Computer and Information Security Handbook
- 2nd Edition - November 5, 2012
- Editor: John Vacca
- Language: English
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in… Read more
World Book Day celebration
Where learning shapes lives
Up to 25% off trusted resources that support research, study, and discovery.
Description
Description
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.
The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.
Key features
Key features
- Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise
- Comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints
- Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions
Readership
Readership
The primary audience for this handbook consists of researchers and practitioners in industry and academia as well as security technologists, engineers, and federal and state agencies working with or interested in computer and cyber security. This comprehensive reference and practitioner’s guide will also be of value to students in undergraduate and graduate-level courses in computer and cyber security.
Table of contents
Table of contents
Part I Overview of System and Network Security: A Comprehensive Introduction
Chapter 1 Building a Secure Organization
1.1 Obstacles To Security
1.2 Ten Steps To Building A Secure Organization
1.3 Don’t Forget The Basics
1.4 Preparing For The Building Of Security Control Assessments
1.5 Summary
1.6 Chapter Review Questions/Exercises
1.7 Optional Team Case Project
Chapter 2 A Cryptography Primer
2.1 What Is Cryptography? What Is Encryption?
2.2 Famous Cryptographic Devices
2.3 Ciphers
2.4 Modern Cryptography
2.5 The Computer Age
2.6 How Aes Works
2.7 Selecting Cryptography: The Process
2.8 Summary
2.9 Chapter Review Questions/Exercises
2.9 Optional Team Case Project
Chapter 3 Detecting System Intrusions
3.1 Introduction
3.2 Monitoring Key Files In The System
3.3 Security Objectives
3.4 0day Attacks
3.5 Good Known State
3.6 Rootkits
3.7 Low Hanging Fruit
3.8 Antivirus Software
3.9 Homegrown Intrusion Detection
3.10 Full Packet Capture Devices
3.11 Out Of Band Attack Vectors
3.12 Security Awareness Training
3.13 Data Correlation
3.14 Siem
3.15 Other Weird Stuff On The System
3.16 Detection
3.17 Network-Based Detection Of System Intrusions (Dsis)
3.18 Summary
3.19 Chapter Review Questions/Exercises
3.20 Optional Team Case Project
Chapter 4 Preventing System Intrusions
4.1 So, What Is An Intrusion?
4.2 Sobering Numbers
4.3 Know Your Enemy: Hackers Versus Crackers
4.4 Motives
4.5 The Crackers’ Tools Of The Trade
4.6 Bots
4.7 Symptoms Of Intrusions
4.8 What Can You Do?
4.9 Security Policies
4.10 Risk Analysis
4.11 Tools Of Your Trade
4.12 Controlling User Access
4.13 Intrusion Prevention Capabilities
4.14 Summary
4.15 Chapter Review Questions/Exercises
4.16 Optional Team Case Project
Chapter 5 Guarding Against Network Intrusions
5.1 Traditional Reconnaissance And Attacks
5.2 Malicious Software
5.3 Defense In Depth
5.4 Preventive Measures
5.5 Intrusion Monitoring And Detection
5.6 Reactive Measures
5.7 Network-Based Intrusion Protection
5.6 Summary
5.7 Chapter Review Questions/Exercises
5.8 Optional Team Case Project
Chapter 6 Securing Cloud Computing Systems
6.1 Cloud Computing Essentials: Examining The Cloud Layers
6.2 Software As A Service (Saas): Managing Risks In The Cloud
6.3 Platform As A Service (Paas): Securing The Platform
6.4 Infrastructure As A Service (Iaas)
6.5 Leveraging Provider-Specific Security Options
6.6 Achieving Security In A Private Cloud
6.7 Meeting Compliance Requirements
6.8 Preparing For Disaster Recovery
6.9 Summary
6.10 Chapter Review Questions/Exercises
6.11 Optional Team Case Project
Chapter 7 Fault Tolerance And Resilience In Cloud Computing Environments
7.1 Introduction
7.2 Cloud Computing Fault Model
7.3 Basic Concepts On Fault Tolerance
7.4 Different Levels Of Fault Tolerance In Cloud Computing
7.5 Fault Tolerance Against Crash Failures In Cloud Computing
7.6 Fault Tolerance Against Byzantine Failures In Cloud Computing
7.7 Fault Tolerance As A Service In Cloud Computing
7.8 Summary
7.9 Chapter Review Questions/Exercises
7.10 Optional Team Case Project
Chapter 8 Securing Web Applications, Services And Servers
8.1 Setting The Stage
8.2 Basic Security For Http Applications And Services
8.3 Basic Security For Soap Services
8.4 Identity Management And Web Services
8.5 Authorization Patterns
8.6 Security Considerations
8.7 Challenges
8.8 Summary
8.9 Chapter Review Questions/Exercisesamp;Nbsp;
8.10 Optional Team Case Project
Chapter 9 Unix And Linux Security
9.1 Unix And Security
9.2 Basic Unix Security Overview
9.3 Achieving Unix Security
9.4 Protecting User Accounts And Strengthening Authentication
9.5 Limiting Superuser Privileges
9.6 Securing Local And Network File Systems
9.7 Network Configuration
9.8 Additional Resources
9.9 Improving The Security Of Linux And Unix Systems
9.10 Summary
9.11 Chapter Review Questions/Exercises
9.12 Optional Team Case Project
Chapter 10 Eliminating The Security Weakness Of Linux And Unix Operating Systems
10.1 Introduction
10.2 Hardening Linux And Unix
10.3 Proactive Defense For Linux And Unix
10.4 Summary
10.5 Chapter Review Questions/Exercises
10.6 Optional Team Case Project
Chapter 11 Internet Security
11.1 Internet Protocol Architecture
11.2 An Internet Threat Model
11.3 Defending Against Attacks On The Internet
11.4 Internet Security Checklist
11.5 Summary
11.6 Chapter Review Questions/Exercises
11.7 Optional Team Case Project
Chapter 12 The Botnet Problem
12.1 Introduction
12.2 Botnet Overview
12.3 Typical Bot Life Cycle
12.4 The Botnet Business Model
12.5 Botnet Defense
12.6 Botmaster Traceback
12.7 Preventing Botnets
12.8 Summary
12.9 Chapter Review Questions/Exercises
12.10 Optional Team Case Project
Chapter 13 Intranet Security
13.1 Smartphones amp;Amp; Tablets In The Intranet
13.2 Security Considerations
13.3 Plugging The Gaps: Nac And Access Control
13.4 Measuring Risk: Audits
13.5 Guardian At The Gate: Authentication And Encryption
13.6 Wireless Network Security
13.7 Shielding The Wire: Network Protection
13.8 Weakest Link In Security: User Training
13.9 Documenting The Network: Change Management
13.10 Rehearse The Inevitable: Disaster Recovery
13.11 Controlling Hazards: Physical And Environmental Protection
13.12 Know Your Users: Personnel Security
13.13 Protecting Data Flow: Information And System Integrity
13.14 Security Assessments
13.15 Risk Assessments
13.16 Intranet Security Checklist
13.17 Summary
13.18 Chapter Review Questions/Exercises
13.19 Optional Team Case Project
Chapter 14 Local Area Network Security
14.1 Identify Network Threats
14.2 Establish Network Access Controls
14.3 Risk Assessment
14.4 Listing Network Resources
14.5 Threats
14.6 Security Policies
14.7 The Incident-Handling Process
14.8 Secure Design Through Network Access Controls
14.9 Ids Defined
14.10 Nids: Scope And Limitations
14.11 A Practical Illustration Of Nids
