Book description
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer security available in one volume. The book offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, applications, and best practices, offering the latest insights into established and emerging technologies and advancements.
With new parts devoted to such current topics as Cloud Security, Cyber-Physical Security, and Critical Infrastructure Security, the book now has 100 chapters written by leading experts in their fields, as well as 12 updated appendices and an expanded glossary. It continues its successful format of offering problem-solving techniques that use real-life case studies, checklists, hands-on exercises, question and answers, and summaries.
Chapters new to this edition include such timely topics as Cyber Warfare, Endpoint Security, Ethical Hacking, Internet of Things Security, Nanoscale Networking and Communications Security, Social Engineering, System Forensics, Wireless Sensor Network Security, Verifying User and Host Identity, Detecting System Intrusions, Insider Threats, Security Certification and Standards Implementation, Metadata Forensics, Hard Drive Imaging, Context-Aware Multi-Factor Authentication, Cloud Security, Protecting Virtual Infrastructure, Penetration Testing, and much more.
Online chapters can also be found on the book companion website:
https://www.elsevier.com/books-and-journals/book-companion/9780128038437
- Written by leaders in the field
- Comprehensive and up-to-date coverage of the latest security technologies, issues, and best practices
- Presents methods for analysis, along with problem-solving techniques for implementing practical solutions
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedication
- Contributors
- About the Editor
- Foreword
- Preface
- Acknowledgments
-
Part I. Overview of System and Network Security: A Comprehensive Introduction
- Chapter 1. Information Security in the Modern Enterprise
-
Chapter 2. Building a Secure Organization
- 1. Obstacles to Security
- 2. Computers Are Powerful and Complex
- 3. Current Trend Is to Share, Not Protect
- 4. Security Is Not About Hardware and Software
- 5. Ten Steps to Building a Secure Organization
- 6. Preparing for the Building of Security Control Assessments
- 7. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 3. A Cryptography Primer
-
Chapter 4. Verifying User and Host Identity
- 1. Introduction: Verifying the User
- 2. Identity Access Management: Authentication and Authorization
- 3. Synthetic or Real User Logging
- 4. Verifying a User in Cloud Environments
- 5. Verifying Hosts
- 6. Verifying Host Domain Name System and Internet Protocol Information
- 7. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 5. Detecting System Intrusions
- 1. Introduction
- 2. Developing Threat Models
- 3. Securing Communications
- 4. Network Security Monitoring and Intrusion Detection Systems
- 5. Installing Security Onion to a Bare-Metal Server
- 6. Putting It All Together
- 7. Securing Your Installation
- 8. Managing an Intrusion Detection System in a Network Security Monitoring Framework
- 9. Setting the Stage
- 10. Alerts and Events
- 11. Sguil: Tuning Graphics Processing Unit Rules, Alerts, and Responses
- 12. Developing Process
- 13. Understanding, Exploring, and Managing Alerts
- 14. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 6. Intrusion Detection in Contemporary Environments
- 1. Introduction
- 2. Mobile Operating Systems
- 3. Mobile Device Malware Risks
- 4. Cloud Computing Models
- 5. Cloud Computing Attack Risks
- 6. Source of Attacks on Mobile Devices
- 7. Source or Origin of Intrusions in Cloud Computing
- 8. Classes of Mobile Malware
- 9. Types of Cloud Computing Attacks
- 10. Malware Techniques in Android
- 11. Cloud Computing Intrusions Techniques
- 12. Examples of Smartphone Malware
- 13. Examples of Cloud Attacks
- 14. Types of Intrusion Detection Systems for Mobile Devices
- 15. Types of Intrusion Detection Systems for Cloud Computing
- 16. Intrusion Detection System Performance Metrics
- 17. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 7. Preventing System Intrusions
- 1. So, What Is an Intrusion?
- 2. Sobering Numbers
- 3. Know Your Enemy: Hackers Versus Crackers
- 4. Motives
- 5. The Crackers' Tools of the Trade
- 6. Bots
- 7. Symptoms of Intrusions
- 8. What Can You Do?
