Home Page Icon
Home Page
Table of Contents for
I. Security for Today
Close
I. Security for Today
by G.T. Gangemi, Rick Lehtinen
Computer Security Basics, 2nd Edition
Preface
About This Book
Summary of Contents
Part I, Security for Today
Part II, Computer Security
Part III, Communications Security
Part IV, Other Types of Security
Part V, Appendixes
Using Code Examples
Comments and Questions
Safari® Enabled
Acknowledgments
I. Security for Today
1. Introduction
The New Insecurity
Who You Gonna Call?
Information Sharing and Analysis Centers
Vulnerable broadband
No computer is an island
The Sorry Trail
Computer crime
What Is Computer Security?
A Broader Definition of Security
Secrecy and Confidentiality
Accuracy, Integrity, and Authenticity
Availability
Threats to Security
Vulnerabilities
Physical vulnerabilities
Natural vulnerabilities
Hardware and software vulnerabilities
Media vulnerabilities
Emanation vulnerabilities
Communications vulnerabilities
Human vulnerabilities
Exploiting vulnerabilities
Threats
Natural and physical threats
Unintentional threats
Intentional threats
Insiders and outsiders
Countermeasures
Computer security
Communications security
Physical security
Why Buy Security?
Government Requirements
Information Protection
What’s a User to Do?
Summary
2. Some Security History
Information and Its Controls
Computer Security: Then and Now
Early Computer Security Efforts
Tiger Teams
Research and Modeling
Secure Systems Development
Building Toward Standardization
Standards for Secure Systems
National Computer Security Center
Birth of the Orange Book
Standards for Cryptography
Standards for Emanations
Computer Security Mandates and Legislation
The Balancing Act
Computer Fraud and Abuse Act
Computer Security Act
Searching for a Balance
Recent Government Security Initiatives
Modern Standards for Computer Security
GASSP and GAISP Overview
Privacy Considerations
Summary
II. Computer Security
3. Computer System Security and Access Controls
What Makes a System Secure?
System Access: Logging into Your System
Identification and Authentication
Multifactor authentication
Login Processes
Password Authentication Protocol
Challenge Handshake Authentication Protocol (CHAP)
Mutual authentication
One-time password
Per-session authentication
Tokens
Biometrics
Remote access (TACACS and RADIUS)
DIAMETER
Kerberos
Passwords
Protecting passwords
Protecting your login and password on entry
Protecting your password in storage
Password attacks
Authorization
Sensitivity labels
Access models
Bell-LaPadula model
Biba model
Access Control in Practice
Discretionary access control
Ownership
Self/group/public controls
File permissions
Mandatory access control
Data import and export
Access decisions
Role-based access control
Access control lists
Directory Services
Email example
About X.500
Lightweight Directory Access Protocol
The LDAP namespace
Hierarchy
LDAP storage capabilities
Identity Management
Financial and legal pressures
Summary
4. Viruses and Other Wildlife
Financial Effects of Malicious Programs
Viruses and Public Health
Viruses, Worms, and Trojans (Oh, My!)
Viruses
The history of viruses
Worms
Trojan Horses
Bombs
Trap Doors
Spoofs and Masquerades
Who Writes Viruses?
Remedies
Firewalls
Antivirus
The Virus Hype
An Ounce of Prevention
Summary
5. Establishing and Maintaining a Security Policy
Administrative Security
Overall Planning and Administration
Analyzing Costs and Risks
What information do you have, and how important is it?
How vulnerable is the information?
What is the cost of losing or compromising the information?
What is the cost of protecting the information?
Who are you going to call?
Planning for Disaster
Setting Security Rules for Employees
Training Users
Day-to-Day Administration
Performing Backups
Hardware and Software Security Tools
Performing a Security Audit
Separation of Duties
Summary
6. Web Attacks and Internet Vulnerabilities
About the Internet
History of Data and Voice Communications
Packets, Addresses, and Ports
What Are the Network Protocols?
Data Navigation Protocols
Data Navigation Protocol Attacks
Other Internet Protocols
File Transfer Protocol
Simple Mail Transfer Protocol
SMTP and spam
Domain Name Service
Dynamic Host Configuration Protocol
Network Address Translation
Port Address Translation
The Fragile Web
How HTML Formats the Web
Advanced Web Services
What is a script?
Client-side scripting languages
Server-side scripting languages
Web Attacks and Preventions
Client-side web attacks
General client-side attack preventatives
Server-side web attacks
Summary
III. Communications Security
7. Encryption
Some History
What Is Encryption?
Why Encryption?
Transposition and Substitution Ciphers
More about transposition
More about substitution
Cryptographic Keys: Private and Public
Private key cryptography
Public key cryptography
Key Management and Distribution
One-Time Pad
End-to-End and Link Encryption
The Data Encryption Standard
What Is the DES?
Application of the DES
The Advanced Encryption Standard
Overview of the AES Development Effort
How AES Works
SubBytes
Row shift and mix columns
Round keys
Do it again
Other Cryptographic Algorithms
AES Round 1 Candidate Algorithms
Public Key Algorithms
The RSA Algorithm
Digital Signatures and Certificates
Certificates
Certificate Authorities
Government Algorithms
Message Authentication
Government Cryptographic Programs
NSA
NIST
Treasury
Cryptographic Export Restrictions
Summary
8. Communications and Network Security
What Makes Communication Secure?
Communications Vulnerabilities
Communications Threats
Modems
Networks
Network Terms
Protocols and layers
Some Network History
Network Media
Twisted pair cable
Coaxial cable
Fiber-optic cable
Microwave
Satellite
Network Security
Access Control Methods
Discretionary access control
Role-based access control
Mandatory access control
Auditing
Perimeters and Gateways
Security in Heterogeneous Environments
Encrypted Communications
End-to-end encryption
Link encryption
Through the Tunnel
VPNs for remote access
VPNs for internetworking
VPNs inside the firewall
VPN tunneling protocols
Network Security Tasks
Communications integrity
Denial of service
Compromise protection
Securing Communications
Internet Protocol Security (IPSec)
Kerberos
Summary
IV. Other Types of Security
9. Physical Security and Biometrics
Physical Security
Natural Disasters
Fire and smoke
Climate
Earthquakes and vibration
Water
Electricity
Lightning
Risk Analysis and Disaster Planning
Locks and Keys: Old and New
Types of Locks
Tokens
Challenge-Response Systems
Cards: Smart and Dumb
Biometrics
Retina Patterns
Iris Scans
Fingerprints
Handprints
Voice Patterns
Keystrokes
Signature and Writing Patterns
Gentle Reminder
Summary
10. Wireless Network Security
How We Got Here
Today’s Wireless Infrastructure
Wireless Costs
How Wireless Works
Playing the Fields
Keeping the Waves Inside
What Is This dB Stuff?
Why Does All This Matter?
Encouraging Diversity
Physical Layer Wireless Attacks
Hardening Wireless Access Points
The Tie That Binds
Sophisticated Physical Layer Attacks
Forced Degradation Attacks
Eavesdropping Attacks
Eavesdropping Defenses
Advanced Eavesdropping Attacks
Rogue Access Points
Summary
V. Appendixes
A. OSI Model
B. TEMPEST
The Problem of Emanations
The TEMPEST Program
Faraday Screens
Source Suppression
TEMPEST Standards
Hard As You Try
C. The Orange Book, FIPS PUBS, and the Common Criteria
About the Orange Book
Orange Book Security Concepts
Security policy
Accountability
Assurance
Life-cycle assurance.
Documentation
Rating by the Book
Discretionary and Mandatory Access Control
Object Reuse
Labels
Label integrity
Exportation of labeled information
Subject sensitivity labels
Device labels
Summary of Orange Book Classes
D Systems: Minimal Security
C1 Systems: Discretionary Security Protection
C2 Systems: Controlled Access Protection
B1 Systems: Labeled Security Protection
B2 Systems: Structured Protection
B3 Systems: Security Domains
A1 Systems: Verified Design
Complaints About the Orange Book
FIPS by the Numbers
I Don’t Want You Smelling My Fish
Common Criteria Evaluation Assurance Levels (EALs)
Index
About the Authors
Colophon
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Preface
Next
Next Chapter
1. Introduction
Part I. Security for Today
Chapter 1: Introduction
Chapter 2: Some Security History
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset