Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach (Hardcover)

“In this book, the authors adopt a refreshingly new approach to explaining the intricacies of the security and privacy challenge that is particularly well suited to today’s cybersecurity challenges. Their use of the threat–vulnerability–countermeasure paradigm combined with extensive real-world examples throughout results in a very effective learning methodology.”

—Charles C. Palmer, IBM Research 

Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today’s key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer security—so you can prevent serious problems and mitigate the effects of those that still occur.

In this new book, renowned security and software engineering experts Charles P. Pfleeger and Shari Lawrence Pfleeger—authors of the classic Security in Computing—teach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and choosing and applying the right protections. With this approach, not only will you study cases of attacks that have occurred, but you will also learn to apply this methodology to new situations.

The book covers “hot button” issues, such as authentication failures, network interception, and denial of service. You also gain new insight into broader themes, including risk analysis, usability, trust, privacy, ethics, and forensics. One step at a time, the book systematically helps you develop the problem-solving skills needed to protect any information infrastructure.

Coverage includes 

• Understanding threats, vulnerabilities, and countermeasures
• Knowing when security is useful, and when it’s useless “security theater”
• Implementing effective identification and authentication systems
• Using modern cryptography and overcoming weaknesses in cryptographic systems
• Protecting against malicious code: viruses, Trojans, worms, rootkits, keyloggers, and more
• Understanding, preventing, and mitigating DOS and DDOS attacks
• Architecting more secure wired and wireless networks
• Building more secure application software and operating systems through more solid designs and layered protection
• Protecting identities and enforcing privacy
• Addressing computer threats in critical areas such as cloud computing, e-voting, cyberwarfare, and social media

《分析電腦安全》是一本新穎、現代且相關的電腦安全入門書籍。該書圍繞當今的主要攻擊、漏洞和對策組織，幫助您對電腦安全進行批判性和創造性思考，以便預防嚴重問題並減輕已發生問題的影響。

在這本新書中，著名的安全和軟體工程專家Charles P. Pfleeger和Shari Lawrence Pfleeger（《計算機安全》的作者）以現代安全專業人員的方式教授安全知識：通過識別可能造成傷害的人或事物，揭示可以利用的弱點，並選擇並應用適當的保護措施。通過這種方法，您不僅將研究已發生的攻擊案例，還將學習將此方法應用於新情況。

該書涵蓋了“熱門問題”，例如身份驗證失敗、網絡截取和阻斷服務。您還將對更廣泛的主題有新的見解，包括風險分析、可用性、信任、隱私、倫理和取證。逐步地，該書系統地幫助您培養保護任何信息基礎設施所需的解決問題的能力。

內容包括：
- 理解威脅、漏洞和對策
- 知道何時安全有用，何時是無用的“安全劇院”
- 實施有效的識別和驗證系統
- 使用現代加密技術並克服加密系統的弱點
- 防範惡意代碼：病毒、特洛伊木馬、蠕蟲、根套件、鍵盤記錄器等
- 理解、預防和減輕DOS和DDOS攻擊
- 設計更安全的有線和無線網絡
- 通過更堅固的設計和分層保護來構建更安全的應用軟體和操作系統
- 保護身份並執行隱私
- 解決雲計算、電子投票、網絡戰爭和社交媒體等關鍵領域的電腦威脅

這本書以嶄新的方法解釋了安全和隱私挑戰的複雜性，特別適合當今的網絡安全挑戰。威脅-漏洞-對策範式的應用結合了豐富的實際案例，使學習變得非常有效。