- 9. Security Policies
- 10. Risk Analysis
- 11. Tools of Your Trade
- 12. Controlling User Access
- 13. Intrusion Prevention Capabilities
- 14. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 8. Guarding Against Network Intrusions
-
Chapter 9. Fault Tolerance and Resilience in Cloud Computing Environments
- 1. Introduction
- 2. Cloud Computing Fault Model
- 3. Basic Concepts of Fault Tolerance
- 4. Different Levels of Fault Tolerance in Cloud Computing
- 5. Fault Tolerance Against Crash Failures in Cloud Computing
- 6. Fault Tolerance Against Byzantine Failures in Cloud Computing
- 7. Fault Tolerance as a Service in Cloud Computing
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 10. Securing Web Applications, Services, and Servers
-
Chapter 11. UNIX and Linux Security
- 1. Introduction
- 2. UNIX and Security
- 3. Basic UNIX Security Overview
- 4. Achieving UNIX Security
- 5. Protecting User Accounts and Strengthening Authentication
- 6. Limiting Superuser Privileges
- 7. Securing Local and Network File Systems
- 8. Network Configuration
- 9. Improving the Security of Linux and UNIX Systems
- 10. Additional Resources
- 11. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 12. Eliminating the Security Weakness of Linux and UNIX Operating Systems
- Chapter 13. Internet Security
- Chapter 14. The Botnet Problem
-
Chapter 15. Intranet Security
- 1. Smartphones and Tablets in the Intranet
- 2. Security Considerations
- 3. Plugging the Gaps: Network Access Control and Access Control
- 4. Measuring Risk: Audits
- 5. Guardian at the Gate: Authentication and Encryption
- 6. Wireless Network Security
- 7. Shielding the Wire: Network Protection
- 8. Weakest Link in Security: User Training
- 9. Documenting the Network: Change Management
- 10. Rehearse the Inevitable: Disaster Recovery
- 11. Controlling Hazards: Physical and Environmental Protection
- 12. Know Your Users: Personnel Security
- 13. Protecting Data Flow: Information and System Integrity
- 14. Security Assessments
- 15. Risk Assessments
- 16. Intranet Security Implementation Process Checklist
- 17. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter e16. Local Area Network Security
- 1. Identify Network Threats
- 2. Establish Network Access Controls
- 3. Risk Assessment
- 4. Listing Network Resources
- 5. Threats
- 6. Security Policies
- 7. The Incident-Handling Process
- 8. Secure Design Through Network Access Controls
- 9. Intrusion Detection System Defined
- 10. Network Intrusion Detection System: Scope and Limitations
- 11. A Practical Illustration of Network Intrusion Detection System
- 12. Firewalls
- 13. Dynamic Network Address Translation Configuration
- 14. The Perimeter
- 15. Access List Details
- 16. Types of Firewalls
- 17. Packet Filtering: Internet Protocol Filtering Routers
- 18. Application-Layer Firewalls: Proxy Servers
- 19. Stateful Inspection Firewalls
- 20. Network Intrusion Detection System Complements Firewalls
- 21. Monitor and Analyze System Activities
- 22. Signature Analysis
- 23. Statistical Analysis
- 24. Signature Algorithms
- 25. Local Area Network Security Countermeasures Implementation Checklist
- 26. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 17. Wireless Network Security
- 1. Cellular Networks
- 2. Wireless Ad Hoc Networks
- 3. Security Protocols
- 4. Wired Equivalent Privacy
- 5. Secure Routing
- 6. Authenticated Routing for Ad Hoc Networks
- 7. Secure Link State Routing Protocol
- 8. Key Establishment
- 9. Ingemarsson, Tang, and Wong
- 10. Management Countermeasures
- 11. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 18. Wireless Sensor Network Security: The Internet of Things
- 1. Introduction to Wireless Sensor Networks
- 2. Threats to Privacy
- 3. Cryptographic Security in Wireless Sensor Networks
- 4. Secure Routing in Wireless Sensor Networks
- 5. Routing Protocols in Wireless Sensor Networks
- 6. Wireless Sensor Networks and Internet of Things
- 7. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 19. Security for the Internet of Things
- Chapter 20. Cellular Network Security
- Chapter 21. Radio Frequency Identification Security
- Chapter e22. Optical Network Security
- Chapter e23. Optical Wireless Security
-
Part II. Managing Information Security
-
Chapter 24. Information Security Essentials for Information Technology Managers: Protecting Mission-Critical Systems
- 1. Introduction
- 2. Protecting Mission-Critical Systems
- 3. Information Security Essentials for Information Technology Managers
- 4. Systems and Network Security
- 5. Application Security
- 6. Cloud Security
- 7. Data Protection
- 8. Wireless and Mobile Security
- 9. Identity and Access Management
- 10. Security Operations
- 11. Policies, Plans, and Programs
- 12. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 25. Security Management Systems
- 1. Security Management System Standards
- 2. Training Requirements
- 3. Principles of Information Security
- 4. Roles and Responsibilities of Personnel
- 5. Security Policies
- 6. Security Controls
- 7. Network Access
- 8. Risk Assessment
- 9. Incident Response
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 26. Policy-Driven System Management
- Chapter e27. Information Technology Security Management
- Chapter e28. The Enemy (The Intruder's Genesis)
- Chapter 29. Social Engineering Deceptions and Defenses
- Chapter 30. Ethical Hacking
-
Chapter 31. What Is Vulnerability Assessment?
