepts for engaging and defeating undeterred adversaries in cyberspace. In short, this book argues the need for change and to take more risk to close an increasingly larger risk in our defense and national security as well as our public safety posture as American citizens To do so, the authors argue will require not only persistent engagement, but a 'whole-of-nation plus' effort. A must-read for both national and cyber security professionals! * Robert J. Butler, former Deputy Assistant Secretary of Defense for Cyber and Space Policy *Time will tell whether cyberspace operations can have coercive effect, but it is unambiguously true that to date, nations have used cyberspace mostly to gain advantage in competing with other nations. Understanding how they do so is a new challenge that scholars of international relations would do well to take on, and this book is a superb point of departure for them. * Herb Lin, Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution, Stanford University *This book helps to fill a crucial gap in strategic thinking about the fundamentals of cyberspace and sets out a clear course of action for the US government. It is a must-read for students, analysts and policymakers. * Max Smeets, Senior Researcher ETH Zurich, Center for Security Studies, and author of No Shortcuts: Why States Struggle Develop a Military Cyber-Force *Table of ContentsAcknowledgments Foreword by General Paul Nakasone Chapter 1: The Misapplied Nexus of Theory and Policy Chapter 2: The Structure of Strategic Environments Chapter 3: Cyber Behavior and Dynamics Chapter 4: Theory and the Empirical Record Chapter 5: Cyber Stability Chapter 6: The Cyber Aligned Nexus of Theory and Policy Chapter 7: United States Case Study Bibliography Index

Read more less

Book SynopsisRefer to this definitive and authoritative book to understand the Jakarta EE Security Spec, with Jakarta Authentication & Authorization as its underlying official foundation. Jakarta EE Security implementations are discussed, such as Soteria and Open Liberty, along with the build-in modules and Jakarta EE Security third-party modules, such as Payara Yubikey & OIDC, and OmniFaces JWT-Auth.The book discusses Jakarta EE Security in relation to SE underpinnings and provides a detailed explanation of how client-cert authentication over HTTPS takes place, how certifications work,  and how LDAP-like names are mapped to caller/user names. General (web) security best practices are presented, such as not storing passwords in plaintext, using HTTPS, sanitizing inputs to DB queries, encoding output, and explanations of various (web) attacks and common vulnerabilities are included.Practical examples of securing applications discuss commoTable of Contents1: Security History 2: Jakarta EE Foundations 3: Jakarta Authentication 4: Jakarta Authorization 5: Jakarta Security 6: Java SE Underpinnings 7: EE Implementations 8: MicroProfile JWT Appendix A: Spring Security Appendix B: Apache Shiro Appendix C: Identity Management

Read more less

Book SynopsisThis book is an easy-to-follow series of tutorials that will lead readers through different facets of protecting household or small-business networks from cyber attacks. You'll learn how to use pfSense to build a firewall, lock down wireless, segment a network into protected zones, configure a VPN (virtual private network) to hide and encrypt network traffic and communications, set up proxies to speed up network performance and hide the source of traffic, block ads, install and configure an antivirus, back up your data securely, and even how to monitor your network for unauthorized activity and alert you to intrusion.Trade Review“An excellent crash course for someone like me with a technical background but little security experience. I've always wanted to beef up my home server and network security but didn't know where to start . . . This book has given me actionable steps I can take today, this week, this month, and beyond. And it gives me the confidence that I'm following reasonable best practices for an actual small network.”—Chris Miller, GoodReads Reviewer

