1st Edition

Computer System and Network Security

    Computer System and Network Security provides the reader with a basic understanding of the issues involved in the security of computer systems and networks. Introductory in nature, this important new book covers all aspects related to the growing field of computer security. Such complete coverage in a single text has previously been unavailable, and college professors and students, as well as professionals responsible for system security, will find this unique book a valuable source of information, either as a textbook or as a general reference.
    Computer System and Network Security discusses existing and potential threats to computer systems and networks and outlines the basic actions that are generally taken to protect them. The first two chapters of the text introduce the reader to the field of computer security, covering fundamental issues and objectives. The next several chapters describe security models, authentication issues, access control, intrusion detection, and damage control. Later chapters address network and database security and systems/networks connected to wide-area networks and internetworks. Other topics include firewalls, cryptography, malicious software, and security standards. The book includes case studies with information about incidents involving computer security, illustrating the problems and potential damage that can be caused when security fails.
    This unique reference/textbook covers all aspects of computer and network security, filling an obvious gap in the existing literature.

    (Note: Most chapters include a summary, exercises, references, and an extended bibliography)
    Computer Security Fundamentals
    Objectives of Computer Security
    Issues Involved in Computer Security
    Privacy and Ethics
    Risk Analysis
    Possible Loss (L)
    Probability of Loss Occurrence (P)
    Burden of Preventing Loss (B)
    Applying the Risk Analysis Equation
    Risk Analysis in Computer Security
    Developing Secure Computer Systems
    External Security Measures
    Structure of a Computer System
    Secure Computer System Issues
    Security Models
    Specification and Verification
    Security Models
    Bell and LaPadula
    Discretionary Access Requirements
    Mandatory Access Requirements
    User Authentication
    Authentication Objectives
    Authentication Methods
    Informational Keys
    Physical Keys
    Biometric Keys
    Access and Information Flow Controls
    File Passwords
    Capabilities Based
    Access Control Lists
    Protection Bits
    Controls for Mandatory Access
    Trojan Horses
    Audit Trail Features
    Intrusion Detection Systems
    User Profiling
    Intruder Profiling
    Signature Analysis
    Action Based
    Network Intrusion Detection
    Network Attack Characteristics
    Monitoring and the Law
    Damage Control and Assessment
    Damage Control
    Inform the Authorities
    Backup System Data
    Remove the Intruder
    Contain and Monitor the Intruder
    Lock Stolen Accounts
    Require Additional Authentication
    Damage Assessment
    Attack Recovery
    Damage Prevention
    Network Security
    Network Fundamentals
    Network Security Issues
    Basic Network Security Objectives and Threats
    Security Services
    The Trusted Network Interpretation
    TNI Security Service
    AIS Interconnection Issues
    Distributed Systems Security
    Simple Damage Limiting Approaches
    Network Firewalls
    Packet Filtering Gateways
    Circuit Level Gateways
    Application Level Gateways
    Firewall Costs and Effectiveness
    Database Security
    Database Management System Primer
    DBMS Vulnerabilities and Responses
    Data Integrity
    Trojan Horses
    Substitution Ciphers
    Caesar Cipher
    Substitution Cipher Variations
    Vigenere Ciphers
    One Time Pads
    Transposition Ciphers
    Encrypting Digital Communication
    Key Escrow
    Public Key Cryptography
    Digital Signatures
    Malicious Software
    Trojan Horses
    Time Bombs
    Security Standards
    The Federal Criteria
    The Common Criteria
    The Trusted Computer System Evaluation Criteria
    The Information Technology Security Evaluation Criteria
    Case Study
    The Hannover Hackers
    An Evening With Berferd
    The Internet Worm
    Appendix: Information Warfare


    Gregory B. White (SecureLogix, San Antonio, Texas, USA) (Author) ,  Eric A. Fisch (KPMG LLP, Plano, Texas, USA) (Author) ,  Udo W. Pooch (Texas A & M University, College Station, Texas, USA) (Author)