Computer Security: Principles and Practice, 3/e (IE-Paperback)

William Stallings, Lawrie Brown




1.Fundamental security design principles: Chapter 1 includes a new section discussing the security design principles listed as fundamental by the National Centers of Academic Excellence in Information Assurance/Cyber Defense, which is jointly sponsored by the U.S. National Security Agency and the U. S. Department of Homeland Security.
2.Attack surfaces and attack trees: Chapter 1 includes a new section describing these two concepts, which are useful in evaluating and classifying security threats.
3.User authentication model: Chapter 3 includes a new description of a general model for user authentication, which helps to unify the discussion of the various approaches to user authentication.
4.Attribute-based access control (ABAC): Chapter 4 has a new section devoted to ABAC, which is becoming increasingly widespread.
5.Identity, credential, and access management (ICAM): Chapter 4 includes a new section on ICAM, which is a comprehensive approach to managing and implementing digital identities (and associated attributes), credentials, and access control.
6.Trust frameworks: Chapter 4 includes a new section on the Open Identity Trust Framework, which is an open, standardized approach to trustworthy identity and attribute exchange that is becoming increasingly widespread.
7.SQL injection attacks: Chapter 5 includes a new section on the SQL injection attack, which is one of the most prevalent and dangerous network-based security threats.
8.Cloud security: The material on cloud security in Chapter 5 has been updated and expanded to reflect its importance and recent developments.
9.Malware: The material on Malware, and on categories of intruders, has been revised to reflect the latest developments, including details of Advanced Persistent Threats, which are most likely due to nation state actors. 10.Intrusion detection/intrusion prevention systems: The material on IDS/IPS has been updated to reflect new developments in the field, including the latest developments in Host-Based Intrusion Detection Systems that assist in implementing a defense-in-depth strategy. 1
1.Human Resources: Security lapses due to human factors and social engineering are of increasing concern, including several recent cases of massive data exfiltration by insiders. Addressing such lapses requires a complex mix of procedural and technical controls, which we review in several significantly revised sections. 1
2.Mobile device security: Mobile device security has become an essential aspect of enterprise network security, especially for devices in the category known as bring your own device (BYOD). A new section covers this important topic. 1
3.SHA-3: This recently adopted cryptographic hash standard is covered in a new appendix.
圖書特色與優點:Easily Integrate Projects in your CourseThis book provides an unparalleled degree of support for including a projects component in the course. The Instructor's Manual not only includes guidance on how to assign and structure the projects, but also includes a set of user's manuals for various project types plus specific assignments, all written especially for this book. Instructors can assign work in the following areas:
1. Hacking exercises: Two projects that enable students to gain an understanding of the issues in intrusion detection and prevention.
2. Laboratory exercises: A series of projects that involve programming and experimenting with concepts from the book.
3.Security education (SEED) projects: The SEED projects are a set of hands-on exercises, or labs, covering a wide range of security topics.
4.Research projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report.
5.Programming projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform.
6.Practical security assessments: A set of exercises to examine current infrastructure and practices of an existing organization.
7.Firewall projects: A portable network firewall visualization simulator is provided, together with exercises for teaching the fundamentals of firewalls.
8.Case studies: A set of real-world case studies, including learning objectives, case description, and a series of case discussion questions.
9.Reading/report assignments: A list of papers that can be assigned for reading and writing a report, plus suggested assignment wording. 10.Writing assignments: A list of writing assignments to facilitate learning the material. 1
1.Webcasts for teaching computer security: A catalog of webcast sites that can be used to enhance the course. An effective way of using this catalog is to select, or allow the student to select, one or a few videos to watch, and then to write a report/analysis of the video.


Ch0: Guide for Readers and Instructors

Ch1: Overview



Ch2: Cryptographic Tools

Ch3: User Authentication

Ch4: Access Control

Ch5: Database and Cloud Security

Ch6: Malicious Software

Ch7: Denial-of-Service Attacks

Ch8: Intrusion Detection

Ch9: Firewalls and Intrusion Prevention Systems



Ch10: Buffer Overflow

Ch11: Software Security

Ch12: Operating System Security

Ch13: Trusted Computing and Multilevel Security



Ch14: IT Security Management and Risk Assessment

Ch15: IT Security Controls, Plans and Procedures

Ch16: Physical and Infrastructure Security

Ch17: Human Resources Security

Ch18: Security Auditing

Ch19 : Legal and Ethical Aspects



Ch20: Symmetric Encryption and Message Confidentiality

Ch21: Public-Key Cryptography and Message Authentication



Ch22: Internet Security Protocols and Standards

Ch23 : Internet Authentication Applications

Ch24: Wireless Network Security


Appendix  A  Projects and Other Student Exercises for Teaching Computer Security






Online chapters, appendices, and other documents are Premium Content, available via the access card printed in the front of the book.


Ch25: Linux Security

Ch26: Windows and Windows Vista Security

Appendix B Some Aspects of Number Theory

Appendix C Standards and Standard-Setting Organizations

Appendix D Random and Pseudorandom Number Generation

Appendix E Message Authentication Codes Based on Block Ciphers

Appendix F TCP/IP Protocol Architecture

Appendix G Radix-64 Conversion

Appendix H Security Policy-Related Documents

Appendix I The Domain Name System

Appendix J The Base-Rate Fallacy

Appendix K SHA-3

Appendix L Glossary