Verfügbarkeit: Security in computing

Security in computing:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Pfleeger, Charles P. 1948- (VerfasserIn), Pfleeger, Shari Lawrence (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Upper Saddle River, NJ [u.a.] Prentice Hall 2007
Ausgabe:	4. ed., 3. printing
Schlagworte:	Datensicherung Privacy, Right of Protection de l'information (Informatique) Rechnernetz Systèmes informatiques - Sécurité - Mesures Computer security Data protection Datenschutz Computersicherheit
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	XXIX, 845 S. Ill., graph. Darst.
ISBN:	0132390779

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV023022304
003	DE-604
005	00000000000000.0
007	t
008	071127s2007 xxuad\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 0132390779 \|9 0-13-239077-9
035			\|a (OCoLC)71004261
035			\|a (DE-599)BVBBV023022304
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-355
050		0	\|a QA76.9.A25
082	0		\|a 005.8
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Pfleeger, Charles P. \|d 1948- \|e Verfasser \|0 (DE-588)13308678X \|4 aut
245	1	0	\|a Security in computing \|c Charles P. Pfleeger ; Shari Lawrence Pfleeger
250			\|a 4. ed., 3. printing
264		1	\|a Upper Saddle River, NJ [u.a.] \|b Prentice Hall \|c 2007
300			\|a XXIX, 845 S. \|b Ill., graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650		7	\|a Datensicherung \|2 swd
650		4	\|a Privacy, Right of
650		4	\|a Protection de l'information (Informatique)
650		7	\|a Rechnernetz \|2 swd
650		4	\|a Systèmes informatiques - Sécurité - Mesures
650		4	\|a Computer security
650		4	\|a Data protection
650		4	\|a Privacy, Right of
650	0	7	\|a Datenschutz \|0 (DE-588)4011134-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Rechnernetz \|0 (DE-588)4070085-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
689	0	0	\|a Rechnernetz \|0 (DE-588)4070085-9 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	2	\|a Datenschutz \|0 (DE-588)4011134-9 \|D s
689	0	3	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0		\|8 1\p \|5 DE-604
700	1		\|a Pfleeger, Shari Lawrence \|e Verfasser \|0 (DE-588)133086836 \|4 aut
856	4	2	\|m Digitalisierung UB Regensburg \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016226340&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-016226340
883	1		\|8 1\p \|a cgwrk \|d 20201028 \|q DE-101 \|u https://d-nb.info/provenance/plan#cgwrk

Datensatz im Suchindex

_version_	1804137242759790592
adam_text	Contents Foreword xix Preface xxv Chapter 1 Is There a Security Problem in Computing? 1 1.1 What Does Secure Mean? 1 Protecting Valuables 2 Characteristics of Computer Intrusion 4 1.2 Attacks 5 Vulnerabilities, Threats, Attacks, and Controls 6 Method, Opportunity, and Motive 8 1.3 The Meaning of Computer Security 9 Security Goals 10 Vulnerabilities 13 1.4 Computer Criminals 21 Amateurs 21 Crackers or Malicious Hackers 22 Career Criminals 22 Terrorists 23 1.5 Methods of Defense 23 Controls 24 Effectiveness of Controls 28 1.6 What s Next 30 Encryption Overview 30 Hardware and Software Security 30 Human Controls in Security 31 VI Chapter 2 Contents Encryption In-Depth 32 1.7 Summary 32 1.8 Terms and Concepts 32 1.9 Where the Field Is Headed 33 1.10 To Learn More 34 1.11 Exercises 34 2 Elementary Cryptography 37 2.1 Terminology and Background 38 Terminology 38 Representing Characters 43 2.2 Substitution Ciphers 44 The Caesar Cipher 44 Other Substitutions 46 One-Time Pads 50 Summary of Substitutions 54 2.3 Transpositions (Permutations) 55 Columnar Transpositions 55 Combinations of Approaches 58 2.4 Making Good Encryption Algorithms 59 What Makes a Secure Encryption Algorithm? 