14.12 Firewalls
14.13 Dynamic Nat Configuration
14.14 The Perimeter
14.15 Access List Details
14.16 Types Of Firewalls
14.17 Packet Filtering: Ip Filtering Routers
14.18 Application-Layer Firewalls: Proxy Servers
14.19 Stateful Inspectio Firewalls
14.20 Nids Complements Firewalls
14.21 Monitor And Analyze System Activities
14.22 Signature Analysis
14.23 Statistical Analysis
14.24 Signature Algorithms
14.25 Summary
14.26 Chapter Review Questions/Exercises
14.27 Optional Team Case Project
Chapter 15 Wireless Network Security
15.1 Cellular Networks
15.2 Wireless Ad Hoc Networks
15.3 Security Protocols
15.4 Wep
15.5 Wpa And Wpa2
15.6 Spins: Security Protocols For Sensor Networks
15.7 Secure Routing
15.8 Sead
15.9 Aran
15.10 Slsp
15.11 Key Establishment
15.12 Ing
15.13 Management Countermeasures
15.14 Summary
15.15 Chapter Review Questions/Exercises
15.16 Optional Team Case Project
Chapter 16 Wireless Sensor Network Security
16.1 Introduction To Wireless Sensor Network (Wsn)
16.2 Summary
16.3 Chapter Review Questions/Exercises
16.4 Optional Team Case Project
Chapter 17 Cellular Network Security
17.1 Introduction To Wireless Sensor Network (Wsn)
17.2 Overview Of Cellular Networks
17.3 The State Of The Art Of Cellular Network Security
17.4 Cellular Network Attack Taxonomy
17.5 Cellular Network Vulnerability Analysis
17.6 (Acat)
17.7 (Ecat)
17.8 Summary
17.9 Chapter Review Questions/Exercises
17.10 Optional Team Case Project
Chapter 18 Rfid Security
18.1 Rfid Introduction
18.2 Rfid Challenges
18.3 Rfid Protections
18.4 Summary
18.5 Chapter Review Questions/Exercises
18.6 Optional Team Case Project
Chapter 19 Optical Network Security
19.1 Optical Networks
19.2 Securing Optical Networks
19.3 Identify Vulnerabilities
19.4 Corrective Actions
19.5 Summary
19.6 Chapter Review Questions/Exercises
19.7 Optional Team Case Project
Chapter 20 Optical Wireless Security
20.1 Optical Wireless Systems Overview
20.2 Deployment Architectures
20.3 High Bandwidth
20.4 Low Cost
20.5 Implementation
20.6 Surface Area
20.7 Summary
20.8 Chapter Review Questions/Exercises
20.9 Optional Team Case Project
Part Ii Managing Information Security
Chapter 21 Information Security Essentials For It Managers: Protecting Mission-Critical Systems
21.1 Information Security Essentials For It Managers
21.2 Overview
21.3 Protecting Mission-Critical Systems
21.4 Information Security From The Ground Up
21.5 Security Monitoring And Effectiveness
21.6 Summary
21.7 Chapter Review Questions/Exercises
21.8 Optional Team Case Project
Chapter 22 Security Management Systems
22.1 Security Management System Standards
22.2 Training Requirements
22.3 Principles Of Information Security
22.4 Roles And Responsibilities Of Personnel
22.5 Security Policies
22.6 Security Controls
22.7 Network Access
22.8 Risk Assessment
22.9 Incident Response
22.10 Summary
22.11 Chapter Review Questions/Exercises
22.12 Optional Team Case Project
Chapter 23 Policy-Driven System Management
23.1 Introduction
23.2 Security And Policy-Based Management
23.3 Classificaion And Languages
23.4 Controls For Enforcing Security Policies In Distributed Systems
23.5 Products And Technologies
23.6 Research Projects
23.7 Summary
23.8 Chapter Review Questions/Exercises
23.9 Optional Team Case Project
Chapter 24 Information Technology Security Management
24.1 Information Security Management Standards
24.2 Other Organizations Involved In Standards
24.3 Information Technology Security Aspects
24.4 Summary
24.5 Chapter Review Questions/Exercises
24.6 Optional Team Case Project
Chapter 25 Online Identity And User Management Services
25.1 Introduction
25.2 Evolution Of Identity Management Requirements
25.3 The Requirements Fulfilled By Identity Management Technologies
25.4 Identity Management 1.0
25.5 Social Login And User Management
25.6 Identity 2.0 For Mobile Users
25.7 Summary
25.8 Chapter Review Questions/Exercises
25.9 Optional Team Case Project
Chapter 26 Intrusion Prevention And Detection Systems
26.1 What Is An ‘Intrusion’ Anyway?
26.2 Physical Theft
26.3 Abuse Of Privileges (The Insider Threat)
26.4 Unauthorized Access By Outsider
26.5 Malware Infection
26.6 The Role Of The ‘0-Day’
26.7 The Rogue’s Gallery: Attackers And Motives
26.8 A Brief Introduction To Tcp/Ip
26.9 The Tcp/Ip Data Architecture And Data Encapsulation
26.10 Survey Of Intrusion Detection And Prevention
26.11 Technologies
26.12 Anti-Malware Software
26.13 Network-Based Intrusion Detection Systems
26.14 Network-Based Intrusion Prevention Systems
26.15 Host-Based Intrusion Prevention Systems
26.16 Security Information Management Systems
26.17 Network Session Analysis
26.18 Digital Forensics
26.19 System Integrity Validation
26.20 Summary
26.21 Chapter Review Questions/Exercises
26.22 Optional Team Case Project
Chapter 27 Tcp/Ip Packet Analysis
27.1 The Internet Model
27.2 Summary
27.3 Chapter Review Questions/Exercises
27.4 Optional Team Case Project
Chapter 28 The Enemy (The Intruder’s Genesis)
28.1 Introduction
28.2 Active Reconnaissance
28.3 Enumeration
28.4 Penetration amp;Amp; Gain Access
28.5 Maintain Access
28.6 Defend Network Against Unauthorized Access
28.7 Summary
28.8 Chapter Review Questions/Exercises
28.9 Optional Team Case Project
Chapter 29 Firewalls
29.1 Introduction
29.2 Network Firewalls
29.3 Firewall Security Policies
29.4 A Simple Mathematical Model For Policies, Rules, And Packets
29.5 First-Match Firewall Policy Anomalies
29.6 Policy Optimization
29.7 Firewall Types
29.8 Host And Network Firewalls
29.9 Software And Hardware Firewall Implementations
29.10 Choosing The Correct Firewall
29.11 Firewall Placement And Network Topology
29.12 Firewall Installation And Configuration
29.13 Supporting Outgoing Services Through Firewall Configuration
29.14 Secure External Services Provisioning
29.15 Network Firewalls For Voice And Video Applications
29.16 Firewalls And Important Administrative Service Protocols
29.17 Internal Ip Services Protection
29.18 Firewall Remote Access Configuration
29.19 Load Balancing And Firewall Arrays
29.20 Highly Available Firewalls
29.21 Firewall Management
29.22 Summary
29.23 Chapter Review Questions/Exercises
29.24 Optional Team Case Project
Chapter 30 Penetration Testing
30.1 Introduction
30.2 What Is Penetration Testing?
30.3 How Does Penetration Testing Differ From An Actual “Hack?”
30.4 Types Of Penetration Testing
30.5 Phases Of Penetration Testing
30.6 Defining What’s Expected
30.7 The Need For A Methodology
30.8 Penetration Testing Methodologies
30.9 Methodology In Action
30.10 Penetration Testing Risks
30.11 Liability Issues
30.12 Legal Consequences
30.13 “Get Out Of Jail Free” Card
30.14 Penetration Testing Consultants
30.15 Required Skill Sets
30.16 Accomplishments
30.17 Hiring A Penetration Tester
30.18 Why Should A Company Hi Re You?
30.19 Summary
30.20 Chapter Review Questions/Exercises
30.21 Optional Team Case Project
Chapter 31 What Is Vulnerability Assessment?
