ebook img

Computer Security Handbook, 6th Edition PDF

2207 Pages·2014·28.98 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer Security Handbook, 6th Edition

Sixth Edition COMPUTER SECURITY HANDBOOK Edited by Seymour Bosworth M.E. Kabay Eric Whyne www.allitebooks.com www.allitebooks.com COMPUTER SECURITY HANDBOOK www.allitebooks.com www.allitebooks.com COMPUTER SECURITY HANDBOOK Sixth Edition Volume 1 Edited by SEYMOUR BOSWORTH MICHEL E. KABAY ERIC WHYNE www.allitebooks.com Coverimage:©iStockphoto.com/JimmyAnderson Coverdesign:Wiley Copyright©2014byJohnWiley&Sons,Inc.Allrightsreserved. PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey. PreviousEdition:ComputerSecurityHandbook,FifthEdition.Copyright©2009byJohnWiley&Sons,Inc. AllRightsReserved.PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey. PublishedsimultaneouslyinCanada. Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyany means,electronic,mechanical,photocopying,recording,scanning,orotherwise,exceptaspermittedunder Section107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthe Publisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter, Inc.,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600,orontheWebat www.copyright.com.RequeststothePublisherforpermissionshouldbeaddressedtothePermissions Department,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011, fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions. LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsin preparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessof thecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessfora particularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials. Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwitha professionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyother commercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages. Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport,pleasecontactourCustomer CareDepartmentwithintheUnitedStatesat(800)762-2974,outsidetheUnitedStatesat(317)572-3993or fax(317)572-4002. Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincluded withstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.Ifthisbook referstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthis materialathttp://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com. LibraryofCongressCataloging-in-PublicationData Computersecurityhandbook/[editedby]SeymourBosworth,MichelE.Kabay, EricWhyne.–Sixthedition. volumescm Includesindex. ISBN978-1-118-13410-8(vol.1:pbk.)–ISBN978-1-118-13411-5(vol.2:pbk.)– ISBN978-1-118-12706-3(2volumeset:pbk.);ISBN978-1-118-85174-6(ebk); ISBN978-1-118-85179-1(ebk) 1.Electronicdataprocessingdepartments–Securitymeasures. I.Bosworth,Seymour. II.Kabay,MichelE. III.Whyne,Eric,1981– HF5548.37.C642014 658.4′78–dc23 2013041083 PrintedintheUnitedStatesofAmerica 10 9 8 7 6 5 4 3 2 1 www.allitebooks.com CONTENTS PREFACE ACKNOWLEDGMENTS ABOUTTHEEDITORS ABOUTTHECONTRIBUTORS ANOTETOTHEINSTRUCTOR PARTI FOUNDATIONSOFCOMPUTERSECURITY 1. BriefHistoryandMissionofInformationSystemSecurity SeymourBosworthandRobertV.Jacobson 2. HistoryofComputerCrime M.E.Kabay 3. TowardaNewFrameworkforInformationSecurity DonnB.Parker,CISSP 4. HardwareElementsofSecurity SyBosworthandStephenCobb 5. DataCommunicationsandInformationSecurity RaymondPankoandEricFisher 6. LocalAreaNetworkTopologies,Protocols,andDesign GaryC.Kessler 7. Encryption StephenCobbandCorinneLeFranc¸ois 8. UsingaCommonLanguageforComputerSecurityIncidentInformation JohnD.Howard v www.allitebooks.com vi CONTENTS 9. MathematicalModelsofComputerSecurity MattBishop 10. UnderstandingStudiesandSurveysofComputerCrime M.E.Kabay 11. FundamentalsofIntellectualPropertyLaw WilliamA.ZuckerandScottJ.Nathan PARTII THREATSANDVULNERABILITIES 12. ThePsychologyofComputerCriminals Q.CampbellandDavidM.Kennedy 13. TheInsiderThreat GaryL.Tagg,CISSP 14. InformationWarfare SeymourBosworth 15. PenetratingComputerSystemsandNetworks CheyCobb,StephenCobb,M.E.Kabay,andTimCrothers 16. MaliciousCode RobertGuessandEricSalveggio 17. MobileCode RobertGezelter 18. Denial-of-ServiceAttacks GaryC.Kessler 19. Social-EngineeringandLow-TechAttacks KarthikRaman,SusanBaumes,KevinBeets,andCarlNess 20. Spam,Phishing,andTrojans:AttacksMeanttoFool StephenCobb 21. Web-BasedVulnerabilities AnupK.Ghosh,KurtBaumgarten,JenniferHadley,andStevenLovaas 22. PhysicalThreatstotheInformationInfrastructure FranklinPlatt PARTIII PREVENTION:TECHNICALDEFENSES 23. ProtectingthePhysicalInformationInfrastructure FranklinPlatt www.allitebooks.com CONTENTS vii 24. OperatingSystemSecurity WilliamStallings 25. LocalAreaNetworks N.ToddPritsky,JosephR.Bumblis,andGaryC.Kessler 26. GatewaySecurityDevices JustinOpatrny 27. IntrusionDetectionandIntrusionPreventionDevices RebeccaGurleyBace 28. IdentificationandAuthentication RaviSandhu,JenniferHadley,StevenLovaas,andNicholasTakacs 29. BiometricAuthentication EricSalveggio,StevenLovaas,DavidR.Lease,andRobertGuess 30. E-CommerceandWebServerSafeguards RobertGezelter 31. WebMonitoringandContentFiltering StevenLovaas 32. VirtualPrivateNetworksandSecureRemoteAccess JustinOpatrnyandCarlNess 33. 802.11WirelessLANSecurity GaryL.Tagg,CISSPandJasonSinchak,CISSP 34. SecuringVoIP ChristopherDantosandJohnMason 35. SecuringP2P,IM,SMS,andCollaborationTools CarlNess 36. SecuringStoredData DavidJ.Johnson,NicholasTakacs,JenniferHadley,andM.E.Kabay 37. PKIandCertificateAuthorities SantoshChokhani,PadgettPeterson,andStevenLovaas 38. WritingSecureCode LesterE.Nichols,M.E.Kabay,andTimothyBraithwaite 39. SoftwareDevelopmentandQualityAssurance DianeE.Levine,JohnMason,andJenniferHadley 40. ManagingSoftwarePatchesandVulnerabilities KarenScarfone,PeterMell,andMurugiahSouppaya www.allitebooks.com viii CONTENTS 41. AntivirusTechnology CheyCobbandAllysaMyers 42. ProtectingDigitalRights:TechnicalApproaches RobertGuess,JenniferHadley,StevenLovaas,andDianeE.Levine PARTIV PREVENTION:HUMANFACTORS 43. EthicalDecisionMakingandHighTechnology JamesLandonLinderman 44. SecurityPolicyGuidelines M.E.KabayandBridgittRobertson 45. EmploymentPracticesandPolicies M.E.KabayandBridgittRobertson 46. VulnerabilityAssessment RebeccaGurleyBaceandJasonSinchak 47. OperationsSecurityandProductionControls M.E.Kabay,DonHolden,andMylesWalsh 48. EmailandInternetUsePolicies M.E.KabayandNicholasTakacs 49. ImplementingaSecurity-AwarenessProgram K.Rudolph 50. UsingSocialPsychologytoImplementSecurityPolicies M.E.Kabay,BridgittRobertson,ManiAkella,andD.T.Lang 51. SecurityStandardsforProducts PaulBrusilandNoelZakin PARTV DETECTINGSECURITYBREACHES 52. ApplicationControls MylesWalshandSusanBaumes 53. MonitoringandControlSystems CalebS.CogginsandDianeE.Levine 54. SecurityAudits DonaldGlass,RichardO.MooreIII,ChrisDavis,JohnMason, DavidGursky,JamesThomas,WendyCarr,M.E.Kabay,andDianeLevine 55. CyberInvestigation PeterStephenson www.allitebooks.com

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.