计算机安全原理(影印版)
点此进入淘宝搜索页搜索分類: 图书,计算机/网络,信息安全,
作者: (美)康克林(Conk lin,W.A.)著
出 版 社: 高等教育出版社
出版时间: 2005-6-1字数: 950000版次: 1页数: 651印刷时间: 2005/06/01开本: 16开印次: 1纸张: 胶版纸I S B N : 9787040167757包装: 平装编辑推荐
本书从信息安全的三个层面——技术、实践和意识,较为全面地阐述了通信、基础设施和操作安全的基本原理;还详细介绍了计算机系统和网络如何防御各种攻击。同时,本书也涵盖了(ISC)2 SSCP认证考试的内容——该认证考试侧重于最佳实践、安全专家的角色以及责任。通过对本书的学习,既可以学习到计算机和网络安全的基础知识,又可以为参加CompTIA的Security+认证考试做好准备。本书适合作为计算机专业、信息系统与管理专业、电子信息科学专业的本科生教材。
内容简介
通过本书,既可以学习到计算机和网络安全的基础知识,又可以为参加 CompTIA的Security+认证考试做好准备;本书也涵盖了(ISC)2 SSCP认证考试的内容——该认证考试侧重于最佳实践、安全专家的角色以及责任。本书由IT安全领域的专家编写,从信息安全的三个层面——技术、实践和意识— —较为全面地阐述了通信、基础设施和操作安全的基本原理;还详细介绍了计算机系统和网络如何防御各种攻击。
本书共包含24章,分别讲述了以下主题:计算机安全概论与趋势,一般的安全概念,运营/组织安全,人员在安全中的作用,加密,公钥基础结构,标准和协议,物理安全对网络安全的影响,网络基础,基础结构安全,远程访问,无线通信与及时消息,安全基线,攻击和恶意代码,Email,Web组件,软件开发,灾难恢复、业务连续性与组织策略,风险管理,变更管理,有关计算机的争论,安全与法律。
本书适合作为计算机专业、信息系统与管理专业、电子信息科学专业的本科生教材。
目录
Acknowledgments
Foreword
Preface
Introduction
Chapter 1 Introduction and Security Trends
The Security Problem
Security Incidents
Threats to Security
Security Trends
Avenues of Attack
The Steps in an Attack
Minimizing Possible Avenues of Attack
Types of Attacks
Ghapter Review
Chapter 2 General Security Concepts
Basic Security Terminology
Security Basics
Access Control
Authentication
Security Models
Confidentiality Models
Integrity Models
Chapter Review
Chapter 3 Operational/Organizational Security
Security Operations in Your Organization
Policies, Procedures, Standards, and Guidelines
The Security Perimeter
Physical Security
Access Controls
Physical Barriers
Social Engineering
Environment
Fire Suppression
Wireless
Electromagnetic Eavesdropping
Shielding
Location
Chapter
Chapter 4 The Role of People in Security
People--A Security Problem
Poor Security Practices
Social Engineering
People as a Security Tool
Security Awareness
Chapter Review
Chapter 5 Cryptography
Algorithms
Hashing
SHA
Message Digest (MD)
Hashing Summary
Symmetric Encryption
DES
3DES
AES
CAST
RC
Blowfish
IDEA
Symmetric Encryption Summary
Asymmetric Encryption
RSA
Diffie-Hellman
EIGamal
ECC
Asymmetric Encryption Summary
Usage
Confidentiality
Integrity
Nonrepudiation
Authentication
Digital Signatures
Key Escrow
Chapter Review
Chapter 6 Public Key Infrastructure
The Basics of Public Key Infrastructures
Certificate Authorities
Registration Authorities
Local Registration Authorities
Certificate Repositories
Trust and Certificate Verification
Digital Certificates
Certificate Attributes
Certificate Extensions
Certificate Lifecycles
Centralized or Decentralized Infrastructures
Hardware Storage Devices
Private Key Protection
Key Recovery
Key Escrow
Public Certificate Authorities
In-House Certificate Authorities
Outsourced Certificate Authorities
Tying Different PI(Is Together
Trust Models
Certificate Usage
Chapter Review
Chapter 7 Standards and Protocols
PKIX/PKCS
PKIX Standards
PKCS
Why You Need to Know
X.509
SSL/TLS
ISAKMP
CMP
XKMS
S/MIME
IETFS/MIME v3 Specifications
PGP
How It Works
Where Can You Use PCP?
HTFPS
IPSec
CEP
FIPS
Common Criteria (CC)
WTLS
WEP
WEP Security Issues
ISO 17799
Chapter Review
Chapter 8 The Impact of Physical Security on Network Security
The Problem
Physical Security Safeguards
Policies and Procedures
Access Controls
Authentication
Chapter Review
Chapter 9 Network Fundamentals
Network Architectures
Network Topology
Network Protocols
Packets
TCP vs. UDP
ICMP
Packet Delivery
Local Packet Delivery
Remote Packet Delivery
Subnetting
Network Address Translation
Chapter Review
Chapter 10 Infrastructure Security
Devices
Workstations
Savers
Network Interface Cards (NICs)
Hubs
Bridges
Switches
Routers
Firewalls
Wireless
Modems
RAS
Telecom/PBX
VPN
IDS
Network Monitoring/Diagnostic
Mobile Devices
Media
Coax
UTP/STP
Fiber
Unguided Media
Security Concerns for Transmission Media
Physical Security
Removable Media
Magnetic Media
Optical Media
Electronic Media
Security Topologies
Security Zones
VLANs
NAT
Tunneling
Ghapter Review
Chapter 11 Remote Access
The Remote Access Process
Identification
Authentication
Authorization
Telnet
SSH
L2TP and PPIp
PPIP
L2TP
IEEE 802.11
VPN
IPSec
IPSec Configurations
IPSec Security
IEEE 802. Ix
RADIUS
RADIUS Authentication
RADIUS Authorization
RADIUS Accounting
DIAMETER
TACACS+
TACACS+ Authentication
TAGACS+ Authorization
TAGAGS+ Accounting
Vulnerabilities
Connection Summary
Ghapter Review
Chapter 12 Wireless and Instant Hessaging
Wireless
WAP and WTLS
802.11
Instant Messaging
Chapter Review
Chapter 13 Intrusion Detection Systems
History of Intrusion Detectiion Systems
IDS Overview
Host-Based Intrusion Detection Systems
Advantages of Host-Based IDSs
Disadvantages of Host-Based IDSs
Active vs. Passive Host-Based IDSs
Network-Based Intrusion Detection Systems
Advantages of a Network-Based IDS
Disadvantages of a Network-Based 1DS
Active vs. Passive Network-Based IDSs
Signatures
False Positives and Negatives
IDS Models
Preventative Intrusion Detection Systems
IDS Products and Vendors
Honeypots
Incident Response
Ghapter Review
Chapter 14 Security Baselines
Oven, Jew Baselines
Password Selection
Password Polio/Guidelines
Selecting a Password
Components of a Good Password
Password Aging
Operating System and Network Operating System Hardening
Hardening Microsoft Operating Systems
Hardening UNIX-or Linux-BaSed Operating Systems
Network Hardening
Software Updates
Device Configuration
Ports and Services
Traffic Filtering
Application Hardening
Application Patches
Web Servers
Mall Servers
FIP Servers
DNS Servers
File and Print Services
Active Directory
Chapter Review
Chapter 15 Attacks and Malware
Attacking Computer Systems and Networks
DeniM-of-Service Attacks
Backdoors and Trapdoors
Sniffing
Spoofing
Man-in-the-Middle Attacks
Replay Attacks
TCP/IP Hijacking
Attacks on Encryption
Password Guessing
Software Exploitation
Wardialing and WarDriving
Social Engineering
Malware
Auditing
Chapter Review
Chapter 16 E-mail
Security of E-mail Transmissions
Malidous Code
Hoax E-mails
Unsolicited Commercial E-mail (Spare)
Mail Encrypfon
Chapter Review
Chapter 17 Web Components
Current Web Components and Concerns
Protocols
Encryption (SSL and TLS)
The Web (HTTP and HTIPS)
Web Services
Directory Services (DAP and LDAP)
File Transfer (FIT and SFTP)
Vulnerabilities
Code-Based Vulnerabilities
Buffer Overflows
Java and IavaScript
ActiveX
CGI
Server-Side Scripts
Cookies
Signed Applets
Browser Plug-Ins
Chapter Review
Chapter 18 Software Development
The Software EngineeeingProcess
Process Models
ROI and Error Correction
Secure Code Techniques
Good Practices
Requirements
Testing
Chapter Review
Chapter 19 Disaster Recovery, Business Continuity, and Organizational Policies
Disaster Recovery
Disaster Recovery Plans/Process
Backups
Utilities
Secure Recovery
High Availability and Fault Tolerance
Computer Incident Response Teams
Test, Exercise, and Rehearse
Policies and Procedures
Security Policies
Privacy
Service Level Agreements
Human Resources Policies
Code of Ethics
Incident Response Policies
Chapter Review
Chapter 20 Risk Management
An Overview of Risk Management
Macro-Level Example of Risk Management
International Banking
Key Terms Essential to Understanding Risk Management
What Is Risk Management?
Business Risks
Examples of Business Risks
Examples of Technology Risks
Risk Management Models
General Risk Management Model
Software Engineering Institute Model
Qualitatively Assessing Risk
Quantitatively Assessing Risk
Qualitative vs. Quantitative Risk Assessmem
Tools
Chapter Review
Chapter 21 Change Management
Why Change Management?
The Key Concept: Segregation of Duties
Elements of Change Management
Implementing Change Management
The Purpose of a Change Control Board
Code Integrity
The Capability Maturity Model
Chapter Review
Chapter 22 Privilege Management
User, Group, and Role Management
User.
Groups
Role
Single Sign-On
Centralized vs. Decentralized Management
Centralized Management
Decentralized Management
The Decentralized, Gentralized Model
Auditing (Privilege, Usage, and Escalation)
Privilege Auditing
Usage Auditing
Escalation Auditing
Handling Access Control (MAC, DAC, and RBAC)
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Chapter Review
Chapter 23 Computer Forensics
Evidence
Standards for Evidence
Types of Evidence
Three Rules Regarding Evidence
Collecting Evidence
Acquiring Evidence
Identifying Evidence
Protecting Evidence
Transporting Evidence
Storing Evidence
Conducting the Investigation
Chain of Custody
Free Space vs. Slack Space
Free Space
Slack Space
What's This Message Digest and Hash?
Analysis
Chapter Review
Chapter 24 Security and Law
Import/Export Encryption Restrictions
United States Law
Non-U.S. Laws
Digital Signature Laws
Non-U.S. Laws
Digital Rights Management
Privacy Laws
United States Laws
European Laws
Computer Trespass
Convention on Cybercrime
Ethics
Chapter Review
Glossary
Index
