图书介绍
计算机安全 原理与实践 英文版PDF|Epub|txt|kindle电子书版本网盘下载
- (美)WilliamStallings,LawrieBrown等著 著
- 出版社: 北京:机械工业出版社
- ISBN:9787111292470
- 出版时间:2010
- 标注页数:801页
- 文件大小:152MB
- 文件页数:821页
- 主题词:电子计算机-安全技术-英文
PDF下载
下载说明
计算机安全 原理与实践 英文版PDF格式电子书版下载
下载的文件为RAR压缩包。需要使用解压软件进行解压得到PDF格式图书。建议使用BT下载工具Free Download Manager进行下载,简称FDM(免费,没有广告,支持多平台)。本站资源全部打包为BT种子。所以需要使用专业的BT下载软件进行下载。如BitComet qBittorrent uTorrent等BT下载工具。迅雷目前由于本站不是热门资源。不推荐使用!后期资源热门了。安装了迅雷也可以迅雷进行下载!
(文件页数 要大于 标注页数,上中下等多册电子书除外)
注意:本站所有压缩包均有解压码: 点击下载压缩包解压工具
图书目录
Chapter 0 Reader's and Instructor's Guide1
0.1 Outline of the Book2
0.2 A Roadmap for Readers and Instructors3
0.3 Internet and Web Resources3
0.4 Standards5
Chapter 1 Overview6
1.1 Computer Security Concepts7
1.2 Threats,Attacks,and Assets14
1.3 Security Functional Requirements20
1.4 A Security Architecture for Open Systems22
1.5 The Scope of Computer Security27
1.6 Computer Security Trends28
1.7 Computer Security Strategy32
1.8 Recommended Reading and Web Sites34
1.9 Key Terms,Review Questions,and Problems36
Appendix:1A Significant Security Standards and Documents37
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES40
Chapter 2 Cryptographic Tools41
2.1 Confidentiality with Symmetric Encryption42
2.2 Message Authentication and Hash Functions49
2.3 Public-Key Encryption56
2.4 Digital Signatures and Key Management61
2.5 Random and Pseudorandom Numbers65
2.6 Practical Application:Encryption of Stored Data67
2.7 Recommended Reading and Web Sites68
2.8 Key Terms,Review Questions,and Problems69
Chapter 3 User Authentication74
3.1 Means of Authentication75
3.2 Password-Based Authentication76
3.3 Token-Based Authentication88
3.4 Biometric Authentication92
3.5 Remote User Authentication97
3.6 Security Issues for User Authentication99
3.7 Practical Application:An Iris Biometric System101
3.8 Case Study:Security Problems for ATM Systems103
3.9 Recommended Reading and Web Sites106
3.10 Key Terms,Review Questions,and Problems107
Chapter 4 Access Control110
4.1 Access Control Principles111
4.2 Subjects,Objects,and Access Rights115
4.3 Discretionary Access Control116
4.4 Example:UNIX File Access Control122
4.5 Role-Based Access Control125
4.6 Case Study:RBAC System for a Bank134
4.7 Recommended Reading and Web Sites137
4.8 Key Terms,Review Questions,and Problems138
Chapter 5 Database Security142
5.1 Database Management Systems143
5.2 Relational Databases144
5.3 Database Access Control148
5.4 Inference153
5.5 Statistical Databases156
5.6 Database Encryption166
5.7 Recommended Reading170
5.8 Key Terms,Review Questions,and Problems171
Chapter 6 Intrusion Detection176
6.1 Intruders177
6.2 Intrusion Detection181
6.3 Host-Based Intrusion Detection183
6.4 Distributed Host-Based Intrusion Detection190
6.5 Network-Based Intrusion Detection193
6.6 Distributed Adaptive Intrusion Detection197
6.7 Intrusion Detection Exchange Format200
6.8 Honeypots202
6.9 Example System:Snort204
6.10 Recommended Reading and Web Sites208
6.11 Key Terms,Review Questions,and Problems209
Appendix 6A:The Base-Rate Fallacy211
Chapter 7 Malicious Software215
7.1 Types of Malicious Software216
7.2 Viruses220
7.3 Virus Countermeasures226
7.4 Worms231
7.5 Bots240
7.6 Rootkits242
7.7 Recommended Reading and Web Sites245
7.8 Key Terms,Review Questions,and Problems246
Chapter 8 Denial of Service249
8.1 Denial of Service Attacks250
8.2 Flooding Attacks257
8.3 Distributed Denial of Service Attacks259
8.4 Reflector and Amplifier Attacks261
8.5 Defenses Against Denial of Service Attacks265
8.6 Responding to a Denial of Service Attack269
8.7 Recommended Reading and Web Sites270
8.8 Key Terms,Review Questions,and Problems271
Chapter 9 Firewalls and Intrusion Prevention Systems273
9.1 The Need for Firewalls274
9.2 Firewall Characteristics275
9.3 Types of Firewalls276
9.4 Firewall Basing283
9.5 Firewall Location and Configurations286
9.6 Intrusion Prevention Systems291
9.7 Example:Unified Threat Management Products294
9.8 Recommended Reading and Web Sites298
9.9 Key Terms,Review Questions,and Problems299
Chapter 10 Trusted Computing and Multilevel Security303
10.1 The Bell-LaPadula Model for Computer Security304
10.2 Other Formal Models for Computer Security314
10.3 The Concept of Trusted Systems320
10.4 Application of Multilevel Security323
10.5 Trusted Computing and the Trusted Platform Module330
10.6 Common Criteria for Information Technology Security Evaluation334
10.7 Assurance and Evaluation340
10.8 Recommended Reading and Web Sites345
10.9 Key Terms,Review Questions,and Problems346
PART TWO SOFTWARE SECURITY349
Chapter 11 Buffer Overflow350
11.1 Stack Overflows352
11.2 Defending Against Buffer Overflows373
11.3 Other Forms of Overflow Attacks379
11.4 Recommended Reading and Web Sites385
11.5 Key Terms,Review Questions,and Problems386
Chapter 12 Other Software Security Issues388
12.1 Software Security Issues389
12.2 Handling Program Input392
12.3 Writing Safe Program Code403
12.4 Interacting with the Operating System and Other Programs408
12.5 Handling Program Input419
12.6 Recommended Reading and Web Sites422
12.7 Key Terms,Review Questions,and Problems423
PART THREE MANAGEMENT ISSUES426
Chapter 13 Physical and Infrastructure Security427
13.1 Overview428
13.2 Physical Security Threats429
13.3 Physical Security Prevention and Mitigation Measures435
13.4 Recovery from Physical Security Breaches438
13.5 Threat Assessment,Planning,and Plan Implementation439
13.6 Example:A Corporate Physical Security Policy440
13.7 Integration of Physical and Logical Security441
13.8 Recommended Reading and Web Sites446
13.9 Key Terms,Review Questions,and Problems447
Chapter 14 Human Factors449
14.1 Security Awareness,Training,and Education450
14.2 Organizational Security Policy455
14.3 Employment Practices and Policies461
14.4 E-Mail and Internet Use Policies464
14.5 Example:A Corporate Security Policy Document465
14.6 Recommended Reading and Web Sites467
14.7 Key Terms,Review Questions,and Problems468
Appendix 14A:Security Awareness Standard of Good Practice469
Appendix 14B:Security Policy Standard of Good Practice473
Chapter 15 Security Auditing475
15.1 Security Auditing Architecture476
15.2 The Security Audit Trail481
15.3 Implementing the Logging Function486
15.4 Audit Trail Analysis497
15.5 Example:An Integrated Approach501
15.6 Recommended Reading and Web Sites504
15.7 Key Terms,Review Questions,and Problems505
Chapter 16 IT Security Management and Risk Assessment508
16.1 IT Security Management509
16.2 Organizational Context and Security Policy512
16.3 Security Risk Assessment515
16.4 Detailed Security Risk Analysis518
16.5 Case Study:Silver Star Mines530
16.6 Recommended Reading and Web Sites534
16.7 Key Terms,Review Questions,and Problems536
Chapter 17 IT Security Controls,Plans and Procedures538
17.1 IT Security Management Implementation539
17.2 Security Controls or Safeguards539
17.3 IT Security Plan547
17.4 Implementation of Controls548
17.5 Implementation Followup550
17.6 Case Study:Silver Star Mines556
17.7 Recommended Reading559
17.8 Key Terms,Review Questions,and Problems559
Chapter 18 Legal and Ethical Aspects562
18.1 Cybercrime and Computer Crime563
18.2 Intellectual Property567
18.3 Privacy574
18.4 Ethical Issues580
18.5 Recommended Reading and Web Sites586
18.6 Key Terms,Review Questions,and Problems587
Appendix 18A:Information Privacy Standard of Good Practice590
PART FOUR CRYPTOGRAPHIC ALGORITHMS592
Chapter 19 Symmetric Encryption and Message Confidentiality593
19.1 Symmetric Encryption and Message Confidentiality594
19.2 Data Encryption Standard598
19.3 Advanced Encryption Standard600
19.4 Stream Ciphers and RC4607
19.5 Cipher Block Modes of Operation610
19.6 Location of Symmetric Encryption Devices616
19.7 Key Distribution618
19.8 Recommended Reading and Web Sites620
19.9 Key Terms,Review Questions,and Problems620
Chapter 20 Public-Key Cryptography and Message Authentication625
20.1 Secure Hash Functions626
20.2 HMAC632
20.3 The RSA Public-Key Encryption Algorithm635
20.4 Diffie-Hellman and Other Asymmetric Algorithms641
20.5 Recommended Reading and Web Sites646
20.6 Key Terms,Review Questions,and Problems646
PART FIVE INTERNET SECURITY650
Chapter 21 Internet Security Protocols and Standards651
21.1 Secure Sockets Layer(SSL)and Transport Layer Security(TLS)652
21.2 IPv4 and IPv6 Security656
21.3 Secure Email and S/MIME662
21.4 Recommended Reading and Web Sites665
21.5 Key Terms,Review Questions,and Problems666
Appendix 21A:Radix-64 Conversion668
Chapter 22 Internet Authentication Applications671
22.1 Kerberos672
22.2 X.509678
22.3 Public-Key Infrastructure680
22.4 Federated Identity Management683
22.5 Recommended Reading and Web Sites687
22.6 Key Terms,Review Questions,and Problems688
PART SIX OPERATING SYSTEM SECURITY689
Chapter 23 Linux Security690
23.1 Introduction691
23.2 Linux's Security Model691
23.3 The Linux DAC in Depth:Filesystem Security693
23.4 Linux Vulnerabilities699
23.5 Linux System Hardening701
23.6 Application Security709
23.7 Mandatory Access Controls711
23.8 Recommended Reading and Web Sites711
23.9 Key Terms,Review Questions,and Problems718
Chapter 24 Windows and Windows Vista Security720
24.1 Windows Security Architecture721
24.2 Windows Vulnerabilities728
24.3 Windows Security Defenses729
24.4 Browser Defenses737
24.5 Cryptographic Services737
24.6 Common Criteria738
24.7 Recommended Reading and Web Sites739
24.8 Key Terms,Review Questions,Problems,and Projects740
APPENDICES742
Appendix A Some Aspects of Number Theory742
A.1 Prime and Relatively Prime Numbers743
A.2 Modular Arithmetic744
A.3 Fermat's and Euler's Theorems746
Appendix B Random and Pseudorandom Number Generation750
B.1 The Use of Random Numbers751
B.2 Pseudorandom Number Generators (PRNGs)752
B.3 True Random Number Generators757
Appendix C Projects for Teaching Computer Security759
C.1 Research Projects760
C.2 Hacking Projects761
C.3 Programming Projects761
C.4 Laboratory Exercises762
C.5 Practical Security Assessments762
C.6 Writing Assignments762
C.7 Reading/Report Assignments763
References765
Index783