Security in Computing, Third Edition

Appropriate for beginning to intermediate courses in computer security. This sweeping revision of the classic computer security book provides an authoritative overview of computer security for every type of system, from traditional centralized systems to distributed networks and the Internet. The Third Edition has been updated to reflect the state-of-the-art in networking; cryptography; program and operating system security; administration; legal, privacy, and ethical issues, and much more. It combines core computer science concepts related to operating systems, networks, data bases, and programming, with accessible discussions of the use of cryptography and protocols. The book describes each important area from a developer's or user's point of view, lays out the security vulnerabilities and threats, and follows countermeasures to address them. Their book's layered approach is ideal for instructors who wish to customize courses based on their unique requirements. They also provide extensive pedagogical resources–including overviews, end-of-chapter reviews, lists of key terms, and updated exercises and references. The authors are recognized experts in their fields. Lead author Dr. Charles P. Pfleeger, CISSP, is currently Master Security Architect for Cable & Wireless, one of the world's leading providers of Internet and secure infrastructure services. Co-author Dr. Shari Lawrence Pfleeger is a Senior Researcher at RAND Corporation, a not-for-profit company providing strategy and decision-making support in the public interest. They are the authors of more than a dozen previous books on computer security, software engineering, software measurement, software quality, and programming. This book offers complete coverage of all aspects of computer security, including users, software, devices, operating systems, networks, law, and ethics. Reflecting rapidly evolving attacks, countermeasures, and computing environments, it introduces up-to-the-minute best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more. Cryptography is critical to computer security; it is an essential tool that students and professionals must know, appreciate and understand. But as with most tools, the user does not need to be a maker: using a screwdriver successfully is entirely separate from knowing how to forge the metal from which it is made. This edition will separate the use of cryptography from its underlying mathematical principles. It will introduce cryptography early in the book to provide a solid background on types of algorithms, appropriate uses of these different types, and advanced concepts such as digital signatures and cryptographic hash codes. It will also address how cryptography can fail. However, it will cover these topics without revealing the internals of cryptography; closer to the end of the book it will delve into the internals of specific algorithms. In this way, readers who want to know the details can study those (and can even read the later chapter early, out of the normal sequence), but it will not unnecessarily burden readers who, like most users, will never get closer to cryptography than an encrypt() function. One strength of SiC4 has been its sidebars. Readers enjoy the brief examples of real life exploits. Fortunately, the news is full of stories of security failures, and it is important to connect these actual events to the strong pedagogy of the book. ACS, which was organized around attacks of different types, include many timely incident stories that we can pull into SiC5. Cloud computing and mobile code and computing are not covered extensively in SiC4. Cloud computing appears as a six page interlude in ACS, but in the few years since ACS was written, the use of cloud computing has expanded, as well as the security ramifications. We intend to devote an entire chapter to cloud computing. Similarly, mobile code and mobile computing have grown. These topics appeared briefly in SiC4 and ACS, but we plan to expand mobile computing into its own chapter, as well. The topic progression of SiC4 largely followed its predecessor editions, back to the first edition (1988). In 1988 networking was certainly neither as important nor pervasive as it has become. Trying to defer all coverage of network topics until Chapter 7, its position in SiC4 delays important content significantly and, perhaps more importantly, makes for a long and broad network security chapter. In 1988 readers had less direct contact with a network than now, and these readers had limited experience using a network prior to reading the book. Obviously readers in 2014 come with vastly more network exposure. This exposure is an asset: Readers now can appreciate a network-delivered attack even before they study network security. SiC5 will take advantage of readers' familiarity with networks, and present attacks delivered by a network-assisted attacker based on the primary source of vulnerability -- software, operating system, protocol, user error -- and not defer these topics to the networks chapter just because a network was involved in the attack. Finally, privacy has been an important topic in the book in early editions, and its importance and coverage have grown as well. The authors will again expand the coverage of privacy, expanding on topics such as web tracking and social networking. These additions cannot come without some pruning. Previously hot topics, such as trusted operating systems and multilevel databases, are being pared down. The authors will also reconsider topics such as economics and management which, although interesting and important, appeal to a relatively small target audience. - Publisher.

the New State-of-the-art In Information Security: Now Covers The Economics Of Cyber Security And The Intersection Of Privacy And Information Security

for Years, It And Security Professionals And Students Have Turned To security In Computing As The Definitive Guide To Information About Computer Security Attacks And Countermeasures. In Their New Fourth Edition, Charles P. Pfleeger And Shari Lawrence Pfleeger Have Thoroughly Updated Their Classic Guide To Reflect Today's Newest Technologies, Standards, And Trends.

the Authors First Introduce The Core Concepts And Vocabulary Of Computer Security, Including Attacks And Controls. Next, The Authors Systematically Identify And Assess Threats Now Facing Programs, Operating Systems, Database Systems, And Networks. For Each Threat, They Offer Best-practice Responses.

security In Computing, Fourth Edition, Goes Beyond Technology, Covering Crucial Management Issues Faced In Protecting Infrastructure And Information. This Edition Contains An All-new Chapter On The Economics Of Cybersecurity, Explaining Ways To Make A Business Case For Security Investments. Another New Chapter Addresses Privacy—from Data Mining And Identity Theft, To Rfid And E-voting.

new Coverage Also Includes

• programming Mistakes That Compromise Security: Man-in-the-middle, Timing, And Privilege Escalation Attacks
• web Application Threats And Vulnerabilities
• networks Of Compromised Systems: Bots, Botnets, And Drones
• rootkits—including The Notorious Sony Xcp
• wi-fi Network Security Challenges, Standards, And Techniques
• new Malicious Code Attacks, Including False Interfaces And Keystroke Loggers
• improving Code Quality: Software Engineering, Testing, And Liability Approaches
• biometric Authentication: Capabilities And Limitations
• using The Advanced Encryption System (aes) More Effectively
• balancing Dissemination With Piracy Control In Music And Other Digital Content
• countering New Cryptanalytic Attacks Against Rsa, Des, And Sha
• responding To The Emergence Of Organized Attacker Groups Pursuing Profit

booknews

covers All Aspects Of Security In Computing, Including Viruses, Worms, Trojan Horses, And Other Forms Of Malicious Code; Firewalls And The Protection Of Networked Systems; E-mail Privacy, Including Pem, Pgp, Key Management, And Certificates; Key Escrow--both As A Technology And In The Clipper Program; Evaluation Of Trusted Systems, Including The Common Criteria, The Itsec, And The Orangebook; Standards For Program Development And Quality, Including Iso9000; Secure Installations Of Pcs, Unix, And Networked Environments; And Ethical And Legal Issues In Computing. Annotation C. Book News, Inc., Portland, Or (booknews.com)

Annotation The classic guide to information security--fully updated for the latest attacks and countermeasures"Security in Computing, Third Edition" systematically demonstrates how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike. This sweeping revision of the field's classic guide to computer security reflects today's entirely new generation of network- and Internet-based threats and vulnerabilities, and offers practical guidance for responding to them. Updated to cover wireless security, intrusion detection, AES, DRM, biometrics, honeypots, online privacy, and moreSecurity in Internet-based, distributed, desktop and traditional centralized applications New attacks, including scripted vulnerability probing, denial of service, and buffer overflows--with symptoms and curesClear, accessible introduction to cryptography--without sophisticated mathUp-to-the-minute explanations of digital signatures, certificates, and leading-edge quantum cryptographyThoroughly revamped coverage of software engineering practices designed to enhance program securityExpanded coverage of risk management, contingency planning, and security policiesDetailed presentation of protection in general-purpose and trusted operating systemsExtensive pedagogical resources: end-of-chapter reviews and exercises, lists of key terms, and authoritative referencesExceptionally clear and easy to understand, the book covers not only technical issues, but also law, privacy, ethics, and the physical and administrative aspects of security. The companionwebsite (http: //www.phptr.com/pfleeger/) contains additional information, book updates, and instructor's resources The classic guide to information security-fully updated for the latest attacks and countermeasures Security in Computing, Third Edition systematically demonstrates how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike. This sweeping revision of the field's classic guide to computer security reflects today's entirely new generation of network- and Internet-based threats and vulnerabilities, and offers practical guidance for responding to them. Updated to cover wireless security, intrusion detection, AES, DRM, biometrics, honeypots, online privacy, and more Security in Internet-based, distributed, desktop and traditional centralized applications New attacks, including scripted vulnerability probing, denial of service, and buffer overflows-with symptoms and cures Clear, accessible introduction to cryptography-without sophisticated math Up-to-the-minute explanations of digital signatures, certificates, and leading-edge quantum cryptography Thoroughly revamped coverage of software engineering practices designed to enhance program security Expanded coverage of risk management, contingency planning, and security policies Detailed presentation of protection in general-purpose and trusted operating systems Extensive pedagogical resources: end-of-chapter reviews and exercises, lists of key terms, and authoritative references Exceptionally clear and easy to understand, the book covers not only technical issues, but also law, privacy, ethics, and the physical and administrative aspects of security. The companion website (http://www.phptr.com/pfleeger/) contains additional information, book updates, and instructor's resources Security in Computing, Third Edition is a sweeping revision of the field's classic guide to computer security. Thoroughly updated to reflect the latest Internet-based threats, it shows how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike. It offers exceptionally clear and accessible coverage of cryptography and other technical issues; security administration; law, privacy, and ethics. New coverage includes wireless security, intrusion detection, quantum cryptography, biometrics, DRM, AES, honeypots, online privacy, and much more