Foreword xix
Preface xxv
Acknowledgments xxxi
About the Authors xxxiii
Chapter 1: Introduction 1
1.1 What Is Computer Security? 2
1.2 Threats 6
1.3 Harm 21
1.4 Vulnerabilities 28
1.5 Controls 28
1.6 Conclusion 31
1.7 What’s Next? 32
1.8 Exercises 34
Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 36
2.1 Authentication 38
2.2 Access Control 72
2.3 Cryptography 86
2.4 Exercises 127
Chapter 3: Programs and Programming 131
3.1 Unintentional (Nonmalicious) Programming Oversights 133
3.2 Malicious Code—Malware 166
3.3 Countermeasures 196
Chapter 4: The Web—User Side 232
4.1 Browser Attacks 234
4.2 Web Attacks Targeting Users 245
4.3 Obtaining User or Website Data 260
4.4 Email Attacks 267
4.5 Conclusion 277
4.6 Exercises 278
Chapter 5: Operating Systems 280
5.1 Security in Operating Systems 280
5.2 Security in the Design of Operating Systems 308
5.3 Rootkit 329
5.4 Conclusion 338
5.5 Exercises 339
Chapter 6: Networks 341
6.1 Network Concepts 342
Part I—War on Networks: Network Security Attacks 353
6.2 Threats to Network Communications 354
6.3 Wireless Network Security 374
6.4 Denial of Service 396
6.5 Distributed Denial-of-Service 421
Part II—Strategic Defenses: Security Countermeasures 432
6.6 Cryptography in Network Security 432
6.7 Firewalls 451
6.8 Intrusion Detection and Prevention Systems 474
6.9 Network Management 489
6.10 Conclusion 496
6.11 Exercises 496
Chapter 7: Databases 501
7.1 Introduction to Databases 502
7.2 Security Requirements of Databases 507
7.3 Reliability and Integrity 513
7.4 Database Disclosure 518
7.5 Data Mining and Big Data 535
7.6 Conclusion 549
Chapter 8: Cloud Computing 551
8.1 Cloud Computing Concepts 551
8.2 Moving to the Cloud 553
8.3 Cloud Security Tools and Techniques 560
8.4 Cloud Identity Management 568
8.5 Securing IaaS 579
8.6 Conclusion 583
8.7 Exercises 584
Chapter 9: Privacy 586
9.1 Privacy Concepts 587
9.2 Privacy Principles and Policies 596
9.3 Authentication and Privacy 610
9.4 Data Mining 616
9.5 Privacy on the Web 619
9.6 Email Security 632
9.7 Privacy Impacts of Emerging Technologies 636
9.8 Where the Field Is Headed 644
9.9 Conclusion 645
9.10 Exercises 645
Chapter 10: Management and Incidents 647
10.1 Security Planning 647
10.2 Business Continuity Planning 658
10.3 Handling Incidents 662
10.4 Risk Analysis 668
10.5 Dealing with Disaster 686
10.6 Conclusion 699
10.7 Exercises 700
Chapter 11: Legal Issues and Ethics 702
11.1 Protecting Programs and Data 704
11.2 Information and the Law 717
11.3 Rights of Employees and Employers 725
11.4 Redress for Software Failures 728
11.5 Computer Crime 733
11.6 Ethical Issues in Computer Security 744
11.7 Incident Analysis with Ethics 750
Chapter 12: Details of Cryptography 768
12.1 Cryptology 769
12.2 Symmetric Encryption Algorithms 779
12.3 Asymmetric Encryption with RSA 795
12.4 Message Digests 799
12.5 Digital Signatures 802
12.6 Quantum Cryptography 807
12.7 Conclusion 811
Chapter 13: Emerging Topics 813
13.1 The Internet of Things 814
13.2 Economics 821
13.3 Electronic Voting 834
13.4 Cyber Warfare 841
13.5 Conclusion 850
Bibliography 851
Index 877
Available for purchase from all major ebook resellers, including InformIT.com