Computer Security Fundamentals

Computer Security Fundamentals

$90.00

SKU: 09780137984787
Quantity Discount
5 + $67.50

Description

Dr. Chuck Easttom is the author of 37 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a doctor of science degree in cybersecurity (dissertation topic: a study of lattice-based algorithms for post quantum cryptography), a Ph.D. in Computer Science (dissertation topic: “A Systematic Framework for Network Forensics Using Graph Theory”), and a Ph.D. in Nanotechnology (dissertation topic: “The Effects of Complexity on Carbon Nanotube Failures”) and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He also holds more than 70 industry certifications (CISSP, CEH, etc.). He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker and senior member of the ACM and a senior member of the IEEE. You can find out more about Dr. Easttom and his research at www.ChuckEasttom.com.

Introduction xxix

Chapter 1: Introduction to Computer Security 2

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

            How Seriously Should You Take Threats to Network Security?. . . . . . . . . . 4

            Identifying Types of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 7

            Assessing the Likelihood of an Attack on Your Network.. . . . . . . . . . . . 17

            Basic Security Terminology. . . . . . . . . . . . . . . . . . . . . . . . 18

            Concepts and Approaches.. . . . . . . . . . . . . . . . . . . . . . . . 21

            How Do Legal Issues Impact Network Security?.. . . . . . . . . . . . . . . 24

            Online Security Resources.. . . . . . . . . . . . . . . . . . . . . . . . 25

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Chapter 2: Networks and the Internet 34

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

            Network Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

            How the Internet Works. . . . . . . . . . . . . . . . . . . . . . . . . 43

            History of the Internet.. . . . . . . . . . . . . . . . . . . . . . . . . . 50

            Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 52

            Other Network Devices.. . . . . . . . . . . . . . . . . . . . . . . . . 59

            Advanced Network Communications Topics.. . . . . . . . . . . . . . . . 60

            Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Chapter 3: Cyber Stalking, Fraud, and Abuse 74

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

            How Internet Fraud Works.. . . . . . . . . . . . . . . . . . . . . . . . 75

            Identity Theft.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

            Cyber Stalking.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

            Protecting Yourself Against Cybercrime.. . . . . . . . . . . . . . . . . . 91

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Chapter 4: Denial of Service Attacks 106

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

            DoS Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

            Illustrating an Attack.. . . . . . . . . . . . . . . . . . . . . . . . . . 107

            Common Tools Used for DoS Attacks.. . . . . . . . . . . . . . . . . . . 109

            DoS Weaknesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 112

            Specific DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . 112

            Real-World Examples of DoS Attacks.. . . . . . . . . . . . . . . . . . . 120

            How to Defend Against DoS Attacks.. . . . . . . . . . . . . . . . . . . 121

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Chapter 5: Malware 130

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

            Viruses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

            Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

            The Buffer-Overflow Attack. . . . . . . . . . . . . . . . . . . . . . . 145

            Spyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

            Other Forms of Malware.. . . . . . . . . . . . . . . . . . . . . . . . 149

            Detecting and Eliminating Viruses and Spyware. . . . . . . . . . . . . . . 153

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Chapter 6: Techniques Used by Hackers 166

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

            Basic Terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . 167

            The Reconnaissance Phase.. . . . . . . . . . . . . . . . . . . . . . . 167

            Actual Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

            Malware Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . 184

            Penetration Testing.. . . . . . . . . . . . . . . . . . . . . . . . . . 187

            The Dark Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Chapter 7: Industrial Espionage in Cyberspace 200

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

            What Is Industrial Espionage?.. . . . . . . . . . . . . . . . . . . . . . 202

            Information as an Asset. . . . . . . . . . . . . . . . . . . . . . . . . 203

            Real-World Examples of Industrial Espionage.. . . . . . . . . . . . . . . 205

            How Does Espionage Occur?. . . . . . . . . . . . . . . . . . . . . . 207

            Protecting Against Industrial Espionage.. . . . . . . . . . . . . . . . . . 212

            Trade Secrets.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

            The Industrial Espionage Act.. . . . . . . . . . . . . . . . . . . . . . 218

            Spear Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Chapter 8: Encryption 226

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

            Cryptography Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . 227

            History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . 228

            Modern Cryptography Methods.. . . . . . . . . . . . . . . . . . . . . 236

            Public Key (Asymmetric) Encryption.. . . . . . . . . . . . . . . . . . . 245

            PGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

            Legitimate Versus Fraudulent Encryption Methods.. . . . . . . . . . . . . 251

            Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . 252

            Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

            MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . . . . . . 254

            Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

            Cryptanalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

            Cryptography Used on the Internet.. . . . . . . . . . . . . . . . . . . . 259

            Quantum Computing Cryptography. . . . . . . . . . . . . . . . . . . . 259

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Chapter 9: Computer Security Technology 268

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

            Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

            Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

            Antispyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

            IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

            Digital Certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . 292

            SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

            Virtual Private Networks.. . . . . . . . . . . . . . . . . . . . . . . . 296

            Wi-Fi Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Chapter 10: Security Policies 304

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

            What Is a Policy?.. . . . . . . . . . . . . . . . . . . . . . . . . . . 305

            Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 305

            Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 308

            Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 316

            Security Breaches.. . . . . . . . . . . . . . . . . . . . . . . . . . . 319

            Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 321

            Development Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 322

            Standards, Guidelines, and Procedures.. . . . . . . . . . . . . . . . . . 323

            Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 324

            Zero Trust.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

            Important Laws.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Chapter 11: Network Scanning and Vulnerability Scanning 336

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

            Basics of Assessing a System.. . . . . . . . . . . . . . . . . . . . . . 337

            Securing Computer Systems.. . . . . . . . . . . . . . . . . . . . . . 346

            Scanning Your Network. . . . . . . . . . . . . . . . . . . . . . . . . 352

            Testing and Scanning Standards.. . . . . . . . . . . . . . . . . . . . . 363

            Getting Professional Help.. . . . . . . . . . . . . . . . . . . . . . . . 366

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Chapter 12: Cyber Terrorism and Information Warfare 378

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

            Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 379

            Weapons of Cyber Warfare.. . . . . . . . . . . . . . . . . . . . . . . 382

            Economic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384

            Military Operations Attacks. . . . . . . . . . . . . . . . . . . . . . . 386

            General Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

            Supervisory Control and Data Acquisitions (SCADA).. . . . . . . . . . . . . 387

            Information Warfare.. . . . . . . . . . . . . . . . . . . . . . . . . . 388

            Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 391

            Future Trends.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

            Defense Against Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 399

            Terrorist Recruiting and Communication.. . . . . . . . . . . . . . . . . . 399

            TOR and the Dark Web.. . . . . . . . . . . . . . . . . . . . . . . . . 400

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Chapter 13: Cyber Detective 408

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

            General Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . 410

            Company Searches.. . . . . . . . . . . . . . . . . . . . . . . . . . 413

            Court Records and Criminal Checks.. . . . . . . . . . . . . . . . . . . 413

            Usenet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

            Google.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

            Maltego. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Chapter 14: Introduction to Forensics 426

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

            General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 427

            Finding Evidence on a PC. . . . . . . . . . . . . . . . . . . . . . . . 440

            Finding Evidence in System Logs.. . . . . . . . . . . . . . . . . . . . 441

            Getting Back Deleted Files.. . . . . . . . . . . . . . . . . . . . . . . 442

            Operating System Utilities. . . . . . . . . . . . . . . . . . . . . . . . 445

            The Windows Registry. . . . . . . . . . . . . . . . . . . . . . . . . 447

            Mobile Forensics: Cell Phone Concepts.. . . . . . . . . . . . . . . . . . 452

            The Need for Forensic Certification.. . . . . . . . . . . . . . . . . . . . 457

            Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 458

            Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 459

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Chapter 15: Cybersecurity Engineering 466

            Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

            Defining Cybersecurity Engineering.. . . . . . . . . . . . . . . . . . . . 467

            Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

            SecML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

            Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

            Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Glossary 494

Appendix A: Resources 500

Appendix B: Answers to the Multiple Choice Questions 502

 

9780137984787, TOC, 12/6/2022

ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY

 

Clearly explains core concepts, terminology, challenges, technologies, and skills

 

Covers today’s latest attacks and countermeasures

 

The perfect beginner’s guide for anyone interested in a computer security career

 

Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.

 

This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples refl ect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you’ve learned.

 

LEARN HOW TO

 

  • Identify and prioritize potential threats to your network
  • Use basic networking knowledge to improve security
  • Get inside the minds of hackers, so you can deter their attacks
  • Implement a proven layered approach to network security
  • Resist modern social engineering attacks
  • Defend against today’s most common Denial of Service (DoS) attacks
  • Halt viruses, spyware, worms, Trojans, and other malware
  • Prevent problems arising from malfeasance or ignorance
  • Choose the best encryption methods for your organization
  • Compare security technologies, including the latest security appliances
  • Implement security policies that will work in your environment
  • Scan your network for vulnerabilities
  • Evaluate potential security consultants
  • Master basic computer forensics and know what to do if you’re attacked
  • Learn how cyberterrorism and information warfare are evolving

Additional information

Dimensions 1.07 × 7.00 × 9.10 in
Series

Imprint

Format

ISBN-13

ISBN-10

Author

Subjects

certification, higher education, Employability, IT Professional, H-11 PEARSON IT CERTIFICATION