- 1. Introduction
- 2. Reporting
- 3. The “It Will Not Happen to Us” Factor
- 4. Why Vulnerability Assessment?
- 5. Penetration Testing Versus Vulnerability Assessment
- 6. Vulnerability Assessment Goal
- 7. Mapping the Network
- 8. Selecting the Right Scanners
- 9. Central Scans Versus Local Scans
- 10. Defense in Depth Strategy
- 11. Vulnerability Assessment Tools
- 12. Security Auditor's Research Assistant
- 13. Security Administrator's Integrated Network Tool
- 14. Microsoft Baseline Security Analyzer
- 15. Scanner Performance
- 16. Scan Verification
- 17. Scanning Cornerstones
- 18. Network Scanning Countermeasures
- 19. Vulnerability Disclosure Date
- 20. Proactive Security Versus Reactive Security
- 21. Vulnerability Causes
- 22. Do It Yourself Vulnerability Assessment
- 23. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e32. Security Metrics: An Introduction and Literature Review
-
Chapter 33. Security Education, Training, and Awareness
- 1. Security Education, Training, and Awareness (SETA) Programs
- 2. Users, Behavior, and Roles
- 3. Security Education, Training, and Awareness (SETA) Program Design
- 4. Security Education, Training, and Awareness (SETA) Program Development
- 5. Implementation and Delivery
- 6. Technologies and Platforms
- 7. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 34. Risk Management
- Chapter 35. Insider Threat
-
Chapter 24. Information Security Essentials for Information Technology Managers: Protecting Mission-Critical Systems
- Part III. Disaster Recovery Security
- Part IV. Security Standards and Policies
-
Part V. Cyber, Network, and Systems Forensics Security and Assurance
-
Chapter 40. Cyber Forensics
- 1. What Is Cyber Forensics?
- 2. Analysis of Data
- 3. Cyber Forensics in the Court System
- 4. Understanding Internet History
- 5. Temporary Restraining Orders and Labor Disputes
- 6. First Principles
- 7. Hacking a Windows XP Password
- 8. Network Analysis
- 9. Cyber Forensics Applied
- 10. Tracking, Inventory, Location of Files, Paperwork, Backups, and So on
- 11. Testifying as an Expert
- 12. Beginning to End in Court
- 13. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 41. Cyber Forensics and Incidence Response
- 1. Introduction to Cyber Forensics
- 2. Handling Preliminary Investigations
- 3. Controlling an Investigation
- 4. Conducting Disc-Based Analysis
- 5. Investigating Information-Hiding Techniques
- 6. Scrutinizing Email
- 7. Validating Email Header Information
- 8. Tracing Internet Access
- 9. Searching Memory in Real Time
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 42. Securing e-Discovery
- Chapter e43. Network Forensics
- Chapter 44. Microsoft Office and Metadata Forensics: A Deeper Dive
- Chapter 45. Hard Drive Imaging
-
Chapter 40. Cyber Forensics
-
Part VI. Encryption Technology
-
Chapter e46. Data Encryption
- 1. Need for Cryptography
- 2. Mathematical Prelude to Cryptography
- 3. Classical Cryptography
- 4. Modern Symmetric Ciphers
- 5. Algebraic Structure
- 6. The Internal Functions of Rijndael in Advanced Encryption Standard Implementation
- 7. Use of Modern Block Ciphers
- 8. Public-Key Cryptography
- 9. Cryptanalysis of Rivest–Shamir–Adleman
- 10. Diffie–Hellman Algorithm
- 11. Elliptic Curve Cryptosystems
- 12. Message Integrity and Authentication
- 13. Triple Data Encryption Algorithm Block Cipher
- 14. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 47. Satellite Encryption
-
Chapter 48. Public Key Infrastructure
- 1. Cryptographic Background
- 2. Overview of Public Key Infrastructure
- 3. The X.509 Model
- 4. X.509 Implementation Architectures
- 5. X.509 Certificate Validation
- 6. X.509 Certificate Revocation
- 7. Server-Based Certificate Validity Protocol
- 8. X.509 Bridge Certification Systems
- 9. X.509 Certificate Format
- 10. Public Key Infrastructure Policy Description
- 11. Public Key Infrastructure Standards Organizations
- 12. Pretty Good Privacy Certificate Formats
- 13. Pretty Good Privacy Public Key Infrastructure Implementations
- 14. World Wide Web Consortium
- 15. Is Public Key Infrastructure Secure?
