计算机安全 原理与实践 英文版PDF电子书下载
- 电子书积分:22 积分如何计算积分?
- 作 者:(美)WilliamStallings,LawrieBrown等著
- 出 版 社:北京:机械工业出版社
- 出版年份:2010
- ISBN:9787111292470
- 页数:801 页
Chapter 0 Reader's and Instructor's Guide 1
0.1 Outline of the Book 2
0.2 A Roadmap for Readers and Instructors 3
0.3 Internet and Web Resources 3
0.4 Standards 5
Chapter 1 Overview 6
1.1 Computer Security Concepts 7
1.2 Threats,Attacks,and Assets 14
1.3 Security Functional Requirements 20
1.4 A Security Architecture for Open Systems 22
1.5 The Scope of Computer Security 27
1.6 Computer Security Trends 28
1.7 Computer Security Strategy 32
1.8 Recommended Reading and Web Sites 34
1.9 Key Terms,Review Questions,and Problems 36
Appendix:1A Significant Security Standards and Documents 37
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES 40
Chapter 2 Cryptographic Tools 41
2.1 Confidentiality with Symmetric Encryption 42
2.2 Message Authentication and Hash Functions 49
2.3 Public-Key Encryption 56
2.4 Digital Signatures and Key Management 61
2.5 Random and Pseudorandom Numbers 65
2.6 Practical Application:Encryption of Stored Data 67
2.7 Recommended Reading and Web Sites 68
2.8 Key Terms,Review Questions,and Problems 69
Chapter 3 User Authentication 74
3.1 Means of Authentication 75
3.2 Password-Based Authentication 76
3.3 Token-Based Authentication 88
3.4 Biometric Authentication 92
3.5 Remote User Authentication 97
3.6 Security Issues for User Authentication 99
3.7 Practical Application:An Iris Biometric System 101
3.8 Case Study:Security Problems for ATM Systems 103
3.9 Recommended Reading and Web Sites 106
3.10 Key Terms,Review Questions,and Problems 107
Chapter 4 Access Control 110
4.1 Access Control Principles 111
4.2 Subjects,Objects,and Access Rights 115
4.3 Discretionary Access Control 116
4.4 Example:UNIX File Access Control 122
4.5 Role-Based Access Control 125
4.6 Case Study:RBAC System for a Bank 134
4.7 Recommended Reading and Web Sites 137
4.8 Key Terms,Review Questions,and Problems 138
Chapter 5 Database Security 142
5.1 Database Management Systems 143
5.2 Relational Databases 144
5.3 Database Access Control 148
5.4 Inference 153
5.5 Statistical Databases 156
5.6 Database Encryption 166
5.7 Recommended Reading 170
5.8 Key Terms,Review Questions,and Problems 171
Chapter 6 Intrusion Detection 176
6.1 Intruders 177
6.2 Intrusion Detection 181
6.3 Host-Based Intrusion Detection 183
6.4 Distributed Host-Based Intrusion Detection 190
6.5 Network-Based Intrusion Detection 193
6.6 Distributed Adaptive Intrusion Detection 197
6.7 Intrusion Detection Exchange Format 200
6.8 Honeypots 202
6.9 Example System:Snort 204
6.10 Recommended Reading and Web Sites 208
6.11 Key Terms,Review Questions,and Problems 209
Appendix 6A:The Base-Rate Fallacy 211
Chapter 7 Malicious Software 215
7.1 Types of Malicious Software 216
7.2 Viruses 220
7.3 Virus Countermeasures 226
7.4 Worms 231
7.5 Bots 240
7.6 Rootkits 242
7.7 Recommended Reading and Web Sites 245
7.8 Key Terms,Review Questions,and Problems 246
Chapter 8 Denial of Service 249
8.1 Denial of Service Attacks 250
8.2 Flooding Attacks 257
8.3 Distributed Denial of Service Attacks 259
8.4 Reflector and Amplifier Attacks 261
8.5 Defenses Against Denial of Service Attacks 265
8.6 Responding to a Denial of Service Attack 269
8.7 Recommended Reading and Web Sites 270
8.8 Key Terms,Review Questions,and Problems 271
Chapter 9 Firewalls and Intrusion Prevention Systems 273
9.1 The Need for Firewalls 274
9.2 Firewall Characteristics 275
9.3 Types of Firewalls 276
9.4 Firewall Basing 283
9.5 Firewall Location and Configurations 286
9.6 Intrusion Prevention Systems 291
9.7 Example:Unified Threat Management Products 294
9.8 Recommended Reading and Web Sites 298
9.9 Key Terms,Review Questions,and Problems 299
Chapter 10 Trusted Computing and Multilevel Security 303
10.1 The Bell-LaPadula Model for Computer Security 304
10.2 Other Formal Models for Computer Security 314
10.3 The Concept of Trusted Systems 320
10.4 Application of Multilevel Security 323
10.5 Trusted Computing and the Trusted Platform Module 330
10.6 Common Criteria for Information Technology Security Evaluation 334
10.7 Assurance and Evaluation 340
10.8 Recommended Reading and Web Sites 345
10.9 Key Terms,Review Questions,and Problems 346
PART TWO SOFTWARE SECURITY 349
Chapter 11 Buffer Overflow 350
11.1 Stack Overflows 352
11.2 Defending Against Buffer Overflows 373
11.3 Other Forms of Overflow Attacks 379
11.4 Recommended Reading and Web Sites 385
11.5 Key Terms,Review Questions,and Problems 386
Chapter 12 Other Software Security Issues 388
12.1 Software Security Issues 389
12.2 Handling Program Input 392
12.3 Writing Safe Program Code 403
12.4 Interacting with the Operating System and Other Programs 408
12.5 Handling Program Input 419
12.6 Recommended Reading and Web Sites 422
12.7 Key Terms,Review Questions,and Problems 423
PART THREE MANAGEMENT ISSUES 426
Chapter 13 Physical and Infrastructure Security 427
13.1 Overview 428
13.2 Physical Security Threats 429
13.3 Physical Security Prevention and Mitigation Measures 435
13.4 Recovery from Physical Security Breaches 438
13.5 Threat Assessment,Planning,and Plan Implementation 439
13.6 Example:A Corporate Physical Security Policy 440
13.7 Integration of Physical and Logical Security 441
13.8 Recommended Reading and Web Sites 446
13.9 Key Terms,Review Questions,and Problems 447
Chapter 14 Human Factors 449
14.1 Security Awareness,Training,and Education 450
14.2 Organizational Security Policy 455
14.3 Employment Practices and Policies 461
14.4 E-Mail and Internet Use Policies 464
14.5 Example:A Corporate Security Policy Document 465
14.6 Recommended Reading and Web Sites 467
14.7 Key Terms,Review Questions,and Problems 468
Appendix 14A:Security Awareness Standard of Good Practice 469
Appendix 14B:Security Policy Standard of Good Practice 473
Chapter 15 Security Auditing 475
15.1 Security Auditing Architecture 476
15.2 The Security Audit Trail 481
15.3 Implementing the Logging Function 486
15.4 Audit Trail Analysis 497
15.5 Example:An Integrated Approach 501
15.6 Recommended Reading and Web Sites 504
15.7 Key Terms,Review Questions,and Problems 505
Chapter 16 IT Security Management and Risk Assessment 508
16.1 IT Security Management 509
16.2 Organizational Context and Security Policy 512
16.3 Security Risk Assessment 515
16.4 Detailed Security Risk Analysis 518
16.5 Case Study:Silver Star Mines 530
16.6 Recommended Reading and Web Sites 534
16.7 Key Terms,Review Questions,and Problems 536
Chapter 17 IT Security Controls,Plans and Procedures 538
17.1 IT Security Management Implementation 539
17.2 Security Controls or Safeguards 539
17.3 IT Security Plan 547
17.4 Implementation of Controls 548
17.5 Implementation Followup 550
17.6 Case Study:Silver Star Mines 556
17.7 Recommended Reading 559
17.8 Key Terms,Review Questions,and Problems 559
Chapter 18 Legal and Ethical Aspects 562
18.1 Cybercrime and Computer Crime 563
18.2 Intellectual Property 567
18.3 Privacy 574
18.4 Ethical Issues 580
18.5 Recommended Reading and Web Sites 586
18.6 Key Terms,Review Questions,and Problems 587
Appendix 18A:Information Privacy Standard of Good Practice 590
PART FOUR CRYPTOGRAPHIC ALGORITHMS 592
Chapter 19 Symmetric Encryption and Message Confidentiality 593
19.1 Symmetric Encryption and Message Confidentiality 594
19.2 Data Encryption Standard 598
19.3 Advanced Encryption Standard 600
19.4 Stream Ciphers and RC4 607
19.5 Cipher Block Modes of Operation 610
19.6 Location of Symmetric Encryption Devices 616
19.7 Key Distribution 618
19.8 Recommended Reading and Web Sites 620
19.9 Key Terms,Review Questions,and Problems 620
Chapter 20 Public-Key Cryptography and Message Authentication 625
20.1 Secure Hash Functions 626
20.2 HMAC 632
20.3 The RSA Public-Key Encryption Algorithm 635
20.4 Diffie-Hellman and Other Asymmetric Algorithms 641
20.5 Recommended Reading and Web Sites 646
20.6 Key Terms,Review Questions,and Problems 646
PART FIVE INTERNET SECURITY 650
Chapter 21 Internet Security Protocols and Standards 651
21.1 Secure Sockets Layer(SSL)and Transport Layer Security(TLS) 652
21.2 IPv4 and IPv6 Security 656
21.3 Secure Email and S/MIME 662
21.4 Recommended Reading and Web Sites 665
21.5 Key Terms,Review Questions,and Problems 666
Appendix 21A:Radix-64 Conversion 668
Chapter 22 Internet Authentication Applications 671
22.1 Kerberos 672
22.2 X.509 678
22.3 Public-Key Infrastructure 680
22.4 Federated Identity Management 683
22.5 Recommended Reading and Web Sites 687
22.6 Key Terms,Review Questions,and Problems 688
PART SIX OPERATING SYSTEM SECURITY 689
Chapter 23 Linux Security 690
23.1 Introduction 691
23.2 Linux's Security Model 691
23.3 The Linux DAC in Depth:Filesystem Security 693
23.4 Linux Vulnerabilities 699
23.5 Linux System Hardening 701
23.6 Application Security 709
23.7 Mandatory Access Controls 711
23.8 Recommended Reading and Web Sites 711
23.9 Key Terms,Review Questions,and Problems 718
Chapter 24 Windows and Windows Vista Security 720
24.1 Windows Security Architecture 721
24.2 Windows Vulnerabilities 728
24.3 Windows Security Defenses 729
24.4 Browser Defenses 737
24.5 Cryptographic Services 737
24.6 Common Criteria 738
24.7 Recommended Reading and Web Sites 739
24.8 Key Terms,Review Questions,Problems,and Projects 740
APPENDICES 742
Appendix A Some Aspects of Number Theory 742
A.1 Prime and Relatively Prime Numbers 743
A.2 Modular Arithmetic 744
A.3 Fermat's and Euler's Theorems 746
Appendix B Random and Pseudorandom Number Generation 750
B.1 The Use of Random Numbers 751
B.2 Pseudorandom Number Generators (PRNGs) 752
B.3 True Random Number Generators 757
Appendix C Projects for Teaching Computer Security 759
C.1 Research Projects 760
C.2 Hacking Projects 761
C.3 Programming Projects 761
C.4 Laboratory Exercises 762
C.5 Practical Security Assessments 762
C.6 Writing Assignments 762
C.7 Reading/Report Assignments 763
References 765
Index 783
- 《计算机网络与通信基础》谢雨飞,田启川编著 2019
- 《大学计算机实验指导及习题解答》曹成志,宋长龙 2019
- 《卓有成效的管理者 中英文双语版》(美)彼得·德鲁克许是祥译;那国毅审校 2019
- 《计算机辅助平面设计》吴轶博主编 2019
- 《语文教育教学实践探索》陈德收 2018
- 《计算机组成原理解题参考 第7版》张基温 2017
- 《第一性原理方法及应用》李青坤著 2019
- 《彼得·布鲁克导演实践研究》邓小玲著 2019
- 《云计算节能与资源调度》彭俊杰主编 2019
- 《反思性实践》胡红梅, 2019
- 《SQL与关系数据库理论》(美)戴特(C.J.Date) 2019
- 《魔法销售台词》(美)埃尔默·惠勒著 2019
- 《看漫画学钢琴 技巧 3》高宁译;(日)川崎美雪 2019
- 《优势谈判 15周年经典版》(美)罗杰·道森 2018
- 《社会学与人类生活 社会问题解析 第11版》(美)James M. Henslin(詹姆斯·M. 汉斯林) 2019
- 《海明威书信集:1917-1961 下》(美)海明威(Ernest Hemingway)著;潘小松译 2019
- 《迁徙 默温自选诗集 上》(美)W.S.默温著;伽禾译 2020
- 《上帝的孤独者 下 托马斯·沃尔夫短篇小说集》(美)托马斯·沃尔夫著;刘积源译 2017
- 《巴黎永远没个完》(美)海明威著 2017
- 《剑桥国际英语写作教程 段落写作》(美)吉尔·辛格尔顿(Jill Shingleton)编著 2019
- 《指向核心素养 北京十一学校名师教学设计 英语 七年级 上 配人教版》周志英总主编 2019
- 《北京生态环境保护》《北京环境保护丛书》编委会编著 2018
- 《高等教育双机械基础课程系列教材 高等学校教材 机械设计课程设计手册 第5版》吴宗泽,罗圣国,高志,李威 2018
- 《指向核心素养 北京十一学校名师教学设计 英语 九年级 上 配人教版》周志英总主编 2019
- 《高等院校旅游专业系列教材 旅游企业岗位培训系列教材 新编北京导游英语》杨昆,鄢莉,谭明华 2019
- 《中国十大出版家》王震,贺越明著 1991
- 《近代民营出版机构的英语函授教育 以“商务、中华、开明”函授学校为个案 1915年-1946年版》丁伟 2017
- 《新工业时代 世界级工业家张毓强和他的“新石头记”》秦朔 2019
- 《智能制造高技能人才培养规划丛书 ABB工业机器人虚拟仿真教程》(中国)工控帮教研组 2019
- 《AutoCAD机械设计实例精解 2019中文版》北京兆迪科技有限公司编著 2019