31.1 Introduction
31.2 Reporting
31.3 The “It Won’t Happen To Us” Factor
31.4 Why Vulnerability Assessment?
31.5 Penetration Testing Versus Vulnerability Assessment
31.6 Vulnerability Assessment Goal
31.7 Mapping The Network
31.8 Selecting The Right Scanners
31.9 Central Scans Versus Local Scans
31.10 Defense In Depth Strategy
31.11 Vulnerability Assessment Tools
31.12 Sara
31.13 Saint
31.14 Mbsa
31.15 Scanner Performance
31.16 Scan Verification
31.17 Scanning Cornerstones
31.18 Network Scanning Countermeasures
31.19 Vulnerability Disclosure Date
31.20 Proactive Security Versus Reactive Security
31.21 Vulnerability Causes
31.22 Diy Vulnerability Assessment
31.23 Summary
31.24 Chapter Review Questions/Exercises
31.25 Optional Team Case Project
Chapter 32 Security Metrics: An Introduction And Literature Review
32.1 Introduction
32.2 Why Security Metrics?
32.3 The Nature Of Security Metrics
32.4 Getting Started With Security Metrics
32.5 Metrics In Action–Towards An Intelligent Security Dashboard
32.6 Security Metrics In The Literature
32.7 Summary
32.8 Chapter Review Questions/Exercises
32.9 Optional Team Case Project
Part Iii Cyber, Network, And Systems Forensics Security And Assurance
Chapter 33 Cyber Forensics
33.1 What Is Cyber Forensics?
33.2 Analysis Of Data
33.3 Cyber Forensics In The Court System
33.4 Understanding Internet History
33.5 Temporary Restraining Orders And Labor Disputes
33.6 Ntfs
33.7 First Principles
33.8 Hacking A Windows Xp Password
33.9 Network Analysis
33.10 Cyber Forensics Applied
33.11 Testifying As An Expert
33.12 Beginning To End In Court
33.13 Summary
33.14 Chapter Review Questions/Exercises
33.15 Optional Team Case Project
Chapter 34 Cyber Forensics And Incidence Response
34.1 Introduction To Cyber Forensics
34.2 Handling Preliminary Investigations
34.3 Controlling An Investigation
34.4 Conducting Disk-Based Analysis
34.5 Investigating Information-Hiding Techniques
34.6 Scrutinizing E-Mail
34.7 Validating E-Mail Header Information
34.8 Tracing Internet Access
34.9 Searching Memory In Real Time
34.10 Summary
34.11 Chapter Review Questions/Exercises
34.12 Optional Team Case Project
Chapter 35 Securing E-Discovery
35.1 Information Management
35.2 Summary
35.3 Chapter Review Questions/Exercises
35.4 Optional Team Case Project
Chapter 36 Network Forensics
36.1 Scientific Overview
36.2 The Principles Of Network Forensics
36.3 Attack Traceback And Attribution
36.4 Critical Needs Analysis
36.5 Research Directions
36.6 Summary
36.7 Chapter Review Questions/Exercises
36.8 Optional Team Case Project
Part Iv Encryption Technology
Chapter 37 Data Encryption
37.1 Need For Cryptography
37.2 Mathematical Prelude To Cryptography
37.3 Classical Cryptography
37.4 Modern Symmetric Ciphers
37.5 Algebraic Structure
37.6 The Internal Functions Of Rijndael In Aes Implementation
37.7 Use Of Modern Block Ciphers
37.8 Public-Key Cryptography
37.9 Cryptanalysis Of Rsa
37.10 Diffie-Hellman Algorithm
37.11 Elliptic Curve Cryptosystems
37.12 Message Integrity And Authentication
37.13 Triple Data Encryption Algorithm (Tdea) Block Cipher
37.14 Summary
37.15 Chapter Review Questions/Exercises
37.16 Optional Team Case Project
Chapter 38 Satellite Encryption
38.1 Introduction
38.2 The Need For Satellite Encryption
38.3 Implementing Satellite Encryption
38.4 Pirate Decryption Of Satellite Transmissions
38.5 Summary
38.6 Chapter Review Questions/Exercises
38.7 Optional Team Case Project
Chapter 39 Public Key Infrastructure
39.1 Cryptographic Background
39.2 Overview Of Pki
39.3 The X.509 Model
39.4 X.509 Implementation Architectures
39.5 X.509 Certificate Validation
39.6 X.509 Certificate Revocation
39.7 Server-Based Certificate Validity Protocol
39.8 X.509 Bridge Certification Systems
39.9 X.509 Certificate Format
39.10 Pki Policy Description
39.11 Pki Standards Organizations
39.12 Pgp Certificate Formats
39.13 Pgp Pki Implementations
39.14 W3c
39.15 Is Pki Secure
39.16 Alternative Pki Architectures
39.17 Modified X.509 Architectures
39.18 Alternative Key Management Models
39.19 Summary
39.20 Chapter Review Questions/Exercises
39.21 Optional Team Case Project
Chapter 40 Password-Based Authenticated Key Establishment Protocol
[Toc Tbd]
Chapter 41 Instant-Messaging Security
41.1 Why Should I Care About Instant Messaging?
41.2 What Is Instant Messaging?
41.3 The Evolution Of Networking Technologies
41.3 Game Theory And Instant Messaging
41.4 The Nature Of The Threat
41.5 Common Im Applications
41.6 Defensive Strategies
41.7 Instant-Messaging Security Maturity And Solutions
41.8 Processes
41.9 Summary
41.10 Example Answers To Key Factors
41.11 Chapter Review Questions/Exercises
41.12 Optional Team Case Project
Part V Privacy And Access Management
Chapter 42 Privacy On The Internet
42.1 Privacy In The Digital Society
42.2 The Economics Of Privacy
42.3 Privacy-Enhancing Technologies
42.4 Network Anonymity
42.5 Summary
42.6 Chapter Review Questions/Exercises
42.7 Optional Team Case Project
Chapter 43 Privacy-Enhancing Technologies
43.1 The Concept Of Privacy
43.2 Legal Privacy Principles
43.3 Classification Of Pets
43.4 Traditional Privacy Goals Of Pets
43.5 Privacy Metrics
43.6 Data Minimization Technologies
43.7 Transparency-Enhancing Tools
43.8 Summary
43.9 Chapter Review Questions/Exercises
43.10 Optional Team Case Project
Chapter 44 Personal Privacy Policies
44.1 Introduction
44.2 Content Of Personal Privacy Policies
44.3 Semiautomated Derivation Of Personal Privacy Policies
44.4 Specifying Well-Formed Personal Privacy Policies
44.5 Preventing Unexpected Negative Outcomes
44.6 The Privacy Management Model
44.7 Discussion And Related Work
44.8 Summary
44.9 Chapter Review Questions/Exercises
44.10 Optional Team Case Project
Chapter 45 Detection Of Conflicts In Security Policies
45.1 Introduction
45.2 Conflicts In Security Policies
45.3 Conflicts In Executable Security Policies
45.4 Conflicts In Network Security Policies
45.5 Semantic Web Technology For Conflict Detection
45.6 Summary
45.7 Chapter Review Questions/Exercises
45.8 Optional Team Case Project
Chapter 46 Supporting User Privacy Preferences In Digital Interactions
46.1 Introduction
46.2 Basic Concepts And Desiderata
46.3 Cost-Sensitive Trust Negotiation
46.4 Point-Based Trust Management
46.5 Logical-Based Minimal Credential Disclosure
46.6 Privacy Preferences In Credential-Based Interactions
46.7 Fine-Grained Disclosure Of Sensitive Access Policies
46.8 Open Issues
46.9 Summary
46.10 Chapter Review Questions/Exercises
46.11 Optional Team Case Project
Chapter 47 Privacy And Security In Environmental Monitoring Systems: Issues And Solutions
