book

Computer Security Basics, 2nd Edition

by Rick Lehtinen, G.T. Gangemi

June 2006

Beginner

310 pages

9h 54m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
About This BookSummary of Contents Part I, Security for Today Part II, Computer Security Part III, Communications Security Part IV, Other Types of Security Part V, AppendixesUsing Code ExamplesComments and QuestionsSafari® EnabledAcknowledgments
I. Security for Today
1. Introduction
The New InsecurityWho You Gonna Call?Information Sharing and Analysis CentersVulnerable broadbandNo computer is an islandThe Sorry TrailComputer crimeWhat Is Computer Security?A Broader Definition of SecuritySecrecy and ConfidentialityAccuracy, Integrity, and AuthenticityAvailabilityThreats to SecurityVulnerabilitiesPhysical vulnerabilitiesNatural vulnerabilitiesHardware and software vulnerabilitiesMedia vulnerabilitiesEmanation vulnerabilitiesCommunications vulnerabilitiesHuman vulnerabilitiesExploiting vulnerabilitiesThreatsNatural and physical threatsUnintentional threatsIntentional threatsInsiders and outsidersCountermeasuresComputer securityCommunications securityPhysical securityWhy Buy Security?Government RequirementsInformation ProtectionWhat’s a User to Do?Summary
2. Some Security History
Information and Its ControlsComputer Security: Then and NowEarly Computer Security EffortsTiger TeamsResearch and ModelingSecure Systems DevelopmentBuilding Toward StandardizationStandards for Secure SystemsNational Computer Security CenterBirth of the Orange BookStandards for CryptographyStandards for EmanationsComputer Security Mandates and LegislationThe Balancing ActComputer Fraud and Abuse ActComputer Security ActSearching for a BalanceRecent Government Security InitiativesModern Standards for Computer SecurityGASSP and GAISP OverviewPrivacy ConsiderationsSummary
II. Computer Security
3. Computer System Security and Access Controls
What Makes a System Secure?System Access: Logging into Your SystemIdentification and AuthenticationMultifactor authenticationLogin ProcessesPassword Authentication ProtocolChallenge Handshake Authentication Protocol (CHAP)Mutual authenticationOne-time passwordPer-session authenticationTokensBiometricsRemote access (TACACS and RADIUS)DIAMETERKerberosPasswordsProtecting passwordsProtecting your login and password on entryProtecting your password in storagePassword attacksAuthorizationSensitivity labelsAccess modelsBell-LaPadula modelBiba modelAccess Control in PracticeDiscretionary access controlOwnershipSelf/group/public controlsFile permissionsMandatory access controlData import and exportAccess decisionsRole-based access controlAccess control listsDirectory ServicesEmail exampleAbout X.500Lightweight Directory Access ProtocolThe LDAP namespaceHierarchyLDAP storage capabilitiesIdentity ManagementFinancial and legal pressuresSummary
4. Viruses and Other Wildlife
Financial Effects of Malicious ProgramsViruses and Public HealthViruses, Worms, and Trojans (Oh, My!)VirusesThe history of virusesWormsTrojan HorsesBombsTrap DoorsSpoofs and MasqueradesWho Writes Viruses?RemediesFirewallsAntivirusThe Virus HypeAn Ounce of PreventionSummary
5. Establishing and Maintaining a Security Policy
Administrative SecurityOverall Planning and AdministrationAnalyzing Costs and RisksWhat information do you have, and how important is it?How vulnerable is the information?What is the cost of losing or compromising the information?What is the cost of protecting the information?Who are you going to call?Planning for DisasterSetting Security Rules for EmployeesTraining UsersDay-to-Day AdministrationPerforming BackupsHardware and Software Security ToolsPerforming a Security AuditSeparation of DutiesSummary
6. Web Attacks and Internet Vulnerabilities
About the InternetHistory of Data and Voice CommunicationsPackets, Addresses, and PortsWhat Are the Network Protocols?Data Navigation ProtocolsData Navigation Protocol AttacksOther Internet ProtocolsFile Transfer ProtocolSimple Mail Transfer ProtocolSMTP and spamDomain Name ServiceDynamic Host Configuration ProtocolNetwork Address TranslationPort Address TranslationThe Fragile WebHow HTML Formats the WebAdvanced Web ServicesWhat is a script?Client-side scripting languagesServer-side scripting languagesWeb Attacks and PreventionsClient-side web attacksGeneral client-side attack preventativesServer-side web attacksSummary
III. Communications Security

