Introduction to Computer and Network Security Navigating Shades of Gray

Brief History of Computers, Communications, and Security
Pre-Renaissance
Renaissance to World War I
World War I
World War II
Cold War
Organized Crime and Botnets
Cyberwar

Security and Privacy Overview
Security Attributes
Social Engineering
Authentication and Authorization
Access Permissions
Audit
User Interface Issues
On Trusting Trust
Taxonomy of Attacks
Case Study—Mobile Code
Case Study—Connected Vehicles

Cryptography Primer
Substitution Ciphers and Frequency Analysis
Vignère Cipher and Cryptanalysis
Block Ciphers
RSA Public Key Cryptography
Hash Functions
One-Time Pads
Key Management
Message Confidentiality
Steganography
Obfuscation and Homomorphic Encryption

SSL/TLS—Case Study Project
Cryptographic Protocol
Verification
DNS and Routing
X.509 and SSL Certificates
Security Flaws With Certificates
Man-in-the-Middle Attacks
Implementation Flaws
Usability

Securing Networks
Firewalls
Virtual Private Networks (VPNs)
Wireless Security
Intrusion Detection Systems (IDS)
Denial of Service

Virtual Private Network—Case Study Project
Laboratory Preparation
Assignment
Virtual Machine (VM) Use
Sniffer Use
VPN Installation

Insertion Attacks
SQL Injection
Buffer Overflow Attack
Printer Format Vulnerability
SSH Insertion Attacks
IDS Insertion Attacks
Viruses
Worms
Virus and Worm Propagation

Buffer Overflow—Case Study Project
Stack Smashing
Heap Smashing
Arc Injection
Pointer Clobbering
Countermeasures

Polymorphic Virus—Advanced Case Study Project
Virus Basics
Antivirus
Pseudovirus with Alternate Data Streams
Simple Virus—Timid
Infection Spreading
Self-Modifying Code
Simple Polymorphism
Packing and Encryption
Frankenstein Viruses

Web Security
Cross Site Scripting (XSS)
Cross Site Request Forgery (XSRF, CSRF)
Man-in-the-Browser
Penetration Testing

Privacy and Anonymity
Anonymity Metrics
Anonymity Tools
Computer Forensics Tools
Privacy Laws
Privacy Discussion Assignments—Antonin Scalia

Side-Channel Attacks
Power Analysis
Traffic Analysis
Time Analysis
Red-Black Separation
Side-Channel Countermeasures

Digital Rights Management and Copyright
Copyright History
Fair Use
Creative Commons
Digital Rights Management
Digital Millennium Copyright Act
The Darknet
Patent Trolls
Discussion Assignment—Business Case for DRM
Discussion Assignment—Technical Case for DRM

Security Economics
Liability and EULAs
Network Externalities
Code Bloat
Lemon Markets
Software Engineering
Macroeconomics and Game Theory Introduction

Conclusions

Bibliography

Index

Problems and a Glossary appear at the end of each chapter.

Biography

Richard R. Brooks is an associate professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University. His research has been sponsored by both government and industry, including the U.S. Office of Naval Research, Defense Advanced Research Projects Agency, National Institute of Standards and Technology, National Science Foundation, and BMW Manufacturing Co. He received a Ph.D. in computer science from Louisiana State University.

"… a comprehensive and adequately ‘time-resistant’ introduction to the field of computer and network security. … interesting and useful. It could help the average technical reader acquire an adequate level of introductory knowledge on computer and network security."
—Computers & Security, 46, 2014

"This definitive, comprehensive computer security textbook reflects Brooks's long-term study of this topic and his experience gained through teaching it. … very well written, readily comprehensible, and thoroughly documented and annotated, and includes an extensive bibliography. … Highly recommended."
—E.M. Aupperle, Emeritus, University of Michigan, CHOICE Magazine, June 2014