47.1 Introduction
47.2 System Architectures
47.3 Environmental Data
47.4 Security And Privacy Issues In Environmental Monitoring
47.5 Countermeasures
47.6 Summary
47.7 Chapter Review Questions/Exercises
47.8 Optional Team Case Project
Chapter 48 Virtual Private Networks
48.1 History
48.2 Who Is In Charge?
48.3 Vpn Types
48.4 Authentication Methods
48.5 Symmetric Encryption
48.6 Asymmetric Cryptography
48.7 Edge Devices
48.8 Passwords
48.9 Hackers And Crackers
48.10 Mobile Vpn
48.11 Ssl Vpn Deployments
48.12 Summary
48.13 Chapter Review Questions/Exercises
48.14 Optional Team Case Project
Chapter 49 Identity Theft
49.1 Experimental Design
49.2 Results And Analysis
49.3 Implications For Crimeware
49.4 Summary
49.5 Chapter Review Questions/Exercises
49.6 Optional Team Case Project
Chapter 50 Voip Security
50.1 Introduction
50.2 Overview Of Threats
50.3 Security In Voip
50.4 Future Trends
50.5 Summary
50.6 Chapter Review Questions/Exercises
50.7 Optional Team Case Project
Part Vi Storage Security
Chapter 51 San Security
51.1 Organizational Structure
51.2 Access Control Lists (Acl) And Policies
51.3 Physical Access
51.4 Change Management
51.5 Password Policies
51.6 Defense In Depth
51.7 Vendor Security Review
51.8 Data Classification
51.9 Security Management
51.10 Auditing
51.11 Security Maintenance
51.12 Host Access: Partitioning
51.13 Data Protection: Replicas
51.14 Encryption In Storage
51.15 Application Of Encryption
51.16 Summary
51.17 Chapter Review Questions/Exercises
51.18 Optional Team Case Project
Chapter 52 Storage Area Networking Security Devices
52.1 What Is A San?
52.2 San Deployment Justifications
52.3 The Critical Reasons For San Security
52.4 San Architecture And Components
52.5 San General Threats And Issues
52.6 Owasp
52.7 Osstmm
52.8 Issa
52.9 Isaca
52.10 Summary
52.11 Chapter Review Questions/Exercises
52.12 Optional Team Case Project
Chapter 53 Risk Management
53.1 The Concept Of Risk
53.2 Expressing And Measuring Risk
53.3 The Risk Management Methodology
53.4 Risk Management Laws And Regulations
53.5 Risk Management Standards
53.6 Summary
53.7 Chapter Review Questions/Exercises
53.8 Optional Team Case Project
Part Vii Physical Security
Chapter 54 Physical Security Essentials
54.1 Overview
54.2 Physical Security Threats
54.3 Physical Security Prevention And Mitigation Measures
54.4 Recovery From Physical Security Breaches
54.5 Threat Assessment, Planning, And Plan Implementation
54.6 Example: A Corporate Physical Security Policy
54.7 Integration Of Physical And Logical Security
54.8 Physical Security Checklist
54.9 Summary
54.10 Chapter Review Questions/Exercises
54.11 Optional Team Case Project
Chapter 55 Disaster Recovery
55.1 Introduction
55.2 Measuring Risk And Avoiding Disaster
55.3 The Business Impact Assessment (Bia)
55.4 Summary
55.5 Chapter Review Questions/Exercises
55.6 Optional Team Case Project
Chapter 56 Biometrics
56.1 Relevant Standards
56.2 Biometric System Architecture
56.3 Using Biometric Systems
56.4 Security Considerations
56.5 Summary
56.6 Chapter Review Questions/Exercises
56.7 Optional Team Case Project
Chapter 57 Homeland Security
57.1 Statutory Authorities
57.2 Homeland Security Presidential Directives
57.3 Organizational Actions
57.4 Summary
57.5 Chapter Review Questions/Exercises
57.6 Optional Team Case Project
Chapter 58 Cyber Warfare
58.1 Cyber Warfare Model
58.2 Cyber Warfare Defined
58.3 Cw: Myth Or Reality?
58.4 Cyber Warfare: Making Cw Possible
58.5 Legal Aspects Of Cw
58.6 Holistic View Of Cyber Warfare
58.7 Summary
58.8 Chapter Review Questions/Exercises
58.9 Optional Team Case Project
Chapter 59 System Security
59.1 Foundations Of Security
59.2 Basic Countermeasures
59.3 Summary
59.4 Chapter Review Questions/Exercises
59.5 Optional Team Case Project
Chapter 60 Securing The Infrastructure
60.1 Communication Security Goals
60.2 Attacks And Countermeasures
60.3 Summary
60.4 Chapter Review Questions/Exercises
60.5 Optional Team Case Project
Chapter 61 Access Controls
61.1 Infrastructure Weaknesses: Dac, Mac, And Rbac
61.2 Strengthening The Infrastructure: Authentication Systems
61.3 Summary
61.4 Chapter Review Questions/Exercises
61.5 Optional Team Case Project
Chapter 62 Assessments And Audits
62.1 Assessing Vulnerabilities And Risk: Penetration Testing And Vulnerability Assessments
62.2 Risk Management: Quantitative Risk Measurements
62.3 Summary
62.4 Chapter Review Questions/Exercises
62.5 Optional Team Case Project
Chapter 63 Fundamentals Of Cryptography
63.1 Assuring Privacy With Encryption
63.2 Summary
63.3 Chapter Review Questions/Exercises
63.4 Optional Team Case Project
Part Ix Advanced Security
Chapter 64 Security Through Diversity
64.1 Ubiquity
64.2 Example Attacks Against Uniformity
64.3 Attacking Ubiquity With Antivirus Tools
64.4 The Threat Of Worms
64.5 Automated Network Defense
64.6 Diversity And The Browser
64.7 Sandboxing And Virtualization
64.8 Dns Example Of Diversity Through Security
64.9 Recovery From Disaster Is Survival
64.10 Summary
64.11 Chapter Review Questions/Exercises
64.12 Optional Team Case Project
Chapter 65 Online E-Reputation Management Services
65.1 Introduction
65.2 The Human Notion Of Reputation
65.3 Reputation Applied To The Computing World
65.4 State Of The Art Of Attack--Resistant Reputation Computation
65.5 Overview Of Current Online Reputation Service
65.6 Summary
65.7 Chapter Review Questions/Exercises
65.8 Optional Team Case Project
Chapter 66 Content Filtering
66.1 Defining The Problem
66.2 Why Content Filtering Is Important
66.3 Content Categorization Technologies
66.4 Perimeter Hardware And Software Solutions
66.5 Categories
66.6 Legal Issues
66.7 Circumventing Content Filtering
66.8 Additional Items To Consider: Overblocking And Underblocking
66.9 Related Products
66.10 Summary
66.11 Chapter Review Questions/Exercises
66.12 Optional Team Case Project
Chapter 67 Data Loss Protection
67.1 Precursors Of Dlp
67.2 What Is Dlp?
67.3 Where To Begin
67.4 Data Is Like Water
67.5 You Don’t Know What You Don’t Know
67.6 How Do Dlp Applications Work?
67.7 Eat Your Vegetables
67.8 It’s A Family Affair, Not Just It Security’s Problem
67.9 Vendors, Vendors Everywhere! Who Do You Believe?
67.10 Summary
67.11 Chapter Review Questions/Exercises
67.12 Optional Team Case Project
Chapter 68 Satellite Cyber Attack Search And Destroy
68.1 Hacks, Interference And Jamming
68.2 Summary
68.3 Chapter Review Questions/Exercises
68.4 Optional Team Case Project
Chapter 69 Verifiable Voting Systems
69.1 Security Requirements
69.2 Verifiable Voting Schemes
69.3 Building Blocks
69.4 Survey Of Noteworthy Schemes
69.5 Prêt À Voter
69.6 Threats To Verifiable Voting Systems
69.7 Summary
69.8 Chapter Review Questions/Exercises
69.9 Optional Team Case Project
Chapter 70 Advanced Data Encryption
70.1 Mathematical Concepts Reviewed
70.2 The Rsa Cryptosystem
70.3 Summary
70.4 Chapter Review Questions/Exercises
70.5 Optional Team Case Project
Part X Appendices
Appendix A Configuring Authentication Service On Microsoft Windows 7
Appendix B Security Management and Resiliency
Appendix C List of Top Information and Network Security Implementation and Deployment Companies
Appendix D List of Security Products
Appendix E List of Security Standards
Appendix F List of Miscellaneous Security Resources
Appendix G Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
Appendix H Configuring Wireless Internet Security Remote Access
Appendix I Frequently Asked Questions
Appendix J Case Studies
Chapter 1 Building a Secure Organization
1.1 Obstacles To Security
1.2 Ten Steps To Building A Secure Organization
1.3 Don’t Forget The Basics
1.4 Preparing For The Building Of Security Control Assessments
1.5 Summary
1.6 Chapter Review Questions/Exercises
1.7 Optional Team Case Project
Chapter 2 A Cryptography Primer
2.1 What Is Cryptography? What Is Encryption?
2.2 Famous Cryptographic Devices
2.3 Ciphers
2.4 Modern Cryptography
2.5 The Computer Age
2.6 How Aes Works
2.7 Selecting Cryptography: The Process
2.8 Summary
2.9 Chapter Review Questions/Exercises
2.9 Optional Team Case Project
Chapter 3 Detecting System Intrusions
3.1 Introduction
3.2 Monitoring Key Files In The System
3.3 Security Objectives
3.4 0day Attacks
3.5 Good Known State
3.6 Rootkits
3.7 Low Hanging Fruit
3.8 Antivirus Software
3.9 Homegrown Intrusion Detection
3.10 Full Packet Capture Devices
3.11 Out Of Band Attack Vectors
3.12 Security Awareness Training
3.13 Data Correlation
3.14 Siem
3.15 Other Weird Stuff On The System
3.16 Detection
3.17 Network-Based Detection Of System Intrusions (Dsis)
3.18 Summary
3.19 Chapter Review Questions/Exercises
3.20 Optional Team Case Project
Chapter 4 Preventing System Intrusions
4.1 So, What Is An Intrusion?
4.2 Sobering Numbers
4.3 Know Your Enemy: Hackers Versus Crackers
4.4 Motives
4.5 The Crackers’ Tools Of The Trade
4.6 Bots
4.7 Symptoms Of Intrusions
4.8 What Can You Do?
4.9 Security Policies
4.10 Risk Analysis
4.11 Tools Of Your Trade
4.12 Controlling User Access
4.13 Intrusion Prevention Capabilities
4.14 Summary
4.15 Chapter Review Questions/Exercises
4.16 Optional Team Case Project
Chapter 5 Guarding Against Network Intrusions
5.1 Traditional Reconnaissance And Attacks
5.2 Malicious Software
5.3 Defense In Depth
5.4 Preventive Measures
5.5 Intrusion Monitoring And Detection
5.6 Reactive Measures
5.7 Network-Based Intrusion Protection
5.6 Summary
5.7 Chapter Review Questions/Exercises
5.8 Optional Team Case Project
Chapter 6 Securing Cloud Computing Systems
6.1 Cloud Computing Essentials: Examining The Cloud Layers
6.2 Software As A Service (Saas): Managing Risks In The Cloud
6.3 Platform As A Service (Paas): Securing The Platform
6.4 Infrastructure As A Service (Iaas)
6.5 Leveraging Provider-Specific Security Options
6.6 Achieving Security In A Private Cloud
6.7 Meeting Compliance Requirements
6.8 Preparing For Disaster Recovery
6.9 Summary
6.10 Chapter Review Questions/Exercises
6.11 Optional Team Case Project
Chapter 7 Fault Tolerance And Resilience In Cloud Computing Environments
7.1 Introduction
7.2 Cloud Computing Fault Model
7.3 Basic Concepts On Fault Tolerance
7.4 Different Levels Of Fault Tolerance In Cloud Computing
7.5 Fault Tolerance Against Crash Failures In Cloud Computing
7.6 Fault Tolerance Against Byzantine Failures In Cloud Computing
7.7 Fault Tolerance As A Service In Cloud Computing
7.8 Summary
7.9 Chapter Review Questions/Exercises
7.10 Optional Team Case Project
Chapter 8 Securing Web Applications, Services And Servers
8.1 Setting The Stage
8.2 Basic Security For Http Applications And Services
8.3 Basic Security For Soap Services
8.4 Identity Management And Web Services
8.5 Authorization Patterns
8.6 Security Considerations
8.7 Challenges
8.8 Summary
8.9 Chapter Review Questions/Exercisesamp;Nbsp;
8.10 Optional Team Case Project
Chapter 9 Unix And Linux Security
9.1 Unix And Security
9.2 Basic Unix Security Overview
9.3 Achieving Unix Security
9.4 Protecting User Accounts And Strengthening Authentication
9.5 Limiting Superuser Privileges
9.6 Securing Local And Network File Systems
9.7 Network Configuration
9.8 Additional Resources
9.9 Improving The Security Of Linux And Unix Systems
9.10 Summary
9.11 Chapter Review Questions/Exercises
9.12 Optional Team Case Project
Chapter 10 Eliminating The Security Weakness Of Linux And Unix Operating Systems
10.1 Introduction
10.2 Hardening Linux And Unix
10.3 Proactive Defense For Linux And Unix
10.4 Summary
10.5 Chapter Review Questions/Exercises
10.6 Optional Team Case Project
Chapter 11 Internet Security
11.1 Internet Protocol Architecture
11.2 An Internet Threat Model
11.3 Defending Against Attacks On The Internet
11.4 Internet Security Checklist
11.5 Summary
11.6 Chapter Review Questions/Exercises
11.7 Optional Team Case Project
Chapter 12 The Botnet Problem
12.1 Introduction
12.2 Botnet Overview
12.3 Typical Bot Life Cycle
12.4 The Botnet Business Model
12.5 Botnet Defense
12.6 Botmaster Traceback
12.7 Preventing Botnets
12.8 Summary
12.9 Chapter Review Questions/Exercises
12.10 Optional Team Case Project
Chapter 13 Intranet Security
13.1 Smartphones amp;Amp; Tablets In The Intranet
13.2 Security Considerations
13.3 Plugging The Gaps: Nac And Access Control
13.4 Measuring Risk: Audits
13.5 Guardian At The Gate: Authentication And Encryption
13.6 Wireless Network Security
13.7 Shielding The Wire: Network Protection
13.8 Weakest Link In Security: User Training
13.9 Documenting The Network: Change Management
13.10 Rehearse The Inevitable: Disaster Recovery
13.11 Controlling Hazards: Physical And Environmental Protection
13.12 Know Your Users: Personnel Security
13.13 Protecting Data Flow: Information And System Integrity
13.14 Security Assessments
13.15 Risk Assessments
13.16 Intranet Security Checklist
13.17 Summary
13.18 Chapter Review Questions/Exercises
13.19 Optional Team Case Project
Chapter 14 Local Area Network Security
14.1 Identify Network Threats
14.2 Establish Network Access Controls
14.3 Risk Assessment
14.4 Listing Network Resources
14.5 Threats
14.6 Security Policies
14.7 The Incident-Handling Process
14.8 Secure Design Through Network Access Controls
14.9 Ids Defined
14.10 Nids: Scope And Limitations
14.11 A Practical Illustration Of Nids
14.12 Firewalls
14.13 Dynamic Nat Configuration
14.14 The Perimeter
14.15 Access List Details
14.16 Types Of Firewalls
14.17 Packet Filtering: Ip Filtering Routers
14.18 Application-Layer Firewalls: Proxy Servers
14.19 Stateful Inspectio Firewalls
14.20 Nids Complements Firewalls
14.21 Monitor And Analyze System Activities
14.22 Signature Analysis
14.23 Statistical Analysis
14.24 Signature Algorithms
14.25 Summary
14.26 Chapter Review Questions/Exercises
14.27 Optional Team Case Project
Chapter 15 Wireless Network Security
15.1 Cellular Networks
15.2 Wireless Ad Hoc Networks
15.3 Security Protocols
15.4 Wep
15.5 Wpa And Wpa2
15.6 Spins: Security Protocols For Sensor Networks
15.7 Secure Routing
15.8 Sead
15.9 Aran
15.10 Slsp
15.11 Key Establishment
15.12 Ing
15.13 Management Countermeasures
15.14 Summary
15.15 Chapter Review Questions/Exercises
15.16 Optional Team Case Project
Chapter 16 Wireless Sensor Network Security
16.1 Introduction To Wireless Sensor Network (Wsn)
16.2 Summary
16.3 Chapter Review Questions/Exercises
16.4 Optional Team Case Project
Chapter 17 Cellular Network Security
17.1 Introduction To Wireless Sensor Network (Wsn)
17.2 Overview Of Cellular Networks
17.3 The State Of The Art Of Cellular Network Security
17.4 Cellular Network Attack Taxonomy
17.5 Cellular Network Vulnerability Analysis
17.6 (Acat)
17.7 (Ecat)
17.8 Summary
17.9 Chapter Review Questions/Exercises
17.10 Optional Team Case Project
Chapter 18 Rfid Security
18.1 Rfid Introduction
18.2 Rfid Challenges
18.3 Rfid Protections
18.4 Summary
18.5 Chapter Review Questions/Exercises
18.6 Optional Team Case Project
Chapter 19 Optical Network Security
19.1 Optical Networks
19.2 Securing Optical Networks
19.3 Identify Vulnerabilities
19.4 Corrective Actions
19.5 Summary
19.6 Chapter Review Questions/Exercises
19.7 Optional Team Case Project
Chapter 20 Optical Wireless Security
20.1 Optical Wireless Systems Overview
20.2 Deployment Architectures
20.3 High Bandwidth
20.4 Low Cost
20.5 Implementation
20.6 Surface Area
20.7 Summary
20.8 Chapter Review Questions/Exercises
20.9 Optional Team Case Project
Part Ii Managing Information Security
Chapter 21 Information Security Essentials For It Managers: Protecting Mission-Critical Systems
21.1 Information Security Essentials For It Managers
21.2 Overview
21.3 Protecting Mission-Critical Systems
21.4 Information Security From The Ground Up
21.5 Security Monitoring And Effectiveness
21.6 Summary
21.7 Chapter Review Questions/Exercises
21.8 Optional Team Case Project
Chapter 22 Security Management Systems
22.1 Security Management System Standards
22.2 Training Requirements
22.3 Principles Of Information Security
22.4 Roles And Responsibilities Of Personnel
22.5 Security Policies
22.6 Security Controls
22.7 Network Access
22.8 Risk Assessment
22.9 Incident Response
22.10 Summary
22.11 Chapter Review Questions/Exercises
22.12 Optional Team Case Project
Chapter 23 Policy-Driven System Management
23.1 Introduction
23.2 Security And Policy-Based Management
23.3 Classificaion And Languages
23.4 Controls For Enforcing Security Policies In Distributed Systems
23.5 Products And Technologies
23.6 Research Projects
23.7 Summary
23.8 Chapter Review Questions/Exercises
23.9 Optional Team Case Project
Chapter 24 Information Technology Security Management
24.1 Information Security Management Standards
24.2 Other Organizations Involved In Standards
24.3 Information Technology Security Aspects
24.4 Summary
24.5 Chapter Review Questions/Exercises
24.6 Optional Team Case Project
Chapter 25 Online Identity And User Management Services
25.1 Introduction
25.2 Evolution Of Identity Management Requirements
25.3 The Requirements Fulfilled By Identity Management Technologies
25.4 Identity Management 1.0
25.5 Social Login And User Management
25.6 Identity 2.0 For Mobile Users
25.7 Summary
25.8 Chapter Review Questions/Exercises
25.9 Optional Team Case Project
Chapter 26 Intrusion Prevention And Detection Systems
26.1 What Is An ‘Intrusion’ Anyway?
26.2 Physical Theft
26.3 Abuse Of Privileges (The Insider Threat)
26.4 Unauthorized Access By Outsider
26.5 Malware Infection
26.6 The Role Of The ‘0-Day’
26.7 The Rogue’s Gallery: Attackers And Motives
26.8 A Brief Introduction To Tcp/Ip
26.9 The Tcp/Ip Data Architecture And Data Encapsulation
26.10 Survey Of Intrusion Detection And Prevention
26.11 Technologies
26.12 Anti-Malware Software
26.13 Network-Based Intrusion Detection Systems
26.14 Network-Based Intrusion Prevention Systems
26.15 Host-Based Intrusion Prevention Systems
26.16 Security Information Management Systems
26.17 Network Session Analysis
26.18 Digital Forensics
26.19 System Integrity Validation
26.20 Summary
26.21 Chapter Review Questions/Exercises
26.22 Optional Team Case Project
Chapter 27 Tcp/Ip Packet Analysis
27.1 The Internet Model
27.2 Summary
27.3 Chapter Review Questions/Exercises
27.4 Optional Team Case Project
Chapter 28 The Enemy (The Intruder’s Genesis)
28.1 Introduction
28.2 Active Reconnaissance
28.3 Enumeration
28.4 Penetration amp;Amp; Gain Access
28.5 Maintain Access
28.6 Defend Network Against Unauthorized Access
28.7 Summary
28.8 Chapter Review Questions/Exercises
28.9 Optional Team Case Project
Chapter 29 Firewalls
29.1 Introduction
29.2 Network Firewalls
29.3 Firewall Security Policies
29.4 A Simple Mathematical Model For Policies, Rules, And Packets
29.5 First-Match Firewall Policy Anomalies
29.6 Policy Optimization
29.7 Firewall Types
29.8 Host And Network Firewalls
29.9 Software And Hardware Firewall Implementations
29.10 Choosing The Correct Firewall
29.11 Firewall Placement And Network Topology
29.12 Firewall Installation And Configuration
29.13 Supporting Outgoing Services Through Firewall Configuration
29.14 Secure External Services Provisioning
29.15 Network Firewalls For Voice And Video Applications
29.16 Firewalls And Important Administrative Service Protocols
29.17 Internal Ip Services Protection
29.18 Firewall Remote Access Configuration
29.19 Load Balancing And Firewall Arrays
29.20 Highly Available Firewalls
29.21 Firewall Management
29.22 Summary
29.23 Chapter Review Questions/Exercises
29.24 Optional Team Case Project
Chapter 30 Penetration Testing
30.1 Introduction
30.2 What Is Penetration Testing?
30.3 How Does Penetration Testing Differ From An Actual “Hack?”
30.4 Types Of Penetration Testing
30.5 Phases Of Penetration Testing
30.6 Defining What’s Expected
30.7 The Need For A Methodology
30.8 Penetration Testing Methodologies
30.9 Methodology In Action
30.10 Penetration Testing Risks
30.11 Liability Issues
30.12 Legal Consequences
30.13 “Get Out Of Jail Free” Card
30.14 Penetration Testing Consultants
30.15 Required Skill Sets
30.16 Accomplishments
30.17 Hiring A Penetration Tester
30.18 Why Should A Company Hi Re You?
30.19 Summary
30.20 Chapter Review Questions/Exercises
30.21 Optional Team Case Project
Chapter 31 What Is Vulnerability Assessment?
31.1 Introduction
31.2 Reporting
31.3 The “It Won’t Happen To Us” Factor
31.4 Why Vulnerability Assessment?
31.5 Penetration Testing Versus Vulnerability Assessment
31.6 Vulnerability Assessment Goal
31.7 Mapping The Network
31.8 Selecting The Right Scanners
31.9 Central Scans Versus Local Scans
31.10 Defense In Depth Strategy
31.11 Vulnerability Assessment Tools
31.12 Sara
31.13 Saint
31.14 Mbsa
31.15 Scanner Performance
31.16 Scan Verification
31.17 Scanning Cornerstones
31.18 Network Scanning Countermeasures
31.19 Vulnerability Disclosure Date
31.20 Proactive Security Versus Reactive Security
31.21 Vulnerability Causes
31.22 Diy Vulnerability Assessment
31.23 Summary
31.24 Chapter Review Questions/Exercises
31.25 Optional Team Case Project
Chapter 32 Security Metrics: An Introduction And Literature Review
32.1 Introduction
32.2 Why Security Metrics?
32.3 The Nature Of Security Metrics
32.4 Getting Started With Security Metrics
32.5 Metrics In Action–Towards An Intelligent Security Dashboard
32.6 Security Metrics In The Literature
32.7 Summary
32.8 Chapter Review Questions/Exercises
32.9 Optional Team Case Project
Part Iii Cyber, Network, And Systems Forensics Security And Assurance
Chapter 33 Cyber Forensics
33.1 What Is Cyber Forensics?
33.2 Analysis Of Data
33.3 Cyber Forensics In The Court System
33.4 Understanding Internet History
33.5 Temporary Restraining Orders And Labor Disputes
33.6 Ntfs
33.7 First Principles
33.8 Hacking A Windows Xp Password
33.9 Network Analysis
33.10 Cyber Forensics Applied
33.11 Testifying As An Expert
33.12 Beginning To End In Court
33.13 Summary
33.14 Chapter Review Questions/Exercises
33.15 Optional Team Case Project
Chapter 34 Cyber Forensics And Incidence Response
34.1 Introduction To Cyber Forensics
34.2 Handling Preliminary Investigations
34.3 Controlling An Investigation
34.4 Conducting Disk-Based Analysis
34.5 Investigating Information-Hiding Techniques
34.6 Scrutinizing E-Mail
34.7 Validating E-Mail Header Information
34.8 Tracing Internet Access
34.9 Searching Memory In Real Time
34.10 Summary
34.11 Chapter Review Questions/Exercises
34.12 Optional Team Case Project
Chapter 35 Securing E-Discovery
35.1 Information Management
35.2 Summary
35.3 Chapter Review Questions/Exercises
35.4 Optional Team Case Project
Chapter 36 Network Forensics
36.1 Scientific Overview
36.2 The Principles Of Network Forensics
36.3 Attack Traceback And Attribution
36.4 Critical Needs Analysis
36.5 Research Directions
36.6 Summary
36.7 Chapter Review Questions/Exercises
36.8 Optional Team Case Project
Part Iv Encryption Technology
Chapter 37 Data Encryption
37.1 Need For Cryptography
37.2 Mathematical Prelude To Cryptography
37.3 Classical Cryptography
37.4 Modern Symmetric Ciphers
37.5 Algebraic Structure
37.6 The Internal Functions Of Rijndael In Aes Implementation
37.7 Use Of Modern Block Ciphers
37.8 Public-Key Cryptography
37.9 Cryptanalysis Of Rsa
37.10 Diffie-Hellman Algorithm
37.11 Elliptic Curve Cryptosystems
37.12 Message Integrity And Authentication
37.13 Triple Data Encryption Algorithm (Tdea) Block Cipher
37.14 Summary
37.15 Chapter Review Questions/Exercises
37.16 Optional Team Case Project
Chapter 38 Satellite Encryption
38.1 Introduction
38.2 The Need For Satellite Encryption
38.3 Implementing Satellite Encryption
38.4 Pirate Decryption Of Satellite Transmissions
38.5 Summary
38.6 Chapter Review Questions/Exercises
38.7 Optional Team Case Project
Chapter 39 Public Key Infrastructure
39.1 Cryptographic Background
39.2 Overview Of Pki
39.3 The X.509 Model
39.4 X.509 Implementation Architectures
39.5 X.509 Certificate Validation
39.6 X.509 Certificate Revocation
39.7 Server-Based Certificate Validity Protocol
39.8 X.509 Bridge Certification Systems
39.9 X.509 Certificate Format
39.10 Pki Policy Description
39.11 Pki Standards Organizations
39.12 Pgp Certificate Formats
39.13 Pgp Pki Implementations
39.14 W3c
39.15 Is Pki Secure
39.16 Alternative Pki Architectures
39.17 Modified X.509 Architectures
39.18 Alternative Key Management Models
39.19 Summary
39.20 Chapter Review Questions/Exercises
39.21 Optional Team Case Project
Chapter 40 Password-Based Authenticated Key Establishment Protocol
[Toc Tbd]
Chapter 41 Instant-Messaging Security
41.1 Why Should I Care About Instant Messaging?
41.2 What Is Instant Messaging?
41.3 The Evolution Of Networking Technologies
41.3 Game Theory And Instant Messaging
41.4 The Nature Of The Threat
41.5 Common Im Applications
41.6 Defensive Strategies
41.7 Instant-Messaging Security Maturity And Solutions
41.8 Processes
41.9 Summary
41.10 Example Answers To Key Factors
41.11 Chapter Review Questions/Exercises
41.12 Optional Team Case Project
Part V Privacy And Access Management
Chapter 42 Privacy On The Internet
42.1 Privacy In The Digital Society
42.2 The Economics Of Privacy
42.3 Privacy-Enhancing Technologies
42.4 Network Anonymity
42.5 Summary
42.6 Chapter Review Questions/Exercises
42.7 Optional Team Case Project
Chapter 43 Privacy-Enhancing Technologies
43.1 The Concept Of Privacy
43.2 Legal Privacy Principles
43.3 Classification Of Pets
43.4 Traditional Privacy Goals Of Pets
43.5 Privacy Metrics
43.6 Data Minimization Technologies
43.7 Transparency-Enhancing Tools
43.8 Summary
43.9 Chapter Review Questions/Exercises
43.10 Optional Team Case Project
Chapter 44 Personal Privacy Policies
44.1 Introduction
44.2 Content Of Personal Privacy Policies
44.3 Semiautomated Derivation Of Personal Privacy Policies
44.4 Specifying Well-Formed Personal Privacy Policies
44.5 Preventing Unexpected Negative Outcomes
44.6 The Privacy Management Model
44.7 Discussion And Related Work
44.8 Summary
44.9 Chapter Review Questions/Exercises
44.10 Optional Team Case Project
Chapter 45 Detection Of Conflicts In Security Policies
45.1 Introduction
45.2 Conflicts In Security Policies
45.3 Conflicts In Executable Security Policies
45.4 Conflicts In Network Security Policies
45.5 Semantic Web Technology For Conflict Detection
45.6 Summary
45.7 Chapter Review Questions/Exercises
45.8 Optional Team Case Project
Chapter 46 Supporting User Privacy Preferences In Digital Interactions
46.1 Introduction
46.2 Basic Concepts And Desiderata
46.3 Cost-Sensitive Trust Negotiation
46.4 Point-Based Trust Management
46.5 Logical-Based Minimal Credential Disclosure
46.6 Privacy Preferences In Credential-Based Interactions
46.7 Fine-Grained Disclosure Of Sensitive Access Policies
46.8 Open Issues
46.9 Summary
46.10 Chapter Review Questions/Exercises
46.11 Optional Team Case Project
Chapter 47 Privacy And Security In Environmental Monitoring Systems: Issues And Solutions
47.1 Introduction
47.2 System Architectures
47.3 Environmental Data
47.4 Security And Privacy Issues In Environmental Monitoring
47.5 Countermeasures
47.6 Summary
47.7 Chapter Review Questions/Exercises
47.8 Optional Team Case Project
Chapter 48 Virtual Private Networks
48.1 History
48.2 Who Is In Charge?
48.3 Vpn Types
48.4 Authentication Methods
48.5 Symmetric Encryption
48.6 Asymmetric Cryptography
48.7 Edge Devices
48.8 Passwords
48.9 Hackers And Crackers
48.10 Mobile Vpn
48.11 Ssl Vpn Deployments
48.12 Summary
48.13 Chapter Review Questions/Exercises
48.14 Optional Team Case Project
Chapter 49 Identity Theft
49.1 Experimental Design
49.2 Results And Analysis
49.3 Implications For Crimeware
49.4 Summary
49.5 Chapter Review Questions/Exercises
49.6 Optional Team Case Project
Chapter 50 Voip Security
50.1 Introduction
50.2 Overview Of Threats
50.3 Security In Voip
50.4 Future Trends
50.5 Summary
50.6 Chapter Review Questions/Exercises
50.7 Optional Team Case Project
Part Vi Storage Security
Chapter 51 San Security
51.1 Organizational Structure
51.2 Access Control Lists (Acl) And Policies
51.3 Physical Access
51.4 Change Management
51.5 Password Policies
51.6 Defense In Depth
51.7 Vendor Security Review
51.8 Data Classification
51.9 Security Management
51.10 Auditing
51.11 Security Maintenance
51.12 Host Access: Partitioning
51.13 Data Protection: Replicas
51.14 Encryption In Storage
51.15 Application Of Encryption
51.16 Summary
51.17 Chapter Review Questions/Exercises
51.18 Optional Team Case Project
Chapter 52 Storage Area Networking Security Devices
52.1 What Is A San?
52.2 San Deployment Justifications
52.3 The Critical Reasons For San Security
52.4 San Architecture And Components
52.5 San General Threats And Issues
52.6 Owasp
52.7 Osstmm
52.8 Issa
52.9 Isaca
52.10 Summary
52.11 Chapter Review Questions/Exercises
52.12 Optional Team Case Project
Chapter 53 Risk Management
53.1 The Concept Of Risk
53.2 Expressing And Measuring Risk
53.3 The Risk Management Methodology
53.4 Risk Management Laws And Regulations
53.5 Risk Management Standards
53.6 Summary
53.7 Chapter Review Questions/Exercises
53.8 Optional Team Case Project
Part Vii Physical Security
Chapter 54 Physical Security Essentials
54.1 Overview
54.2 Physical Security Threats
54.3 Physical Security Prevention And Mitigation Measures
54.4 Recovery From Physical Security Breaches
54.5 Threat Assessment, Planning, And Plan Implementation
54.6 Example: A Corporate Physical Security Policy
54.7 Integration Of Physical And Logical Security
54.8 Physical Security Checklist
54.9 Summary
54.10 Chapter Review Questions/Exercises
54.11 Optional Team Case Project
Chapter 55 Disaster Recovery
55.1 Introduction
55.2 Measuring Risk And Avoiding Disaster
55.3 The Business Impact Assessment (Bia)
55.4 Summary
55.5 Chapter Review Questions/Exercises
55.6 Optional Team Case Project
Chapter 56 Biometrics
56.1 Relevant Standards
56.2 Biometric System Architecture
56.3 Using Biometric Systems
56.4 Security Considerations
56.5 Summary
56.6 Chapter Review Questions/Exercises
56.7 Optional Team Case Project
Chapter 57 Homeland Security
57.1 Statutory Authorities
57.2 Homeland Security Presidential Directives
57.3 Organizational Actions
57.4 Summary
57.5 Chapter Review Questions/Exercises
57.6 Optional Team Case Project
Chapter 58 Cyber Warfare
58.1 Cyber Warfare Model
58.2 Cyber Warfare Defined
58.3 Cw: Myth Or Reality?
58.4 Cyber Warfare: Making Cw Possible
58.5 Legal Aspects Of Cw
58.6 Holistic View Of Cyber Warfare
58.7 Summary
58.8 Chapter Review Questions/Exercises
58.9 Optional Team Case Project
Chapter 59 System Security
59.1 Foundations Of Security
59.2 Basic Countermeasures
59.3 Summary
59.4 Chapter Review Questions/Exercises
59.5 Optional Team Case Project
Chapter 60 Securing The Infrastructure
60.1 Communication Security Goals
60.2 Attacks And Countermeasures
60.3 Summary
60.4 Chapter Review Questions/Exercises
60.5 Optional Team Case Project
Chapter 61 Access Controls
61.1 Infrastructure Weaknesses: Dac, Mac, And Rbac
61.2 Strengthening The Infrastructure: Authentication Systems
61.3 Summary
61.4 Chapter Review Questions/Exercises
61.5 Optional Team Case Project
Chapter 62 Assessments And Audits
62.1 Assessing Vulnerabilities And Risk: Penetration Testing And Vulnerability Assessments
62.2 Risk Management: Quantitative Risk Measurements
62.3 Summary
62.4 Chapter Review Questions/Exercises
62.5 Optional Team Case Project
Chapter 63 Fundamentals Of Cryptography
63.1 Assuring Privacy With Encryption
63.2 Summary
63.3 Chapter Review Questions/Exercises
63.4 Optional Team Case Project
Part Ix Advanced Security
Chapter 64 Security Through Diversity
64.1 Ubiquity
64.2 Example Attacks Against Uniformity
64.3 Attacking Ubiquity With Antivirus Tools
64.4 The Threat Of Worms
64.5 Automated Network Defense
64.6 Diversity And The Browser
64.7 Sandboxing And Virtualization
64.8 Dns Example Of Diversity Through Security
64.9 Recovery From Disaster Is Survival
64.10 Summary
64.11 Chapter Review Questions/Exercises
64.12 Optional Team Case Project
Chapter 65 Online E-Reputation Management Services
65.1 Introduction
65.2 The Human Notion Of Reputation
65.3 Reputation Applied To The Computing World
65.4 State Of The Art Of Attack--Resistant Reputation Computation
65.5 Overview Of Current Online Reputation Service
65.6 Summary
65.7 Chapter Review Questions/Exercises
65.8 Optional Team Case Project
Chapter 66 Content Filtering
66.1 Defining The Problem
66.2 Why Content Filtering Is Important
66.3 Content Categorization Technologies
66.4 Perimeter Hardware And Software Solutions
66.5 Categories
66.6 Legal Issues
66.7 Circumventing Content Filtering
66.8 Additional Items To Consider: Overblocking And Underblocking
66.9 Related Products
66.10 Summary
66.11 Chapter Review Questions/Exercises
66.12 Optional Team Case Project
Chapter 67 Data Loss Protection
67.1 Precursors Of Dlp
67.2 What Is Dlp?
67.3 Where To Begin
67.4 Data Is Like Water
67.5 You Don’t Know What You Don’t Know
67.6 How Do Dlp Applications Work?
67.7 Eat Your Vegetables
67.8 It’s A Family Affair, Not Just It Security’s Problem
67.9 Vendors, Vendors Everywhere! Who Do You Believe?
67.10 Summary
67.11 Chapter Review Questions/Exercises
67.12 Optional Team Case Project
Chapter 68 Satellite Cyber Attack Search And Destroy
68.1 Hacks, Interference And Jamming
68.2 Summary
68.3 Chapter Review Questions/Exercises
68.4 Optional Team Case Project
Chapter 69 Verifiable Voting Systems
69.1 Security Requirements
69.2 Verifiable Voting Schemes
69.3 Building Blocks
69.4 Survey Of Noteworthy Schemes
69.5 Prêt À Voter
69.6 Threats To Verifiable Voting Systems
69.7 Summary
69.8 Chapter Review Questions/Exercises
69.9 Optional Team Case Project
Chapter 70 Advanced Data Encryption
70.1 Mathematical Concepts Reviewed
70.2 The Rsa Cryptosystem
70.3 Summary
70.4 Chapter Review Questions/Exercises
70.5 Optional Team Case Project
Part X Appendices
Appendix A Configuring Authentication Service On Microsoft Windows 7
Appendix B Security Management and Resiliency
Appendix C List of Top Information and Network Security Implementation and Deployment Companies
Appendix D List of Security Products
Appendix E List of Security Standards
Appendix F List of Miscellaneous Security Resources
Appendix G Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
Appendix H Configuring Wireless Internet Security Remote Access
Appendix I Frequently Asked Questions
Appendix J Case Studies
Review quotes
Review quotes
"This is the 2nd edition of the classic reference on system security but encompasses many new topics that have become relevant since the 1st edition…In this huge volume (1171 pages and online content) the numerous chapters cover almost every conceivable aspect of information and system security."—Reference & Research Book News, October 2013
"The handbook is well organized and homogeneous, despite contributions by various authors. The new section on practical security is a welcome addition…this handbook will continue to be a very useful resource for professionals and students. I strongly recommend it for individuals as well as libraries."—ComputingReviews.com, September 12, 2013
Product details
Product details
- Edition: 2
- Published: May 24, 2013
- Language: English
About the editor
About the editor
JV
John Vacca
John Vacca is an independent information technology consultant and researcher, professional writer, editor, reviewer, and author based in Pomeroy, Ohio, USA. Since 1982, John has authored, edited, and published more than 85 books, including Smart Cities Policies and Financing: Approaches and Solutions, Elsevier; Cloud Computing Security: Foundations and Challenges, Taylor and Francis/CRC Press; Solving Urban Infrastructure Problems Using Smart City Technologies: Handbook on Planning, Design, Development, and Regulation, Elsevier; Online Terrorist Propaganda, Recruitment, and Radicalization, Taylor and Francis/CRC Press; Nanoscale Networking and Communications Handbook, Taylor and Francis/CRC Press; Handbook of Sensor Networking: Advanced Technologies and Applications, Taylor and Francis/CRC Press; Network and System Security 2/e, Elsevier/Syngress; Cyber Security and IT Infrastructure Protection, Elsevier/Syngress; and Managing Information Security 2/e, Elsevier/Syngress; among many others.
John was a Configuration Management Specialist, Computer Specialist, and the Computer Security Official (CSO) for NASA’s space station program (Freedom) and the International Space Station Program from 1988 until his retirement from NASA in 1995. John has also been a security consultant for major motion pictures, including AntiTrust, Collateral, and Identity Theft: The Michelle Brown Story. He received his M.Sc. from Kansas State University and an MBA from Emporia State University and served in the United States Air Force from 1967-1971.
Affiliations and expertise
Techwrite, Pomeroy, OH, USAView book on ScienceDirect
View book on ScienceDirect
Read Computer and Information Security Handbook on ScienceDirect