Computer Security Fundamentals, 4th edition
Choose the option that's right for you
Single
$9.99 / mo
4-month minimum term for $39.96
- Access this eText title
- Up to 2 devices
- Discounted tutor access
Multi
$14.99 / mo
4-month minimum term for $59.96
- Access over 1,500 titles
- Up to 2 devices
- Discounted tutor access
Learn more, spend less
-
Learn anytime, anywhere
Get the app to access your eText whenever you need it
-
Make it your own
Your notes. Your highlights. Your eText
-
Find it fast
Quickly navigate your eText with search
-
Stay organized
Access all your eTexts in one place
-
Easily continue access
Keep learning with auto-renew
Overview
Clearly explains core concepts, terminology, challenges, technologies, and skills
Covers today’s latest attacks and countermeasures
The perfect beginner’s guide for anyone interested in a computer security career
Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started.
Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.
This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned.
Whether you’re a student, a professional, or a manager, this guide will help you protect your assets—and expand your career options.
LEARN HOW TO
- Identify and prioritize potential threats to your network
- Use basic networking knowledge to improve security
- Get inside the minds of hackers, so you can deter their attacks
- Implement a proven layered approach to network security
- Resist modern social engineering attacks
- Defend against today’s most common Denial of Service (DoS) attacks
- Halt viruses, spyware, worms, Trojans, and other malware
- Prevent problems arising from malfeasance or ignorance
- Choose the best encryption methods for your organization
- Compare security technologies, including the latest security appliances
- Implement security policies that will work in your environment
- Scan your network for vulnerabilities
- Evaluate potential security consultants
- Master basic computer forensics and know what to do if you’re attacked
- Learn how cyberterrorism and information warfare are evolving
Published by Pearson IT Certification (July 14th 2021) - Copyright © 2020
ISBN-13: 9780137459674
Subject: IT Professional
Category: Certification
Table of contents
Introduction xxvi
Chapter 1: Introduction to Computer Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How Seriously Should You Take Threats to Network Security? . . . . . . . . . 4
Identifying Types of Threats . . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing the Likelihood of an Attack on Your Network . . . . . . . . . . . . 16
Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . 16
Concepts and Approaches . . . . . . . . . . . . . . . . . . . . . . . . 19
How Do Legal Issues Impact Network Security? . . . . . . . . . . . . . . . 22
Online Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 23
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Networks and the Internet 32
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
How the Internet Works . . . . . . . . . . . . . . . . . . . . . . . . . 40
History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 49
Other Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 55
Advanced Network Communications Topics . . . . . . . . . . . . . . . . 56
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Chapter 3: Cyber Stalking, Fraud, and Abuse 66
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
How Internet Fraud Works . . . . . . . . . . . . . . . . . . . . . . . . 67
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Cyber Stalking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 4: Denial of Service Attacks 96
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . . 99
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 102
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . . . 109
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . . 111
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 5: Malware 120
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
The Buffer-Overflow Attack . . . . . . . . . . . . . . . . . . . . . . . 132
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Other Forms of Malware . . . . . . . . . . . . . . . . . . . . . . . . 137
Detecting and Eliminating Viruses and Spyware . . . . . . . . . . . . . . 140
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 6: Techniques Used by Hackers 152
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
The Reconnaissance Phase . . . . . . . . . . . . . . . . . . . . . . . 153
Actual Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Malware Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 171
The Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Chapter 7: Industrial Espionage in Cyberspace 182
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
What Is Industrial Espionage? . . . . . . . . . . . . . . . . . . . . . . 183
Information as an Asset . . . . . . . . . . . . . . . . . . . . . . . . 184
Real-World Examples of Industrial Espionage . . . . . . . . . . . . . . . 187
How Does Espionage Occur? . . . . . . . . . . . . . . . . . . . . . . 189
Low-Tech Industrial Espionage . . . . . . . . . . . . . . . . 189
Spyware Used in Industrial Espionage . . . . . . . . . . . . . 193
Steganography Used in Industrial Espionage . . . . . . . . . . . 193
Phone Taps and Bugs . . . . . . . . . . . . . . . . . . . . 194
Protecting Against Industrial Espionage . . . . . . . . . . . . . . . . . . 194
The Industrial Espionage Act . . . . . . . . . . . . . . . . . . . . . . 197
Spear Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chapter 8: Encryption 206
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Cryptography Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 207
History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Modern Cryptography Methods . . . . . . . . . . . . . . . . . . . . . 216
Public Key (Asymmetric) Encryption . . . . . . . . . . . . . . . . . . . 223
PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Legitimate Versus Fraudulent Encryption Methods . . . . . . . . . . . . . 229
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
MAC and HMAC . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Cryptography Used on the Internet . . . . . . . . . . . . . . . . . . . . 236
Quantum Computing Cryptography . . . . . . . . . . . . . . . . . . . 237
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Chapter 9: Computer Security Technology 244
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 268
Wi-Fi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Chapter 10: Security Policies 278
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . 280
Defining System Administration Policies . . . . . . . . . . . . . . . . . . 287
New Employees . . . . . . . . . . . . . . . . . . . . . . . 287
Departing Employees . . . . . . . . . . . . . . . . . . . . 287
Change Requests . . . . . . . . . . . . . . . . . . . . . . 288
Security Breaches . . . . . . . . . . . . . . . . . . . . . . 290
Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 290
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . 291
Intrusion by a Hacker . . . . . . . . . . . . . . . . . . . . 291
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . 292
Development Policies . . . . . . . . . . . . . . . . . . . . . . . . . 293
Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . . . . 294
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Important Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Chapter 11: Network Scanning and Vulnerability Scanning 306
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Basics of Assessing a System . . . . . . . . . . . . . . . . . . . . . . 307
Securing Computer Systems . . . . . . . . . . . . . . . . . . . . . . 315
Scanning Your Network . . . . . . . . . . . . . . . . . . . . . . . . 321
Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . 330
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Chapter 12: Cyber Terrorism and Information Warfare 342
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Actual Cases of Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 343
Weapons of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . 345
Economic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Military Operations Attacks . . . . . . . . . . . . . . . . . . . . . . . 350
General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Supervisory Control and Data Acquisitions (SCADA) . . . . . . . . . . . . . 351
Information Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Future Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Defense Against Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 362
Terrorist Recruiting and Communication . . . . . . . . . . . . . . . . . . 362
TOR and the Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . 363
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Chapter 13: Cyber Detective 370
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
General Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Court Records and Criminal Checks . . . . . . . . . . . . . . . . . . . 375
Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Chapter 14: Introduction to Forensics 386
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . 397
Finding Evidence in System Logs . . . . . . . . . . . . . . . . . . . . 398
Getting Back Deleted Files . . . . . . . . . . . . . . . . . . . . . . . 399
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . 402
The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . 404
Mobile Forensics: Cell Phone Concepts . . . . . . . . . . . . . . . . . . 408
The Need for Forensic Certification . . . . . . . . . . . . . . . . . . . . 413
Expert Witnesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Additional Types of Forensics . . . . . . . . . . . . . . . . . . . . . . 415
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 15: Cybersecurity Engineering 422
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Defining Cybersecurity Engineering . . . . . . . . . . . . . . . . . . . . 423
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Glossary 442
Appendix A: Resources 448
Appendix B: Answers to the Multiple Choice Questions 450
9780135774779, TOC, 8/15/19
Your questions answered
Introducing Pearson+. Reimagined learning, designed for you. Choose from one eText or over 1,500 eTexts and study tools, all in one place, for one low monthly subscription. A new way to buy books that fits your budget. Make the most of your study time with offline access, enhanced search, notes and flashcards — to get organized, get the work done quicker and get results. Plus, with the app, put textbooks in your pocket and learn wherever. It's time to upgrade the textbook and simplify learning, so you can have time to live too.
Pearson eText is an easy-to-use digital textbook available from Pearson+. Make it your own by adding notes and highlights. Download the Pearson+ mobile app to learn on the go, even offline. Listen on the go with our new audiobook feature, available for most titles.
When you choose a plan, you're signing up for a 4-month 'term'. We will charge your payment method each month until your 4-month term has ended. You can turn on auto-renew in My account at any time to continue your subscription before your 4-month term has ended.
When you purchase a Pearson+ subscription, it will last 4 months. Before your initial 4-month term ends, you can extend your subscription by turning auto-renew on in My account. If you turn auto-renew on, we’ll automatically renew your subscription and charge you every month until you turn off auto-renew.
To avoid the next payment charge, make sure you turn auto renewal off 1 day before the auto renewal date. You can subscribe again after auto-renew has been turned off by purchasing another Pearson+ subscription. We use your credit card to renew your subscription automatically. To make sure your learning is uninterrupted, please check your card details before your first monthly payment.
With a Multi Pearson+ subscription plan, you can download up to 5 titles on the Pearson+ app from My list on each of your authorized devices every month.
When you're using your Multi Pearson+ subscription plan in a browser, you can select and read from as many titles as you like.