- 16. Alternative Public Key Infrastructure Architectures
- 17. Modified X.509 Architectures
- 18. Alternative Key Management Models
- 19. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e49. Password-Based Authenticated Key Establishment Protocols
- Chapter 50. Context-Aware Multifactor Authentication Survey
-
Chapter 51. Instant-Messaging Security
- 1. Why Should I Care About Instant Messaging?
- 2. What Is Instant Messaging?
- 3. The Evolution of Networking Technologies
- 4. Game Theory and Instant Messaging
- 5. The Nature of the Threat
- 6. Common Instant Messaging Applications
- 7. Defensive Strategies
- 8. Instant-Messaging Security Maturity and Solutions
- 9. Processes
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter e46. Data Encryption
-
Part VII. Privacy and Access Management
- Chapter 52. Online Privacy
-
Chapter 53. Privacy-Enhancing Technologies
- 1. The Concept of Privacy
- 2. Legal Privacy Principles
- 3. Classification of Privacy-Enhancing Technologies (PETs)
- 4. Traditional Privacy Goals of Privacy-Enhancing Technologies (PETs)
- 5. Privacy Metrics
- 6. Data Minimization Technologies
- 7. Transparency-Enhancing Tools
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter e54. Personal Privacy Policies
- 1. Introduction
- 2. Content of Personal Privacy Policies
- 3. Semiautomated Derivation of Personal Privacy Policies
- 4. Specifying Well-Formed Personal Privacy Policies
- 5. Preventing Unexpected Negative Outcomes
- 6. The Privacy Management Model
- 7. Discussion and Related Work
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 55. Detection of Conflicts in Security Policies
-
Chapter 56. Supporting User Privacy Preferences in Digital Interactions
- 1. Introduction
- 2. Basic Concepts and Desiderata
- 3. Cost-Sensitive Trust Negotiation
- 4. Point-Based Trust Management
- 5. Logical-Based Minimal Credential Disclosure
- 6. Privacy Preferences in Credential-Based Interactions
- 7. Fine-Grained Disclosure of Sensitive Access Policies
- 8. Open Issues
- 9. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 57. Privacy and Security in Environmental Monitoring Systems: Issues and Solutions
-
Chapter 58. Virtual Private Networks
- 1. History
- 2. Who Is in Charge?
- 3. Virtual Private Network Types
- 4. Authentication Methods
- 5. Symmetric Encryption
- 6. Asymmetric Cryptography
- 7. Edge Devices
- 8. Passwords
- 9. Hackers and Crackers
- 10. Mobile Virtual Private Network
- 11. Virtual Private Network Deployments
- 12. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e59. Identity Theft
- Chapter 60. VoIP Security
-
Part VIII. Storage Security
-
Chapter e61. SAN Security
- 1. Organizational Structure
- 2. Access Control Lists and Policies
- 3. Physical Access
- 4. Change Management
- 5. Password Policies
- 6. Defense-in-Depth
- 7. Vendor Security Review
- 8. Data Classification
- 9. Security Management
- 10. Auditing
- 11. Security Maintenance
- 12. Host Access: Partitioning
- 13. Data Protection: Replicas
- 14. Encryption in Storage
- 15. Application of Encryption
- 16. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 62. Storage Area Networking Security Devices
- 1. What Is Storage Area Networking (SAN)?
- 2. Storage Area Networking (SAN) Deployment Justifications
- 3. The Critical Reasons for Storage Area Networking (SAN) Security
- 4. Storage Area Networking (SAN) Architecture and Components
- 5. Storage Area Networking (SAN) General Threats and Issues
- 6. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter e61. SAN Security
-
Part IX. Cloud Security
-
Chapter 63. Securing Cloud Computing Systems
- 1. Cloud Computing Essentials: Examining the Cloud Layers
- 2. Software as a Service: Managing Risks in the Cloud
- 3. Platform as a Service: Securing the Platform
- 4. Infrastructure as a Service
- 5. Leveraging Provider-Specific Security Options
- 6. Achieving Security in a Private Cloud
- 7. Meeting Compliance Requirements
- 8. Preparing for Disaster Recovery
- 9. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 64. Cloud Security
- 1. Cloud Overview: Public, Private, Hybrid
- 2. Cloud Security Threats
- 3. Internet Service Provider Cloud Virtual Private Network Peering Services
- 4. Cloud Access Security Brokers
- 5. Cloud Encryption
- 6. Cloud Security Microsegmentation
- 7. Cloud Security Compliance
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 65. Private Cloud Security
- 1. Introduction: Private Cloud System Management
- 2. From Physical to Network Security Base Focus
- 3. Benefits of Private Cloud Security Infrastructures
- 4. Private Cloud Security Standards and Best Practices
- 5. “As-a-Service” Universe: Service Models
- 6. Private Cloud Service Model: Layer Considerations
- 7. Privacy or Public: The Cloud Security Challenges
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 66. Virtual Private Cloud Security
- 1. Introduction: Virtual Networking in a Private Cloud
- 2. Security Console: Centralized Control Dashboard Management
- 3. Security Designs: Virtual Private Cloud Setups
- 4. Security Object Group Allocations: Functional Control Management Practices
- 5. Virtual Private Cloud Performance Versus Security
- 6. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 63. Securing Cloud Computing Systems
-
Part X. Virtual Security
- Chapter 67. Protecting Virtual Infrastructure
-
Chapter 68. Software-Defined Networking and Network Function Virtualization Security
- 1. Introduction to Software-Defined Networking
- 2. Software-Defined Networking and Network Function Virtualization Overview
- 3. Software-Defined Networking and Network Function Virtualization for Internet Service Providers
- 4. Software-Defined Networking Controller Security
- 5. Improved Patching With Software-Defined Networking
- 6. Dynamic Security Service Chaining in Software-Defined Networking
- 7. Future Virtualized Management Security Support in Software-Defined Networking
- 8. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Part XI. Cyber Physical Security
-
Chapter 69. Physical Security Essentials
- 1. Overview
- 2. Physical Security Threats
- 3. Physical Security Prevention and Mitigation Measures
- 4. Recovery From Physical Security Breaches
- 5. Threat Assessment, Planning, and Plan Implementation
- 6. Example: A Corporate Physical Security Policy
- 7. Integration of Physical and Logical Security
- 8. Physical Security Checklist
- 9. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e70. Biometrics
-
Chapter 69. Physical Security Essentials
-
Part XII. Practical Security
- Chapter 71. Online Identity and User Management Services
-
Chapter 72. Intrusion Prevention and Detection Systems
- 1. What Is an “Intrusion” Anyway?
- 2. Physical Theft
- 3. Abuse of Privileges (the Insider Threat)
- 4. Unauthorized Access by Outsider
- 5. Malicious Software Infection
- 6. Role of the “Zero-Day”
- 7. The Rogue's Gallery: Attackers and Motives
- 8. A Brief Introduction to Transmission Control Protocol/Internet Protocol
- 9. Transmission Control Protocol/Internet Protocol Data Architecture and Data Encapsulation
- 10. Survey of Intrusion Detection and Prevention Technologies
- 11. Antimalicious Software
- 12. Network-Based Intrusion Detection Systems
- 13. Network-Based Intrusion Prevention Systems
- 14. Host-Based Intrusion Prevention Systems
- 15. Security Information Management Systems
- 16. Network Session Analysis
- 17. Digital Forensics
- 18. System Integrity Validation
- 19. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e73. Transmission Control Protocol/Internet Protocol Packet Analysis
-
Chapter e74. Firewalls
- 1. Introduction
- 2. Network Firewalls
- 3. Firewall Security Policies
- 4. A Simple Mathematical Model for Policies, Rules, and Packets
- 5. First-Match Firewall Policy Anomalies
- 6. Policy Optimization
- 7. Firewall Types
- 8. Host and Network Firewalls
- 9. Software and Hardware Firewall Implementations
- 10. Choosing the Correct Firewall
- 11. Firewall Placement and Network Topology
- 12. Firewall Installation and Configuration
- 13. Supporting Outgoing Services Through Firewall Configuration
- 14. Secure External Services Provisioning
- 15. Network Firewalls for Voice and Video Applications
- 16. Firewalls and Important Administrative Service Protocols
- 17. Internal IP Services Protection
- 18. Firewall Remote Access Configuration
- 19. Load Balancing and Firewall Arrays
- 20. Highly Available Firewalls
- 21. Firewall Management
- 22. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 75. Penetration Testing
- Chapter e76. System Security
- Chapter 77. Access Controls
-
Chapter 78. Endpoint Security
- 1. Introduction: Endpoint Security Defined
- 2. Endpoint Solution: Options
- 3. Standard Requirements: Security Decisions
- 4. Endpoint Architecture: Functional Challenges
- 5. Endpoint Intrusion Security: Management Systems
- 6. Intrusion Prevention System (IPS) Network Logging Tools: Seek and Target (the Offender)
- 7. Endpoint Unification: Network Access Control (NAC) Design Approach (From the Ground-Up)
- 8. Software-as-a-Service (SaaS) Endpoint Security
- 9. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter e79. Assessments and Audits
- Chapter 80. Fundamentals of Cryptography
- Part XIII. Critical Infrastructure Security
-
Part XIV. Advanced Security
-
Chapter 85. Security Through Diversity
- 1. Ubiquity
- 2. Example Attacks Against Uniformity
- 3. Attacking Ubiquity With Antivirus Tools
- 4. The Threat of Worms
- 5. Automated Network Defense
- 6. Diversity and the Browser
- 7. Sandboxing and Virtualization
- 8. Domain Name Server Example of Diversity Through Security
- 9. Recovery From Disaster Is Survival
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 86. e-Reputation and Online Reputation Management Survey
-
Chapter e87. Content Filtering
- 1. Defining the Problem
- 2. Why Content Filtering Is Important
- 3. Content Categorization Technologies
- 4. Perimeter Hardware and Software Solutions
- 5. Categories
- 6. Legal Issues
- 7. Circumventing Content Filtering
- 8. Additional Items to Consider: Overblocking and Underblocking
- 9. Related Products
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 88. Data Loss Protection
- 1. Precursors of DLP
- 2. What Is Data Loss Protection (DLP)?
- 3. Where to Begin?
- 4. Data Is Like Water
- 5. You Don't Know What You Don't Know
- 6. How Do Data Loss Protection (DLP) Applications Work?
- 7. Eat Your Vegetables
- 8. IT's a Family Affair, Not Just IT Security's Problem
- 9. Vendors, Vendors Everywhere! Who Do You Believe?
- 10. Summary
- Chapter Review Questions/Exercises
- Exercise
- Chapter 89. Satellite Cyber Attack Search and Destroy
- Chapter e90. Verifiable Voting Systems
- Chapter 91. Advanced Data Encryption
-
Chapter 85. Security Through Diversity
-
Part XV. Appendices
- Appendix eA. Configuring Authentication Service On Microsoft Windows 10
- Appendix eB. Security Management and Resiliency
- Appendix eC. List of Top Information and Network Security Implementation and Deployment Companies
- Appendix eD. List of Security Products
- Appendix eE. List of Security Standards
- Appendix eF. List of Miscellaneous Security Resources
- Appendix eG. Ensuring Built-in, Frequency-Hopping Spread-Spectrum, Wireless Network Security
- Appendix eH. Configuring Wireless Security Remote Access
- Appendix eI. Frequently Asked Questions
- Appendix eJ. Case Studies
- Appendix eK. Answers to Review Questions/Exercises, Hands-on Projects, Case Projects and Optional Team Case Project by Chapter
- Appendix eL. Glossary
- Index
Product information
- Title: Computer and Information Security Handbook, 3rd Edition
- Author(s):
- Release date: May 2017
- Publisher(s): Morgan Kaufmann
- ISBN: 9780128039298
You might also like
book
Computer and Information Security Handbook, 2nd Edition
The second edition of this comprehensive handbook of computer and information security provides the most complete …
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
Fundamentals of Information Systems Security, 4th Edition
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers …
book
Defensive Security Handbook, 2nd Edition
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have …