CHF95.90
Download est disponible immédiatement
The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise.
The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.
Auteur
John Vacca is an information technology consultant, researcher, professional writer, Editor, reviewer, and internationally-known best-selling author based in Pomeroy, Ohio. Since 1982, John has authored/edited 79 books (some of his most recent books include):
He has written more than 600 articles in the areas of advanced storage, computer security and aerospace technology (copies of articles and books are available upon request).
John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his retirement from NASA in 1995.
In addition, John is also an independent online book reviewer. Finally, John was one of the security consultants for the MGM movie titled: "AntiTrust," which was released on January 12, 2001. A detailed copy of Johns author bio can be viewed at URL: http://www.johnvacca.com. John can be reached at: john2164@windstream.net.
Contenu
Part I Overview of System and Network Security: A Comprehensive Introduction
Chapter 1 Building a Secure Organization
1.1 OBSTACLES TO SECURITY 1.2 TEN STEPS TO BUILDING A SECURE ORGANIZATION 1.3 DON'T FORGET THE BASICS 1.4 PREPARING FOR THE BUILDING OF SECURITY CONTROL ASSESSMENTS 1.5 SUMMARY 1.6 CHAPTER REVIEW QUESTIONS/EXERCISES 1.7 OPTIONAL TEAM CASE PROJECT
Chapter 2 A Cryptography Primer
2.1 WHAT IS CRYPTOGRAPHY? WHAT IS ENCRYPTION? 2.2 FAMOUS CRYPTOGRAPHIC DEVICES 2.3 CIPHERS 2.4 MODERN CRYPTOGRAPHY 2.5 THE COMPUTER AGE 2.6 HOW AES WORKS 2.7 SELECTING CRYPTOGRAPHY: THE PROCESS 2.8 SUMMARY 2.9 CHAPTER REVIEW QUESTIONS/EXERCISES 2.9 OPTIONAL TEAM CASE PROJECT
Chapter 3 Detecting System Intrusions
3.1 INTRODUCTION 3.2 MONITORING KEY FILES IN THE SYSTEM 3.3 SECURITY OBJECTIVES 3.4 0DAY ATTACKS 3.5 GOOD KNOWN STATE 3.6 ROOTKITS 3.7 LOW HANGING FRUIT 3.8 ANTIVIRUS SOFTWARE 3.9 HOMEGROWN INTRUSION DETECTION 3.10 FULL PACKET CAPTURE DEVICES 3.11 OUT OF BAND ATTACK VECTORS 3.12 SECURITY AWARENESS TRAINING 3.13 DATA CORRELATION 3.14 SIEM 3.15 OTHER WEIRD STUFF ON THE SYSTEM 3.16 DETECTION 3.17 NETWORK-BASED DETECTION OF SYSTEM INTRUSIONS (DSIS) 3.18 SUMMARY 3.19 CHAPTER REVIEW QUESTIONS/EXERCISES 3.20 OPTIONAL TEAM CASE PROJECT
Chapter 4 Preventing System Intrusions
4.1 SO, WHAT IS AN INTRUSION? 4.2 SOBERING NUMBERS 4.3 KNOW YOUR ENEMY: HACKERS VERSUS CRACKERS 4.4 MOTIVES 4.5 THE CRACKERS' TOOLS OF THE TRADE 4.6 BOTS 4.7 SYMPTOMS OF INTRUSIONS 4.8 WHAT CAN YOU DO? 4.9 SECURITY POLICIES 4.10 RISK ANALYSIS 4.11 TOOLS OF YOUR TRADE 4.12 CONTROLLING USER ACCESS 4.13 INTRUSION PREVENTION CAPABILITIES 4.14 SUMMARY 4.15 CHAPTER REVIEW QUESTIONS/EXERCISES 4.16 OPTIONAL TEAM CASE PROJECT
CHAPTER 5 Guarding Against Network Intrusions
5.1 TRADITIONAL RECONNAISSANCE AND ATTACKS 5.2 MALICIOUS SOFTWARE 5.3 DEFENSE IN DEPTH 5.4 PREVENTIVE MEASURES 5.5 INTRUSION MONITORING AND DETECTION 5.6 REACTIVE MEASURES 5.7 NETWORK-BASED INTRUSION PROTECTION 5.6 SUMMARY 5.7 CHAPTER REVIEW QUESTIONS/EXERCISES 5.8 OPTIONAL TEAM CASE PROJECT
CHAPTER 6 Securing Cloud Computing Systems
6.1 CLOUD COMPUTING ESSENTIALS: EXAMINING THE CLOUD LAYERS 6.2 SOFTWARE AS A SERVICE (SAAS): MANAGING RISKS IN THE CLOUD 6.3 PLATFORM AS A SERVICE (PAAS): SECURING THE PLATFORM 6.4 INFRASTRUCTURE AS A SERVICE (IAAS) 6.5 LEVERAGING PROVIDER-SPECIFIC SECURITY OPTIONS 6.6 ACHIEVING SECURITY IN A PRIVATE CLOUD 6.7 MEETING COMPLIANCE REQUIREMENTS 6.8 PREPARING FOR DISASTER RECOVERY 6.9 SUMMARY 6.10 CHAPTER REVIEW QUESTIONS/EXERCISES 6.11 OPTIONAL TEAM CASE PROJECT
CHAPTER 7 Fault Tolerance and Resilience in Cloud Computing Environments
7.1 INTRODUCTION 7.2 CLOUD COMPUTING FAULT MODEL 7.3 BASIC CONCEPTS ON FAULT TOLERANCE 7.4 DIFFERENT LEVELS OF FAULT TOLERANCE IN CLOUD COMPUTING 7.5 FAULT TOLERANCE AGAINST CRASH FAILURES IN CLOUD COMPUTING 7.6 FAULT TOLERANCE AGAINST BYZANTINE FAILURES IN CLOUD COMPUTING 7.7 FAULT TOLERANCE AS A SERVICE IN CLOUD COMPUTING 7.8 SUMMARY 7.9 CHAPTER REVIEW QUESTIONS/EXERCISES 7.10 OPTIONAL TEAM CASE PROJECT
CHAPTER 8 Securing Web Applications, Services and Servers
8.1 SETTING THE STAGE 8.2 BASIC SECURITY FOR HTTP APPLICATIONS AND SERVICES 8.3 BASIC SECURITY FOR SOAP SERVICES 8.4 IDENTITY MANAGEMENT AND WEB SERVICES 8.5 AUTHORIZATION PATTERNS 8.6 SECURITY CONSIDERATIONS 8.7 CHALLENGES 8.8 SUMMARY 8.9 CHAPTER REVIEW QUESTIONS/EXERCISES 8.10 OPTIONAL TEAM CASE PROJECT
CHAPTER 9 Unix and Linux Security
9.1 UNIX AND SECURITY 9.2 BASIC UNIX SECURITY OVERVIEW 9.3 ACHIEV…