Principles of Computer Security: Security+ and Beyond / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 98%)
Other sellers (Hardcover)
  • All (20) from $1.99   
  • New (1) from $135.37   
  • Used (19) from $1.99   

Overview

Ensure Confidentiality, Integrity, and Availability of Information

Learn the essentials of computer and network security while getting complete coverage of all the objectives for CompTIA’s Security+ certification exam. It also covers the ISC2 SSCP certification exam, which focuses on best practices, roles, and responsibilities of security experts. Written and edited by leaders in the IT security field, this text explains the fundamentals of communication, infrastructure, and operational security, and methods for preventing attacks.

Inside this book, you will learn to:

  • Understand security objectives and the role of policy development
  • Use cryptography and public key infrastructure (PKI)
  • Secure remote access, wireless, and virtual private networks (VPNs)
  • Harden network devices, operating systems, and applications
  • Defend against network attacks—denial of service, spoofing, hijacking, and others
  • Combat viruses, worms, Trojan horses, and logic bombs
  • Implement risk, change, and privilege management measures
  • Handle computer forensics and incident response

The CD-ROM features:

  • Security+ MasterExam with hundreds of questions
  • One hour of LearnKey video training (registration required)

About the Series Editor: Corey D. Schou, Ph.D., is the founding director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC), which was designated the National Center of Excellence in Information Assurance Education.

Read More Show Less

Product Details

  • ISBN-13: 9780072255096
  • Publisher: McGraw-Hill Higher Education
  • Publication date: 3/15/2004
  • Edition description: Older Edition
  • Edition number: 1
  • Pages: 800
  • Product dimensions: 7.30 (w) x 9.10 (h) x 1.91 (d)

Meet the Author

Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklin’s interests are information security, systems theory, and secure software design.

Greg White (San Antonio, TX), Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA, and was the author of the first edition of the Security+ All-in-One Exam Guide from McGraw-Hill.

Chuck Cothren is a Research Scientist at University of Texas at San Antonio (UTSA) Center for Infrastructure Assurance and Security (CIAS) and currently serves on the

Information Security Association’s Alamo Chapter Board of Directors. Mr. Cothren has a wide array of security experience including performing controlled penetration testing, network security policies, computer intrusion

forensics, and computer training. He is a Certified Information Systems Security Professional (CISSP) and has co-authored other McGraw-Hill/Osborne titles. Mr. Cothren holds a B.S. in Industrial Distribution from Texas A&M University.

Roger L. Davis is a Senior Internal Audit Manager at NuSkin

Enterprises and is responsible for evaluating global business operations in over 35 countries. He is a retired Air Force Colonel with over 20 years of military and information security experience. Mr. Davis is a Certified

Information Systems Security Professional (CISSP) and holds a Master’s Degree in Computer Science from George Washington University.

Read More Show Less

Table of Contents

Acknowledgments ix
Foreword xxiii
Preface xxvii
Introduction xxix
Chapter 1 Introduction and Security Trends 1
The Security Problem 1
Avenues of Attack 10
Chapter Review 12
Chapter 2 General Security Concepts 19
Basic Security Terminology 19
Security Models 33
Chapter Review 36
Chapter 3 Operational/ Organizational Security 43
Security Operations in Your Organization 43
Physical Security 46
Social Engineering 48
Environment 49
Wireless 54
Electromagnetic Eavesdropping 55
Location 56
Chapter Review 56
Chapter 4 The Role of People in Security 63
People--A Security Problem 63
People as a Security Tool 69
Chapter Review 71
Chapter 5 Cryptography 77
Algorithms 78
Hashing 81
Symmetric Encryption 84
Asymmetric Encryption 94
Usage 98
Chapter Review 101
Chapter 6 Public Key Infrastructure 107
The Basics of Public Key Infrastructures 107
Certificate Authorities 110
Registration Authorities 111
Certificate Repositories 114
Trust and Certificate Verification 115
Digital Certificates 119
Centralized or Decentralized Infrastructures 130
Private Key Protection 132
Public Certificate Authorities 136
In-House Certificate Authorities 137
Outsourced Certificate Authorities 138
Tying Different PKIs Together 139
Certificate Usage 146
Chapter Review 147
Chapter 7 Standards and Protocols 153
PKIX/PKCS 155
X.509 160
SSL/TLS 162
ISAKMP 164
CMP 165
XKMS 166
S/MIME 168
PGP 170
HTTPS 171
IPSec 171
CEP 172
FIPS 172
Common Criteria (CC) 173
WTLS 173
WEP 173
ISO 17799 174
Chapter Review 175
Chapter 8 The Impact of Physical Security on Network Security 181
The Problem 181
Physical Security Safeguards 183
Chapter Review 189
Chapter 9 Network Fundamentals 195
Network Architectures 195
Network Topology 197
Network Protocols 199
Packet Delivery 204
Chapter Review 209
Chapter 10 Infrastructure Security 215
Devices 215
Media 232
Security Concerns for Transmission Media 237
Removable Media 238
Security Topologies 243
Tunneling 249
Chapter Review 250
Chapter 11 Remote Access 257
The Remote Access Process 257
Telnet 260
SSH 260
L2TP and PPTP 261
IEEE 802.11 264
VPN 266
IPSec 267
IEEE 802.1x 273
RADIUS 273
TACACS+ 276
Vulnerabilities 279
Connection Summary 280
Chapter Review 281
Chapter 12 Wireless and Instant Messaging 287
Wireless 287
Instant Messaging 299
Chapter Review 301
Chapter 13 Intrusion Detection Systems 309
History of Intrusion Detection Systems 310
IDS Overview 311
Host-Based Intrusion Detection Systems 312
Network-Based Intrusion Detection Systems 319
Signatures 324
False Positives and Negatives 326
IDS Models 326
Chapter Review 332
Chapter 14 Security Baselines 337
Overview Baselines 337
Password Selection 338
Operating System and Network Operating System Hardening 341
Network Hardening 372
Application Hardening 379
Chapter Review 387
Chapter 15 Attacks and Malware 395
Attacking Computer Systems and Networks 395
Auditing 416
Chapter Review 417
Chapter 16 E-mail 423
Security of E-mail Transmissions 423
Malicious Code 424
Hoax E-mails 426
Unsolicited Commercial E-mail (Spam) 426
Mail Encryption 428
Chapter Review 432
Chapter 17 Web Components 439
Current Web Components and Concerns 440
Protocols 440
Code-Based Vulnerabilities 451
Chapter Review 463
Chapter 18 Software Development 469
The Software Engineering Process 470
Good Practices 476
Chapter Review 477
Chapter 19 Disaster Recovery, Business Continuity, and Organizational Policies 483
Disaster Recovery 483
Policies and Procedures 494
Chapter Review 504
Chapter 20 Risk Management 511
An Overview of Risk Management 511
What Is Risk Management? 513
Business Risks 514
Risk Management Models 515
Qualitatively Assessing Risk 519
Quantitatively Assessing Risk 521
Qualitative vs. Quantitative Risk Assessment 523
Tools 524
Chapter Review 525
Chapter 21 Change Management 533
Why Change Management? 533
The Key Concept: Segregation of Duties 535
Elements of Change Management 536
Implementing Change Management 538
The Capability Maturity Model 541
Chapter Review 542
Chapter 22 Privilege Management 549
User, Group, and Role Management 550
Single Sign-On 553
Centralized vs. Decentralized Management 554
Auditing (Privilege, Usage, and Escalation) 556
Handling Access Control (MAC, DAC, and RBAC) 559
Chapter Review 561
Chapter 23 Computer Forensics 569
Evidence 570
Collecting Evidence 571
Chain of Custody 576
Free Space vs. Slack Space 576
What's This Message Digest and Hash? 577
Analysis 578
Chapter Review 578
Chapter 24 Security and Law 587
Import/Export Encryption Restrictions 587
Digital Signature Laws 590
Digital Rights Management 592
Privacy Laws 594
Computer Trespass 596
Ethics 597
Chapter Review 598
Appendix A About the CD-ROM 605
System Requirements 605
LearnKey Online Training 605
Installing and Running MasterExam 605
Help 606
Removing Installation(s) 606
Technical Support 606
Appendix B About the Security+ Exam 607
SSCP Exam 614
SSCP Body of Knowledge 615
Glossary 619
Index 643
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)