چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Computer System and Network Security (Computer Science & Engineering)

Gregory B. White, Eric A. Fisch, Udo W. Pooch

قیمت نهایی

۴۹٬۰۰۰ تومان

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۱۹۹۶
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۵٫۳ مگابایت

دربارهٔ کتاب

Computer System and Network Security provides the reader with a basic understanding of the issues involved in the security of computer systems and networks. Introductory in nature, this important new book covers all aspects related to the growing field of computer security. Such complete coverage in a single text has previously been unavailable, and college professors and students, as well as professionals responsible for system security, will find this unique book a valuable source of information, either as a textbook or as a general reference. Computer System and Network Security discusses existing and potential threats to computer systems and networks and outlines the basic actions that are generally taken to protect them. The first two chapters of the text introduce the reader to the field of computer security, covering fundamental issues and objectives. The next several chapters describe security models, authentication issues, access control, intrusion detection, and damage control. Later chapters address network and database security and systems/networks connected to wide-area networks and internetworks. Other topics include firewalls, cryptography, malicious software, and security standards. The book includes case studies with information about incidents involving computer security, illustrating the problems and potential damage that can be caused when security fails. This unique reference/textbook covers all aspects of computer and network security, filling an obvious gap in the existing literature. Cover 1 Half Title 2 Title Page 4 Copyright Page 5 Dedication 6 Preface 7 Table Of Contents 10 Chapter 1 Fundamentals of Computer Security 16 1.1 Objectives of Computer Security 17 1.2 Issues Involved in Computer Security 18 1.3 Privacy and Ethics 20 1.4 Exercises 21 1.5 References 22 1.6 Extended Bibliography 22 Chapter 2 Risk Analysis 24 2.1 Theory 25 2.1.1 Possible Loss (L) 26 2.1.2 Probability of Loss Occurrence (P) 27 2.1.3 Burden of Preventing Loss (B) 28 2.1.4 Applying the Risk Analysis Equation 28 2.2 Risk Analysis in Computer Security 30 2.2.1 Terminology 30 2.2.2 Application 33 2.3 Summary 36 2.4 Exercises 36 2.5 References 37 2.6 Extended Bibliography 38 Chapter 3 Developing Secure Computer Systems 40 3.1 External Security Measures 40 3.2 Structure of a Computer System 42 3.3 Secure Computer System Issues 44 3.4 Summary 48 3.5 Exercises . 49 3.6 References 49 3.7 Extended Bibliography 50 Chapter 4 Security Models 52 4.1 Specification and Verification 52 4.2 Security Models 53 4.2.1 Bell and LaPadula 54 4.2.2 Clark-Wilson 56 4.2.3 Goguen-Meseguer 59 4.3 TCSEC 60 4.3.1 Discretionary Access Requirements 61 4.3.2 Mandatory Access Requirements 62 4.4 Summary 63 4.5 Exercises 64 4.6 References 64 4.7 Extended Bibliography 11 Chapter 5 User Authentication 68 5.1 Authentication Objectives 68 5.2 Authentication Methods 69 5.2.1 Informational Keys 69 5.2.1.1 Passwords 69 5.2.1.2 Questionnaires 70 5.2.2 Physical Keys 71 5.2.2.1 Magnetic Cards 71 5.2.2.2 Smartcards 73 5.2.2.3 Calculators 74 5.2.3 Biometric Keys 75 5.2.3.1 Voice Prints 75 5.2.3.2 Fingerprint 77 5.2.3.3 Retinal Prints 80 5.2.3.4 Facial Profiles 81 5.2.3.5 Hand Geometry 82 5.2.3.6 Signature Analysis 84 5.3 Summary 85 5.4 Exercises 86 5.5 References 86 5.6 Extended Bibliography 89 Chapter 6 Access and [nformation flow Controls 90 6.1 File Passwords 92 6.2 Capabilities Based 93 6.3 Access Control Lists 94 6.4 Protection Bits 97 6.5 Controls for Vlandatory Access 98 6.6 Trojan Horse 99 6.7 Summary 101 6.8 Exercises 102 6.9 References 103 6.10 Extended Bibliography 103 Chapter 7 Auditing and Intrusion Detection 106 7.1 Audit Trail Features 106 7.2 lntrusion Detection Systems 108 7.2.1 User Profiling 110 7.2.2 Intruder Profiling 111 7.2.3 Signature Analysis 111 7.2.4 Action Based 112 7.2.5 IDES 112 7.2.6 MIDAS 115 7.2.7 Haystack 116 7.3 Network Intrusion Detection 118 7.3.1 Network Anack Characteristics 118 7.3.2 NSM 119 7.3.3 DIDS 120 7.3.4 NADlR 122 7.3.5 CSM 122 7.4 Monitoring and the Law 124 7.5 Summary 125 7.6 Exercises 125 7.7 References 126 7.8 Extended Bibliography 128 Chapter 8 Damage Control and Assessment 132 8.1 Damage Control. 133 8.1.1 Inform the Authorities 133 8.1.2 Backup System Data 134 8.1.3 Remove the Intruder 135 8.1.4 Contain and Monitor the Intruder 136 8.1.5 Lock Stolen User Accounts 137 8.1.6 Require Additional Authentication 137 8.2 Damage Assessment 138 8.2.1 Attack Recovery 139 8.2.1.1 Examine Audit Trails 139 8.2.1.2 Identify Stolen Accounts and Data 141 8.2.1.3 Locate System Modifications 142 8.2.1.4 System Restoration 144 8.2.2 Damage Prevention 144 8.2.2.1 Patch Security Holes 144 8.2.2.2 Lock Stolen User Accounts 145 8.2.2.3 Change Passwords 146 8.2.2.4 Employ Shadow Password Files 147 8.2.2.5 Backup Information 148 8.2.2.6 Reduce Network Services 149 8.3 Summary 150 8.4 Exercises 151 8.5 References 151 8.6 Extended Bibliography 152 Chapter 9 Network Security 154 9.1 Network Fundamentals 154 9.2 Network Security Issues 158 9.2.1 Basic Network Security Objectives and Threats 159 9.2.2 Security Services 160 9.3 The Trusted Network Interpretation 164 9.3.1TNl Security Service 165 9.3.2 AIS Interconnection issues 168 9.4 Distributed Systems Security 170 9.5 Summary 172 9.6 Exercises 173 9.7 References 174 9.8 Extended Bibliography 174 Chapter 10 Firewalls 178 10.1 Simple Damage Limiting Approaches 178 10.2 Network Firewalls 179 10.2.1 Packet Filtering Gateways 180 10.2.2 Circuit Level Gateways 184 10.2.3 Application-Level Gateways 185 10.3 Firewall Costs and Effectiveness 185 10.4 Sample Security Packages 187 10.5 Summary 189 10.6 Exercises 190 10.7 References 190 10.8 Extended Bibliography 191 Chapter 11 Database Security 194 11.1 Database Management System Primer 194 11.2 DBMS Vulnerabilities and Responses 196 11.2.1Inference 196 11.2.2 Aggregation 197 11.2.2.1 Inference Aggregation 197 11.2.2.2 Cardinal Aggregation 198 12.2.3 Data Integrity 199 11.2.4 Trojan Horses 201 11.3 Summary 202 11.4 Exercises 203 11.5 References 203 11.6 Extended Bibliography 206 Chapter 12 Cryptography 208 12.1 Substitution Ciphers 209 12.1.1 Caesar Cipher 209 12.1.2 ROTI3 210 12.1.3 Substitution Cipher Variations 210 12.1.4 Vigenere Ciphers 212 12.1.5 One Time Pads 215 12.2 Transposition Ciphers 216 12.3 Encrypting Digital Communication 217 12.3.1 DES 218 12.3.2 IDEA 221 12.3.3 Key Escrow 223 12.3.4 Public Key Cryptography 225 12.3.4.1 Diffie-Hellman Algorithm 225 12.3.4.2 Knapsack Algorithms 226 12.3.4.3 RSA 228 12.3.5 Digital Signatures 230 12.3.5.1 The Digital Signature Standard (DSS) 231 12.3.5.2 ESIGN 231 12.4 Summary 232 12.5 Exercises 233 12.6 References 234 12.7 Extended Bibliography 235 Chapter 13 Malicious Code 240 13.1 Viruses 240 13.1.1 Infection 241 13.1.2 Theory behind Viruses 242 13.1.3 Prevention. Detection. and Removal 246 13.1.3.1 Prevention and Detection 247 13.1.3.2 Disinfection 249 13.2 Worms 250 13.2.1 Infection 250 13.2.2 Theory of Worms 251 13.2.3 Prevention and Removal 255 13.2.3.1 Preventing Worm Attacks 255 13.2.3.2 Worm Removal and System Recovery 255 13.3 Trojan Horses 256 13.3.1 Receiving Trojan Horses 257 13.3.2 Theory of Trojan Horses 258 13.3.3 Prevention. Detection. and Removal 259 13.3.3.1 Trojan Horse Prevention and Detection 260 13.3.3.2 Trojan Horse Removal 260 13.4 Summary 262 13.5 Exercises 262 13.6 References 263 13.7 Extended Bibliography 264 Chapter 14 Government-Based Security Standards 266 14.1 The History of Security Standards 267 14.2 The Trusted Computer System Evaluation Criteria 268 14.3 The Information Technology Security Evaluation Criteria 270 14.4 The Canadian Trusted Computer Product Evaluation Criteria 272 14.5 The Federal Criteria 274 14.6 The Common Criteria 276 14.7 Summary 278 14.8 Exercises 278 14.9 References 278 14.10 Extended Bibliography 280 Chapter 15 Case Studies 282 15.1 The Hannover Hackers 282 15.2 An Evening With Bed'erd 286 15.3 The Internet Worm 290 15.4 Summary 292 15.5 Exercises 293 15.6 References 293 15.7 Extended Bibliography 294 Appendix A: Information Warfare 296 A.1 Levels of Information Warfare 298 A.2 Weapons of lnfom1ation Wa1fare 300 A.3 Summary 302 A.4 Exercises 303 A.5 References 303 A.6 Extended Bibliography 305 Index 306 Content: (Note: Most chapters include a summary, exercises, references, and an extended bibliography)Computer Security FundamentalsObjectives of Computer SecurityIssues Involved in Computer SecurityPrivacy and EthicsRisk AnalysisTheoryPossible Loss (L)Probability of Loss Occurrence (P) Burden of Preventing Loss (B)Applying the Risk Analysis EquationRisk Analysis in Computer SecurityTerminologyApplicationDeveloping Secure Computer SystemsExternal Security MeasuresStructure of a Computer SystemSecure Computer System IssuesSecurity ModelsSpecification and VerificationSecurity ModelsBell and LaPadulaClark-WilsonGoguen-MeseguerTCSECDiscretionary Access RequirementsMandatory Access RequirementsUser AuthenticationAuthentication ObjectivesAuthentication MethodsInformational KeysPhysical KeysBiometric KeysAccess and Information Flow ControlsFile PasswordsCapabilities BasedAccess Control ListsProtection BitsControls for Mandatory Access Trojan HorsesAUDITING and INTRUSION DETECTIONAudit Trail FeaturesIntrusion Detection SystemsUser ProfilingIntruder ProfilingSignature AnalysisAction BasedIDESMIDASHaystackNetwork Intrusion DetectionNetwork Attack CharacteristicsNSMDIDSNADIRCSMMonitoring and the LawDamage Control and AssessmentDamage ControlInform the AuthoritiesBackup System DataRemove the IntruderContain and Monitor the IntruderLock Stolen AccountsRequire Additional AuthenticationDamage AssessmentAttack RecoveryDamage PreventionNetwork SecurityNetwork FundamentalsNetwork Security IssuesBasic Network Security Objectives and ThreatsSecurity ServicesThe Trusted Network InterpretationTNI Security ServiceAIS Interconnection IssuesDistributed Systems SecurityFirewallsSimple Damage Limiting ApproachesNetwork FirewallsPacket Filtering GatewaysCircuit Level GatewaysApplication Level GatewaysFirewall Costs and EffectivenessDatabase SecurityDatabase Management System PrimerDBMS Vulnerabilities and ResponsesInferenceAggregationData IntegrityTrojan HorsesCryptographySubstitution CiphersCaesar CipherROT13Substitution Cipher VariationsVigenere CiphersOne Time PadsTransposition CiphersEncrypting Digital CommunicationDESIDEAKey EscrowPublic Key CryptographyDigital SignaturesMalicious SoftwareVirusesWorms Trojan HorsesTime BombsSecurity StandardsThe Federal CriteriaThe Common Criteria The Trusted Computer System Evaluation CriteriaThe Information Technology Security Evaluation CriteriaCase StudyThe Hannover HackersAn Evening With BerferdThe Internet WormAppendix: Information Warfare This unique reference/textbook clarifies fundamental and advanced concepts in computer security. covering a wide range of security issues. It includes case studies with information about incidents involving computer security, illustrating the problems and potential damage that can be caused when security fails. Includes exercises, summaries, reference lists, and extended bibliographies.

قیمت نهایی

۴۹٬۰۰۰ تومان