Chapman and Hall/CRC
320 pages | 56 B/W Illus.
Guides Students in Understanding the Interactions between Computing/Networking Technologies and Security Issues
Taking an interactive, "learn-by-doing" approach to teaching, Introduction to Computer and Network Security: Navigating Shades of Gray gives you a clear course to teach the technical issues related to security. Unlike most computer security books, which concentrate on software design and implementation, cryptographic tools, or networking issues, this text also explores how the interactions between hardware, software, and users affect system security.
The book presents basic principles and concepts, along with examples of current threats to illustrate how the principles can either enable or neutralize exploits. Students see the importance of these concepts in existing and future technologies. In a challenging yet enjoyable way, they learn about a variety of technical topics, including current security exploits, technical factors that enable attacks, and economic and social factors that determine the security of future systems.
Extensively classroom-tested, the material is structured around a set of challenging projects. Through staging exploits and choosing countermeasures to neutralize the attacks in the projects, students learn:
Combining hands-on work with technical overviews, this text helps you integrate security analysis into your technical computing curriculum. It will educate your students on security issues, such as side-channel attacks, and deepen their understanding of how computers and networks work.
"… a comprehensive and adequately ‘time-resistant’ introduction to the field of computer and network security. … interesting and useful. It could help the average technical reader acquire an adequate level of introductory knowledge on computer and network security."
—Computers & Security, 46, 2014
"This definitive, comprehensive computer security textbook reflects Brooks's long-term study of this topic and his experience gained through teaching it. … very well written, readily comprehensible, and thoroughly documented and annotated, and includes an extensive bibliography. … Highly recommended."
—E.M. Aupperle, Emeritus, University of Michigan, CHOICE Magazine, June 2014
Brief History of Computers, Communications, and Security
Renaissance to World War I
World War I
World War II
Organized Crime and Botnets
Security and Privacy Overview
Authentication and Authorization
User Interface Issues
On Trusting Trust
Taxonomy of Attacks
Case Study—Mobile Code
Case Study—Connected Vehicles
Substitution Ciphers and Frequency Analysis
Vignère Cipher and Cryptanalysis
RSA Public Key Cryptography
Obfuscation and Homomorphic Encryption
SSL/TLS—Case Study Project
DNS and Routing
X.509 and SSL Certificates
Security Flaws With Certificates
Virtual Private Networks (VPNs)
Intrusion Detection Systems (IDS)
Denial of Service
Virtual Private Network—Case Study Project
Virtual Machine (VM) Use
Buffer Overflow Attack
Printer Format Vulnerability
SSH Insertion Attacks
IDS Insertion Attacks
Virus and Worm Propagation
Buffer Overflow—Case Study Project
Polymorphic Virus—Advanced Case Study Project
Pseudovirus with Alternate Data Streams
Packing and Encryption
Cross Site Scripting (XSS)
Cross Site Request Forgery (XSRF, CSRF)
Privacy and Anonymity
Computer Forensics Tools
Privacy Discussion Assignments—Antonin Scalia
Digital Rights Management and Copyright
Digital Rights Management
Digital Millennium Copyright Act
Discussion Assignment—Business Case for DRM
Discussion Assignment—Technical Case for DRM
Liability and EULAs
Macroeconomics and Game Theory Introduction
Problems and a Glossary appear at the end of each chapter.