Security in Computing / Edition 4

Hardcover (Print)
Rent
Rent from BN.com
$19.09
(Save 83%)
Est. Return Date: 09/11/2014
Buy Used
Buy Used from BN.com
$67.64
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $14.00
Usually ships in 1-2 business days
(Save 87%)
Other sellers (Hardcover)
  • All (38) from $14.00   
  • New (10) from $63.95   
  • Used (28) from $14.00   

Overview

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition , goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.

New coverage also includes

  • Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
  • Web application threats and vulnerabilities
  • Networks of compromised systems: bots, botnets, and drones
  • Rootkits--including the notorious Sony XCP
  • Wi-Fi network security challenges, standards, and techniques
  • New malicious code attacks, including false interfaces and keystroke loggers
  • Improving code quality: software engineering, testing, and liability approaches
  • Biometric authentication: capabilities and limitations
  • Using the Advanced Encryption System (AES) more effectively
  • Balancing dissemination with piracy control in music and other digital content
  • Countering new cryptanalytic attacks against RSA, DES, and SHA
  • Responding to the emergence of organized attacker groups pursuing profit
Read More Show Less

Editorial Reviews

Booknews
Covers all aspects of security in computing, including viruses, worms, Trojan horses, and other forms of malicious code; firewalls and the protection of networked systems; e-mail privacy, including PEM, PGP, key management, and certificates; key escrow--both as a technology and in the "Clipper" program; evaluation of trusted systems, including the Common Criteria, the ITSEC, and the OrangeBook; standards for program development and quality, including ISO9000; secure installations of PCs, UNIX, and networked environments; and ethical and legal issues in computing. Annotation c. Book News, Inc., Portland, OR booknews.com
Read More Show Less

Product Details

  • ISBN-13: 9780132390774
  • Publisher: Prentice Hall
  • Publication date: 10/27/2006
  • Edition description: REV
  • Edition number: 4
  • Pages: 880
  • Sales rank: 630,599
  • Product dimensions: 7.35 (w) x 9.53 (h) x 1.90 (d)

Meet the Author

Charles P. Pfleeger is an independent information security consultant and principal of the Pfleeger Consulting Group. He specializes in threat/vulnerability analysis, system design review, certification preparation, expert witness testimony, and training.

Shari Lawrence Pfleeger, a senior information scientist at the RAND Corporation, has written ten books on software engineering, measurement, and quality, including Software Engineering: Theory and Practice, Third Edition (Prentice Hall, 2006). She was named one of the world's top software engineering researchers by the Journal of Systems and Software.

Read More Show Less

Read an Excerpt

Every day, the news media give more and more visibility to the effects of computer security on our daily lives. For example, on a single day in June 2006, the Washington Post included three important articles about security. On the front page, one article discussed the loss of a laptop computer containing personal data on 26.5 million veterans. A second article, on the front page of the business section, described Microsoft's new product suite to combat malicious code, spying, and unsecured vulnerabilities in its operating system. Further back, a third article reported on a major consumer electronics retailer that inadvertently installed software on its customers' computers, making them part of a web of compromised slave computers. The sad fact is that news like this appears almost every day, and has done so for a number of years. There is no end in sight.

Even though the language of computer security—terms such as virus, Trojan horse, phishing, spyware—is common, the application of solutions to computer security problems is uncommon. Moreover, new attacks are clever applications of old problems. The pressure to get a new product or new release to market still in many cases overrides security requirements for careful study of potential vulnerabilities and countermeasures. Finally, many people are in denial, blissfully ignoring the serious harm that insecure computing can cause.

Why Read This Book?

Admit it. You know computing entails serious risks to the privacy and integrity of your data, or the operation of your computer. Risk is a fact of life: Crossing the street is risky, perhaps more so in some places than others, but you still cross the street. As a child you learned to stop and look both ways before crossing. As you became older you learned to gauge the speed of oncoming traffic and determine whether you had the time to cross. At some point you developed a sense of whether an oncoming car would slow down or yield. We hope you never had to practice this, but sometimes you have to decide whether darting into the street without looking is the best means of escaping danger. The point is all these matters depend on knowledge and experience. We want to help you develop the same knowledge and experience with respect to the risks of secure computing.

How do you control the risk of computer security?

  • Learn about the threats to computer security.
  • Understand what causes these threats by studying how vulnerabilities arise in the development and use of computer systems.
  • Survey the controls that can reduce or block these threats.
  • Develop a computing style—as a user, developer, manager, consumer, and voter—that balances security and risk.

The field of computer security changes rapidly, but the underlying problems remain largely unchanged. In this book you will find a progression that shows you how current complex attacks are often instances of more fundamental concepts.

Users and Uses of This Book

This book is intended for the study of computer security. Many of you want to study this topic: college and university students, computing professionals, managers, and users of all kinds of computer-based systems. All want to know the same thing: how to control the risk of computer security. But you may differ in how much information you need about particular topics: Some want a broad survey, while others want to focus on particular topics, such as networks or program development.

This book should provide the breadth and depth that most readers want. The book is organized by general area of computing, so that readers with particular interests can find information easily. The chapters of this book progress in an orderly manner, from general security concerns to the particular needs of specialized applications, and finally to overarching management and legal issues. Thus, the book covers five key areas of interest:

  • introduction: threats, vulnerabilities, and controls
  • encryption: the "Swiss army knife" of security controls
  • code: security in programs, including applications, operating systems, database management systems, and networks
  • management: building and administering a computing installation, from one computer to thousands, and understanding the economics of cybersecurity
  • law, privacy, ethics: non-technical approaches by which society controls computer security risks

These areas are not equal in size; for example, more than half the book is devoted to code because so much of the risk is at least partly caused by program code that executes on computers.

The first chapter introduces the concepts and basic vocabulary of computer security. Studying the second chapter provides an understanding of what encryption is and how it can be used or misused. Just as a driver's manual does not address how to design or build a car, Chapter 2 is not for designers of new encryption schemes, but rather for users of encryption. Chapters 3 through 7 cover successively larger pieces of software: individual programs, operating systems, complex applications like database management systems, and finally networks, which are distributed complex systems. Chapter 8 discusses managing and administering security, and describes how to find an acceptable balance between threats and controls. Chapter 9 addresses an important management issue by exploring the economics of cybersecurity: understanding and communicating the costs and benefits. In Chapter 10 we turn to the personal side of computer security as we consider how security, or its lack, affects personal privacy. Chapter 11 covers the way society at large addresses computer security, through its laws and ethical systems. Finally, Chapter 12 returns to cryptography, this time to look at the details of the encryption algorithms themselves.

Within that organization, you can move about, picking and choosing topics of particular interest. Everyone should read Chapter 1 to build a vocabulary and a foundation. It is wise to read Chapter 2 because cryptography appears in so many different control techniques. Although there is a general progression from small programs to large and complex networks, you can in fact read Chapters 3 through 7 out of sequence or pick topics of greatest interest. Chapters 8 and 9 may be just right for the professional looking for non-technical controls to complement the technical ones of the earlier chapters. These chapters may also be important for the computer science student who wants to look beyond a narrow view of bytes and protocols. We recommend Chapters 10 and 11 for everyone, because those chapters deal with the human aspects of security: privacy, laws, and ethics. All computing is ultimately done to benefit humans, and so we present personal risks and approaches to computing. Chapter 12 is for people who want to understand some of the underlying mathematics and logic of cryptography.

What background should you have to appreciate this book? The only assumption is an understanding of programming and computer systems. Someone who is an advanced undergraduate or graduate student in computer science certainly has that background, as does a professional designer or developer of computer systems. A user who wants to understand more about how programs work can learn from this book, too; we provide the necessary background on concepts of operating systems or networks, for example, before we address the related security concerns.

This book can be used as a textbook in a one- or two-semester course in computer security. The book functions equally well as a reference for a computer professional or as a supplement to an intensive training course. And the index and extensive bibliography make it useful as a handbook to explain significant topics and point to key articles in the literature. The book has been used in classes throughout the world; instructors often design one-semester courses that focus on topics of particular interest to the students or that relate well to the rest of a curriculum.

What Is New In This Book?

This is the fourth edition of Security in Computing, first published in 1989. Since then, the specific threats, vulnerabilities, and controls have changed, even though many of the basic notions have remained the same.

The two changes most obvious to people familiar with the previous editions are the additions of two new chapters, on the economics of cybersecurity and privacy. These two areas are receiving more attention both in the computer security community and in the rest of the user population.

But this revision touched every existing chapter as well. The threats and vulnerabilities of computing systems have not stood still since the previous edition in 2003, and so we present new information on threats and controls of many types. Change include:

  • the shift from individual hackers working for personal reasons to organized attacker groups working for financial gain
  • programming flaws leading to security failures, highlighting man-in-the-middle, timing, and privilege escalation errors
  • recent malicious code attacks, such as false interfaces and keystroke loggers
  • approaches to code quality, including software engineering, testing, and liability approaches
  • rootkits, including ones from unexpected sources
  • web applications' threats and vulnerabilities
  • privacy issues in data mining
  • WiFi network security
  • cryptanalytic attacks on popular algorithms, such as RSA, DES, and SHA, and recommendations for more secure use of these
  • bots, botnets, and drones, making up networks of compromised systems
  • update to the Advanced Encryption System (AES) with experience from its first several years of its use
  • the divide between sound authentication approaches and users' actions
  • biometric authentication capabilities and limitations
  • the conflict between efficient production and use of digital content (e.g., music and videos) and control of piracy

In addition to these major changes, there are numerous small corrective and clarifying ones, ranging from wording and notational changes for pedagogic reasons to replacement, deletion, rearrangement, and expansion of sections.

Read More Show Less

Table of Contents

Foreword xix
Preface xxv
Chapter 1: Is There a Security Problem in Computing? 1

1.1 What Does "Secure" Mean? 1
1.2 Attacks 5
1.3 The Meaning of Computer Security 9
1.4 Computer Criminals 21
1.5 Methods of Defense 23
1.6 What's Next 30
1.7 Summary 32
1.8 Terms and Concepts 32
1.9 Where the Field Is Headed 33
1.10 To Learn More 34
1.11 Exercises 34

Chapter 2: Elementary Cryptography 37

2.1 Terminology and Background 38
2.2 Substitution Ciphers 44
2.3 Transpositions (Permutations) 55
2.4 Making "Good" Encryption Algorithms 59
2.5 The Data Encryption Standard 68
2.6 The AES Encryption Algorithm 72
2.7 Public Key Encryption 75
2.8 The Uses of Encryption 79
2.9 Summary of Encryption 91
2.10 Terms and Concepts 92
2.11 Where the Field Is Headed 93
2.12 To Learn More 94
2.13 Exercises 94

Chapter 3 Program Security 98

3.1 Secure Programs 99
3.2 Nonmalicious Program Errors 103
3.3 Viruses and Other Malicious Code 111
3.4 Targeted Malicious Code 141
3.5 Controls Against Program Threats 160
3.6 Summary of Program Threats and Controls 181
3.7 Terms and Concepts 182
3.8 Where the Field Is Headed 183
3.9 To Learn More 185
3.10 Exercises 185

Chapter 4 Protection in General-Purpose Operating Systems 188

4.1 Protected Objects and Methods of Protection 189
4.2 Memory and Address Protection 193
4.3 Control of Access to General Objects 204
4.4 File Protection Mechanisms 215
4.5 User Authentication 219
4.6 Summary of Security for Users 236
4.7 Terms and Concepts 237
4.8 Where the Field Is Headed 238
4.9 To Learn More 239
4.10 Exercises 239

Chapter 5 Designing Trusted Operating Systems 242

5.1 What Is a Trusted System? 243
5.2 Security Policies 245
5.3 Models of Security 252
5.4 Trusted Operating System Design 264
5.5 Assurance in Trusted Operating Systems 287
5.6 Summary of Security in Operating Systems 312
5.7 Terms and Concepts 313
5.8 Where the Field Is Headed 315
5.9 To Learn More 315
5.10 Exercises 316

Chapter 6 Database and Data Mining Security 318

6.1 Introduction to Databases 319
6.2 Security Requirements 324
6.3 Reliability and Integrity 329
6.4 Sensitive Data 335
6.5 Inference 341
6.6 Multilevel Databases 351
6.7 Proposals for Multilevel Security 356
6.8 Data Mining 367
6.9 Summary of Database Security 371
6.10 Terms and Concepts 371
6.11 Where the Field Is Headed 372
6.12 To Learn More 373
6.13 Exercises 373

Chapter 7 Security in Networks 376

7.1 Network Concepts 377
7.2 Threats in Networks 396
7.3 Network Security Controls 440
7.4 Firewalls 474
7.5 Intrusion Detection Systems 484
7.6 Secure E-mail 490
7.7 Summary of Network Security 496
7.8 Terms and Concepts 498
7.9 Where the Field Is Headed 500
7.10 To Learn More 502
7.11 Exercises 502

Chapter 8 Administering Security 508

8.1 Security Planning 509
8.2 Risk Analysis 524
8.3 Organizational Security Policies 547
8.4 Physical Security 556
8.5 Summary 566
8.6 Terms and Concepts 567
8.7 To Learn More 568
8.8 Exercises 569

Chapter 9 The Economics of Cybersecurity 571

9.1 Making a Business Case 572
9.2 Quantifying Security 578
9.3 Modeling Cybersecurity 589
9.5 Summary 599
9.6 Terms and Concepts 600
9.7 To Learn More 601
9.8 Exercises 601

Chapter 10 Privacy in Computing 603

10.1 Privacy Concepts 604
10.2 Privacy Principles and Policies 608
10.3 Authentication and Privacy 619
10.4 Data Mining 623
10.5 Privacy on the Web 626
10.6 E-mail Security 635
10.7 Impacts on Emerging Technologies 638
10.8 Summary 643
10.9 Terms and Concepts 643
10.10 Where the Field Is Headed 645
10.11 To Learn More 645
10.12 Exercises 646

Chapter 11 Legal and Ethical Issues in Computer Security 647

11.1 Protecting Programs and Data 649
11.2 Information and the Law 663
11.3 Rights of Employees and Employers 670
11.4 Redress for Software Failures 673
11.5 Computer Crime 679
11.6 Ethical Issues in Computer Security 692
11.7 Case Studies of Ethics 698
11.8 Terms and Concepts 714
11.9 To Learn More 714
11.10 Exercises 715

Chapter 12 Cryptography Explained 717

12.1 Mathematics for Cryptography 718
12.2 Symmetric Encryption 730
12.3 Public Key Encryption Systems 757
12.4 Quantum Cryptography 774
12.5 Summary of Encryption 778
12.6 Terms and Concepts 778
12.7 Where the Field Is Headed 779
12.8 To Learn More 779
12.9 Exercises 779

Bibliography 782
Index 815

Read More Show Less

Preface

Every day, the news media give more and more visibility to the effects of computer security on our daily lives. For example, on a single day in June 2006, the Washington Post included three important articles about security. On the front page, one article discussed the loss of a laptop computer containing personal data on 26.5 million veterans. A second article, on the front page of the business section, described Microsoft's new product suite to combat malicious code, spying, and unsecured vulnerabilities in its operating system. Further back, a third article reported on a major consumer electronics retailer that inadvertently installed software on its customers' computers, making them part of a web of compromised slave computers. The sad fact is that news like this appears almost every day, and has done so for a number of years. There is no end in sight.

Even though the language of computer security--terms such as virus, Trojan horse, phishing, spyware--is common, the application of solutions to computer security problems is uncommon. Moreover, new attacks are clever applications of old problems. The pressure to get a new product or new release to market still in many cases overrides security requirements for careful study of potential vulnerabilities and countermeasures. Finally, many people are in denial, blissfully ignoring the serious harm that insecure computing can cause.

Why Read This Book?

Admit it. You know computing entails serious risks to the privacy and integrity of your data, or the operation of your computer. Risk is a fact of life: Crossing the street is risky, perhaps more so in some places than others, but you still cross the street. As a child you learned to stop and look both ways before crossing. As you became older you learned to gauge the speed of oncoming traffic and determine whether you had the time to cross. At some point you developed a sense of whether an oncoming car would slow down or yield. We hope you never had to practice this, but sometimes you have to decide whether darting into the street without looking is the best means of escaping danger. The point is all these matters depend on knowledge and experience. We want to help you develop the same knowledge and experience with respect to the risks of secure computing.

How do you control the risk of computer security?

  • Learn about the threats to computer security.
  • Understand what causes these threats by studying how vulnerabilities arise in the development and use of computer systems.
  • Survey the controls that can reduce or block these threats.
  • Develop a computing style--as a user, developer, manager, consumer, and voter--that balances security and risk.

The field of computer security changes rapidly, but the underlying problems remain largely unchanged. In this book you will find a progression that shows you how current complex attacks are often instances of more fundamental concepts.

Users and Uses of This Book

This book is intended for the study of computer security. Many of you want to study this topic: college and university students, computing professionals, managers, and users of all kinds of computer-based systems. All want to know the same thing: how to control the risk of computer security. But you may differ in how much information you need about particular topics: Some want a broad survey, while others want to focus on particular topics, such as networks or program development.

This book should provide the breadth and depth that most readers want. The book is organized by general area of computing, so that readers with particular interests can find information easily. The chapters of this book progress in an orderly manner, from general security concerns to the particular needs of specialized applications, and finally to overarching management and legal issues. Thus, the book covers five key areas of interest:

  • introduction: threats, vulnerabilities, and controls
  • encryption: the "Swiss army knife" of security controls
  • code: security in programs, including applications, operating systems, database management systems, and networks
  • management: building and administering a computing installation, from one computer to thousands, and understanding the economics of cybersecurity
  • law, privacy, ethics: non-technical approaches by which society controls computer security risks

These areas are not equal in size; for example, more than half the book is devoted to code because so much of the risk is at least partly caused by program code that executes on computers.

The first chapter introduces the concepts and basic vocabulary of computer security. Studying the second chapter provides an understanding of what encryption is and how it can be used or misused. Just as a driver's manual does not address how to design or build a car, Chapter 2 is not for designers of new encryption schemes, but rather for users of encryption. Chapters 3 through 7 cover successively larger pieces of software: individual programs, operating systems, complex applications like database management systems, and finally networks, which are distributed complex systems. Chapter 8 discusses managing and administering security, and describes how to find an acceptable balance between threats and controls. Chapter 9 addresses an important management issue by exploring the economics of cybersecurity: understanding and communicating the costs and benefits. In Chapter 10 we turn to the personal side of computer security as we consider how security, or its lack, affects personal privacy. Chapter 11 covers the way society at large addresses computer security, through its laws and ethical systems. Finally, Chapter 12 returns to cryptography, this time to look at the details of the encryption algorithms themselves.

Within that organization, you can move about, picking and choosing topics of particular interest. Everyone should read Chapter 1 to build a vocabulary and a foundation. It is wise to read Chapter 2 because cryptography appears in so many different control techniques. Although there is a general progression from small programs to large and complex networks, you can in fact read Chapters 3 through 7 out of sequence or pick topics of greatest interest. Chapters 8 and 9 may be just right for the professional looking for non-technical controls to complement the technical ones of the earlier chapters. These chapters may also be important for the computer science student who wants to look beyond a narrow view of bytes and protocols. We recommend Chapters 10 and 11 for everyone, because those chapters deal with the human aspects of security: privacy, laws, and ethics. All computing is ultimately done to benefit humans, and so we present personal risks and approaches to computing. Chapter 12 is for people who want to understand some of the underlying mathematics and logic of cryptography.

What background should you have to appreciate this book? The only assumption is an understanding of programming and computer systems. Someone who is an advanced undergraduate or graduate student in computer science certainly has that background, as does a professional designer or developer of computer systems. A user who wants to understand more about how programs work can learn from this book, too; we provide the necessary background on concepts of operating systems or networks, for example, before we address the related security concerns.

This book can be used as a textbook in a one- or two-semester course in computer security. The book functions equally well as a reference for a computer professional or as a supplement to an intensive training course. And the index and extensive bibliography make it useful as a handbook to explain significant topics and point to key articles in the literature. The book has been used in classes throughout the world; instructors often design one-semester courses that focus on topics of particular interest to the students or that relate well to the rest of a curriculum.

What Is New In This Book?

This is the fourth edition of Security in Computing, first published in 1989. Since then, the specific threats, vulnerabilities, and controls have changed, even though many of the basic notions have remained the same.

The two changes most obvious to people familiar with the previous editions are the additions of two new chapters, on the economics of cybersecurity and privacy. These two areas are receiving more attention both in the computer security community and in the rest of the user population.

But this revision touched every existing chapter as well. The threats and vulnerabilities of computing systems have not stood still since the previous edition in 2003, and so we present new information on threats and controls of many types. Change include:

  • the shift from individual hackers working for personal reasons to organized attacker groups working for financial gain
  • programming flaws leading to security failures, highlighting man-in-the-middle, timing, and privilege escalation errors
  • recent malicious code attacks, such as false interfaces and keystroke loggers
  • approaches to code quality, including software engineering, testing, and liability approaches
  • rootkits, including ones from unexpected sources
  • web applications' threats and vulnerabilities
  • privacy issues in data mining
  • WiFi network security
  • cryptanalytic attacks on popular algorithms, such as RSA, DES, and SHA, and recommendations for more secure use of these
  • bots, botnets, and drones, making up networks of compromised systems
  • update to the Advanced Encryption System (AES) with experience from its first several years of its use
  • the divide between sound authentication approaches and users' actions
  • biometric authentication capabilities and limitations
  • the conflict between efficient production and use of digital content (e.g., music and videos) and control of piracy

In addition to these major changes, there are numerous small corrective and clarifying ones, ranging from wording and notational changes for pedagogic reasons to replacement, deletion, rearrangement, and expansion of sections.

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted October 27, 2006

    accessible to a general IT audience

    [A review of the 4th Edition, that was published in October 2006.] I would compare this book to Matt Bishop's 'Introduction to Computer Security'. The latter is far more mathematical. Probably too much so for the typical sysadmin who is looking to defend her computers and network. Bishop's book is perhaps best suited to someone who wants to deeply understand cryptosystems and malware, and who might want to design a new cryptosystem or a malware detector. Whereas the Pfleeger book does not stress mathematical formalism at all. Much easier for a broader IT audience to understand. For a sysadmin, programmer, or an IT manager. All you need is some general background in computing, and much of the book will be very intelligible. For cryptography, there are 2 chapters, that give a quick overview of symmetric and public key systems. At the schematic level, with few equations. The seminal RSA algorithm is explained. The second cryptography chapter is actually the book's last chapter. Appropriate, because it is the most mathematical section of the text. It includes a nice Figure 12-3, that is an especially clear schematic of the hierarchies of complexity classes. It should make apparent the distinction between NP and P(olynomial) complete problems. There is a wide survey of malware. For viruses, there are qualitative explanations of how viruses can infect code. The level of detail is not that of more specialised books that focus just on viruses. The text does not give you enough to detect or write a virus. But you can understand how they work, at a level adequate for a sysadmin, say. In other words, if you have computers to defend, and you need to choose between various tools for detection, the book gives you enough education to rationally understand the differences between the methods of those tools. At least to the extent that the toolmakers offer such information, and that it is accurate.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)