Muutke küpsiste eelistusi

Computer Security Fundamentals 5th edition [Pehme köide]

3.71/5 (29 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 576 pages, kõrgus x laius x paksus: 232x178x34 mm, kaal: 980 g
  • Sari: Pearson IT Cybersecurity Curriculum (ITCC)
  • Ilmumisaeg: 19-Jan-2023
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0137984782
  • ISBN-13: 9780137984787
Teised raamatud teemal:
Computer Security Fundamentals 5th editionSuurem pilt
  • Formaat: Paperback / softback, 576 pages, kõrgus x laius x paksus: 232x178x34 mm, kaal: 980 g
  • Sari: Pearson IT Cybersecurity Curriculum (ITCC)
  • Ilmumisaeg: 19-Jan-2023
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0137984782
  • ISBN-13: 9780137984787
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780137984787.html
Märksõnad:

ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY

 

Clearly explains core concepts, terminology, challenges, technologies, and skills

 

Covers today's latest attacks and countermeasures

 

The perfect beginner's guide for anyone interested in a computer security career

 

Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.

 

This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples refl ect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned.

 

LEARN HOW TO

 

  • Identify and prioritize potential threats to your network
  • Use basic networking knowledge to improve security
  • Get inside the minds of hackers, so you can deter their attacks
  • Implement a proven layered approach to network security
  • Resist modern social engineering attacks
  • Defend against today’s most common Denial of Service (DoS) attacks
  • Halt viruses, spyware, worms, Trojans, and other malware
  • Prevent problems arising from malfeasance or ignorance
  • Choose the best encryption methods for your organization
  • Compare security technologies, including the latest security appliances
  • Implement security policies that will work in your environment
  • Scan your network for vulnerabilities
  • Evaluate potential security consultants
  • Master basic computer forensics and know what to do if you’re attacked
  • Learn how cyberterrorism and information warfare are evolving
Introduction xxix
Chapter 1 Introduction to Computer Security
2(32)
Introduction
2(2)
How Seriously Should You Take Threats to Network Security?
4(3)
Identifying Types of Threats
7(10)
Malware
8(1)
Compromising System Security
9(1)
DoS Attacks
10(1)
Web Attacks
11(2)
Session Hijacking
13(1)
Insider Threats
14(1)
DNS Poisoning
15(1)
New Attacks
16(1)
Assessing the Likelihood of an Attack on Your Network
17(1)
Basic Security Terminology
18(3)
Hacker Slang
18(2)
Professional Terms
20(1)
Concepts and Approaches
21(3)
How Do Legal Issues Impact Network Security?
24(1)
Online Security Resources
25(2)
CERT
25(1)
Microsoft Security Advisor
26(1)
F-Secure
26(1)
SANS Institute
26(1)
Summary
27(7)
Chapter 2 Networks and the Internet
34(40)
Introduction
34(1)
Network Basics
35(8)
The Physical Connection: Local Networks
35(3)
Faster Connection Speeds
38(1)
Wireless
39(1)
Bluetooth
40(1)
Other Wireless Protocols
41(1)
Data Transmission
41(2)
How the Internet Works
43(7)
IP Addresses
43(5)
Uniform Resource Locators
48(1)
What Is a Packet?
49(1)
Basic Communications
50(1)
History of the Internet
50(2)
Basic Network Utilities
52(7)
IPConfig
52(1)
Ping
53(2)
Tracert
55(1)
Netstat
56(1)
NSLookup
56(1)
ARP
56(1)
Route
57(1)
PathPing
58(1)
Other Network Devices
59(1)
Advanced Network Communications Topics
60(1)
The OSI Model
60(1)
The TCP/IP Model
61(1)
Media Access Control (MAC) Addresses
61(1)
Cloud Computing
61(4)
Summary
65(9)
Chapter 3 Cyber Stalking, Fraud, and Abuse
74(32)
Introduction
74(1)
How Internet Fraud Works
75(5)
Investment Offers
75(3)
Auction Fraud
78(2)
Identity Theft
80(2)
Phishing
81(1)
Cyber Stalking
82(9)
Real Cyber Stalking Cases
83(4)
How to Evaluate Cyber Stalking
87(1)
Crimes Against Children
88(2)
Laws About Internet Fraud
90(1)
Protecting Yourself Against Cybercrime
91(8)
Protecting Against Investment Fraud
91(1)
Protecting Against Identity Theft
91(1)
Secure Browser Settings
92(5)
Protecting Against Auction Fraud
97(1)
Protecting Against Online Harassment
98(1)
Summary
99(7)
Chapter 4 Denial of Service Attacks
106(24)
Introduction
106(1)
DoS Attacks
107(1)
Illustrating an Attack
107(2)
Distributed Reflection Denial of Service Attacks
109(1)
Common Tools Used for DoS Attacks
109(3)
Low Orbit Ion Cannon
109(1)
XOIC
110(1)
TFN and TFN2K
111(1)
Stacheldraht
111(1)
DoS Weaknesses
112(1)
Specific DoS Attacks
112(8)
TCP SYN Flood Attacks
112(3)
Smurf IP Attacks
115(1)
UDP Flood Attacks
116(1)
ICMP Flood Attacks
117(1)
The Ping of Death
117(1)
Teardrop Attacks
118(1)
DHCP Starvation
118(1)
HTTP POST DoS Attacks
118(1)
PDoS Attacks
118(1)
Registration DoS Attacks
118(1)
Login DoS Attacks
118(1)
Land Attacks
118(1)
DDoS Attacks
119(1)
Yo-Yo Attack
119(1)
Login Attacks
119(1)
CLDAP Reflection
119(1)
Degradation of Service Attacks
120(1)
Challenge Collapsar Attack
120(1)
EDoS
120(1)
Real-World Examples of DoS Attacks
120(1)
Google Attack
120(1)
AWS Attack
120(1)
Boston Globe Attack
121(1)
Memcache Attacks
121(1)
DDoS Blackmail
121(1)
Mirai
121(1)
How to Defend Against DoS Attacks
121(2)
Summary
123(7)
Chapter 5 Malware
130(36)
Introduction
130(1)
Viruses
131(11)
How a Virus Spreads
131(1)
Types of Viruses
132(1)
Virus Examples
133(7)
The Impact of Viruses
140(1)
Machine Learning and Malware
140(1)
Rules for Avoiding Viruses
141(1)
Trojan Horses
142(3)
The Buffer-Overflow Attack
145(1)
The Sasser Virus/Buffer Overflow
145(1)
Spyware
146(3)
Legal Uses of Spyware
147(1)
How Is Spyware Delivered to a Target System?
147(1)
Pegasus
147(1)
Obtaining Spyware Software
148(1)
Other Forms of Malware
149(4)
Rootkits
150(1)
Malicious Web-Based Code
150(1)
Logic Bombs
151(1)
Spam
152(1)
Advanced Persistent Threats
152(1)
Deep Fakes
152(1)
Detecting and Eliminating Viruses and Spyware
153(6)
Antivirus Software
153(4)
Anti-Malware and Machine Learning
157(1)
Remediation Steps
157(2)
Summary
159(7)
Chapter 6 Techniques Used by Hackers
166(34)
Introduction
166(1)
Basic Terminology
167(1)
The Reconnaissance Phase
167(10)
Passive Scanning Techniques
167(2)
Active Scanning Techniques
169(8)
Actual Attacks
177(7)
SQL Script Injection
177(2)
Cross-Site Scripting
179(1)
Cross-Site Request Forgery
180(1)
Directory Traversal
180(1)
Cookie Poisoning
180(1)
URL Hijacking
180(1)
Command Injection
181(1)
Wireless Attacks
181(1)
Cell Phone Attacks
181(1)
Password Cracking
182(2)
Malware Creation
184(3)
Windows Hacking Techniques
185(2)
Penetration Testing
187(2)
NIST 800-115
187(1)
The NSA Information Assessment Methodology
188(1)
PCI Penetration Testing Standard
189(1)
The Dark Web
189(5)
Summary
194(6)
Chapter 7 Industrial Espionage in Cyberspace
200(26)
Introduction
200(2)
What Is Industrial Espionage?
202(1)
Information as an Asset
203(2)
Real-World Examples of Industrial Espionage
205(2)
Example 1 Hacker Group
206(1)
Example 2 Company Versus Company
206(1)
Example 3 Nuclear Secrets
206(1)
Example 4 Uber
206(1)
Example 5 Foreign Governments and Economic Espionage
207(1)
Trends in Industrial Espionage
207(1)
Industrial Espionage and You
207(1)
How Does Espionage Occur?
207(5)
Low-Tech Industrial Espionage
208(2)
Spyware Used in Industrial Espionage
210(1)
Steganography Used in Industrial Espionage
211(1)
Phone Taps and Bugs
211(1)
Spy for Hire
212(1)
Protecting Against Industrial Espionage
212(3)
Trade Secrets
215(3)
The Industrial Espionage Act
218(1)
Spear Phishing