Read more less

Book SynopsisCryptography is now ubiquitous – moving beyond the traditional environments, such as government communications and banking systems, we see cryptographic techniques realized in Web browsers, e-mail programs, cell phones, manufacturing systems, embedded software, smart buildings, cars, and even medical implants. Today's designers need a comprehensive understanding of applied cryptography. After an introduction to cryptography and data security, the authors explain the main techniques in modern cryptography, with chapters addressing stream ciphers, the Data Encryption Standard (DES) and 3DES, the Advanced Encryption Standard (AES), block ciphers, the RSA cryptosystem, public-key cryptosystems based on the discrete logarithm problem, elliptic-curve cryptography (ECC), digital signatures, hash functions, Message Authentication Codes (MACs), and methods for key establishment, including certificates and public-key infrastructure (PKI). Throughout the book, the authors focus on communicating the essentials and keeping the mathematics to a minimum, and they move quickly from explaining the foundations to describing practical implementations, including recent topics such as lightweight ciphers for RFIDs and mobile devices, and current key-length recommendations. The authors have considerable experience teaching applied cryptography to engineering and computer science students and to professionals, and they make extensive use of examples, problems, and chapter reviews, while the book’s website offers slides, projects and links to further resources. This is a suitable textbook for graduate and advanced undergraduate courses and also for self-study by engineers.The authors' website (http://www.crypto-textbook.com/) provides extensive notes, slides, video lectures; the authors' YouTube channel (https://www.youtube.com/channel/UC1usFRN4LCMcflV7UjHNuQg) includes video lectures.Trade ReviewFrom the reviews: "The authors have succeeded in creating a highly valuable introduction to the subject of applied cryptography. I hope that it can serve as a guide for practitioners to build more secure systems based on cryptography, and as a stepping stone for future researchers to explore the exciting world of cryptography and its applications." (Bart Preneel, K.U.Leuven) "The material is very well presented so it is clear to understand. The necessary amount of mathematics is used and complete yet simple examples are used by the authors to help the reader understand the topics. ... [The authors] appear to fully understand the concepts and follow a very good pedagogical process that helps the reader not only understand the different topics but motivate you to perform some of the exercises at the end of each chapter and browse some of the reference materials. I fully recommend this book to any software developer/designer working or considering working on a project that requires security." (John Canessa) "The book presents a panoramic of modern Cryptography with a view to practical applications. ... The book is well written, many examples and figures through it illustrate the theory and the book's website offers links and supplementary information. The book also discusses the implementation in software and hardware of the main algorithms described." (Juan Tena Ayuso, Zentralblatt MATH, Vol. 1190, 2010)Table of ContentsIntroduction to Cryptography and Data Security.- Stream Ciphers.- The Data Encryption Standard (DES) and Alternatives.- The Advanced Encryption Standard (AES).- More About Block Ciphers.- to Public-Key Cryptography.- The RSA Cryptosystem.- Public-Key Cryptosystems Based on the Discrete Logarithm Problem.- Elliptic Curve Cryptosystems.- Digital Signatures.- Hash Functions.- Message Authentication Codes (MACs).- Key Establishment.

Read more less

Book SynopsisPublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester examThis effective self-study guide fully prepares you for the Global Information Assurance Certificationâs challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authorsâ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference. Covers every topic on the exam, including:Pre-engagement and planning Table of ContentsChapter 1: Penetration Testing FundamentalsChapter 2: Pre-Engagement ActivityChapter 3: Penetration Testing Lab SetupChapter 4: Reconnaissance, Open Source Intelligence (OSINT)Chapter 5: Scanning, Enumerating Targets and VulnerabilitiesChapter 6: Exploiting TargetsChapter 7: Advanced MetasploitChapter 8: Password AttacksChapter 9: Stealing Data, Maintaining Access and PivotingChapter 10: PowerShell for Penetration TestingChapter 11: Web Application HackingChapter 12: Proxies, Crawlers, and SpidersChapter 13: OWASP Top 10Appendix A: Tools Reference

Read more less

Book Synopsis

Read more less

Book SynopsisPublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.Eradicate the Most Notorious Insecure Designs and Coding VulnerabilitiesFully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security Table of ContentsPart I: Web Application Sins; Chapter 1: SQL Injection; Chapter 2: Server Side Cross-Site Scripting; Chapter 3: Web-Client Related Vulnerabilities; Part II: Implementation Sins; Chapter 4: Use of Magic URLsChapter 5: Buffer Overruns; Chapter 6: Format String Problems; Chapter 7: Integer Overflows; Chapter 8: C++ Catastrophes; Chapter 9: Catching All Exceptions; Chapter 10: Command Injection; Chapter 11: Failure to Handle Errors; Chapter 12: Information Leakage; Chapter 13: Race Conditions; Chapter 14: Poor Usability; Chapter 15: Not Updating Easily; Part III: Cryptographic Sins; Chapter 16: Not Using Least Priveleges; Chapter 17: Weak Password Systems; Chapter 18: Unauthenticated Key Exchange; Chapter 19: Random Numbers;Part IV: Networking Sins;Chapter 20: Wrong Algorithm; Chapter 21: Failure to Protect Network Traffic; Chapter 22: Trusting Name Resolution; Part V: Stored Data Sins; Chapter 23: Improper Use of SSL/TLS; Chapter 24: Failure to Protect Stored Data

