Principles of Computer Security: Security+ and Beyond / Edition 1

Principles of Computer Security: Security+ and Beyond / Edition 1

by Wm. Arthur Conklin, Gregory White, Chuck Cothren, Dwayne Williams
     
 

ISBN-10: 0072255099

ISBN-13: 9780072255096

Pub. Date: 03/15/2004

Publisher: McGraw-Hill Professional Publishing

Ensure Confidentiality, Integrity, and Availability of Information

Learn the essentials of computer and network security while getting complete coverage of all the objectives for CompTIA’s Security+ certification exam. It also covers the ISC2 SSCP certification exam, which focuses on best practices, roles, and responsibilities of security experts. Written and

…  See more details below

Overview

Ensure Confidentiality, Integrity, and Availability of Information

Learn the essentials of computer and network security while getting complete coverage of all the objectives for CompTIA’s Security+ certification exam. It also covers the ISC2 SSCP certification exam, which focuses on best practices, roles, and responsibilities of security experts. Written and edited by leaders in the IT security field, this text explains the fundamentals of communication, infrastructure, and operational security, and methods for preventing attacks.

Inside this book, you will learn to:

  • Understand security objectives and the role of policy development
  • Use cryptography and public key infrastructure (PKI)
  • Secure remote access, wireless, and virtual private networks (VPNs)
  • Harden network devices, operating systems, and applications
  • Defend against network attacks--denial of service, spoofing, hijacking, and others
  • Combat viruses, worms, Trojan horses, and logic bombs
  • Implement risk, change, and privilege management measures
  • Handle computer forensics and incident response

The CD-ROM features:

  • Security+ MasterExam with hundreds of questions
  • One hour of LearnKey video training (registration required)

About the Series Editor: Corey D. Schou, Ph.D., is the founding director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC), which was designated the National Center of Excellence in Information Assurance Education.

Read More

Product Details

ISBN-13:
9780072255096
Publisher:
McGraw-Hill Professional Publishing
Publication date:
03/15/2004
Edition description:
Older Edition
Pages:
800
Product dimensions:
7.30(w) x 9.10(h) x 1.91(d)

Table of Contents

Acknowledgmentsix
Forewordxxiii
Prefacexxvii
Introductionxxix
Chapter 1Introduction and Security Trends1
The Security Problem1
Avenues of Attack10
Chapter Review12
Chapter 2General Security Concepts19
Basic Security Terminology19
Security Models33
Chapter Review36
Chapter 3Operational/ Organizational Security43
Security Operations in Your Organization43
Physical Security46
Social Engineering48
Environment49
Wireless54
Electromagnetic Eavesdropping55
Location56
Chapter Review56
Chapter 4The Role of People in Security63
People--A Security Problem63
People as a Security Tool69
Chapter Review71
Chapter 5Cryptography77
Algorithms78
Hashing81
Symmetric Encryption84
Asymmetric Encryption94
Usage98
Chapter Review101
Chapter 6Public Key Infrastructure107
The Basics of Public Key Infrastructures107
Certificate Authorities110
Registration Authorities111
Certificate Repositories114
Trust and Certificate Verification115
Digital Certificates119
Centralized or Decentralized Infrastructures130
Private Key Protection132
Public Certificate Authorities136
In-House Certificate Authorities137
Outsourced Certificate Authorities138
Tying Different PKIs Together139
Certificate Usage146
Chapter Review147
Chapter 7Standards and Protocols153
PKIX/PKCS155
X.509160
SSL/TLS162
ISAKMP164
CMP165
XKMS166
S/MIME168
PGP170
HTTPS171
IPSec171
CEP172
FIPS172
Common Criteria (CC)173
WTLS173
WEP173
ISO 17799174
Chapter Review175
Chapter 8The Impact of Physical Security on Network Security181
The Problem181
Physical Security Safeguards183
Chapter Review189
Chapter 9Network Fundamentals195
Network Architectures195
Network Topology197
Network Protocols199
Packet Delivery204
Chapter Review209
Chapter 10Infrastructure Security215
Devices215
Media232
Security Concerns for Transmission Media237
Removable Media238
Security Topologies243
Tunneling249
Chapter Review250
Chapter 11Remote Access257
The Remote Access Process257
Telnet260
SSH260
L2TP and PPTP261
IEEE 802.11264
VPN266
IPSec267
IEEE 802.1x273
RADIUS273
TACACS+276
Vulnerabilities279
Connection Summary280
Chapter Review281
Chapter 12Wireless and Instant Messaging287
Wireless287
Instant Messaging299
Chapter Review301
Chapter 13Intrusion Detection Systems309
History of Intrusion Detection Systems310
IDS Overview311
Host-Based Intrusion Detection Systems312
Network-Based Intrusion Detection Systems319
Signatures324
False Positives and Negatives326
IDS Models326
Chapter Review332
Chapter 14Security Baselines337
Overview Baselines337
Password Selection338
Operating System and Network Operating System Hardening341
Network Hardening372
Application Hardening379
Chapter Review387
Chapter 15Attacks and Malware395
Attacking Computer Systems and Networks395
Auditing416
Chapter Review417
Chapter 16E-mail423
Security of E-mail Transmissions423
Malicious Code424
Hoax E-mails426
Unsolicited Commercial E-mail (Spam)426
Mail Encryption428
Chapter Review432
Chapter 17Web Components439
Current Web Components and Concerns440
Protocols440
Code-Based Vulnerabilities451
Chapter Review463
Chapter 18Software Development469
The Software Engineering Process470
Good Practices476
Chapter Review477
Chapter 19Disaster Recovery, Business Continuity, and Organizational Policies483
Disaster Recovery483
Policies and Procedures494
Chapter Review504
Chapter 20Risk Management511
An Overview of Risk Management511
What Is Risk Management?513
Business Risks514
Risk Management Models515
Qualitatively Assessing Risk519
Quantitatively Assessing Risk521
Qualitative vs. Quantitative Risk Assessment523
Tools524
Chapter Review525
Chapter 21Change Management533
Why Change Management?533
The Key Concept: Segregation of Duties535
Elements of Change Management536
Implementing Change Management538
The Capability Maturity Model541
Chapter Review542
Chapter 22Privilege Management549
User, Group, and Role Management550
Single Sign-On553
Centralized vs. Decentralized Management554
Auditing (Privilege, Usage, and Escalation)556
Handling Access Control (MAC, DAC, and RBAC)559
Chapter Review561
Chapter 23Computer Forensics569
Evidence570
Collecting Evidence571
Chain of Custody576
Free Space vs. Slack Space576
What's This Message Digest and Hash?577
Analysis578
Chapter Review578
Chapter 24Security and Law587
Import/Export Encryption Restrictions587
Digital Signature Laws590
Digital Rights Management592
Privacy Laws594
Computer Trespass596
Ethics597
Chapter Review598
Appendix AAbout the CD-ROM605
System Requirements605
LearnKey Online Training605
Installing and Running MasterExam605
Help606
Removing Installation(s)606
Technical Support606
Appendix BAbout the Security+ Exam607
SSCP Exam614
SSCP Body of Knowledge615
Glossary619
Index643

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >