SPECIAL OFFERS
Keep up with new releases and promotions.Sign up to hear from us.
Register your productto gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from yourAccountpage after purchase:
EPUBThe open industry format known for its reflowable content and usability on supported mobile devices.
PDFThe popular standard, used most often with the freeAdobe® Reader®software.
此电子书不需要密码或激活read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This eBook includes the following formats, accessible from yourAccountpage after purchase:
EPUBThe open industry format known for its reflowable content and usability on supported mobile devices.
PDFThe popular standard, used most often with the freeAdobe® Reader®software.
此电子书不需要密码或激活read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY
Clearly explains core concepts, terminology, challenges, technologies, and skills
Covers today's latest attacks and countermeasures
The perfect beginner's guide for anyone interested in a computer security career
查克博士Easttom汇集了coverag完成e of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.
本指南涵盖了网络攻击,黑客、间谍软件、network defense, security appliances, VPNs, password use, and much more. Its many tips and examples refl ect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all youve learned.
LEARN HOW TO
Introduction xxix
Chapter 1: Introduction to Computer Security 2
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 2
How Seriously Should You Take Threats to Network Security?. . . . . . . . . . 4
Identifying Types of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing the Likelihood of an Attack on Your Network.. . . . . . . . . . . . 17
Basic Security Terminology. . . . . . . . . . . . . . . . . . . . . . . . 18
Concepts and Approaches.. . . . . . . . . . . . . . . . . . . . . . . . 21
How Do Legal Issues Impact Network Security?.. . . . . . . . . . . . . . . 24
Online Security Resources.. . . . . . . . . . . . . . . . . . . . . . . . 25
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 2: Networks and the Internet 34
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 34
网络基础知识 .. . . . . . . . . . . . . . . . . .. . . . . . . . . . 35
How the Internet Works. . . . . . . . . . . . . . . . . . . . . . . . . 43
History of the Internet.. . . . . . . . . . . . . . . . . . . . . . . . . . 50
Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 52
Other Network Devices.. . . . . . . . . . . . . . . . . . . . . . . . . 59
Advanced Network Communications Topics.. . . . . . . . . . . . . . . . 60
Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 3: Cyber Stalking, Fraud, and Abuse 74
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 74
How Internet Fraud Works.. . . . . . . . . . . . . . . . . . . . . . . . 75
Identity Theft.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Cyber Stalking.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Protecting Yourself Against Cybercrime.. . . . . . . . . . . . . . . . . . 91
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 4: Denial of Service Attacks 106
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 106
DoS Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Illustrating an Attack.. . . . . . . . . . . . . . . . . . . . . . . . . . 107
Common Tools Used for DoS Attacks.. . . . . . . . . . . . . . . . . . . 109
DoS Weaknesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Specific DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . 112
Real-World Examples of DoS Attacks.. . . . . . . . . . . . . . . . . . . 120
How to Defend Against DoS Attacks.. . . . . . . . . . . . . . . . . . . 121
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 5: Malware 130
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 130
Viruses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
The Buffer-Overflow Attack. . . . . . . . . . . . . . . . . . . . . . . 145
Spyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Other Forms of Malware.. . . . . . . . . . . . . . . . . . . . . . . . 149
Detecting and Eliminating Viruses and Spyware. . . . . . . . . . . . . . . 153
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 6: Techniques Used by Hackers 166
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 166
Basic Terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . 167
The Reconnaissance Phase.. . . . . . . . . . . . . . . . . . . . . . . 167
Actual Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Malware Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Penetration Testing.. . . . . . . . . . . . . . . . . . . . . . . . . . 187
The Dark Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Chapter 7: Industrial Espionage in Cyberspace 200
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 200
What Is Industrial Espionage?.. . . . . . . . . . . . . . . . . . . . . . 202
Information as an Asset. . . . . . . . . . . . . . . . . . . . . . . . . 203
Real-World Examples of Industrial Espionage.. . . . . . . . . . . . . . . 205
How Does Espionage Occur?. . . . . . . . . . . . . . . . . . . . . . 207
Protecting Against Industrial Espionage.. . . . . . . . . . . . . . . . . . 212
Trade Secrets.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
The Industrial Espionage Act.. . . . . . . . . . . . . . . . . . . . . . 218
Spear Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Chapter 8: Encryption 226
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 226
Cryptography Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . 227
History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . 228
Modern Cryptography Methods.. . . . . . . . . . . . . . . . . . . . . 236
Public Key (Asymmetric) Encryption.. . . . . . . . . . . . . . . . . . . 245
PGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Legitimate Versus Fraudulent Encryption Methods.. . . . . . . . . . . . . 251
Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Cryptanalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Cryptography Used on the Internet.. . . . . . . . . . . . . . . . . . . . 259
Quantum Computing Cryptography. . . . . . . . . . . . . . . . . . . . 259
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Chapter 9: Computer Security Technology 268
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 268
Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Antispyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Digital Certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . 292
SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Virtual Private Networks.. . . . . . . . . . . . . . . . . . . . . . . . 296
Wi-Fi Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Chapter 10: Security Policies 304
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 304
What Is a Policy?.. . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 305
Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 308
Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 316
Security Breaches.. . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 321
Development Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 322
Standards, Guidelines, and Procedures.. . . . . . . . . . . . . . . . . . 323
Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Zero Trust.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Important Laws.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Chapter 11: Network Scanning and Vulnerability Scanning 336
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 336
Basics of Assessing a System.. . . . . . . . . . . . . . . . . . . . . . 337
Securing Computer Systems.. . . . . . . . . . . . . . . . . . . . . . 346
Scanning Your Network. . . . . . . . . . . . . . . . . . . . . . . . . 352
Testing and Scanning Standards.. . . . . . . . . . . . . . . . . . . . . 363
Getting Professional Help.. . . . . . . . . . . . . . . . . . . . . . . . 366
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Chapter 12: Cyber Terrorism and Information Warfare 378
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 378
Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 379
Weapons of Cyber Warfare.. . . . . . . . . . . . . . . . . . . . . . . 382
Economic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Military Operations Attacks. . . . . . . . . . . . . . . . . . . . . . . 386
General Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Supervisory Control and Data Acquisitions (SCADA).. . . . . . . . . . . . . 387
Information Warfare.. . . . . . . . . . . . . . . . . . . . . . . . . . 388
Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 391
Future Trends.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Defense Against Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 399
Terrorist Recruiting and Communication.. . . . . . . . . . . . . . . . . . 399
TOR and the Dark Web.. . . . . . . . . . . . . . . . . . . . . . . . . 400
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Chapter 13: Cyber Detective 408
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 408
General Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Company Searches.. . . . . . . . . . . . . . . . . . . . . . . . . . 413
Court Records and Criminal Checks.. . . . . . . . . . . . . . . . . . . 413
Usenet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Google.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Maltego. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Chapter 14: Introduction to Forensics 426
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 426
General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Finding Evidence on a PC. . . . . . . . . . . . . . . . . . . . . . . . 440
Finding Evidence in System Logs.. . . . . . . . . . . . . . . . . . . . 441
Getting Back Deleted Files.. . . . . . . . . . . . . . . . . . . . . . . 442
Operating System Utilities. . . . . . . . . . . . . . . . . . . . . . . . 445
The Windows Registry. . . . . . . . . . . . . . . . . . . . . . . . . 447
Mobile Forensics: Cell Phone Concepts.. . . . . . . . . . . . . . . . . . 452
The Need for Forensic Certification.. . . . . . . . . . . . . . . . . . . . 457
Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 459
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Chapter 15: Cybersecurity Engineering 466
介绍 .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . 466
Defining Cybersecurity Engineering.. . . . . . . . . . . . . . . . . . . . 467
Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
SecML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Glossary 494
Appendix A: Resources 500
Appendix B: Answers to the Multiple Choice Questions 502
9780137984787, TOC, 12/6/2022