Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
About This eBook Title Page Copyright Page Dedication Page Contents Foreword
Citations
Preface
Why Read This Book? Uses for and Users of This Book Organization of This Book How to Read This Book What Is New in This Book
Acknowledgments About the Authors 1. Introduction
1.1 What Is Computer Security?
Values of Assets The Vulnerability–Threat–Control Paradigm
1.2 Threats
Confidentiality Integrity Availability Types of Threats Types of Attackers
1.3 Harm
Risk and Common Sense Method–Opportunity–Motive
1.4 Vulnerabilities 1.5 Controls 1.6 Conclusion 1.7 What’s Next? 1.8 Exercises
2. Toolbox: Authentication, Access Control, and Cryptography
2.1 Authentication
Identification Versus Authentication Authentication Based on Phrases and Facts: Something You Know Authentication Based on Biometrics: Something You Are Authentication Based on Tokens: Something You Have Federated Identity Management Multifactor Authentication Secure Authentication
2.2 Access Control
Access Policies Implementing Access Control Procedure-Oriented Access Control Role-Based Access Control
2.3 Cryptography
Problems Addressed by Encryption Terminology DES: The Data Encryption Standard AES: Advanced Encryption System Public Key Cryptography Public Key Cryptography to Exchange Secret Keys Error Detecting Codes Trust Certificates: Trustable Identities and Public Keys Digital Signatures—All the Pieces
2.4 Exercises
3. Programs and Programming
3.1 Unintentional (Nonmalicious) Programming Oversights
Buffer Overflow Incomplete Mediation Time-of-Check to Time-of-Use Undocumented Access Point Off-by-One Error Integer Overflow Unterminated Null-Terminated String Parameter Length, Type, and Number Unsafe Utility Program Race Condition
3.2 Malicious Code—Malware
Malware—Viruses, Trojan Horses, and Worms Technical Details: Malicious Code
3.3 Countermeasures
Countermeasures for Users Countermeasures for Developers Countermeasure Specifically for Security Countermeasures that Don’t Work
Conclusion Exercises
4. The Web—User Side
4.1 Browser Attacks
Browser Attack Types How Browser Attacks Succeed: Failed Identification and Authentication
4.2 Web Attacks Targeting Users
False or Misleading Content Malicious Web Content Protecting Against Malicious Web Pages
4.3 Obtaining User or Website Data
Code Within Data Website Data: A User’s Problem, Too Foiling Data Attacks
4.4 Email Attacks
Fake Email Fake Email Messages as Spam Fake (Inaccurate) Email Header Data Phishing Protecting Against Email Attacks
4.5 Conclusion 4.6 Exercises
5. Operating Systems
5.1 Security in Operating Systems
Background: Operating System Structure Security Features of Ordinary Operating Systems A Bit of History Protected Objects Operating System Tools to Implement Security Functions
5.2 Security in the Design of Operating Systems
Simplicity of Design Layered Design Kernelized Design Reference Monitor Correctness and Completeness Secure Design Principles Trusted Systems Trusted System Functions The Results of Trusted Systems Research
5.3 Rootkit
Phone Rootkit Rootkit Evades Detection Rootkit Operates Unchecked Sony XCP Rootkit TDSS Rootkits Other Rootkits
5.4 Conclusion 5.5 Exercises
6. Networks
6.1 Network Concepts
Background: Network Transmission Media Background: Protocol Layers Background: Addressing and Routing
Part I—War on Networks: Network Security Attacks 6.2 Threats to Network Communications
Interception: Eavesdropping and Wiretapping Modification, Fabrication: Data Corruption Interruption: Loss of Service Port Scanning Vulnerability Summary
6.3 Wireless Network Security
WiFi Background Vulnerabilities in Wireless Networks Failed Countermeasure: WEP (Wired Equivalent Privacy) Stronger Protocol Suite: WPA (WiFi Protected Access)
6.4 Denial of Service
Example: Massive Estonian Web Failure How Service Is Denied Flooding Attacks in Detail Network Flooding Caused by Malicious Code Network Flooding by Resource Exhaustion Denial of Service by Addressing Failures Traffic Redirection DNS Attacks Exploiting Known Vulnerabilities Physical Disconnection
6.5 Distributed Denial-of-Service
Scripted Denial-of-Service Attacks Bots Botnets Malicious Autonomous Mobile Agents Autonomous Mobile Protective Agents
Part II—Strategic Defenses: Security Countermeasures 6.6 Cryptography in Network Security
Network Encryption Browser Encryption Onion Routing IP Security Protocol Suite (IPsec) Virtual Private Networks System Architecture
6.7 Firewalls
What Is a Firewall? Design of Firewalls Types of Firewalls Personal Firewalls Comparison of Firewall Types Example Firewall Configurations Network Address Translation (NAT) Data Loss Prevention
6.8 Intrusion Detection and Prevention Systems
Types of IDSs Other Intrusion Detection Technology Intrusion Prevention Systems Intrusion Response Goals for Intrusion Detection Systems IDS Strengths and Limitations
6.9 Network Management
Management to Ensure Service Security Information and Event Management (SIEM)
6.10 Conclusion 6.11 Exercises
7. Databases
7.1 Introduction to Databases
Concept of a Database Components of Databases Advantages of Using Databases
7.2 Security Requirements of Databases
