Principles of Computer Security Security+ and Beyond

Name: Principles of Computer Security Security+ and Beyond
Price: 9.57 USD
Availability: InStock
ISBN: 9780072255096

ISBN-10: 0072255099

ISBN-13: 9780072255096

Edition: 2005

Authors: Wm. Arthur Conklin, Gregory White, Chuck Cothren, Dwayne Williams, Roger L. Davis

List price: $161.00

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $9.57

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Book details

List price: $161.00
Copyright year: 2005
Publisher: McGraw-Hill Higher Education
Publication date: 3/15/2004
Binding: Hardcover
Pages: 800
Size: 7.25" wide x 9.00" long x 2.00" tall
Weight: 2.596
Language: English

Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklin’s interests are information security, systems theory, and secure software design.

Greg White (San Antonio, TX), Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA, and was the author of the first edition of the Security+ All-in-One Exam Guide from McGraw-Hill.



Acknowledgments


Foreword


Preface


Introduction



Introduction and Security Trends


The Security Problem


Avenues of Attack


Chapter Review



General Security Concepts


Basic Security Terminology


Security Models


Chapter Review



Operational/ Organizational Security


Security Operations in Your Organization


Physical Security


Social Engineering


Environment


Wireless


Electromagnetic Eavesdropping


Location


Chapter Review



The Role of People in Security


People--A Security Problem


People as a Security Tool


Chapter Review



Cryptography


Algorithms


Hashing


Symmetric Encryption


Asymmetric Encryption


Usage


Chapter Review



Public Key Infrastructure


The Basics of Public Key Infrastructures


Certificate Authorities


Registration Authorities


Certificate Repositories


Trust and Certificate Verification


Digital Certificates


Centralized or Decentralized Infrastructures


Private Key Protection


Public Certificate Authorities


In-House Certificate Authorities


Outsourced Certificate Authorities


Tying Different PKIs Together


Certificate Usage


Chapter Review



Standards and Protocols


PKIX/PKCS


X.509


SSL/TLS


ISAKMP


CMP


XKMS


S/MIME


PGP


HTTPS


IPSec


CEP


FIPS


Common Criteria (CC)


WTLS


WEP


ISO 17799


Chapter Review



The Impact of Physical Security on Network Security


The Problem


Physical Security Safeguards


Chapter Review



Network Fundamentals


Network Architectures


Network Topology


Network Protocols


Packet Delivery


Chapter Review



Infrastructure Security


Devices


Media


Security Concerns for Transmission Media


Removable Media


Security Topologies


Tunneling


Chapter Review



Remote Access


The Remote Access Process


Telnet


SSH


L2TP and PPTP


IEEE 802.11


VPN


IPSec


IEEE 802.1x


RADIUS


TACACS+


Vulnerabilities


Connection Summary


Chapter Review



Wireless and Instant Messaging


Wireless


Instant Messaging


Chapter Review



Intrusion Detection Systems


History of Intrusion Detection Systems


IDS Overview


Host-Based Intrusion Detection Systems


Network-Based Intrusion Detection Systems


Signatures


False Positives and Negatives


IDS Models


Chapter Review



Security Baselines


Overview Baselines


Password Selection


Operating System and Network Operating System Hardening


Network Hardening


Application Hardening


Chapter Review



Attacks and Malware


Attacking Computer Systems and Networks


Auditing


Chapter Review



E-mail


Security of E-mail Transmissions


Malicious Code


Hoax E-mails


Unsolicited Commercial E-mail (Spam)


Mail Encryption


Chapter Review



Web Components


Current Web Components and Concerns


Protocols


Code-Based Vulnerabilities


Chapter Review



Software Development


The Software Engineering Process


Good Practices


Chapter Review



Disaster Recovery, Business Continuity, and Organizational Policies


Disaster Recovery


Policies and Procedures


Chapter Review



Risk Management


An Overview of Risk Management


What Is Risk Management?


Business Risks


Risk Management Models


Qualitatively Assessing Risk


Quantitatively Assessing Risk


Qualitative vs. Quantitative Risk Assessment


Tools


Chapter Review



Change Management


Why Change Management?


The Key Concept: Segregation of Duties


Elements of Change Management


Implementing Change Management


The Capability Maturity Model


Chapter Review



Privilege Management


User, Group, and Role Management


Single Sign-On


Centralized vs. Decentralized Management


Auditing (Privilege, Usage, and Escalation)


Handling Access Control (MAC, DAC, and RBAC)


Chapter Review



Computer Forensics


Evidence


Collecting Evidence


Chain of Custody


Free Space vs. Slack Space


What's This Message Digest and Hash?


Analysis


Chapter Review



Security and Law


Import/Export Encryption Restrictions


Digital Signature Laws


Digital Rights Management


Privacy Laws


Computer Trespass


Ethics


Chapter Review



About the CD-ROM


System Requirements


LearnKey Online Training


Installing and Running MasterExam


Help


Removing Installation(s)


Technical Support



About the Security+ Exam


SSCP Exam


SSCP Body of Knowledge


Glossary


Index