Dieter (Technical University of Hamburg-Harburg) Gollmann,
D Gollmann
Computer Security 3e
Paperback Engels 2010 3e druk 9780470741153
Verwachte levertijd ongeveer 9 werkdagen
Samenvatting
A completely up–to–date resource on computer security
Assuming no previous experience in the field of computer security, this must–have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross–site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self–study guide is a wonderful starting point for examining the variety of competing security systems and what makes them different from one another.
Unravels the complex topic of computer security and breaks it down in such a way as to serve as an ideal introduction for beginners in the field of computer security
Examines the foundations of computer security and its basic principles
Addresses username and password, password protection, single sign–on, and more
Discusses operating system integrity, hardware security features, and memory
Covers Unix security, Windows security, database security, network security, web security, and software security
Packed with in–depth coverage, this resource spares no details when it comes to the critical topic of computer security.
Specificaties
ISBN13:9780470741153
Taal:Engels
Bindwijze:paperback
Aantal pagina's:456
Uitgever:John Wiley & Sons
Druk:3
Hoofdrubriek:Netwerken, Computer en informatica
Lezersrecensies
Wees de eerste die een lezersrecensie schrijft!
Inhoudsopgave
Preface xvii
<p>CHAPTER 1 History of Computer Security 1</p>
<p>1.1 The Dawn of Computer Security 2</p>
<p>1.2 1970s Mainframes 3</p>
<p>1.3 1980s Personal Computers 4</p>
<p>1.4 1990s Internet 6</p>
<p>1.5 2000s The Web 8</p>
<p>1.6 Conclusions The Benefits of Hindsight 10</p>
<p>1.7 Exercises 11</p>
<p>CHAPTER 2 Managing Security 13</p>
<p>2.1 Attacks and Attackers 14</p>
<p>2.2 Security Management 15</p>
<p>2.3 Risk and Threat Analysis 21</p>
<p>2.4 Further Reading 29</p>
<p>2.5 Exercises 29</p>
<p>CHAPTER 3 Foundations of Computer Security 31</p>
<p>3.1 Definitions 32</p>
<p>3.2 The Fundamental Dilemma of Computer Security 40</p>
<p>3.3 Data vs Information 40</p>
<p>3.4 Principles of Computer Security 41</p>
<p>3.5 The Layer Below 45</p>
<p>3.6 The Layer Above 47</p>
<p>3.7 Further Reading 47</p>
<p>3.8 Exercises 48</p>
<p>CHAPTER 4 Identification and Authentication 49</p>
<p>4.1 Username and Password 50</p>
<p>4.2 Bootstrapping Password Protection 51</p>
<p>4.3 Guessing Passwords 52</p>
<p>4.4 Phishing, Spoofing, and Social Engineering 54</p>
<p>4.5 Protecting the Password File 56</p>
<p>4.6 Single Sign–on 58</p>
<p>4.7 Alternative Approaches 59</p>
<p>4.8 Further Reading 63</p>
<p>4.9 Exercises 63</p>
<p>CHAPTER 5 Access Control 65</p>
<p>5.1 Background 66</p>
<p>5.2 Authentication and Authorization 66</p>
<p>5.3 Access Operations 68</p>
<p>5.4 Access Control Structures 71</p>
<p>5.5 Ownership 73</p>
<p>5.6 Intermediate Controls 74</p>
<p>5.7 Policy Instantiation 79</p>
<p>5.8 Comparing Security Attributes 79</p>
<p>5.9 Further Reading 84</p>
<p>5.10 Exercises 84</p>
<p>CHAPTER 6 Reference Monitors 87</p>
<p>6.1 Introduction 88</p>
<p>6.2 Operating System Integrity 90</p>
<p>6.3 Hardware Security Features 91</p>
<p>6.4 Protecting Memory 99</p>
<p>6.5 Further Reading 103</p>
<p>6.6 Exercises 104</p>
<p>CHAPTER 7 Unix Security 107</p>
<p>7.1 Introduction 108</p>
<p>7.2 Principals 109</p>
<p>7.3 Subjects 111</p>
<p>7.4 Objects 113</p>
<p>7.5 Access Control 116</p>
<p>7.6 Instances of General Security Principles 119</p>
<p>7.7 Management Issues 125</p>
<p>7.8 Further Reading 128</p>
<p>7.9 Exercises 128</p>
<p>CHAPTER 8 Windows Security 131</p>
<p>8.1 Introduction 132</p>
<p>8.2 Components of Access Control 135</p>
<p>8.3 Access Decisions 142</p>
<p>8.4 Managing Policies 145</p>
<p>8.5 Task–Dependent Access Rights 147</p>
<p>8.6 Administration 150</p>
<p>8.7 Further Reading 153</p>
<p>8.8 Exercises 153</p>
<p>CHAPTER 9 Database Security 155</p>
<p>9.1 Introduction 156</p>
<p>9.2 Relational Databases 158</p>
<p>9.3 Access Control 162</p>
<p>9.4 Statistical Database Security 167</p>
<p>9.5 Integration with the Operating System 172</p>
<p>9.6 Privacy 173</p>
<p>9.7 Further Reading 175</p>
<p>9.8 Exercises 175</p>
<p>CHAPTER 10 Software Security 177</p>
<p>10.1 Introduction 178</p>
<p>10.2 Characters and Numbers 179</p>
<p>10.3 Canonical Representations 183</p>
<p>10.4 Memory Management 184</p>
<p>10.5 Data and Code 191</p>
<p>10.6 Race Conditions 193</p>
<p>10.7 Defences 194</p>
<p>10.8 Further Reading 201</p>
<p>10.9 Exercises 202</p>
<p>CHAPTER 11 Bell LaPadula Model 205</p>
<p>11.1 State Machine Models 206</p>
<p>11.2 The Bell LaPadula Model 206</p>
<p>11.3 The Multics Interpretation of BLP 212</p>
<p>11.4 Further Reading 216</p>
<p>11.5 Exercises 216</p>
<p>CHAPTER 12 Security Models 219</p>
<p>12.1 The Biba Model 220</p>
<p>12.2 Chinese Wall Model 221</p>
<p>12.3 The Clark Wilson Model 223</p>
<p>12.4 The Harrison Ruzzo Ullman Model 225</p>
<p>12.5 Information–Flow Models 228</p>
<p>12.6 Execution Monitors 230</p>
<p>12.7 Further Reading 232</p>
<p>12.8 Exercises 233</p>
<p>CHAPTER 13 Security Evaluation 235</p>
<p>13.1 Introduction 236</p>
<p>13.2 The Orange Book 239</p>
<p>13.3 The Rainbow Series 241</p>
<p>13.4 Information Technology Security Evaluation Criteria 242</p>
<p>13.5 The Federal Criteria 243</p>
<p>13.6 The Common Criteria 243</p>
<p>13.7 Quality Standards 246</p>
<p>13.8 An Effort Well Spent? 247</p>
<p>13.9 Summary 248</p>
<p>13.10 Further Reading 248</p>
<p>13.11 Exercises 249</p>
<p>CHAPTER 14 Cryptography 251</p>
<p>14.1 Introduction 252</p>
<p>14.2 Modular Arithmetic 256</p>
<p>14.3 Integrity Check Functions 257</p>
<p>14.4 Digital Signatures 260</p>
<p>14.5 Encryption 264</p>
<p>14.6 Strength of Mechanisms 270</p>
<p>14.7 Performance 271</p>
<p>14.8 Further Reading 272</p>
<p>14.9 Exercises 273</p>
<p>CHAPTER 15 Key Establishment 275</p>
<p>15.1 Introduction 276</p>
<p>15.2 Key Establishment and Authentication 276</p>
<p>15.3 Key Establishment Protocols 279</p>
<p>15.4 Kerberos 283</p>
<p>15.5 Public–Key Infrastructures 288</p>
<p>15.6 Trusted Computing Attestation 293</p>
<p>15.7 Further Reading 295</p>
<p>15.8 Exercises 295</p>
<p>CHAPTER 16 Communications Security 297</p>
<p>16.1 Introduction 298</p>
<p>16.2 Protocol Design Principles 299</p>
<p>16.3 IP Security 301</p>
<p>16.4 IPsec and Network Address Translation 308</p>
<p>16.5 SSL/TLS 310</p>
<p>16.6 Extensible Authentication Protocol 314</p>
<p>16.7 Further Reading 316</p>
<p>16.8 Exercises 316</p>
<p>CHAPTER 17 Network Security 319</p>
<p>17.1 Introduction 320</p>
<p>17.2 Domain Name System 322</p>
<p>17.3 Firewalls 328</p>
<p>17.4 Intrusion Detection 332</p>
<p>17.5 Further Reading 335</p>
<p>17.6 Exercises 336</p>
<p>CHAPTER 18 Web Security 339</p>
<p>18.1 Introduction 340</p>
<p>18.2 Authenticated Sessions 342</p>
<p>18.3 Code Origin Policies 346</p>
<p>18.4 Cross–Site Scripting 347</p>
<p>18.5 Cross–Site Request Forgery 350</p>
<p>18.6 JavaScript Hijacking 352</p>
<p>18.7 Web Services Security 354</p>
<p>18.8 Further Reading 360</p>
<p>18.9 Exercises 361</p>
<p>CHAPTER 19 Mobility 363</p>
<p>19.1 Introduction 364</p>
<p>19.2 GSM 364</p>
<p>19.3 UMTS 369</p>
<p>19.4 Mobile IPv6 Security 372</p>
<p>19.5 WLAN 377</p>
<p>19.6 Bluetooth 381</p>
<p>19.7 Further Reading 383</p>
<p>19.8 Exercises 383</p>
<p>CHAPTER 20 New Access Control Paradigms 385</p>
<p>20.1 Introduction 386</p>
<p>20.2 SPKI 388</p>
<p>20.3 Trust Management 390</p>
<p>20.4 Code–Based Access Control 391</p>
<p>20.5 Java Security 395</p>
<p>20.6 .NET Security Framework 400</p>
<p>20.7 Digital Rights Management 405</p>
<p>20.8 Further Reading 406</p>
<p>20.9 Exercises 406</p>
<p>Bibliography 409</p>
<p>Index 423</p>
<p>CHAPTER 1 History of Computer Security 1</p>
<p>1.1 The Dawn of Computer Security 2</p>
<p>1.2 1970s Mainframes 3</p>
<p>1.3 1980s Personal Computers 4</p>
<p>1.4 1990s Internet 6</p>
<p>1.5 2000s The Web 8</p>
<p>1.6 Conclusions The Benefits of Hindsight 10</p>
<p>1.7 Exercises 11</p>
<p>CHAPTER 2 Managing Security 13</p>
<p>2.1 Attacks and Attackers 14</p>
<p>2.2 Security Management 15</p>
<p>2.3 Risk and Threat Analysis 21</p>
<p>2.4 Further Reading 29</p>
<p>2.5 Exercises 29</p>
<p>CHAPTER 3 Foundations of Computer Security 31</p>
<p>3.1 Definitions 32</p>
<p>3.2 The Fundamental Dilemma of Computer Security 40</p>
<p>3.3 Data vs Information 40</p>
<p>3.4 Principles of Computer Security 41</p>