7. Encryption
Some HistoryWhat Is Encryption?Why Encryption?Transposition and Substitution CiphersMore about transpositionMore about substitutionCryptographic Keys: Private and PublicPrivate key cryptographyPublic key cryptographyKey Management and DistributionOne-Time PadEnd-to-End and Link EncryptionThe Data Encryption StandardWhat Is the DES?Application of the DESThe Advanced Encryption StandardOverview of the AES Development EffortHow AES WorksSubBytesRow shift and mix columnsRound keysDo it againOther Cryptographic AlgorithmsAES Round 1 Candidate AlgorithmsPublic Key AlgorithmsThe RSA AlgorithmDigital Signatures and CertificatesCertificatesCertificate AuthoritiesGovernment AlgorithmsMessage AuthenticationGovernment Cryptographic ProgramsNSANISTTreasuryCryptographic Export RestrictionsSummary
8. Communications and Network Security
What Makes Communication Secure?Communications VulnerabilitiesCommunications ThreatsModemsNetworksNetwork TermsProtocols and layersSome Network HistoryNetwork MediaTwisted pair cableCoaxial cableFiber-optic cableMicrowaveSatelliteNetwork SecurityAccess Control MethodsDiscretionary access controlRole-based access controlMandatory access controlAuditingPerimeters and GatewaysSecurity in Heterogeneous EnvironmentsEncrypted CommunicationsEnd-to-end encryptionLink encryptionThrough the TunnelVPNs for remote accessVPNs for internetworkingVPNs inside the firewallVPN tunneling protocolsNetwork Security TasksCommunications integrityDenial of serviceCompromise protectionSecuring CommunicationsInternet Protocol Security (IPSec)KerberosSummary
IV. Other Types of Security
9. Physical Security and Biometrics
Physical SecurityNatural DisastersFire and smokeClimateEarthquakes and vibrationWaterElectricityLightningRisk Analysis and Disaster PlanningLocks and Keys: Old and NewTypes of LocksTokensChallenge-Response SystemsCards: Smart and DumbBiometricsRetina PatternsIris ScansFingerprintsHandprintsVoice PatternsKeystrokesSignature and Writing PatternsGentle ReminderSummary
10. Wireless Network Security
How We Got HereToday’s Wireless InfrastructureWireless CostsHow Wireless WorksPlaying the FieldsKeeping the Waves InsideWhat Is This dB Stuff?Why Does All This Matter?Encouraging DiversityPhysical Layer Wireless AttacksHardening Wireless Access PointsThe Tie That BindsSophisticated Physical Layer AttacksForced Degradation AttacksEavesdropping AttacksEavesdropping DefensesAdvanced Eavesdropping AttacksRogue Access PointsSummary
V. Appendixes
A. OSI Model
B. TEMPEST
The Problem of EmanationsThe TEMPEST ProgramFaraday ScreensSource SuppressionTEMPEST StandardsHard As You Try
C. The Orange Book, FIPS PUBS, and the Common Criteria
About the Orange BookOrange Book Security ConceptsSecurity policyAccountabilityAssuranceLife-cycle assurance.DocumentationRating by the BookDiscretionary and Mandatory Access ControlObject ReuseLabelsLabel integrityExportation of labeled informationSubject sensitivity labelsDevice labelsSummary of Orange Book ClassesD Systems: Minimal SecurityC1 Systems: Discretionary Security ProtectionC2 Systems: Controlled Access ProtectionB1 Systems: Labeled Security ProtectionB2 Systems: Structured ProtectionB3 Systems: Security DomainsA1 Systems: Verified DesignComplaints About the Orange BookFIPS by the NumbersI Don’t Want You Smelling My FishCommon Criteria Evaluation Assurance Levels (EALs)
Index
About the Authors
Colophon
Copyright

Overview

This is the must-have book for a must-know field. Today, general security knowledge is mandatory, and, if you who need to understand the fundamentals, Computer Security Basics 2nd Edition is the book to consult.

The new edition builds on the well-established principles developed in the original edition and thoroughly updates that core knowledge. For anyone involved with computer security, including security administrators, system administrators, developers, and IT managers, Computer Security Basics 2nd Edition offers a clear overview of the security concepts you need to know, including access controls, malicious software, security policy, cryptography, biometrics, as well as government regulations and standards.

This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing.

Topics include:

Computer security concepts
Security breaches, such as viruses and other malicious programs
Access controls
Security policy
Web attacks
Communications and network security
Encryption
Physical security and biometrics
Wireless network security
Computer security and requirements of the Orange Book
OSI Model and TEMPEST

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer Security Fundamentals, Third Edition

Publisher Resources

ISBN: 0596006691Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills