Read more
Informationen zum Autor Dieter Gollmann , Technical University of Hamburg-Harburg. Klappentext A completely up-to-date resource on computer securityAssuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing security systems and what makes them different from one another.* Unravels the complex topic of computer security and breaks it down in such a way as to serve as an ideal introduction for beginners in the field of computer security* Examines the foundations of computer security and its basic principles* Addresses username and password, password protection, single sign-on, and more* Discusses operating system integrity, hardware security features, and memory* Covers Unix security, Windows security, database security, network security, web security, and software securityPacked with in-depth coverage, this resource spares no details when it comes to the critical topic of computer security. Zusammenfassung A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. Inhaltsverzeichnis Preface xvii CHAPTER 1 - History of Computer Security 1 1.1 The Dawn of Computer Security 2 1.2 1970s - Mainframes 3 1.3 1980s - Personal Computers 4 1.4 1990s - Internet 6 1.5 2000s - The Web 8 1.6 Conclusions - The Benefits of Hindsight 10 1.7 Exercises 11 CHAPTER 2 - Managing Security 13 2.1 Attacks and Attackers 14 2.2 Security Management 15 2.3 Risk and Threat Analysis 21 2.4 Further Reading 29 2.5 Exercises 29 CHAPTER 3 - Foundations of Computer Security 31 3.1 Definitions 32 3.2 The Fundamental Dilemma of Computer Security 40 3.3 Data vs Information 40 3.4 Principles of Computer Security 41 3.5 The Layer Below 45 3.6 The Layer Above 47 3.7 Further Reading 47 3.8 Exercises 48 CHAPTER 4 - Identification and Authentication 49 4.1 Username and Password 50 4.2 Bootstrapping Password Protection 51 4.3 Guessing Passwords 52 4.4 Phishing, Spoofing, and Social Engineering 54 4.5 Protecting the Password File 56 4.6 Single Sign-on 58 4.7 Alternative Approaches 59 4.8 Further Reading 63 4.9 Exercises 63 CHAPTER 5 - Access Control 65 5.1 Background 66 5.2 Authentication and Authorization 66 5.3 Access Operations 68 5.4 Access Control Structures 71 5.5 Ownership 73 5.6 Intermediate Controls 74 5.7 Policy Instantiation 79 5.8 Comparing Security Attributes 79 5.9 Further Reading 84 5.10 Exercises 84 CHAPTER 6 - Reference Monitors 87 6.1 Introduction 88 6.2 Operating System Integrity 90 6.3 Hardware Security Features 91 6.4 Protecting Memory 99 6.5 Further Reading 103 6.6 Exercises 104 CHAPTER 7 - Unix Security 107 7.1 Introduction 108 7.2 Principals 109 7.3 Subjects 111 7.4 Objects 113 7.5 Access Control 116 7.6 Instances of General Security Principles 119 7.7 Management Issues 125 7.8 Further Reading 128 <...