60 Symmetric and Asymmetric Encryption Systems 62 Stream and Block Ciphers 62 Confusion and Diffusion 63 Cryptanalysis — Breaking Encryption Schemes 65 2.5 The Data Encryption Standard 68 Background and History 68 Overview of the DES Algorithm 69 Double and Triple DES 70 Security of the DES 71 2.6 The AES Encryption Algorithm 72 The AES Contest 72 Overview of Rijndael 73 Strength of the Algorithm 73 Comparison of DES and AES 73 2.7 Public Key Encryption 75 Motivation 76 Characteristics 77 Rivest-Shamir-Adelman (RSA) Encryption 77 Chapter 3 Contents vii 2.8 The Uses of Encryption 79 Cryptographic Hash Functions 79 Key Exchange 80 Digital Signatures 82 Certificates 84 2.9 Summary of Encryption 91 2.10 Terms and Concepts 92 2.11 Where the Field Is Headed 93 2.12 To Learn More 94 2.13 Exercises 94 Program Security 98 3.1 Secure Programs 99 Fixing Faults 99 Unexpected Behavior 101 Types of Flaws 103 3.2 Nonmalicious Program Errors 103 Buffer Overflows 104 Incomplete Mediation 107 Time-of-Check to Time-of-Use Errors 109 Combinations of Nonmalicious Program Flaws 111 3.3 Viruses and Other Malicious Code 111 Why Worry About Malicious Code? 113 Kinds of Malicious Code 114 How Viruses Attach 117 Document Viruses 119 How Viruses Gain Control 120 Homes for Viruses 121 Virus Signatures 124 The Source of Viruses 128 Prevention of Virus Infection 129 Truths and Misconceptions About Viruses 131 First Example of Malicious Code: The Brain Virus 133 Example: The Internet Worm 134 More Malicious Code: Code Red 137 Malicious Code on the Web: Web Bugs 139 3.4 Targeted Malicious Code 141 Trapdoors 141 Salami Attack 144 viii Contents Chapter 4 Rootkits and the Sony XCP 145 Privilege Escalation 147 Interface Illusions 148 Keystroke Logging 149 Man-in-the-Middle Attacks 149 Timing Attacks 150 Covert Channels: Programs That Leak Information 150 3.5 Controls Against Program Threats 160 Developmental Controls 160 Program Controls in General 181 З.б Summary of Program Threats and Controls 181 3.7 Terms and Concepts 182 3.8 Where the Field Is Headed 183 3.9 To Learn More 185 3.10 Exercises 185 Protection in General-Purpose Operating Systems 188 4.1 Protected Objects and Methods of Protection 189 A Bit of History 789 Protected Objects 190 Security Methods of Operating Systems 190 4.2 Memory and Address Protection 193 Fence 193 Relocation 194 Base/Bounds Registers 195 Tagged Architecture 196 Segmentation 199 Paging 202 Combined Paging with Segmentation 203 4.3 Control of Access to General Objects 204 Directory 205 Access Control List 208 Access Control Matrix 210 Capability 210 Kerberos 213 Procedure-Oriented Access Control 214 Role-Based Access Control 215 4.4 File Protection Mechanisms 215 Chapter 5 Contents IX Basic Forms of Protection 275 Individual Permissions 217 Per-Object and Per-User Protection 219 4.5 User Authentication 219 Passwords as Authenticators 221 Additional Authentication Information 221 Attacks on Passwords 221 Password Selection Criteria 229 The Authentication Process 232 Biometrics: Authentication Not Using Passwords 234 4.6 Summary of Security for Users 236 4.7 Terms and Concepts 237 4.8 Where the Field Is Headed 238 4.9 To Learn More 239 4.10 Exercises 239 Designing Trusted Operating Systems 242 5.1 What Is a Trusted System? 243 5.2 Security Policies 245 Military Security Policy 246 Commercial Security Policies 248 5.3 Models of Security 252 Multilevel Security 253 Models Proving Theoretical Limitations of Security Systems 257 Summary of Models of Protection Systems 263 5.4 Trusted Operating System Design 264 Trusted System Design Elements 265 Security Features of Ordinary Operating Systems 268 Security Features of Trusted Operating Systems 268 Kernelized Design 274 Separation/Isolation 279 Virtualization 280 Layered Design 283 5.5 Assurance in Trusted Operating Systems 287 Typical Operating System Flaws 288 Assurance Methods 290 Open Source 295 Evaluation 296 Contents Chapter 6 5.6 Summary of Security in Operating Systems 312 5.7 Terms and Concepts 313 5.8 Where the Field Is Headed 315 5.9 To Learn More 315 5.10 Exercises 316 Database and Data Mining Security 318 6.1 Introduction to Databases 319 Concept of a Database 379 Components of Databases 319 Advantages of Using Databases 323 6.2 Security Requirements 324 Integrity of the Database 324 Element Integrity 325 Auditability 326 Access Control 327 User Authentication 328 Availability 328 Integrity/ConfidentialitylAvailability 329 6.3 Reliability and Integrity 329 Protection Features from the Operating System 329 Two-Phase Update 330 Redundancy/Internal Consistency 332 Recovery 332 Concurrency/Consistency 333 Monitors 334 Summary of Data Reliability 335 6.4 Sensitive Data 335 Access Decisions 337 Types of Disclosures 338 Security versus Precision 339 6.5 Inference 341 Direct Attack 342 Indirect Attack 343 Aggregation 350 6.6 Multilevel Databases 351 The Case for Differentiated Security 352 Granularity 354 Security Issues 354 Contents XI 6.7 Proposals for Multilevel Security 356 Separation 356 Designs of Multilevel Secure Databases 359 Trusted Front End 360 Practical Issues 366 б.б Data Mining 367 Privacy and Sensitivity 368 Data Correctness and Integrity 368 Availability of Data 370 6.9 Summary of Database Security 371 6.10 Terms and Concepts 371 6.11 Where the Field Is Headed 372 6.12 To Learn More 373 6.13 Exercises 373 Chapter 7 Security in Networks 376 7.1 Network Concepts 377 The Network 378 Media 382 Protocols 385 Types of Networks 394 7.2 Threats in Networks 396 What Makes a Network Vulnerable? 397 Who Attacks Networks? 399 Reconnaissance 404 Threats in Transit: Eavesdropping and Wiretapping 408 Summary of Wiretapping 413 Protocol Flaws 414 Impersonation 415 Message Confidentiality Threats 420 Message Integrity Threats 422 Format Failures 423 Web Site Vulnerabilities 424 Denial of Service 427 Distributed Denial of Service 431 Threats in Active or Mobile Code 433 Complex Attacks 438 Summary of Network Vulnerabilities 439 xii Contents 7.3 Network Security Controls 440 Security Threat Analysis 440 Design and Implementation 441 Architecture 442 Encryption 444 Content Integrity 457 Strong Authentication 459 Access Controls 464 Wireless Security 466 Alarms and Alerts 468 Honeypots 468 Traffic Flow Security 469 Controls Review 470 7.4 Firewalls 474 What Is a Firewall? 474 Design of Firewalls 474 Types of Firewalls 475 Personal Firewalls 481 Comparison of Firewall Types 481 Example Firewall Configurations 482 7.5 Intrusion Detection Systems 484 Types of IDSs 485 Goals for Intrusion Detection Systems 488 IDS Strengths and Limitations 490 7.6 Secure E-mail 490 Security for E-mail 491 Requirements and Solutions 491 Designs 492 Example Secure E-mail Systems 494 7.7 Summary of Network Security 496 7.8 Terms and Concepts 498 7.9 Where the Field Is Headed 500 7.10 To Learn More 502 7.11 Exercises 502 Chapter 8 Administering Security 508 8.1 Security Planning 509 Contents of a Security Plan 510 Security Planning Team Members 517 Chapter 9 Contents XIII Assuring Commitment to a Security Plan 517 Business Continuity Plans 518 Incident Response Plans 521 8.2 Risk Analysis 524 The Nature of Risk 525 Steps of a Risk Analysis 525 Arguments For and Against Risk Analysis 544 8.3 Organizational Security Policies 547 Purpose 547 Audience 547 Contents 548 Characteristics of a Good Security Policy 549 Durability 550 Examples 550 Policy Issue Example: Government E-mail 553 8.4 Physical Security 556 Natural Disasters 556 Power Loss 558 Surge Suppressor 558 Human Vandals 559 Interception of Sensitive Information 561 Contingency Planning 563 Physical Security Recap 566 8.5 Summary 566 8.6 Terms and Concepts 567 8.7 To Learn More 568 8.8 Exercises 569 The Economics of Cybersecurity 571 9.1 Making a Business Case 572 Determining Economic Value 574 9.2 Quantifying Security 578 The Economic Impact of Cybersecurity 580 Data to Justify Security Action 580 Are the Data Representative? 586 Sources of Attack 588 Financial Impact 588 Conclusion 588 xiv Contents 9.3 Modeling Cybersecurity 589 Transferring Models 589 Models for Decision-Making 590 The Role of Organizational Culture 592 9.4 Current Research and Future Directions 597 Economics and Privacy 597 Economics and Integrity 598 Economics and Regulation 598 9.5 Summary 599 9.6 Terms and Concepts 600 9.7 To Learn More 601 9.8 Exercises 601 Chapter 10 Privacy in Computing 603 10.1 Privacy Concepts 604 Aspects of Information Privacy 604 Computer-Related Privacy Problems 606 10.2 Privacy Principles and Policies 608 Fair Information Policies 609 U.S. Privacy Laws 610 Controls on U.S. Government Web Sites 611 Controls on Commercial Web Sites 612 Non-U.S. Privacy Principles 613 Anonymity, Multiple Identities 614 Government and Privacy 616 Identity Theft 618 10.3 Authentication and Privacy 619 What Authentication Means 619 Conclusions 623 10.4 Data Mining 623 Government Data Mining 624 Privacy-Preserving Data Mining 624 10.5 Privacy on the Web 626 Understanding the Online Environment 626 Payments on the Web 627 Site and Portal Registrations 628 Whose Page Is This? 628 Precautions for Web Surfing 629 Chapter 11 Contents XV Spyware 632 Shopping on the Internet 634 10.6 E-mail Security 635 Where Does E-mail Go, and Who Can Access It? 636 Interception of E-mail 636 Monitoring E-mail 637 Anonymous E-mail and Remailers 637 Spoofing and Spamming 638 Summary 638 10.7 Impacts on Emerging Technologies 638 RFID 639 Electronic Voting 641 VoIP and Skype 642 Conclusions on Emerging Technologies 643 10.8 Summary 643 10.9 Terms and Concepts 643 10.10 Where the Field Is Headed 645 10.11 To Learn More 645 10.12 Exercises 646 Legal and Ethical Issues in Computer Security 647 11.1 Protecting Programs and Data 649 Copyrights 649 Patents 655 Trade Secrets 658 Protection for Computer Objects 659 11.2 Information and the Law 663 Information as an Object 663 Legal Issues Relating to Information 665 Protecting Information 667 Summary of Protection for Computer Artifacts 669 11.3 Rights of Employees and Employers 670 Ownership of Products 670 11.4 Redress for Software Failures 673 Selling Correct Software 673 Reporting Software Flaws 675 11.5 Computer Crime 679 Why a Separate Category for Computer Crime Is Needed 679 xvi Contents Why Computer Crime Is Hard to Define 681 Why Computer Crime Is Hard to Prosecute 682 Examples of Statutes 683 International Dimensions 686 Why Computer Criminals Are Hard to Catch 688 What Computer Crime Does Not Address 688 Cryptography and the Law 689 Summary of Legal Issues in Computer Security 692 11.6 Ethical Issues in Computer Security 692 Differences Between the Law and Ethics 692 Studying Ethics 693 Ethical Reasoning 695 11.7 Case Studies of Ethics 698 Case /: Use of Computer Services 698 Case II: Privacy Rights 700 Case III: Denial of Service 707 Case IV: Ownership of Programs 702 Case V: Proprietary Resources 704 Case VI: Fraud 705 Case VII: Accuracy of Information 706 Case VIII: Ethics of Hacking or Cracking 707 Codes of Ethics 710 Conclusion of Computer Ethics 711 11.8 Terms and Concepts 714 11.9 To Learn More 714 11.10 Exercises 715 Chapter 12 Cryptography Explained 717 12.1 Mathematics for Cryptography 718 Complexity 718 Properties of Arithmetic 725 12.2 Symmetric Encryption 730 Fundamental Concepts 730 Data Encryption Standard 732 Advanced Encryption Standard 748 RC2, RC4 and RC5 754 Crvptoqraphic Challenges 756 Contents XVII 12.3 I ublic Key Encryption Systems 757 Characteristics 757 Merkle-Hellman Knapsacks 758 Rivest-Shamir-Adelman (RSA) Encryption 767 El Gamal and Digital Signature Algorithms 773 12.4 Quantum Cryptography 774 Quantum Physics 774 Photon Reception 775 Cryptography with Photons 775 Implementation 776 12.5 Summary of Encryption 778 12.6 Terms and Concepts 778 12.7 Where the Field Is Headed 779 12.8 To Learn More 779 12.9 Exercises 779 Bibliography 782 Index 815
adam_txt	Contents Foreword xix Preface xxv Chapter 1 Is There a Security Problem in Computing? 1 1.1 What Does "Secure" Mean? 1 Protecting Valuables 2 Characteristics of Computer Intrusion 4 1.2 Attacks 5 Vulnerabilities, Threats, Attacks, and Controls 6 Method, Opportunity, and Motive 8 1.3 The Meaning of Computer Security 9 Security Goals 10 Vulnerabilities 13 1.4 Computer Criminals 21 Amateurs 21 Crackers or Malicious Hackers 22 Career Criminals 22 Terrorists 23 1.5 Methods of Defense 23 Controls 24 Effectiveness of Controls 28 1.6 What's Next 30 Encryption Overview 30 Hardware and Software Security 30 Human Controls in Security 31 VI Chapter 2 Contents Encryption In-Depth 32 1.7 Summary 32 1.8 Terms and Concepts 32 1.9 Where the Field Is Headed 33 1.10 To Learn More 34 1.11 Exercises 34 2 Elementary Cryptography 37 2.1 Terminology and Background 38 Terminology 38 Representing Characters 43 2.2 Substitution Ciphers 44 The Caesar Cipher 44 Other Substitutions 46 One-Time Pads 50 Summary of Substitutions 54 2.3 Transpositions (Permutations) 55 Columnar Transpositions 55 Combinations of Approaches 58 2.4 Making "Good" Encryption Algorithms 59 What Makes a "Secure" Encryption Algorithm? 60 Symmetric and Asymmetric Encryption Systems 62 Stream and Block Ciphers 62 Confusion and Diffusion 63 Cryptanalysis — Breaking Encryption Schemes 65 2.5 The Data Encryption Standard 68 Background and History 68 Overview of the DES Algorithm 69 Double and Triple DES 70 Security of the DES 71 2.6 The AES Encryption Algorithm 72 The AES Contest 72 Overview of Rijndael 73 Strength of the Algorithm 73 Comparison of DES and AES 73 2.7 Public Key Encryption 75 Motivation 76 Characteristics 77 Rivest-Shamir-Adelman (RSA) Encryption 77 Chapter 3 Contents vii 2.8 The Uses of Encryption 79 Cryptographic Hash Functions 79 Key Exchange 80 Digital Signatures 82 Certificates 84 2.9 Summary of Encryption 91 2.10 Terms and Concepts 92 2.11 Where the Field Is Headed 93 2.12 To Learn More 94 2.13 Exercises 94 Program Security 98 3.1 Secure Programs 99 Fixing Faults 99 Unexpected Behavior 101 Types of Flaws 103 3.2 Nonmalicious Program Errors 103 Buffer Overflows 104 Incomplete Mediation 107 Time-of-Check to Time-of-Use Errors 109 Combinations of Nonmalicious Program Flaws 111 3.3 Viruses and Other Malicious Code 111 Why Worry About Malicious Code? 113 Kinds of Malicious Code 114 How Viruses Attach 117 Document Viruses 119 How Viruses Gain Control 120 Homes for Viruses 121 Virus Signatures 124 The Source of Viruses 128 Prevention of Virus Infection 129 Truths and Misconceptions About Viruses 131 First Example of Malicious Code: The Brain Virus 133 Example: The Internet Worm 134 More Malicious Code: Code Red 137 Malicious Code on the Web: Web Bugs 139 3.4 Targeted Malicious Code 141 Trapdoors 141 Salami Attack 144 viii Contents Chapter 4 Rootkits and the Sony XCP 145 Privilege Escalation 147 Interface Illusions 148 Keystroke Logging 149 Man-in-the-Middle Attacks 149 Timing Attacks 150 Covert Channels: Programs That Leak Information 150 3.5 Controls Against Program Threats 160 Developmental Controls 160 Program Controls in General 181 З.б Summary of Program Threats and Controls 181 3.7 Terms and Concepts 182 3.8 Where the Field Is Headed 183 3.9 To Learn More 185 3.10 Exercises 185 Protection in General-Purpose Operating Systems 188 4.1 Protected Objects and Methods of Protection 189 A Bit of History 789 Protected Objects 190 Security Methods of Operating Systems 190 4.2 Memory and Address Protection 193 Fence 193 Relocation 194 Base/Bounds Registers 195 Tagged Architecture 196 Segmentation 199 Paging 202 Combined Paging with Segmentation 203 4.3 Control of Access to General Objects 204 Directory 205 Access Control List 208 Access Control Matrix 210 Capability 210 Kerberos 213 Procedure-Oriented Access Control 214 Role-Based Access Control 215 4.4 File Protection Mechanisms 215 Chapter 5 Contents IX Basic Forms of Protection 275 Individual Permissions 217 Per-Object and Per-User Protection 219 4.5 User Authentication 219 Passwords as Authenticators 221 Additional Authentication Information 221 Attacks on Passwords 221 Password Selection Criteria 229 The Authentication Process 232 Biometrics: Authentication Not Using Passwords 234 4.6 Summary of Security for Users 236 4.7 Terms and Concepts 237 4.8 Where the Field Is Headed 238 4.9 To Learn More 239 4.10 Exercises 239 Designing Trusted Operating Systems 242 5.1 What Is a Trusted System? 243 5.2 Security Policies 245 Military Security Policy 246 Commercial Security Policies 248 5.3 Models of Security 252 Multilevel Security 253 Models Proving Theoretical Limitations of Security Systems 257 Summary of Models of Protection Systems 263 5.4 Trusted Operating System Design 264 Trusted System Design Elements 265 Security Features of Ordinary Operating Systems 268 Security Features of Trusted Operating Systems 268 Kernelized Design 274 Separation/Isolation 279 Virtualization 280 Layered Design 283 5.5 Assurance in Trusted Operating Systems 287 Typical Operating System Flaws 288 Assurance Methods 290 Open Source 295 Evaluation 296 Contents Chapter 6 5.6 Summary of Security in Operating Systems 312 5.7 Terms and Concepts 313 5.8 Where the Field Is Headed 315 5.9 To Learn More 315 5.10 Exercises 316 Database and Data Mining Security 318 6.1 Introduction to Databases 319 Concept of a Database 379 Components of Databases 319 Advantages of Using Databases 323 6.2 Security Requirements 324 Integrity of the Database 324 Element Integrity 325 Auditability 326 Access Control 327 User Authentication 328 Availability 328 Integrity/ConfidentialitylAvailability 329 6.3 Reliability and Integrity 329 Protection Features from the Operating System 329 Two-Phase Update 330 Redundancy/Internal Consistency 332 Recovery 332 Concurrency/Consistency 333 Monitors 334 Summary of Data Reliability 335 6.4 Sensitive Data 335 Access Decisions 337 Types of Disclosures 338 Security versus Precision 339 6.5 Inference 341 Direct Attack 342 Indirect Attack 343 Aggregation 350 6.6 Multilevel Databases 351 The Case for Differentiated Security 352 Granularity 354 Security Issues 354 Contents XI 6.7 Proposals for Multilevel Security 356 Separation 356 Designs of Multilevel Secure Databases 359 Trusted Front End 360 Practical Issues 366 б.б Data Mining 367 Privacy and Sensitivity 368 Data Correctness and Integrity 368 Availability of Data 370 6.9 Summary of Database Security 371 6.10 Terms and Concepts 371 6.11 Where the Field Is Headed 372 6.12 To Learn More 373 6.13 Exercises 373 Chapter 7 Security in Networks 376 7.1 Network Concepts 377 The Network 378 Media 382 Protocols 385 Types of Networks 394 7.2 Threats in Networks 396 What Makes a Network Vulnerable? 397 Who Attacks Networks? 399 Reconnaissance 404 Threats in Transit: Eavesdropping and Wiretapping 408 Summary of Wiretapping 413 Protocol Flaws 414 Impersonation 415 Message Confidentiality Threats 420 Message Integrity Threats 422 Format Failures 423 Web Site Vulnerabilities 424 Denial of Service 427 Distributed Denial of Service 431 Threats in Active or Mobile Code 433 Complex Attacks 438 Summary of Network Vulnerabilities 439 xii Contents 7.3 Network Security Controls 440 Security Threat Analysis 440 Design and Implementation 441 Architecture 442 Encryption 444 Content Integrity 457 Strong Authentication 459 Access Controls 464 Wireless Security 466 Alarms and Alerts 468 Honeypots 468 Traffic Flow Security 469 Controls Review 470 7.4 Firewalls 474 What Is a Firewall? 474 Design of Firewalls 474 Types of Firewalls 475 Personal Firewalls 481 Comparison of Firewall Types 481 Example Firewall Configurations 482 7.5 Intrusion Detection Systems 484 Types of IDSs 485 Goals for Intrusion Detection Systems 488 IDS Strengths and Limitations 490 7.6 Secure E-mail 490 Security for E-mail 491 Requirements and Solutions 491 Designs 492 Example Secure E-mail Systems 494 7.7 Summary of Network Security 496 7.8 Terms and Concepts 498 7.9 Where the Field Is Headed 500 7.10 To Learn More 502 7.11 Exercises 502 Chapter 8 Administering Security 508 8.1 Security Planning 509 Contents of a Security Plan 510 Security Planning Team Members 517 Chapter 9 Contents XIII Assuring Commitment to a Security Plan 517 Business Continuity Plans 518 Incident Response Plans 521 8.2 Risk Analysis 524 The Nature of Risk 525 Steps of a Risk Analysis 525 Arguments For and Against Risk Analysis 544 8.3 Organizational Security Policies 547 Purpose 547 Audience 547 Contents 548 Characteristics of a Good Security Policy 549 Durability 550 Examples 550 Policy Issue Example: Government E-mail 553 8.4 Physical Security 556 Natural Disasters 556 Power Loss 558 Surge Suppressor 558 Human Vandals 559 Interception of Sensitive Information 561 Contingency Planning 563 Physical Security Recap 566 8.5 Summary 566 8.6 Terms and Concepts 567 8.7 To Learn More 568 8.8 Exercises 569 The Economics of Cybersecurity 571 9.1 Making a Business Case 572 Determining Economic Value 574 9.2 Quantifying Security 578 The Economic Impact of Cybersecurity 580 Data to Justify Security Action 580 Are the Data Representative? 586 Sources of Attack 588 Financial Impact 588 Conclusion 588 xiv Contents 9.3 Modeling Cybersecurity 589 Transferring Models 589 Models for Decision-Making 590 The Role of Organizational Culture 592 9.4 Current Research and Future Directions 597 Economics and Privacy 597 Economics and Integrity 598 Economics and Regulation 598 9.5 Summary 599 9.6 Terms and Concepts 600 9.7 To Learn More 601 9.8 Exercises 601 Chapter 10 Privacy in Computing 603 10.1 Privacy Concepts 604 Aspects of Information Privacy 604 Computer-Related Privacy Problems 606 10.2 Privacy Principles and Policies 608 Fair Information Policies 609 U.S. Privacy Laws 610 Controls on U.S. Government Web Sites 611 Controls on Commercial Web Sites 612 Non-U.S. Privacy Principles 613 Anonymity, Multiple Identities 614 Government and Privacy 616 Identity Theft 618 10.3 Authentication and Privacy 619 What Authentication Means 619 Conclusions 623 10.4 Data Mining 623 Government Data Mining 624 Privacy-Preserving Data Mining 624 10.5 Privacy on the Web 626 Understanding the Online Environment 626 Payments on the Web 627 Site and Portal Registrations 628 Whose Page Is This? 628 Precautions for Web Surfing 629 Chapter 11 Contents XV Spyware 632 Shopping on the Internet 634 10.6 E-mail Security 635 Where Does E-mail Go, and Who Can Access It? 636 Interception of E-mail 636 Monitoring E-mail 637 Anonymous E-mail and Remailers 637 Spoofing and Spamming 638 Summary 638 10.7 Impacts on Emerging Technologies 638 RFID 639 Electronic Voting 641 VoIP and Skype 642 Conclusions on Emerging Technologies 643 10.8 Summary 643 10.9 Terms and Concepts 643 10.10 Where the Field Is Headed 645 10.11 To Learn More 645 10.12 Exercises 646 Legal and Ethical Issues in Computer Security 647 11.1 Protecting Programs and Data 649 Copyrights 649 Patents 655 Trade Secrets 658 Protection for Computer Objects 659 11.2 Information and the Law 663 Information as an Object 663 Legal Issues Relating to Information 665 Protecting Information 667 Summary of Protection for Computer Artifacts 669 11.3 Rights of Employees and Employers 670 Ownership of Products 670 11.4 Redress for Software Failures 673 Selling Correct Software 673 Reporting Software Flaws 675 11.5 Computer Crime 679 Why a Separate Category for Computer Crime Is Needed 679 xvi Contents Why Computer Crime Is Hard to Define 681 Why Computer Crime Is Hard to Prosecute 682 Examples of Statutes 683 International Dimensions 686 Why Computer Criminals Are Hard to Catch 688 What Computer Crime Does Not Address 688 Cryptography and the Law 689 Summary of Legal Issues in Computer Security 692 11.6 Ethical Issues in Computer Security 692 Differences Between the Law and Ethics 692 Studying Ethics 693 Ethical Reasoning 695 11.7 Case Studies of Ethics 698 Case /: Use of Computer Services 698 Case II: Privacy Rights 700 Case III: Denial of Service 707 Case IV: Ownership of Programs 702 Case V: Proprietary Resources 704 Case VI: Fraud 705 Case VII: Accuracy of Information 706 Case VIII: Ethics of Hacking or Cracking 707 Codes of Ethics 710 Conclusion of Computer Ethics 711 11.8 Terms and Concepts 714 11.9 To Learn More 714 11.10 Exercises 715 Chapter 12 Cryptography Explained 717 12.1 Mathematics for Cryptography 718 Complexity 718 Properties of Arithmetic 725 12.2 Symmetric Encryption 730 Fundamental Concepts 730 Data Encryption Standard 732 Advanced Encryption Standard 748 RC2, RC4 and RC5 754 Crvptoqraphic Challenges 756 Contents XVII 12.3 I 'ublic Key Encryption Systems 757 Characteristics 757 Merkle-Hellman Knapsacks 758 Rivest-Shamir-Adelman (RSA) Encryption 767 El Gamal and Digital Signature Algorithms 773 12.4 Quantum Cryptography 774 Quantum Physics 774 Photon Reception 775 Cryptography with Photons 775 Implementation 776 12.5 Summary of Encryption 778 12.6 Terms and Concepts 778 12.7 Where the Field Is Headed 779 12.8 To Learn More 779 12.9 Exercises 779 Bibliography 782 Index 815
any_adam_object	1
any_adam_object_boolean	1
author	Pfleeger, Charles P. 1948- Pfleeger, Shari Lawrence
author_GND	(DE-588)13308678X (DE-588)133086836
author_facet	Pfleeger, Charles P. 1948- Pfleeger, Shari Lawrence
author_role	aut aut
author_sort	Pfleeger, Charles P. 1948-
author_variant	c p p cp cpp s l p sl slp
building	Verbundindex
bvnumber	BV023022304
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 276
ctrlnum	(OCoLC)71004261 (DE-599)BVBBV023022304
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
discipline_str_mv	Informatik
edition	4. ed., 3. printing
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02173nam a2200553zc 4500</leader><controlfield tag="001">BV023022304</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">071127s2007 xxuad\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0132390779</subfield><subfield code="9">0-13-239077-9</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)71004261</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023022304</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pfleeger, Charles P.</subfield><subfield code="d">1948-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)13308678X</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Security in computing</subfield><subfield code="c">Charles P. Pfleeger ; Shari Lawrence Pfleeger</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">4. ed., 3. printing</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Upper Saddle River, NJ [u.a.]