Chapter 0 Reader's and Instructor's Guide 1
0.1 Outline of the Book 2
0.2 A Roadmap for Readers and Instructors 3
0.3 Internet and Web Resources 3
0.4 Standards 5
Chapter 1 Overview 6
1.1 Computer Security Concepts 7
1.2 Threats,Attacks,and Assets 14
1.3 Security Functional Requirements 20
1.4 A Security Architecture for Open Systems 22
1.5 The Scope of Computer Security 27
1.6 Computer Security Trends 28
1.7 Computer Security Strategy 32
1.8 Recommended Reading and Web Sites 34
1.9 Key Terms,Review Questions,and Problems 36
Appendix:1A Significant Security Standards and Documents 37
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES 40
Chapter 2 Cryptographic Tools 41
2.1 Confidentiality with Symmetric Encryption 42
2.2 Message Authentication and Hash Functions 49
2.3 Public-Key Encryption 56
2.4 Digital Signatures and Key Management 61
2.5 Random and Pseudorandom Numbers 65
2.6 Practical Application:Encryption of Stored Data 67
2.7 Recommended Reading and Web Sites 68
2.8 Key Terms,Review Questions,and Problems 69
Chapter 3 User Authentication 74
3.1 Means of Authentication 75
3.2 Password-Based Authentication 76
3.3 Token-Based Authentication 88
3.4 Biometric Authentication 92
3.5 Remote User Authentication 97
3.6 Security Issues for User Authentication 99
3.7 Practical Application:An Iris Biometric System 101
3.8 Case Study:Security Problems for ATM Systems 103
3.9 Recommended Reading and Web Sites 106
3.10 Key Terms,Review Questions,and Problems 107
Chapter 4 Access Control 110
4.1 Access Control Principles 111
4.2 Subjects,Objects,and Access Rights 115
4.3 Discretionary Access Control 116
4.4 Example:UNIX File Access Control 122
4.5 Role-Based Access Control 125
4.6 Case Study:RBAC System for a Bank 134
4.7 Recommended Reading and Web Sites 137
4.8 Key Terms,Review Questions,and Problems 138
Chapter 5 Database Security 142
5.1 Database Management Systems 143
5.2 Relational Databases 144
5.3 Database Access Control 148
5.4 Inference 153
5.5 Statistical Databases 156
5.6 Database Encryption 166
5.7 Recommended Reading 170
5.8 Key Terms,Review Questions,and Problems 171
Chapter 6 Intrusion Detection 176
6.1 Intruders 177
6.2 Intrusion Detection 181
6.3 Host-Based Intrusion Detection 183
6.4 Distributed Host-Based Intrusion Detection 190
6.5 Network-Based Intrusion Detection 193
6.6 Distributed Adaptive Intrusion Detection 197
6.7 Intrusion Detection Exchange Format 200
6.8 Honeypots 202
6.9 Example System:Snort 204
6.10 Recommended Reading and Web Sites 208
6.11 Key Terms,Review Questions,and Problems 209
Appendix 6A:The Base-Rate Fallacy 211
Chapter 7 Malicious Software 215
7.1 Types of Malicious Software 216
7.2 Viruses 220
7.3 Virus Countermeasures 226
7.4 Worms 231
7.5 Bots 240
7.6 Rootkits 242
7.7 Recommended Reading and Web Sites 245
7.8 Key Terms,Review Questions,and Problems 246
Chapter 8 Denial of Service 249
8.1 Denial of Service Attacks 250
8.2 Flooding Attacks 257
8.3 Distributed Denial of Service Attacks 259
8.4 Reflector and Amplifier Attacks 261
8.5 Defenses Against Denial of Service Attacks 265
8.6 Responding to a Denial of Service Attack 269
8.7 Recommended Reading and Web Sites 270
8.8 Key Terms,Review Questions,and Problems 271
Chapter 9 Firewalls and Intrusion Prevention Systems 273
9.1 The Need for Firewalls 274
9.2 Firewall Characteristics 275
9.3 Types of Firewalls 276
9.4 Firewall Basing 283
9.5 Firewall Location and Configurations 286
9.6 Intrusion Prevention Systems 291
9.7 Example:Unified Threat Management Products 294
9.8 Recommended Reading and Web Sites 298
9.9 Key Terms,Review Questions,and Problems 299
Chapter 10 Trusted Computing and Multilevel Security 303
10.1 The Bell-LaPadula Model for Computer Security 304
10.2 Other Formal Models for Computer Security 314
10.3 The Concept of Trusted Systems 320
10.4 Application of Multilevel Security 323
10.5 Trusted Computing and the Trusted Platform Module 330
10.6 Common Criteria for Information Technology Security Evaluation 334
10.7 Assurance and Evaluation 340
10.8 Recommended Reading and Web Sites 345
10.9 Key Terms,Review Questions,and Problems 346
PART TWO SOFTWARE SECURITY 349
Chapter 11 Buffer Overflow 350
11.1 Stack Overflows 352
11.2 Defending Against Buffer Overflows 373
11.3 Other Forms of Overflow Attacks 379
11.4 Recommended Reading and Web Sites 385
11.5 Key Terms,Review Questions,and Problems 386
Chapter 12 Other Software Security Issues 388
12.1 Software Security Issues 389
12.2 Handling Program Input 392
12.3 Writing Safe Program Code 403
12.4 Interacting with the Operating System and Other Programs 408
12.5 Handling Program Input 419
12.6 Recommended Reading and Web Sites 422
12.7 Key Terms,Review Questions,and Problems 423
PART THREE MANAGEMENT ISSUES 426
Chapter 13 Physical and Infrastructure Security 427
13.1 Overview 428
13.2 Physical Security Threats 429
13.3 Physical Security Prevention and Mitigation Measures 435
13.4 Recovery from Physical Security Breaches 438
13.5 Threat Assessment,Planning,and Plan Implementation 439
13.6 Example:A Corporate Physical Security Policy 440
13.7 Integration of Physical and Logical Security 441
13.8 Recommended Reading and Web Sites 446
13.9 Key Terms,Review Questions,and Problems 447
Chapter 14 Human Factors 449
14.1 Security Awareness,Training,and Education 450
14.2 Organizational Security Policy 455
14.3 Employment Practices and Policies 461
14.4 E-Mail and Internet Use Policies 464
14.5 Example:A Corporate Security Policy Document 465
14.6 Recommended Reading and Web Sites 467
14.7 Key Terms,Review Questions,and Problems 468
Appendix 14A:Security Awareness Standard of Good Practice 469
Appendix 14B:Security Policy Standard of Good Practice 473
Chapter 15 Security Auditing 475
15.1 Security Auditing Architecture 476
15.2 The Security Audit Trail 481
15.3 Implementing the Logging Function 486
15.4 Audit Trail Analysis 497
15.5 Example:An Integrated Approach 501
15.6 Recommended Reading and Web Sites 504
15.7 Key Terms,Review Questions,and Problems 505
Chapter 16 IT Security Management and Risk Assessment 508
16.1 IT Security Management 509
16.2 Organizational Context and Security Policy 512
16.3 Security Risk Assessment 515
16.4 Detailed Security Risk Analysis 518
16.5 Case Study:Silver Star Mines 530
16.6 Recommended Reading and Web Sites 534
16.7 Key Terms,Review Questions,and Problems 536
Chapter 17 IT Security Controls,Plans and Procedures 538
17.1 IT Security Management Implementation 539
17.2 Security Controls or Safeguards 539
17.3 IT Security Plan 547
17.4 Implementation of Controls 548
17.5 Implementation Followup 550
17.6 Case Study:Silver Star Mines 556
17.7 Recommended Reading 559
17.8 Key Terms,Review Questions,and Problems 559
Chapter 18 Legal and Ethical Aspects 562
18.1 Cybercrime and Computer Crime 563
18.2 Intellectual Property 567
18.3 Privacy 574
18.4 Ethical Issues 580
18.5 Recommended Reading and Web Sites 586
18.6 Key Terms,Review Questions,and Problems 587
Appendix 18A:Information Privacy Standard of Good Practice 590
PART FOUR CRYPTOGRAPHIC ALGORITHMS 592
Chapter 19 Symmetric Encryption and Message Confidentiality 593
19.1 Symmetric Encryption and Message Confidentiality 594
19.2 Data Encryption Standard 598
19.3 Advanced Encryption Standard 600
19.4 Stream Ciphers and RC4 607
19.5 Cipher Block Modes of Operation 610
19.6 Location of Symmetric Encryption Devices 616
19.7 Key Distribution 618
19.8 Recommended Reading and Web Sites 620
19.9 Key Terms,Review Questions,and Problems 620
Chapter 20 Public-Key Cryptography and Message Authentication 625
20.1 Secure Hash Functions 626
20.2 HMAC 632
20.3 The RSA Public-Key Encryption Algorithm 635
20.4 Diffie-Hellman and Other Asymmetric Algorithms 641
20.5 Recommended Reading and Web Sites 646
20.6 Key Terms,Review Questions,and Problems 646
PART FIVE INTERNET SECURITY 650
Chapter 21 Internet Security Protocols and Standards 651
21.1 Secure Sockets Layer(SSL)and Transport Layer Security(TLS) 652
21.2 IPv4 and IPv6 Security 656
21.3 Secure Email and S/MIME 662
21.4 Recommended Reading and Web Sites 665
21.5 Key Terms,Review Questions,and Problems 666
Appendix 21A:Radix-64 Conversion 668
Chapter 22 Internet Authentication Applications 671
22.1 Kerberos 672
22.2 X.509 678
22.3 Public-Key Infrastructure 680
22.4 Federated Identity Management 683
22.5 Recommended Reading and Web Sites 687
22.6 Key Terms,Review Questions,and Problems 688
PART SIX OPERATING SYSTEM SECURITY 689
Chapter 23 Linux Security 690
23.1 Introduction 691
23.2 Linux's Security Model 691
23.3 The Linux DAC in Depth:Filesystem Security 693
23.4 Linux Vulnerabilities 699
23.5 Linux System Hardening 701
23.6 Application Security 709
23.7 Mandatory Access Controls 711
23.8 Recommended Reading and Web Sites 711
23.9 Key Terms,Review Questions,and Problems 718
Chapter 24 Windows and Windows Vista Security 720
24.1 Windows Security Architecture 721
24.2 Windows Vulnerabilities 728
24.3 Windows Security Defenses 729
24.4 Browser Defenses 737
24.5 Cryptographic Services 737
24.6 Common Criteria 738
24.7 Recommended Reading and Web Sites 739
24.8 Key Terms,Review Questions,Problems,and Projects 740
APPENDICES 742
Appendix A Some Aspects of Number Theory 742
A.1 Prime and Relatively Prime Numbers 743
A.2 Modular Arithmetic 744
A.3 Fermat's and Euler's Theorems 746
Appendix B Random and Pseudorandom Number Generation 750
B.1 The Use of Random Numbers 751
B.2 Pseudorandom Number Generators (PRNGs) 752
B.3 True Random Number Generators 757
Appendix C Projects for Teaching Computer Security 759
C.1 Research Projects 760
C.2 Hacking Projects 761
C.3 Programming Projects 761
C.4 Laboratory Exercises 762
C.5 Practical Security Assessments 762
C.6 Writing Assignments 762
C.7 Reading/Report Assignments 763
References 765
Index 783