Read more less

Book SynopsisA collection that details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. It provides guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation.Trade Review"... any library serving them would find this an excellent introduction." --E-Streams"Any law firm looking to get into the field would do well to start here." --E-Streams"... a useful introduction to an increasingly important field." --E-StreamsTable of ContentsChapter 1. IntroductionEoghan CaseyPart 1: Investigative MethodologyChapter 2. Forensic AnalysisEoghan Casey and Curtis W. RoseChapter 3. Electronic DiscoveryJames Holley, Paul Luehr, Jessica Reust Smith and Joseph SchwerhaChapter 4. Intrusion InvestigationEoghan Casey, Christopher Daywalt and Andy JohnstonPart 2: TechnologyChapter 5. Windows Forensic AnalysisRyan Pittman and Dave ShaverChapter 6. UNIX Forensic AnalysisCory Altheide and Eoghan CaseyChapter 7. Macintosh Forensic AnalysisAnthony KokocinskiChapter 8. Embedded Systems AnalysisRonald van der KnijffChapter 9: Handbook Network InvestigationsEoghan Casey, Christopher Daywalt, Andy Johnston, Terrance MaguireChapter 10. Mobile Network InvestigationsDario Forte and Andrea De Donno

Read more less

Book SynopsisEvery one of our systems is under attack from multiple vectors - our defenses must be ready all the time and our alert systems must detect the threats every time. This book provides concrete examples and real-world guidance on how to identify and defend your network against malicious attacks.Trade Review"A fifth domain of war has been added to land, air, sea and space: cyber. Malware capable of taking a nuclear program offline was science fiction 5 years ago: Stuxnet demonstrates that information security is now a matter of national security. This timely and necessary book provides an assessment of the current state of cyber warfare, and more importantly, where the conflict is heading. Highly recommended for information security professionals." --Eric Conrad, Lead Author, CISSP Study Guide, President, Backshore CommunicationsTable of ContentsForeword Introduction Chapter 1. What is Cyber Warfare? Chapter 2. The Cyberspace Battlefield Chapter 3. Cyber Doctrine Chapter 4. Cyber Warriors Chapter 5. Logical Weapons Chapter 6. Physical Weapons Chapter 7. Psychological Weapons Chapter 8. Computer Network Exploitation Chapter 9. Computer Network Attack Chapter 10. Computer Network Defense Chapter 11. Non-State Actors in Computer Network Operations Chapter 12. Legal System Impacts Chapter 13. Ethics Chapter 14. Cyberspace Challenges Chapter 15. The Future of Cyber War Appendix: Cyber Timeline

Read more less

Trade Review"...this practical guide is recommended to technical and nontechnical readers alike, to get a compact and to-the-point presentation of risks associated with cloud storage systems from a security and privacy perspective." --Computing ReviewsTable of Contents1. Data in the Cloud2. Applications in the Cloud3. Privacy Challenges4. Compliance5. Privacy Tools6. Best Practices7. The Future of Cloud Data Privacy and Security

Read more less

Book SynopsisTable of ContentsIntroduction Chapter 1- Containers Chapter 2- Using containers in Training Chapter 3- Experimentation

Read more less

Book SynopsisCharles Pfleeger is an internationally known expert on computer and communications security. He was originally a professor at the University of Tennessee, leaving there to join computer security research and consulting companies Trusted Information Systems and Arca Systems (later Exodus Communications and Cable and Wireless). With Trusted Information Systems he was Director of European Operations and Senior Consultant. With Cable and Wireless he was Director of Research and a member of the staff of the Chief Security Officer. He was chair of the IEEE Computer Society Technical Committee on Security and Privacy. Shari Lawrence Pfleeger is widely known as a software engineering and computer security researcher, most recently as a Senior Computer Scientist with the Rand Corporation and as Research Director of the Institute for Information Infrastructure Protection. She is currently Editor in Chief of IEEE Security & Privacy magazine.Table of ContentsForeword xix Preface xxv Acknowledgments xxxi About the Authors xxxiii Chapter 1: Introduction 1 1.1 What Is Computer Security? 2 1.2 Threats 6 1.3 Harm 21 1.4 Vulnerabilities 28 1.5 Controls 28 1.6 Conclusion 31 1.7 What’s Next? 32 1.8 Exercises 34 Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 36 2.1 Authentication 38 2.2 Access Control 72 2.3 Cryptography 86 2.4 Exercises 127 Chapter 3: Programs and Programming 131 3.1 Unintentional (Nonmalicious) Programming Oversights 133 3.2 Malicious Code—Malware 166 3.3 Countermeasures 196 Chapter 4: The Web—User Side 232 4.1 Browser Attacks 234 4.2 Web Attacks Targeting Users 245 4.3 Obtaining User or Website Data 260 4.4 Email Attacks 267 4.5 Conclusion 277 4.6 Exercises 278 Chapter 5: Operating Systems 280 5.1 Security in Operating Systems 280 5.2 Security in the Design of Operating Systems 308 5.3 Rootkit 329 5.4 Conclusion 338 5.5 Exercises 339 Chapter 6: Networks 341 6.1 Network Concepts 342 Part I—War on Networks: Network Security Attacks 353 6.2 Threats to Network Communications 354 6.3 Wireless Network Security 374 6.4 Denial of Service 396 6.5 Distributed Denial-of-Service 421 Part II—Strategic Defenses: Security Countermeasures 432 6.6 Cryptography in Network Security 432 6.7 Firewalls 451 6.8 Intrusion Detection and Prevention Systems 474 6.9 Network Management 489 6.10 Conclusion 496 6.11 Exercises 496 Chapter 7: Databases 501 7.1 Introduction to Databases 502 7.2 Security Requirements of Databases 507 7.3 Reliability and Integrity 513 7.4 Database Disclosure 518 7.5 Data Mining and Big Data 535 7.6 Conclusion 549 Chapter 8: Cloud Computing 551 8.1 Cloud Computing Concepts 551 8.2 Moving to the Cloud 553 8.3 Cloud Security Tools and Techniques 560 8.4 Cloud Identity Management 568 8.5 Securing IaaS 579 8.6 Conclusion 583 8.7 Exercises 584 Chapter 9: Privacy 586 9.1 Privacy Concepts 587 9.2 Privacy Principles and Policies 596 9.3 Authentication and Privacy 610 9.4 Data Mining 616 9.5 Privacy on the Web 619 9.6 Email Security 632 9.7 Privacy Impacts of Emerging Technologies 636 9.8 Where the Field Is Headed 644 9.9 Conclusion 645 9.10 Exercises 645 Chapter 10: Management and Incidents 647 10.1 Security Planning 647 10.2 Business Continuity Planning 658 10.3 Handling Incidents 662 10.4 Risk Analysis 668 10.5 Dealing with Disaster 686 10.6 Conclusion 699 10.7 Exercises 700 Chapter 11: Legal Issues and Ethics 702 11.1 Protecting Programs and Data 704 11.2 Information and the Law 717 11.3 Rights of Employees and Employers 725 11.4 Redress for Software Failures 728 11.5 Computer Crime 733 11.6 Ethical Issues in Computer Security 744 11.7 Incident Analysis with Ethics 750 Chapter 12: Details of Cryptography 768 12.1 Cryptology 769 12.2 Symmetric Encryption Algorithms 779 12.3 Asymmetric Encryption with RSA 795 12.4 Message Digests 799 12.5 Digital Signatures 802 12.6 Quantum Cryptography 807 12.7 Conclusion 811 Chapter 13: Emerging Topics 813 13.1 The Internet of Things 814 13.2 Economics 821 13.3 Electronic Voting 834 13.4 Cyber Warfare 841 13.5 Conclusion 850 Bibliography 851 Index 877

Read more less