White-Hat Security Arsenal: Tackling the Threats

購買商店

---

White-Hat Security Arsenal: Tackling the Threats

$990.00

馬上購買

---

內容描述

---

Description
 
A leading security authority provides a fresh problem-solving approach to security. This arsenal of security techniques provides an explanation of what the real threats are. Aviel Rubin covers every day security issues that every student should know as they move onto the real world - eg. storing data securely, secure data transfer, protecting a network perimeter, online interaction and commerce...each of these are broken down into specific problems and their solutions.

Appropriate Courses

 
Features

 

 
Table Of Contents
 
Foreword.
Preface.
 
 
I: IS THERE REALLY A THREAT?      

1. Shrouded in Secrecy.
2. Computer Security Risks.
    
   What Is at Risk.
   Data, Time, and Money.
   Confidentiality.
   Privacy.
   Resource Availability.

Why Risks Exist.
Buggy Code.
The User.
Poor Administration.

Exploiting Risks.
Moving On.

1. The Morris Worm Meets the Love Bug: Computer Viruses and Worms.
    
   Terminology.
   A Touch of History.
   The Morris Worm.
   When It Hit and What It Did.
   How and Why It Worked.
   The Consequences.
   How We Recovered.
   Lessons Learned.

Melissa.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

CIH Chernobyl.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Happy.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Worm.ExploreZip.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Bubbleboy.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Babylonia.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

The Love Bug.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Summary.
 
II: STORING DATA SECURELY.    

1. Local Storage.
    
    
   Physical Security.
   Cryptographic Security.
   What Can Be Achieved with Cryptography.
   Cryptography Is Not Enough.
   Basic Encryption and Data Integrity.

Protecting Data with Passwords.
Graphical Passwords.

Cryptographic File Systems.
Case Studies.
CFS.
PGPDisk.
EFS in Windows 2000.

Further Reading.

1. Remote Storage.
    
    
   Remote Storage.
   NFS Security.
   Adding Security.
   User Authentication.
   Strengthening Passwords.
   Access Control Lists and Capabilities.

AFS.
Case Study.
Pathnames.

Further Reading.

1. Secure Backup.
    
    
   Secure Backups.
   Physical Security.
   Backup over a Network.
   Key Granularity.
   Backup Products.
   @backup.
   BitSTOR.
   Secure Backup Systems.
   BackJack.
   Datalock.
   NetMass SystemSafe.
   Saf-T-Net.
   Safeguard Interactive.
   Veritas Telebackup.

Deleting Backups.
Case Study.
The Client Software.
Incremental Backups.

Further Reading.
 
III: SECURE DATA TRANSFER.    

1. Setting up a Long-Term Association.
    
    
   What Is Identity?
   Identity in Cyberspace.
   Exchanging Public Keys in Person.
   Certification Authorities.
   Public Key Certificates.

Certificate Hierarchies.
Long-Term Relationships within an Organization.
Global Trust Register.
Revocation.
Long-Term Relationships in the Wild.
Managing Private Keys.
Symmetric Keys.
Case Study.
Summary.
Further Reading.

1. Deriving Session Keys.
    
    
   Long-Term Keys Are Not Enough.
   What Are Session Keys?
   Key Exposure.
   Perfect Forward Secrecy.
   Security Associations.

Picking a Random Key.
Session Keys from Symmetric Long-Term Keys.
Kerberos.
Another Approach.

Session Keys from Long-Term Public Keys.
Diffie-Hellman Key Exchange.
Session Keys in SSL.

Protocol Design and Analysis.
Case Study.
Clogging Attacks.
ISAKMP Exchanges.
Key Refreshment.
Primes in OAKLEY.

Further Reading.

1. Communicating Securely After Key Setup.
    
    
   Protecting Information.
   Encryption.
   Authentication.

Which Layer Is Best for Security?
Encapsulation.
The Link Layer.
The Network Layer.
The Transport Layer.
The Application Layer.

Replay Prevention.
Case Study.
ESP.
AH.

Further Reading.
 
IV: PROTECTING AGAINST NETWORK THREATS.    

1. Protecting a Network Perimeter.
    
    
   Insiders and Outsiders.
   Network Perimeter.
   Benefits of Firewalls.
   Types of Firewalls.
   Packet Filters.
   Application-Level Gateways.

Using the Firewall.
Configuring Rules.
Web Server Placement.

Exit Control.
Remote Access8.
Logging in Directly.
Dial-up Access.
VPN Access.
Web-Only Access.

Case Study.
Further Reading.

1. Defending against Attacks.
    
    
   Bad Guys.
   Mapping.
   Attacks.
   Denial of Service.

Defense.
Defending against Mapping.
Monitoring the Traffic.
Intrusion Detection.
Defense against DDOS.
Other Tools.

Case Study.
Further Reading.
 
V: COMMERCE AND PRIVACY.    

1. Protecting E-Commerce Transactions.
    
    
   Credit Cards on the Web.
   The SSL Protocol.
   Protocol Overview.
   Configuring a Browser.
   Configuring a Server.
   Security.
   Performance.
   Caching.

Case Study.
How Passport Works.
Risks of Passport.

Further Reading.

1. Protecting Privacy.
    
    
   Online Privacy.
   What Is at Risk?
   E-Mail Privacy.
   Protecting E-Mail with Cryptography.
   Anonymous E-Mail.

How Is Personal Privacy Compromised?
Direct Methods.
Indirect Methods.

Defense Mechanisms and Countermeasures.
Protecting Data on Your Machine.
Protecting Credit Card Information.
Safeguarding Your Browsing History.
Hiding Your Surfing.
Posting Anonymously to the Web.

Case Study.
Summary.
Further Reading.

Glossary.
Bibliography.
Index. 0201711141T01 001.

---