<p>3.5 The Layer Below 45</p>
<p>3.6 The Layer Above 47</p>
<p>3.7 Further Reading 47</p>
<p>3.8 Exercises 48</p>
<p>CHAPTER 4 Identification and Authentication 49</p>
<p>4.1 Username and Password 50</p>
<p>4.2 Bootstrapping Password Protection 51</p>
<p>4.3 Guessing Passwords 52</p>
<p>4.4 Phishing, Spoofing, and Social Engineering 54</p>
<p>4.5 Protecting the Password File 56</p>
<p>4.6 Single Sign–on 58</p>
<p>4.7 Alternative Approaches 59</p>
<p>4.8 Further Reading 63</p>
<p>4.9 Exercises 63</p>
<p>CHAPTER 5 Access Control 65</p>
<p>5.1 Background 66</p>
<p>5.2 Authentication and Authorization 66</p>
<p>5.3 Access Operations 68</p>
<p>5.4 Access Control Structures 71</p>
<p>5.5 Ownership 73</p>
<p>5.6 Intermediate Controls 74</p>
<p>5.7 Policy Instantiation 79</p>
<p>5.8 Comparing Security Attributes 79</p>
<p>5.9 Further Reading 84</p>
<p>5.10 Exercises 84</p>
<p>CHAPTER 6 Reference Monitors 87</p>
<p>6.1 Introduction 88</p>
<p>6.2 Operating System Integrity 90</p>
<p>6.3 Hardware Security Features 91</p>
<p>6.4 Protecting Memory 99</p>
<p>6.5 Further Reading 103</p>
<p>6.6 Exercises 104</p>
<p>CHAPTER 7 Unix Security 107</p>
<p>7.1 Introduction 108</p>
<p>7.2 Principals 109</p>
<p>7.3 Subjects 111</p>
<p>7.4 Objects 113</p>
<p>7.5 Access Control 116</p>
<p>7.6 Instances of General Security Principles 119</p>
<p>7.7 Management Issues 125</p>
<p>7.8 Further Reading 128</p>
<p>7.9 Exercises 128</p>
<p>CHAPTER 8 Windows Security 131</p>
<p>8.1 Introduction 132</p>
<p>8.2 Components of Access Control 135</p>
<p>8.3 Access Decisions 142</p>
<p>8.4 Managing Policies 145</p>
<p>8.5 Task–Dependent Access Rights 147</p>
<p>8.6 Administration 150</p>
<p>8.7 Further Reading 153</p>
<p>8.8 Exercises 153</p>
<p>CHAPTER 9 Database Security 155</p>
<p>9.1 Introduction 156</p>
<p>9.2 Relational Databases 158</p>
<p>9.3 Access Control 162</p>
<p>9.4 Statistical Database Security 167</p>
<p>9.5 Integration with the Operating System 172</p>
<p>9.6 Privacy 173</p>
<p>9.7 Further Reading 175</p>
<p>9.8 Exercises 175</p>
<p>CHAPTER 10 Software Security 177</p>
<p>10.1 Introduction 178</p>
<p>10.2 Characters and Numbers 179</p>
<p>10.3 Canonical Representations 183</p>
<p>10.4 Memory Management 184</p>
<p>10.5 Data and Code 191</p>
<p>10.6 Race Conditions 193</p>
<p>10.7 Defences 194</p>
<p>10.8 Further Reading 201</p>
<p>10.9 Exercises 202</p>
<p>CHAPTER 11 Bell LaPadula Model 205</p>
<p>11.1 State Machine Models 206</p>
<p>11.2 The Bell LaPadula Model 206</p>
<p>11.3 The Multics Interpretation of BLP 212</p>
<p>11.4 Further Reading 216</p>
<p>11.5 Exercises 216</p>
<p>CHAPTER 12 Security Models 219</p>
<p>12.1 The Biba Model 220</p>
<p>12.2 Chinese Wall Model 221</p>
<p>12.3 The Clark Wilson Model 223</p>
<p>12.4 The Harrison Ruzzo Ullman Model 225</p>
<p>12.5 Information–Flow Models 228</p>
<p>12.6 Execution Monitors 230</p>
<p>12.7 Further Reading 232</p>
<p>12.8 Exercises 233</p>
<p>CHAPTER 13 Security Evaluation 235</p>
<p>13.1 Introduction 236</p>
<p>13.2 The Orange Book 239</p>
<p>13.3 The Rainbow Series 241</p>
<p>13.4 Information Technology Security Evaluation Criteria 242</p>
<p>13.5 The Federal Criteria 243</p>
<p>13.6 The Common Criteria 243</p>
<p>13.7 Quality Standards 246</p>
<p>13.8 An Effort Well Spent? 247</p>
<p>13.9 Summary 248</p>
<p>13.10 Further Reading 248</p>
<p>13.11 Exercises 249</p>
<p>CHAPTER 14 Cryptography 251</p>
<p>14.1 Introduction 252</p>
<p>14.2 Modular Arithmetic 256</p>
<p>14.3 Integrity Check Functions 257</p>
<p>14.4 Digital Signatures 260</p>
<p>14.5 Encryption 264</p>
<p>14.6 Strength of Mechanisms 270</p>
<p>14.7 Performance 271</p>
<p>14.8 Further Reading 272</p>
<p>14.9 Exercises 273</p>
<p>CHAPTER 15 Key Establishment 275</p>
<p>15.1 Introduction 276</p>
<p>15.2 Key Establishment and Authentication 276</p>
<p>15.3 Key Establishment Protocols 279</p>
<p>15.4 Kerberos 283</p>
<p>15.5 Public–Key Infrastructures 288</p>
<p>15.6 Trusted Computing Attestation 293</p>
<p>15.7 Further Reading 295</p>
<p>15.8 Exercises 295</p>
<p>CHAPTER 16 Communications Security 297</p>
<p>16.1 Introduction 298</p>
<p>16.2 Protocol Design Principles 299</p>
<p>16.3 IP Security 301</p>
<p>16.4 IPsec and Network Address Translation 308</p>
<p>16.5 SSL/TLS 310</p>
<p>16.6 Extensible Authentication Protocol 314</p>
<p>16.7 Further Reading 316</p>
<p>16.8 Exercises 316</p>
<p>CHAPTER 17 Network Security 319</p>
<p>17.1 Introduction 320</p>
<p>17.2 Domain Name System 322</p>
<p>17.3 Firewalls 328</p>
<p>17.4 Intrusion Detection 332</p>
<p>17.5 Further Reading 335</p>
<p>17.6 Exercises 336</p>
<p>CHAPTER 18 Web Security 339</p>
<p>18.1 Introduction 340</p>
<p>18.2 Authenticated Sessions 342</p>
<p>18.3 Code Origin Policies 346</p>
<p>18.4 Cross–Site Scripting 347</p>
<p>18.5 Cross–Site Request Forgery 350</p>
<p>18.6 JavaScript Hijacking 352</p>
<p>18.7 Web Services Security 354</p>
<p>18.8 Further Reading 360</p>
<p>18.9 Exercises 361</p>
<p>CHAPTER 19 Mobility 363</p>
<p>19.1 Introduction 364</p>
<p>19.2 GSM 364</p>
<p>19.3 UMTS 369</p>
<p>19.4 Mobile IPv6 Security 372</p>
<p>19.5 WLAN 377</p>
<p>19.6 Bluetooth 381</p>
<p>19.7 Further Reading 383</p>
<p>19.8 Exercises 383</p>
<p>CHAPTER 20 New Access Control Paradigms 385</p>
<p>20.1 Introduction 386</p>
<p>20.2 SPKI 388</p>
<p>20.3 Trust Management 390</p>
<p>20.4 Code–Based Access Control 391</p>
<p>20.5 Java Security 395</p>
<p>20.6 .NET Security Framework 400</p>
<p>20.7 Digital Rights Management 405</p>
<p>20.8 Further Reading 406</p>
<p>20.9 Exercises 406</p>
<p>Bibliography 409</p>
<p>Index 423</p>
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan