Analyzing Computer Security: A Threat / Vulnerability / Countmeasure Approach (inbunden)
Fler böcker inom
Format
Inbunden (Hardback)
Språk
Engelska
Antal sidor
688
Utgivningsdatum
2011-09-30
Upplaga
1
Förlag
PRENTICE-HALL
Medarbetare
Pfleeger, Shari Lawrence
Illustrationer
illustrations
Dimensioner
241 x 190 x 38 mm
Vikt
1179 g
Antal komponenter
1
ISBN
9780132789462
Analyzing Computer Security: A Threat / Vulnerability / Countmeasure Approach (inbunden)

Analyzing Computer Security: A Threat / Vulnerability / Countmeasure Approach

A Threat / Vulnerability / Countermeasure Approach

Inbunden Engelska, 2011-09-30
1419
Skickas inom 3-6 vardagar.
Fri frakt inom Sverige för privatpersoner.
Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around todays key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer securityso you can prevent serious problems and mitigate those that still occur.

Security in Computing, Fourth Editionteach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and showing how to choose and apply the right protections.

  • Visa hela texten

Passar bra ihop

  1. Analyzing Computer Security: A Threat / Vulnerability / Countmeasure Approach
  2. +
  3. Solid Software

De som köpt den här boken har ofta också köpt Solid Software av Shari Lawrence Pfleeger (häftad).

Köp båda 2 för 2188 kr

Kundrecensioner

Har du läst boken? Sätt ditt betyg »

Recensioner i media

This is a must-read book for any budding Security Architect and also makes a great professional reference. Id recommend this book to any IT architect or specialist wishing to enter the field of security architectures, as well as to anyone who already has that title and wants a good quality reference book.-John Hughes, InfoSec Reviews

Bloggat om Analyzing Computer Security: A Threat / V...

Övrig information

Charles P. Pfleeger is an independent consultant with the Pfleeger Consulting Group, specializing in computer and information system security. Among his responsibilities are threat and vulnerability analysis, risk analysis, system security design and review, certification preparation, training, expert testimony and general security advice. Dr. Pfleeger was chair of the IEEE Computer Society Technical Committee on Security and Privacy from 1997-1999 and has been a member of the executive council of that committee since 1995. He is on the board of reviewers for Computers and Security, and was a member of the editorial board of IEEE Security and Privacy, and the board of advisors for OWASP, the Open Web Application Security Project. Dr. Pfleeger has lectured throughout the world and published numerous papers and books. Shari Lawrence Pfleeger is the Research Director for Dartmouth College's Institute for Information Infrastructure Protection, a consortium of leading universities, national laboratories and nonprofit institutions dedicated to strengthening the U.S. cyber infrastructure. She joined the I3P after serving for nine years as a senior researcher at the RAND Corporation, where she focused on software quality and cyber security. Named repeatedly by the Journal of Systems and Software as one of the world's top software engineering researchers, Shari is the author of more than one hundred articles and many books.

Innehållsförteckning

Preface

 

Chapter 1: Security Blanket or Security Theater?

How Dependent Are We on Computers?

What is Computer Security?

Threats

Harm

Vulnerabilities

Controls

Analyzing Security Using Examples

Conclusion

Exercises

 

Chapter 2: Knock, Knock. Whos There?

Attack: Impersonation

Attack Detail: Failed Authentication

Vulnerability: Faulty or Incomplete Authentication

Countermeasure: Strong Authentication

Conclusion

Recurring Thread: Privacy

Recurring Thread: Usability

Exercises

 

Chapter 3: 2+2 = 5

Attack: Program Flaw in Spacecraft Software

Threat: Program Flaw Leads to Security Failing

Vulnerability: Incomplete Mediation

Vulnerability: Race Condition

Vulnerability: Time-of-Check to Time-of-Use

Vulnerability: Undocumented Access Point

Ineffective Countermeasure: Penetrate and Patch

Countermeasure: Identifying and Classifying Faults

Countermeasure: Secure Software Design Elements

Countermeasure: Secure Software Development Process

Countermeasure: Testing

Countermeasure: Defensive Programming

Conclusion

Recurring Thread: LegalRedress for Software Failures

Exercises

 

Chapter 4: A Horse of a Different Color

Attack: Malicious Code

Threat: MalwareVirus, Trojan Horse and Worm

History of Malicious Code

Technical Details

Vulnerability: Voluntary Introduction

Vulnerability: Unlimited Privilege

Vulnerability: Stealthy Behavior: Hard to Detect and Characterize

Countermeasure: Hygiene

Countermeasure: Detection Tools

Countermeasure: Error-Detecting and Error-Correcting Codes

Countermeasure: Memory Separation

Countermeasure: Basic Security Principles

Recurring Thread: LegalComputer Crime

Conclusion

Exercises

 

Chapter 5: The Keys to the Kingdom

Attack: Key Logging

Threat: Illicit Data Access

Attack Details

Harm: Data and Reputation

Vulnerability: Physical Access

Vulnerability: Misplaced Trust

Vulnerability: Insiders

Vulnerability: System Subversion

Vulnerability: Weak Authentication

Failed Countermeasure: Security Through Obscurity

Countermeasure: Physical Access Control

Countermeasure: Strong Authentication

Countermeasure: Trust/Least Privilege

Conclusion

Recurring ThreadForensics: Plug-and-Play Devices

Exercises

 

Interlude A: Cloud Computing

What is Cloud Computing?

What are the Risks in the Cloud?

 

Chapter 6: My Cup Runneth Over

Attack: What Did You Say That Number Was?

Harm: Destruction of Code and Data

Vulnerability: Off-By-One Error

Vulnerability: Integer Ove...