</subfield><subfield code="b">Prentice Hall</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIX, 845 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="2">swd</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Privacy, Right of</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Protection de l'information (Informatique)</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="2">swd</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Systèmes informatiques - Sécurité - Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Privacy, Right of</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Datenschutz</subfield><subfield code="0">(DE-588)4011134-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="3"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="8">1\p</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Pfleeger, Shari Lawrence</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)133086836</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016226340&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-016226340</subfield></datafield><datafield tag="883" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="a">cgwrk</subfield><subfield code="d">20201028</subfield><subfield code="q">DE-101</subfield><subfield code="u">https://d-nb.info/provenance/plan#cgwrk</subfield></datafield></record></collection>
id	DE-604.BV023022304
illustrated	Illustrated
index_date	2024-07-02T19:13:37Z
indexdate	2024-07-09T21:09:11Z
institution	BVB
isbn	0132390779
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-016226340
oclc_num	71004261
open_access_boolean
owner	DE-355 DE-BY-UBR
owner_facet	DE-355 DE-BY-UBR
physical	XXIX, 845 S. Ill., graph. Darst.
publishDate	2007
publishDateSearch	2007
publishDateSort	2007
publisher	Prentice Hall
record_format	marc
spelling	Pfleeger, Charles P. 1948- Verfasser (DE-588)13308678X aut Security in computing Charles P. Pfleeger ; Shari Lawrence Pfleeger 4. ed., 3. printing Upper Saddle River, NJ [u.a.] Prentice Hall 2007 XXIX, 845 S. Ill., graph. Darst. txt rdacontent n rdamedia nc rdacarrier Datensicherung swd Privacy, Right of Protection de l'information (Informatique) Rechnernetz swd Systèmes informatiques - Sécurité - Mesures Computer security Data protection Datenschutz (DE-588)4011134-9 gnd rswk-swf Rechnernetz (DE-588)4070085-9 gnd rswk-swf Computersicherheit (DE-588)4274324-2 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf Rechnernetz (DE-588)4070085-9 s Computersicherheit (DE-588)4274324-2 s Datenschutz (DE-588)4011134-9 s Datensicherung (DE-588)4011144-1 s 1\p DE-604 Pfleeger, Shari Lawrence Verfasser (DE-588)133086836 aut Digitalisierung UB Regensburg application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016226340&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis 1\p cgwrk 20201028 DE-101 https://d-nb.info/provenance/plan#cgwrk
spellingShingle	Pfleeger, Charles P. 1948- Pfleeger, Shari Lawrence Security in computing Datensicherung swd Privacy, Right of Protection de l'information (Informatique) Rechnernetz swd Systèmes informatiques - Sécurité - Mesures Computer security Data protection Datenschutz (DE-588)4011134-9 gnd Rechnernetz (DE-588)4070085-9 gnd Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd
subject_GND	(DE-588)4011134-9 (DE-588)4070085-9 (DE-588)4274324-2 (DE-588)4011144-1
title	Security in computing
title_auth	Security in computing
title_exact_search	Security in computing
title_exact_search_txtP	Security in computing
title_full	Security in computing Charles P. Pfleeger ; Shari Lawrence Pfleeger
title_fullStr	Security in computing Charles P. Pfleeger ; Shari Lawrence Pfleeger
title_full_unstemmed	Security in computing Charles P. Pfleeger ; Shari Lawrence Pfleeger
title_short	Security in computing
title_sort	security in computing
topic	Datensicherung swd Privacy, Right of Protection de l'information (Informatique) Rechnernetz swd Systèmes informatiques - Sécurité - Mesures Computer security Data protection Datenschutz (DE-588)4011134-9 gnd Rechnernetz (DE-588)4070085-9 gnd Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd
topic_facet	Datensicherung Privacy, Right of Protection de l'information (Informatique) Rechnernetz Systèmes informatiques - Sécurité - Mesures Computer security Data protection Datenschutz Computersicherheit
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016226340&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT pfleegercharlesp securityincomputing AT pfleegersharilawrence securityincomputing

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge