White-Hat Security Arsenal: Tackling the Threats

Aviel D. Rubin

White-Hat Security Arsenal: Tackling the Threats
  • 出版商: Addison Wesley
  • 出版日期: 2001-07-01
  • 定價: $1,650
  • 售價: 5.0$825
  • 語言: 英文
  • 頁數: 368
  • 裝訂: Paperback
  • ISBN: 0201711141
  • ISBN-13: 9780201711141
  • 相關分類: 資訊安全

    • 立即出貨(限量)

買這商品的人也買了...

相關主題

商品描述

 

Description

 

A leading security authority provides a fresh problem-solving approach to security. This arsenal of security techniques provides an explanation of what the real threats are. Aviel Rubin covers every day security issues that every student should know as they move onto the real world - eg. storing data securely, secure data transfer, protecting a network perimeter, online interaction and commerce...each of these are broken down into specific problems and their solutions.

Back to Top


Appropriate Courses



Back to Top

 

Features

  •  

Back to Top

 

Table Of Contents

 

Foreword.
Preface.

 

 

I: IS THERE REALLY A THREAT?

 

 

 

1. Shrouded in Secrecy.
2. Computer Security Risks.

 

What Is at Risk.
Data, Time, and Money.
Confidentiality.
Privacy.
Resource Availability.

Why Risks Exist.
Buggy Code.
The User.
Poor Administration.

Exploiting Risks.
Moving On.


3. The Morris Worm Meets the Love Bug: Computer Viruses and Worms.

 

Terminology.
A Touch of History.
The Morris Worm.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Melissa.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

CIH Chernobyl.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Happy.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Worm.ExploreZip.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Bubbleboy.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Babylonia.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

The Love Bug.
When It Hit and What It Did.
How and Why It Worked.
The Consequences.
How We Recovered.
Lessons Learned.

Summary.
 

II: STORING DATA SECURELY.

 

 


4. Local Storage.

 

 

Physical Security.
Cryptographic Security.
What Can Be Achieved with Cryptography.
Cryptography Is Not Enough.
Basic Encryption and Data Integrity.

Protecting Data with Passwords.
Graphical Passwords.

Cryptographic File Systems.
Case Studies.
CFS.
PGPDisk.
EFS in Windows 2000.

Further Reading.


5. Remote Storage.

 

 

Remote Storage.
NFS Security.
Adding Security.
User Authentication.
Strengthening Passwords.
Access Control Lists and Capabilities.

AFS.
Case Study.
Pathnames.

Further Reading.


6. Secure Backup.

 

 

Secure Backups.
Physical Security.
Backup over a Network.
Key Granularity.
Backup Products.
@backup.
BitSTOR.
Secure Backup Systems.
BackJack.
Datalock.
NetMass SystemSafe.
Saf-T-Net.
Safeguard Interactive.
Veritas Telebackup.

Deleting Backups.
Case Study.
The Client Software.
Incremental Backups.

Further Reading.
 

III: SECURE DATA TRANSFER.

 

 


7. Setting up a Long-Term Association.

 

 

What Is Identity?
Identity in Cyberspace.
Exchanging Public Keys in Person.
Certification Authorities.
Public Key Certificates.

Certificate Hierarchies.
Long-Term Relationships within an Organization.
Global Trust Register.
Revocation.
Long-Term Relationships in the Wild.
Managing Private Keys.
Symmetric Keys.
Case Study.
Summary.
Further Reading.


8. Deriving Session Keys.

 

 

Long-Term Keys Are Not Enough.
What Are Session Keys?
Key Exposure.
Perfect Forward Secrecy.
Security Associations.

Picking a Random Key.
Session Keys from Symmetric Long-Term Keys.
Kerberos.
Another Approach.

Session Keys from Long-Term Public Keys.
Diffie-Hellman Key Exchange.
Session Keys in SSL.

Protocol Design and Analysis.
Case Study.
Clogging Attacks.
ISAKMP Exchanges.
Key Refreshment.
Primes in OAKLEY.

Further Reading.


9. Communicating Securely After Key Setup.

 

 

Protecting Information.
Encryption.
Authentication.

Which Layer Is Best for Security?
Encapsulation.
The Link Layer.
The Network Layer.
The Transport Layer.
The Application Layer.

Replay Prevention.
Case Study.
ESP.
AH.

Further Reading.
 

IV: PROTECTING AGAINST NETWORK THREATS.

 

 


10. Protecting a Network Perimeter.

 

 

Insiders and Outsiders.
Network Perimeter.
Benefits of Firewalls.
Types of Firewalls.
Packet Filters.
Application-Level Gateways.

Using the Firewall.
Configuring Rules.
Web Server Placement.

Exit Control.
Remote Access8.
Logging in Directly.
Dial-up Access.
VPN Access.
Web-Only Access.

Case Study.
Further Reading.


11. Defending against Attacks.

 

 

Bad Guys.
Mapping.
Attacks.
Denial of Service.

Defense.
Defending against Mapping.
Monitoring the Traffic.
Intrusion Detection.
Defense against DDOS.
Other Tools.

Case Study.
Further Reading.
 

V: COMMERCE AND PRIVACY.

 

 


12. Protecting E-Commerce Transactions.

 

 

Credit Cards on the Web.
The SSL Protocol.
Protocol Overview.
Configuring a Browser.
Configuring a Server.
Security.
Performance.
Caching.

Case Study.
How Passport Works.
Risks of Passport.

Further Reading.


13. Protecting Privacy.

 

 

Online Privacy.
What Is at Risk?
E-Mail Privacy.
Protecting E-Mail with Cryptography.
Anonymous E-Mail.

How Is Personal Privacy Compromised?
Direct Methods.
Indirect Methods.

Defense Mechanisms and Countermeasures.
Protecting Data on Your Machine.
Protecting Credit Card Information.
Safeguarding Your Browsing History.
Hiding Your Surfing.
Posting Anonymously to the Web.

Case Study.
Summary.
Further Reading.


Glossary.
Bibliography.
Index. 0201711141T01 001.


Back to Top

 

 

商品描述(中文翻譯)

描述

一位領先的安全專家提供了一種新的解決安全問題的方法。這套安全技術工具包解釋了真正的威脅是什麼。Aviel Rubin涵蓋了每天都應該了解的安全問題,因為學生們即將進入現實世界 - 例如,安全地存儲數據,安全的數據傳輸,保護網絡邊界,線上互動和商業交易...每個問題都被細分為具體的問題和解決方案。

適合的課程

特點

目錄

前言。

前言。

第一部分:真的有威脅嗎?

1. 隱秘的神秘感。

2. 電腦安全風險。

什麼是風險。

數據、時間和金錢。

保密性。

隱私。

資源可用性。

為什麼存在風險。

錯誤的代碼。

用戶。

管理不善。

利用風險。

繼續前進。

3. 莫里斯蠕蟲遇到愛情蟲:電腦病毒和蠕蟲。

術語。

一點歷史。

莫里斯蠕蟲。

它何時出現以及它做了什麼。

它如何以及為什麼運作。

後果。

我們如何恢復。

吸取教訓。

梅麗莎。

它何時出現以及它做了什麼。

它如何以及為什麼運作。

後果。

我們如何恢復。

吸取教訓。

類似商品