219(1)
Summary
220(6)
Chapter 8 Encryption
226(42)
Introduction
226(1)
Cryptography Basics
227(1)
History of Encryption
228(8)
The Caesar Cipher
229(1)
Atbash
230(1)
Multi-Alphabet Substitution
231(1)
Rail Fence
232(1)
Scytale
233(1)
Polybius Cipher
233(1)
Enigma
234(1)
Binary Operations
235(1)
Modern Cryptography Methods
236(9)
Single-Key (Symmetric) Encryption
237(6)
Modification of Symmetric Methods
243(2)
Public Key (Asymmetric) Encryption
245(5)
PGP
250(1)
Legitimate Versus Fraudulent Encryption Methods
251(1)
Digital Signatures
252(1)
Hashing
253(1)
MD5
253(1)
SHA
253(1)
RIPEMD
254(1)
MAC and HMAC
254(1)
Rainbow Tables
254(1)
Steganography
255(2)
Historical Steganography
256(1)
Steganography Methods and Tools
257(1)
Cryptanalysis
257(2)
Frequency Analysis
258(1)
Modern Cryptanalysis Methods
258(1)
Cryptography Used on the Internet
259(1)
Quantum Computing Cryptography
259(2)
Summary
261(7)
Chapter 9 Computer Security Technology
268(36)
Introduction
268(1)
Virus Scanners
269(3)
How Does a Virus Scanner Work?
269(1)
Virus-Scanning Techniques
270(2)
Commercial Antivirus Software
272(1)
Firewalls
272(6)
Benefits and Limitations of Firewalls
273(1)
Firewall Types and Components
273(1)
Firewall Configurations
274(2)
Types of Firewalls
276(1)
Commercial and Free Firewall Products
277(1)
Firewall Logs
278(1)
Antispyware
278(1)
IDSs
279(13)
IDS Categorization
279(1)
Identifying an Intrusion
280(1)
IDS Elements
281(1)
Snort
281(5)
Honey Pots
286(1)
Database Activity Monitoring
287(1)
SIEM
287(1)
Other Preemptive Techniques
288(1)
Authentication
288(4)
Digital Certificates
292(1)
SSL/TLS
293(3)
Virtual Private Networks
296(2)
Point-to-Point Tunneling Protocol
296(1)
Layer 2 Tunneling Protocol
296(1)
IPsec
297(1)
Wi-Fi Security
298(1)
Wired Equivalent Privacy
298(1)
Wi-Fi Protected Access
298(1)
WPA2
298(1)
WPA3
298(1)
Summary
299(5)
Chapter 10 Security Policies
304(32)
Introduction
304(1)
What Is a Policy?
305(1)
Important Standards
305(3)
ISO 17999
305(1)
NISTSP 800-53
306(1)
ISO 27001
306(1)
ISO 27002
307(1)
ISO 17799
307(1)
Defining User Policies
308(8)
Passwords
309(1)
Internet Use
310(1)
Email Usage
311(1)
Installing/Uninstalling Software
312(1)
Instant Messaging
313(1)
Desktop Configuration
313(1)
Bring Your Own Device
314(1)
Final Thoughts on User Policies
314(2)
Defining System Administration Policies
316(3)
New Employees
316(1)
Departing Employees
316(1)
Change Requests
317(2)
Security Breaches
319(2)
Virus Infection
319(1)
DoS Attacks
320(1)
Intrusion by a Hacker
320(1)
Defining Access Control
321(1)
Development Policies
322(1)
Standards, Guidelines, and Procedures
323(1)
Data Classification
323(1)
DoD Clearances
323(1)
Disaster Recovery
324(3)
Disaster Recovery Plan
324(1)
Business Continuity Plan
325(1)
Impact Analysis
325(1)
Disaster Recovery and Business Continuity Standards
325(1)
Fault Tolerance
326(1)
Zero Trust
327(1)
Important Laws
328(2)
HIPAA
328(1)
Sarbanes-Oxley
329(1)
Payment Card Industry Data Security Standards
329(1)
Summary
330(6)
Chapter 11 Network Scanning and Vulnerability Scanning
336(42)
Introduction
336(1)
Basics of Assessing a System
337(9)
Patch
337(1)
Ports
338(3)
Protect
341(2)
Policies
343(1)
Probe
344(1)
Physical
345(1)
Securing Computer Systems
346(6)
Securing an Individual Workstation
346(2)
Securing a Server
348(2)
Securing a Network
350(2)
Scanning Your Network
352(11)
NESSUS
352(3)
OWASPZap
355(2)
Shodan
357(2)
Kali Linux
359(3)
Vega
362(1)
OpenVAS
363(1)
Testing and Scanning Standards
363(3)
NIST 800-115
363(1)
NSA-IAM
364(1)
PCI-DSS
365(1)
National Vulnerability Database
365(1)
Getting Professional Help
366(3)
Summary
369(9)
Chapter 12 Cyber Terrorism and Information Warfare
378(30)
Introduction
378(1)
Actual Cases of Cyber Terrorism
379(3)
China's Advanced Persistent Threat
381(1)
India and Pakistan
381(1)
Russian Hackers
381(1)
Iran-Saudi Tension
381(1)
Weapons of Cyber Warfare
382(2)
Stuxnet
382(1)
Flame
382(1)
StopGeorgia.ru Malware
383(1)
FinFisher
383(1)
BlackEnergy
383(1)
Regin
384(1)
NSA ANT Catalog
384(1)
Economic Attacks
384(2)
Military Operations Attacks
386(1)
General Attacks
387(1)
Supervisory Control and Data Acquisitions (SCADA)
387(1)
Information Warfare
388(3)
Propaganda
388(1)
Information Control
389(2)
Disinformation
391(1)
Actual Cases of Cyber Terrorism
391(4)
Future Trends
395(4)
Machine Learning/Artificial Intelligence
395(1)
Positive Trends
396(2)
Negative Trends
398(1)
Defense Against Cyber Terrorism
399(1)
Terrorist Recruiting and Communication
399(1)
TOR and the Dark Web
400(2)
Summary
402(6)
Chapter 13 Cyber Detective
408(18)
Introduction
408(2)
General Searches
410(3)
Email Searches
412(1)
Company Searches
413(1)
Court Records and Criminal Checks
413(4)
Sex Offender Registries
413(2)
Civil Court Records
415(1)
Other Resources
416(1)
Usenet
417(1)
Google
418(1)
Maltego
418(3)
Summary
421(5)
Chapter 14 Introduction to Forensics
426(40)
Introduction
426(1)
General Guidelines
427(13)
Don't Touch the Suspect Drive
427(1)
Imaging a Drive with Forensic Toolkit
428(4)
Can You Ever Conduct Forensics on a Live Machine?
432(1)
Document Trail
432(1)
Secure the Evidence
432(1)
Chain of Custody
433(1)
FBI Forensics Guidelines
433(1)
U.S. Secret Service Forensics Guidelines
434(1)
EU Evidence Gathering
435(1)
Scientific Working Group on Digital Evidence
436(1)
Locard's Principle of Transference
436(1)
The Scientific Method
437(1)
Standards
437(1)
Forensics Reports
438(1)
Tools
438(2)
Finding Evidence on a PC
440(1)
Finding Evidence in a Browser
440(1)
Finding Evidence in System Logs
441(1)
Windows Logs
441(1)
Linux Logs
442(1)
Getting Back Deleted Files
442(3)
Operating System Utilities
445(2)
Net Sessions
445(1)
Openfiles
445(3)
FC
446(1)
Netstat
446(1)
The Windows Registry
447(2)
Specific Entries
449(3)
Mobile Forensics: Cell Phone Concepts
452(5)
Cell Phone State
452(1)
Cell Phone Components
452(1)
Cellular Networks
453(1)
iOS
454(1)
Android
455(1)
What You Should Look For
456(1)
The Need for Forensic Certification
457(1)
Expert Witnesses
458(1)
Federal Rule 702
459(1)
Daubert
459(1)
Additional Types of Forensics
459(4)
Network Forensics
460(1)
Virtual Forensics
460(3)
Summary
463(3)
Chapter 15 Cybersecurity Engineering
466(28)
Introduction
466(1)
Defining Cybersecurity Engineering
467(8)
Cybersecurity and Systems Engineering
468(1)
Applying Engineering to Cybersecurity
468(7)
Standards
475(5)
RMF
476(1)
ISO 27001
477(1)
ISO 27004
478(1)
NIST SP 800-63B
478(2)
SecML
480(9)
SecML Concepts
481(1)
Misuse-Case Diagram
481(5)
Security Sequence Diagram
486(2)
Data Interface Diagram
488(1)
Security Block Diagram
489(1)
Modeling
489(2)
Stride
489(1)
Pasta
490(1)
Dread
490(1)
Summary
491(3)
Glossary 494(6)
Appendix A Resources 500(2)
Appendix B Answers to the Multiple Choice Questions 502(6)
Index 508
Dr. Chuck Easttom is the author of 37 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a doctor of science degree in cybersecurity (dissertation topic: a study of lattice-based algorithms for post quantum cryptography), a Ph.D. in Computer Science (dissertation topic: "A Systematic Framework for Network Forensics Using Graph Theory"), and a Ph.D. in Nanotechnology (dissertation topic: "The Effects of Complexity on Carbon Nanotube Failures") and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He also holds more than 70 industry certifications (CISSP, CEH, etc.). He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker and senior member of the ACM and a senior member of the IEEE. You can find out more about Dr. Easttom and his research at www.ChuckEasttom.com.