book

Computer Security Basics, 2nd Edition

by Rick Lehtinen, G.T. Gangemi

June 2006

Beginner

310 pages

9h 54m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
About This BookSummary of Contents Part I, Security for Today Part II, Computer Security Part III, Communications Security Part IV, Other Types of Security Part V, AppendixesUsing Code ExamplesComments and QuestionsSafari® EnabledAcknowledgments
I. Security for Today
1. Introduction
The New InsecurityWho You Gonna Call?Information Sharing and Analysis CentersVulnerable broadbandNo computer is an islandThe Sorry TrailComputer crimeWhat Is Computer Security?A Broader Definition of SecuritySecrecy and ConfidentialityAccuracy, Integrity, and AuthenticityAvailabilityThreats to SecurityVulnerabilitiesPhysical vulnerabilitiesNatural vulnerabilitiesHardware and software vulnerabilitiesMedia vulnerabilitiesEmanation vulnerabilitiesCommunications vulnerabilitiesHuman vulnerabilitiesExploiting vulnerabilitiesThreatsNatural and physical threatsUnintentional threatsIntentional threatsInsiders and outsidersCountermeasuresComputer securityCommunications securityPhysical securityWhy Buy Security?Government RequirementsInformation ProtectionWhat’s a User to Do?Summary
2. Some Security History
Information and Its ControlsComputer Security: Then and NowEarly Computer Security EffortsTiger TeamsResearch and ModelingSecure Systems DevelopmentBuilding Toward StandardizationStandards for Secure SystemsNational Computer Security CenterBirth of the Orange BookStandards for CryptographyStandards for EmanationsComputer Security Mandates and LegislationThe Balancing ActComputer Fraud and Abuse ActComputer Security ActSearching for a BalanceRecent Government Security InitiativesModern Standards for Computer SecurityGASSP and GAISP OverviewPrivacy ConsiderationsSummary
II. Computer Security
3. Computer System Security and Access Controls
What Makes a System Secure?System Access: Logging into Your SystemIdentification and AuthenticationMultifactor authenticationLogin ProcessesPassword Authentication ProtocolChallenge Handshake Authentication Protocol (CHAP)Mutual authenticationOne-time passwordPer-session authenticationTokensBiometricsRemote access (TACACS and RADIUS)DIAMETERKerberosPasswordsProtecting passwordsProtecting your login and password on entryProtecting your password in storagePassword attacksAuthorizationSensitivity labelsAccess modelsBell-LaPadula modelBiba modelAccess Control in PracticeDiscretionary access controlOwnershipSelf/group/public controlsFile permissionsMandatory access controlData import and exportAccess decisionsRole-based access controlAccess control listsDirectory ServicesEmail exampleAbout X.500Lightweight Directory Access ProtocolThe LDAP namespaceHierarchyLDAP storage capabilitiesIdentity ManagementFinancial and legal pressuresSummary
4. Viruses and Other Wildlife
Financial Effects of Malicious ProgramsViruses and Public HealthViruses, Worms, and Trojans (Oh, My!)VirusesThe history of virusesWormsTrojan HorsesBombsTrap DoorsSpoofs and MasqueradesWho Writes Viruses?RemediesFirewallsAntivirusThe Virus HypeAn Ounce of PreventionSummary
5. Establishing and Maintaining a Security Policy
Administrative SecurityOverall Planning and AdministrationAnalyzing Costs and RisksWhat information do you have, and how important is it?How vulnerable is the information?What is the cost of losing or compromising the information?What is the cost of protecting the information?Who are you going to call?Planning for DisasterSetting Security Rules for EmployeesTraining UsersDay-to-Day AdministrationPerforming BackupsHardware and Software Security ToolsPerforming a Security AuditSeparation of DutiesSummary
6. Web Attacks and Internet Vulnerabilities
About the InternetHistory of Data and Voice CommunicationsPackets, Addresses, and PortsWhat Are the Network Protocols?Data Navigation ProtocolsData Navigation Protocol AttacksOther Internet ProtocolsFile Transfer ProtocolSimple Mail Transfer ProtocolSMTP and spamDomain Name ServiceDynamic Host Configuration ProtocolNetwork Address TranslationPort Address TranslationThe Fragile WebHow HTML Formats the WebAdvanced Web ServicesWhat is a script?Client-side scripting languagesServer-side scripting languagesWeb Attacks and PreventionsClient-side web attacksGeneral client-side attack preventativesServer-side web attacksSummary
III. Communications Security

7. Encryption
Some HistoryWhat Is Encryption?Why Encryption?Transposition and Substitution CiphersMore about transpositionMore about substitutionCryptographic Keys: Private and PublicPrivate key cryptographyPublic key cryptographyKey Management and DistributionOne-Time PadEnd-to-End and Link EncryptionThe Data Encryption StandardWhat Is the DES?Application of the DESThe Advanced Encryption StandardOverview of the AES Development EffortHow AES WorksSubBytesRow shift and mix columnsRound keysDo it againOther Cryptographic AlgorithmsAES Round 1 Candidate AlgorithmsPublic Key AlgorithmsThe RSA AlgorithmDigital Signatures and CertificatesCertificatesCertificate AuthoritiesGovernment AlgorithmsMessage AuthenticationGovernment Cryptographic ProgramsNSANISTTreasuryCryptographic Export RestrictionsSummary
8. Communications and Network Security
What Makes Communication Secure?Communications VulnerabilitiesCommunications ThreatsModemsNetworksNetwork TermsProtocols and layersSome Network HistoryNetwork MediaTwisted pair cableCoaxial cableFiber-optic cableMicrowaveSatelliteNetwork SecurityAccess Control MethodsDiscretionary access controlRole-based access controlMandatory access controlAuditingPerimeters and GatewaysSecurity in Heterogeneous EnvironmentsEncrypted CommunicationsEnd-to-end encryptionLink encryptionThrough the TunnelVPNs for remote accessVPNs for internetworkingVPNs inside the firewallVPN tunneling protocolsNetwork Security TasksCommunications integrityDenial of serviceCompromise protectionSecuring CommunicationsInternet Protocol Security (IPSec)KerberosSummary
IV. Other Types of Security
9. Physical Security and Biometrics
Physical SecurityNatural DisastersFire and smokeClimateEarthquakes and vibrationWaterElectricityLightningRisk Analysis and Disaster PlanningLocks and Keys: Old and NewTypes of LocksTokensChallenge-Response SystemsCards: Smart and DumbBiometricsRetina PatternsIris ScansFingerprintsHandprintsVoice PatternsKeystrokesSignature and Writing PatternsGentle ReminderSummary
10. Wireless Network Security
How We Got HereToday’s Wireless InfrastructureWireless CostsHow Wireless WorksPlaying the FieldsKeeping the Waves InsideWhat Is This dB Stuff?Why Does All This Matter?Encouraging DiversityPhysical Layer Wireless AttacksHardening Wireless Access PointsThe Tie That BindsSophisticated Physical Layer AttacksForced Degradation AttacksEavesdropping AttacksEavesdropping DefensesAdvanced Eavesdropping AttacksRogue Access PointsSummary
V. Appendixes
A. OSI Model
B. TEMPEST
The Problem of EmanationsThe TEMPEST ProgramFaraday ScreensSource SuppressionTEMPEST StandardsHard As You Try
C. The Orange Book, FIPS PUBS, and the Common Criteria
About the Orange BookOrange Book Security ConceptsSecurity policyAccountabilityAssuranceLife-cycle assurance.DocumentationRating by the BookDiscretionary and Mandatory Access ControlObject ReuseLabelsLabel integrityExportation of labeled informationSubject sensitivity labelsDevice labelsSummary of Orange Book ClassesD Systems: Minimal SecurityC1 Systems: Discretionary Security ProtectionC2 Systems: Controlled Access ProtectionB1 Systems: Labeled Security ProtectionB2 Systems: Structured ProtectionB3 Systems: Security DomainsA1 Systems: Verified DesignComplaints About the Orange BookFIPS by the NumbersI Don’t Want You Smelling My FishCommon Criteria Evaluation Assurance Levels (EALs)
Index
About the Authors
Colophon
Copyright

Content preview from Computer Security Basics, 2nd Edition

Preface

About This Book

This book is about computer security—what it is, where it came from, where it’s going, and why we should care about it. It introduces the many different areas of security in clear and simple terms: access controls, worms and viruses, cryptography, firewalls, network and web security, biometric devices, and more. If you’re at all interested in computer security or if computer security is a part of your job (whether you want it to be or not!), you should find this book useful. I’ve tried to give you the big picture and quite a few helpful details.

This book is not a technical reference. I’ve tried to pull together the basics about many different areas of computer security and put that information together comprehensively. If you need particularly technical information about a specific area of computer security (for example, making your specific system or operating system more secure, securing your web site, or configuring a router or firewall), you should refer to other, more specialized books.

Summary of Contents

This book is divided into 10 chapters and 3 appendixes.

Part I, Security for Today

This section presents a brief overview of what computer security is, where it came from, and where it’s going.

Chapter 1, Introduction: This chapter introduces computer security: what it is and why it’s important. It summarizes the threats to computers and the information stored on them, and it introduces the different types of computer security.
Chapter 2, Some Security ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer Security Fundamentals, Second Edition

Publisher Resources

ISBN: 0596006691Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Computer Security Basics, 2nd Edition

by Rick Lehtinen, G.T. Gangemi

Preface

About This Book