Introduction to Computer and Network Security: Navigating Shades of Gray, 1st Edition (Hardback) book cover

Introduction to Computer and Network Security

Navigating Shades of Gray, 1st Edition

By Richard R. Brooks

Chapman and Hall/CRC

320 pages | 56 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439860717
pub: 2013-08-19
SAVE ~$18.99
$94.95
$75.96
x
eBook (VitalSource) : 9780429089831
pub: 2013-08-19
from $47.48


FREE Standard Shipping!

Description

Guides Students in Understanding the Interactions between Computing/Networking Technologies and Security Issues

Taking an interactive, "learn-by-doing" approach to teaching, Introduction to Computer and Network Security: Navigating Shades of Gray gives you a clear course to teach the technical issues related to security. Unlike most computer security books, which concentrate on software design and implementation, cryptographic tools, or networking issues, this text also explores how the interactions between hardware, software, and users affect system security.

The book presents basic principles and concepts, along with examples of current threats to illustrate how the principles can either enable or neutralize exploits. Students see the importance of these concepts in existing and future technologies. In a challenging yet enjoyable way, they learn about a variety of technical topics, including current security exploits, technical factors that enable attacks, and economic and social factors that determine the security of future systems.

Extensively classroom-tested, the material is structured around a set of challenging projects. Through staging exploits and choosing countermeasures to neutralize the attacks in the projects, students learn:

  • How computer systems and networks operate
  • How to reverse-engineer processes
  • How to use systems in ways that were never foreseen (or supported) by the original developers

Combining hands-on work with technical overviews, this text helps you integrate security analysis into your technical computing curriculum. It will educate your students on security issues, such as side-channel attacks, and deepen their understanding of how computers and networks work.

Reviews

"… a comprehensive and adequately ‘time-resistant’ introduction to the field of computer and network security. … interesting and useful. It could help the average technical reader acquire an adequate level of introductory knowledge on computer and network security."

—Computers & Security, 46, 2014

"This definitive, comprehensive computer security textbook reflects Brooks's long-term study of this topic and his experience gained through teaching it. … very well written, readily comprehensible, and thoroughly documented and annotated, and includes an extensive bibliography. … Highly recommended."

—E.M. Aupperle, Emeritus, University of Michigan, CHOICE Magazine, June 2014

Table of Contents

Brief History of Computers, Communications, and Security

Pre-Renaissance

Renaissance to World War I

World War I

World War II

Cold War

Organized Crime and Botnets

Cyberwar

Security and Privacy Overview

Security Attributes

Social Engineering

Authentication and Authorization

Access Permissions

Audit

User Interface Issues

On Trusting Trust

Taxonomy of Attacks

Case Study—Mobile Code

Case Study—Connected Vehicles

Cryptography Primer

Substitution Ciphers and Frequency Analysis

Vignère Cipher and Cryptanalysis

Block Ciphers

RSA Public Key Cryptography

Hash Functions

One-Time Pads

Key Management

Message Confidentiality

Steganography

Obfuscation and Homomorphic Encryption

SSL/TLS—Case Study Project

Cryptographic Protocol

Verification

DNS and Routing

X.509 and SSL Certificates

Security Flaws With Certificates

Man-in-the-Middle Attacks

Implementation Flaws

Usability

Securing Networks

Firewalls

Virtual Private Networks (VPNs)

Wireless Security

Intrusion Detection Systems (IDS)

Denial of Service

Virtual Private Network—Case Study Project

Laboratory Preparation

Assignment

Virtual Machine (VM) Use

Sniffer Use

VPN Installation

Insertion Attacks

SQL Injection

Buffer Overflow Attack

Printer Format Vulnerability

SSH Insertion Attacks

IDS Insertion Attacks

Viruses

Worms

Virus and Worm Propagation

Buffer Overflow—Case Study Project

Stack Smashing

Heap Smashing

Arc Injection

Pointer Clobbering

Countermeasures

Polymorphic Virus—Advanced Case Study Project

Virus Basics

Antivirus

Pseudovirus with Alternate Data Streams

Simple Virus—Timid

Infection Spreading

Self-Modifying Code

Simple Polymorphism

Packing and Encryption

Frankenstein Viruses

Web Security

Cross Site Scripting (XSS)

Cross Site Request Forgery (XSRF, CSRF)

Man-in-the-Browser

Penetration Testing

Privacy and Anonymity

Anonymity Metrics

Anonymity Tools

Computer Forensics Tools

Privacy Laws

Privacy Discussion Assignments—Antonin Scalia

Side-Channel Attacks

Power Analysis

Traffic Analysis

Time Analysis

Red-Black Separation

Side-Channel Countermeasures

Digital Rights Management and Copyright

Copyright History

Fair Use

Creative Commons

Digital Rights Management

Digital Millennium Copyright Act

The Darknet

Patent Trolls

Discussion Assignment—Business Case for DRM

Discussion Assignment—Technical Case for DRM

Security Economics

Liability and EULAs

Network Externalities

Code Bloat

Lemon Markets

Software Engineering

Macroeconomics and Game Theory Introduction

Conclusions

Bibliography

Index

Problems and a Glossary appear at the end of each chapter.

About the Author

Richard R. Brooks is an associate professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University. His research has been sponsored by both government and industry, including the U.S. Office of Naval Research, Defense Advanced Research Projects Agency, National Institute of Standards and Technology, National Science Foundation, and BMW Manufacturing Co. He received a Ph.D. in computer science from Louisiana State University.

Subject Categories

BISAC Subject Codes/Headings:
COM012040
COMPUTERS / Programming / Games
COM053000
COMPUTERS / Security / General
COM083000
COMPUTERS / Security / Cryptography