Integrity of the Database Element Integrity Auditability Access Control User Authentication Availability Integrity/Confidentiality/Availability
7.3 Reliability and Integrity
Protection Features from the Operating System Two-Phase Update Redundancy/Internal Consistency Recovery Concurrency/Consistency
7.4 Database Disclosure
Sensitive Data Types of Disclosures Preventing Disclosure: Data Suppression and Modification Security Versus Precision
7.5 Data Mining and Big Data
Data Mining Big Data
7.6 Conclusion Exercises
8. Cloud Computing
8.1 Cloud Computing Concepts
Service Models Deployment Models
8.2 Moving to the Cloud
Risk Analysis Cloud Provider Assessment Switching Cloud Providers Cloud as a Security Control
8.3 Cloud Security Tools and Techniques
Data Protection in the Cloud Cloud Application Security Logging and Incident Response
8.4 Cloud Identity Management
Security Assertion Markup Language OAuth OAuth for Authentication
8.5 Securing IaaS
Public IaaS Versus Private Network Security
8.6 Conclusion
Where the Field Is Headed To Learn More
8.7 Exercises
9. Privacy
9.1 Privacy Concepts
Aspects of Information Privacy Computer-Related Privacy Problems
9.2 Privacy Principles and Policies
Fair Information Practices U.S. Privacy Laws Controls on U.S. Government Websites Controls on Commercial Websites Non-U.S. Privacy Principles Individual Actions to Protect Privacy Governments and Privacy Identity Theft
9.3 Authentication and Privacy
What Authentication Means Conclusions
9.4 Data Mining
Government Data Mining Privacy-Preserving Data Mining
9.5 Privacy on the Web
Understanding the Online Environment Payments on the Web Site and Portal Registrations Whose Page Is This? Precautions for Web Surfing Spyware Shopping on the Internet
9.6 Email Security
Where Does Email Go, and Who Can Access It? Interception of Email Monitoring Email Anonymous, Pseudonymous, and Disappearing Email Spoofing and Spamming Summary
9.7 Privacy Impacts of Emerging Technologies
Radio Frequency Identification Electronic Voting VoIP and Skype Privacy in the Cloud Conclusions on Emerging Technologies
9.8 Where the Field Is Headed 9.9 Conclusion 9.10 Exercises
10. Management and Incidents
10.1 Security Planning
Organizations and Security Plans Contents of a Security Plan Security Planning Team Members Assuring Commitment to a Security Plan
10.2 Business Continuity Planning
Assess Business Impact Develop Strategy Develop the Plan
10.3 Handling Incidents
Incident Response Plans Incident Response Teams
10.4 Risk Analysis
The Nature of Risk Steps of a Risk Analysis Arguments For and Against Risk Analysis
10.5 Dealing with Disaster
Natural Disasters Power Loss Human Vandals Interception of Sensitive Information Contingency Planning Physical Security Recap
10.6 Conclusion 10.7 Exercises
11. Legal Issues and Ethics
11.1 Protecting Programs and Data
Copyrights Patents Trade Secrets Special Cases
11.2 Information and the Law
Information as an Object Legal Issues Relating to Information The Legal System Summary of Protection for Computer Artifacts
11.3 Rights of Employees and Employers
Ownership of Products Employment Contracts
11.4 Redress for Software Failures
Selling Correct Software Reporting Software Flaws
11.5 Computer Crime
Why a Separate Category for Computer Crime Is Needed Why Computer Crime Is Hard to Define Why Computer Crime Is Hard to Prosecute Examples of Statutes International Dimensions Why Computer Criminals Are Hard to Catch What Computer Crime Does Not Address Summary of Legal Issues in Computer Security
11.6 Ethical Issues in Computer Security
Differences Between the Law and Ethics Studying Ethics Ethical Reasoning
11.7 Incident Analysis with Ethics
Situation I: Use of Computer Services Situation II: Privacy Rights Situation III: Denial of Service Situation IV: Ownership of Programs Situation V: Proprietary Resources Situation VI: Fraud Situation VII: Accuracy of Information Situation VIII: Ethics of Hacking or Cracking Situation IX: True Representation Conclusion of Computer Ethics
Conclusion Exercises
12. Details of Cryptography
12.1 Cryptology
Cryptanalysis Cryptographic Primitives One-Time Pads Statistical Analysis What Makes a “Secure” Encryption Algorithm?
12.2 Symmetric Encryption Algorithms
DES AES RC2, RC4, RC5, and RC6
12.3 Asymmetric Encryption with RSA
The RSA Algorithm Strength of the RSA Algorithm
12.4 Message Digests
Hash Functions One-Way Hash Functions Message Digests
12.5 Digital Signatures
Elliptic Curve Cryptosystems El Gamal and Digital Signature Algorithms The NSA–Cryptography Controversy of 2012
12.6 Quantum Cryptography
Quantum Physics Photon Reception Cryptography with Photons Implementation
12.7 Conclusion
13. Emerging Topics
13.1 The Internet of Things
Medical Devices Mobile Phones Security in the Internet of Things
13.2 Economics
Making a Business Case Quantifying Security Current Research and Future Directions
13.3 Electronic Voting
What Is Electronic Voting? What Is a Fair Election? What Are the Critical Issues?
13.4 Cyber Warfare
What Is Cyber Warfare? Possible Examples of Cyber Warfare Critical Issues
13.5 Conclusion
Bibliography Index Code Snippets
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion