Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by Richard E. Smith
Elementary Information Security, 3rd Edition
Cover
Title Page
Copyright Page
Contents
Preface
Acknowledgments
Chapter 1 Security From the Ground Up
1.1 The Security Landscape
1.1.1 Making Security Decisions
1.1.2 Framework for Risk Management
1.2 Assessing Risks
1.2.1 The Proprietor’s Risk Management Framework
1.2.2 Goals and Assets
1.2.3 Security Boundaries
1.2.4 Security Architecture
1.3 Identifying Risks
1.3.1 Threat Agents
1.3.2 Potential Attacks
1.3.3 Risk Matrix
1.4 Prioritizing Risks
1.5 Drafting Security Requirements
1.5.1 Analyzing Alice’s Risks
1.5.2 Monitoring Security Measures
1.6 Ethical Issues in Security Analysis
1.6.1 Searching for Vulnerabilities
1.6.2 Sharing and Publishing Cyber Vulnerabilities
1.7 Resources
1.7.1 Review Questions
1.7.2 Exercises
Chapter 2 Controlling a Computer
2.1 Computers and Programs
2.1.1 Input/Output
2.1.2 Program Execution
2.1.3 Procedures
2.2 Programs and Processes
2.2.1 Switching Between Processes
2.2.2 The Operating System
2.3 Buffer Overflows and the Morris Worm
2.3.1 The “Finger” Overflow
2.3.2 Security Alerts
2.3.3 Studying Cyberattacks
2.4 Access Control Strategies
2.4.1 Puzzles and Patterns
2.4.2 Chain of Control: Another Basic Principle
2.5 Keeping Processes Separate
2.5.1 Sharing a Program
2.5.2 Sharing Data
2.6 Selecting Security Controls
2.7 Security Plan: Process Protection
2.8 Resources
2.8.1 Review Questions
2.8.2 Exercises
Chapter 3 Controlling Files
3.1 The File System
3.1.1 File Ownership and Access Rights
3.1.2 Directory Access Rights
3.2 Executable Files and Malware
3.2.1 Execution Access Rights
3.2.2 Computer Viruses
3.2.3 Macro Viruses
3.2.4 Modern Malware: A Rogue’s Gallery
3.3 Sharing and Protecting Files
3.3.1 Security Policies for Sharing and Protection
3.4 Security Controls for Files
3.4.1 Deny by Default: A Basic Principle
3.4.2 Managing Access Rights
3.5 File Security Controls
3.5.1 File Permission Flags
3.5.2 Security Controls to Enforce the Isolation Policy
3.5.3 States and State Diagrams
3.6 Patching Security Flaws
3.7 Resources
3.7.1 Review Questions
3.7.2 Exercises
Chapter 4 Sharing Files
4.1 Controlled Sharing
4.1.1 Basic File Sharing on Windows
4.1.2 User Groups
4.1.3 Least Privilege and Administrative Users
4.2 File Permission Flags
4.2.1 Permission Flags and Ambiguities
4.2.2 Permission Flag Examples
4.3 Access Control Lists and MacOS
4.4 Microsoft Windows ACLs
4.4.1 Denying Access
4.4.2 Default File Protection
4.4.3 A Different Trojan Horse
4.5 Monitoring Cyber System Security
4.5.1 Logging Events
4.5.2 External Security Requirements
4.6 Resources
4.6.1 Review Questions
4.6.2 Exercises
Chapter 5 Storing Files
5.1 Incident Response and Attack
5.1.1 The Aftermath of an Incident
5.1.2 Legal Disputes
5.2 Digital Evidence
5.2.1 Collecting Legal Evidence
5.2.2 Digital Evidence Procedures
5.3 Storing Data on a Hard Drive
5.3.1 Hard Drive Controller
5.3.2 Hard Drive Formatting
5.4 Common Drive Concepts
5.4.1 Error Detection and Correction
5.4.2 Drive Partitions
5.4.3 Memory Sizes and Address Variables
5.5 FAT: An Example File System
5.5.1 Boot Blocks
5.5.2 Building Files from Clusters
5.5.3 FAT Directories
5.6 Modern File Systems
5.6.1 Unix File System
5.6.2 Apple’s HFS Plus
5.6.3 Microsoft’s NTFS
5.6.4 File Systems in Portable and Networked Systems
5.7 Input/Output and File System Software
5.7.1 Software Layering
5.7.2 A Typical I/O Operation
5.7.3 Security and I/O
5.8 Resources
5.8.1 Review Questions
5.8.2 Exercises
Chapter 6 Authenticating People
6.1 Unlocking a Door
6.1.1 Authentication Factors
6.1.2 Threat Agents and Risks
6.1.3 Database Thefts
6.2 Evolution of Password Systems
6.2.1 One-Way Hash Functions
6.2.2 Sniffing Credentials
6.3 Password Guessing
6.3.1 Password Search Space
6.3.2 Truly Random Password Selection
6.3.3 Cracking Speeds
6.4 Attacks on Password Bias
6.4.1 Biased Choices and Average Attack Space
6.4.2 Estimating Language-Based Password Bias
6.5 Authentication Tokens
6.5.1 Challenge-Response Authentication
6.5.2 One-Time Password Tokens
6.5.3 Mobile Devices and Smartphones as Tokens
6.5.4 Token Vulnerabilities
6.6 Biometric Authentication
6.6.1 Biometric Accuracy
6.6.2 Biometric Vulnerabilities
6.7 Authentication Policy
6.7.1 Weak and Strong Threats
6.7.2 Policies for Weak Threat Environments270
6.7.3 Policies for Strong and Extreme Threats272
6.7.4 Password Selection and Handling
6.8 Resources
6.8.1 Review Questions
6.8.2 Exercises
Chapter 7 Encrypting Files
7.1 Protecting the Accessible
7.1.1 The Encrypted Diary
7.1.2 Encryption Basics
7.1.3 Encryption and Information States
7.2 Encryption and Cryptanalysis
7.2.1 The Vigenère Cipher
7.2.2 Electromechanical Encryption
7.3 Computer-Based Encryption
7.3.1 Exclusive Or: A Crypto Building Block
7.3.2 Stream Ciphers: Another Building Block
7.3.3 Key Stream Security
7.3.4 The One-Time Pad
7.4 File Encryption Software
7.4.1 Built-In File Encryption
7.4.2 Encryption Application Programs
7.4.3 Erasing a Plaintext File
7.4.4 Choosing a File Encryption Program
7.5 Digital Rights Management
7.6 Resources
7.6.1 Review Questions
7.6.2 Exercises
Chapter 8 Secret and Public Keys
8.1 The Key Management Challenge
8.1.1 Rekeying
8.1.2 Using Text for Encryption Keys
8.1.3 Key Strength
8.2 The Reused Key Stream Problem
8.2.1 Avoiding Reused Keys
8.2.2 Key Wrapping: Another Building Block333
8.2.3 Separation of Duty: A Basic Principle
8.2.4 DVD Key Handling
8.3 Public-Key Cryptography
8.3.1 Sharing a Secret: Diffie–Hellman
8.3.2 Diffie–Hellman: The Basics of the Math
8.3.3 Elliptic Curve Cryptography
8.3.4 Quantum Cryptography and Post-Quantum Cryptography
8.4 RSA: Rivest–Shamir–Adleman
8.4.1 Encapsulating Keys with RSA
8.4.2 An Overview of RSA Mathematics
8.5 Data Integrity and Digital Signatures
8.5.1 Detecting Malicious Changes
8.5.2 Detecting a Changed Hash Value
8.5.3 Digital Signatures
8.6 Publishing Public Keys
8.6.1 Public-Key Certificates
8.6.2 Chains of Certificates
8.6.3 Authenticated Software Updates
8.7 Resources
8.7.1 Review Questions
8.7.2 Exercises
Chapter 9 Encrypting Volumes
9.1 Securing a Volume
9.1.1 Risks to Volumes
9.1.2 Risks and Policy Trade-Offs
9.2 Block Ciphers
9.2.1 Evolution of DES and AES
9.2.2 The RC4 Story
9.2.3 Qualities of Good Encryption Algorithms
9.3 Block Cipher Modes
9.3.1 Stream Cipher Modes
9.3.2 Cipher Feedback Mode
9.3.3 Cipher Block Chaining
9.3.4 Block Mode Standards
9.4 Encrypting a Volume
9.4.1 Volume Encryption in Software
9.4.2 Block Modes for Volume Encryption
9.4.3 A “Tweakable” Encryption Mode
9.4.4 Residual Risks
9.5 Encryption in Hardware
9.5.1 The Drive Controller
9.5.2 Drive Locking and Unlocking
9.6 Managing Encryption Keys
9.6.1 Key Storage
9.6.2 Booting an Encrypted Drive
9.6.3 Residual Risks to Keys
9.7 Resources
9.7.1 Review Questions
9.7.2 Exercises
Chapter 10 Connecting Computers
10.1 The Network Security Problem
10.1.1 Basic Network Attacks and Defenses
10.1.2 Physical Network Protection
10.1.3 Host and Network Integrity
10.2 Transmitting Data
10.2.1 Message Switching
10.2.2 Circuit Switching
10.2.3 Packet Switching
10.3 Transmitting Packets
10.4 Ethernet: A Modern LAN
10.4.1 Wiring a Small Network
10.4.2 Ethernet Frame Format
10.4.3 Finding Host Addresses
10.4.4 Handling Collisions
10.5 The Protocol Stack
10.5.1 Relationships Between Layers
10.5.2 The OSI Protocol Model
10.5.3 Wireless Alternatives for Mobile Equipment
10.6 Network Applications
10.6.1 Resource Sharing
10.6.2 Data and File Sharing
10.7 Resources
10.7.1 Review Questions
10.7.2 Exercises
Chapter 11 Networks of Networks
11.1 Building Data Networks
11.2 Combining Computer Networks
11.2.1 Hopping Between Networks
11.2.2 Evolution of Internet Security
11.2.3 Internet Structure
11.3 Talking Between Hosts
11.3.1 IP Addresses
11.3.2 IP Packet Format
11.3.3 Address Resolution Protocol
11.4 Internet Addresses in Practice
11.4.1 Addresses, Scope, and Reachability
11.4.2 Private IP Addresses
11.5 Network Inspection Tools
11.5.1 Wireshark Examples
11.5.2 Mapping a LAN with Nmap
11.6 Resources
11.6.1 Review Questions
11.6.2 Exercises
Chapter 12 End-to-End Networking
12.1 “Smart” Versus “Dumb” Networks
12.2 Internet Transport Protocols
12.2.1 Transmission Control Protocol
12.2.2 Attacks on Protocols
12.3 Names on the Internet
12.3.1 Domain Names in Practice
12.3.2 Looking Up Names
12.3.3 DNS Protocol
12.3.4 Investigating Domain Names
12.3.5 Attacking DNS
12.4 Internet Firewalls
12.4.1 Network Address Translation
12.4.2 Filtering and Connectivity
12.4.3 Software-Based Firewalls
12.5 Network Authentication
12.5.1 Direct Authentication
12.5.2 Indirect Authentication
12.5.3 Offline Authentication
12.6 Resources
12.6.1 Review Questions
12.6.2 Exercises
Chapter 13 Network Encryption
13.1 Communications Security
13.1.1 Crypto by Layers
13.1.2 Administrative and Policy Issues
13.2 Crypto Keys on a Network
13.2.1 Manual Keying: A Building Block
13.2.2 Simple Rekeying
13.2.3 Secret-Key Building Blocks
13.2.4 Public-Key Building Blocks
13.2.5 Public-Key Versus Secret-Key Exchanges
13.3 Crypto Atop the Protocol Stack
13.3.1 Transport Layer Security—SSL and TLS
13.3.2 SSL Handshake Protocol
13.3.3 SSL Record Transmission
13.4 Network Layer Cryptography
13.4.1 The Encapsulating Security Payload
13.4.2 Implementing a VPN
13.4.3 Internet Key Exchange Protocol
13.5 Link Encryption on 802.11 Wireless
13.5.1 Wireless Packet Protection
13.5.2 Security Associations
13.6 Cryptographic Security Requirements
13.7 Resources
13.7.1 Review Questions
13.7.2 Exercises
Chapter 14 Internet Services and Email
14.1 Internet Services
14.2 Internet Email
14.2.1 Email Protocol Standards
14.2.2 Tracking an Email
14.2.3 Forging an Email Message
14.3 Email Security Problems
14.3.1 Spam
14.3.2 Phishing
14.3.3 Email Viruses and Hoaxes
14.4 Enterprise Firewalls
14.4.1 Controlling Internet Traffic
14.4.2 Traffic-Filtering Mechanisms
14.4.3 Implementing Firewall Rules
14.5 Enterprise Point of Presence
14.5.1 POP Topology
14.5.2 Attacking an Enterprise Site
14.5.3 The Challenge of Real-Time Media
14.6 Resources
14.6.1 Review Questions
14.6.2 Exercises
Chapter 15 The World Wide Web
15.1 Hypertext Fundamentals
15.1.1 Addressing Web Pages
15.1.2 Retrieving a Static Web Page
15.2 Basic Web Security
15.2.1 Static Website Security
15.2.2 Server Authentication
15.2.3 Server Masquerades
15.3 Dynamic Websites
15.3.1 Scripts on the Web
15.3.2 States and HTTP
15.4 Content Management Systems
15.4.1 Database Management Systems
15.4.2 Password Checking: A CMS Example
15.4.3 Command Injection Attacks
15.4.4 “Top Ten” Web Application Security Risks
15.5 Ensuring Web Security Properties
15.5.1 Web Availability
15.5.2 Web Privacy
15.6 Resources
15.6.1 Review Questions
15.6.2 Exercises
Appendix
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Copyright Page
THIRD EDITION
Elementary
Information Security
Richard E. Smith, PhD, CISSP
JONES & BARTLETT
LEARNING
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset