The Craft of System Security (Paperback)

Sean Smith, John Marchesini

  • 出版商: Addison Wesley
  • 出版日期: 2007-08-01
  • 售價: $2,160
  • 貴賓價: 9.5$2,052
  • 語言: 英文
  • 頁數: 592
  • 裝訂: Paperback
  • ISBN: 0321434838
  • ISBN-13: 9780321434838
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

"I believe The Craft of System Security is one of the best software security books on the market today. It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems--to the Web, computer-human interaction, and how to improve the security of software systems by improving hardware. Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum."
--Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation

"Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security. I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional."
--L. Felipe Perrone, Department of Computer Science, Bucknell University

Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges--and anticipate tomorrow's. Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems.

After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities. Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security.

After reading this book, you will be able to

  • Understand the classic Orange Book approach to security, and its limitations
  • Use operating system security tools and structures--with examples from Windows, Linux, BSD, and Solaris
  • Learn how networking, the Web, and wireless technologies affect security
  • Identify software security defects, from buffer overflows to development process flaws
  • Understand cryptographic primitives and their use in secure systems
  • Use best practice techniques for authenticating people and computer systems in diverse settings
  • Use validation, standards, and testing to enhance confidence in a system's security
  • Discover the security, privacy, and trust issues arising from desktop productivity tools
  • Understand digital rights management, watermarking, information hiding, and policy expression
  • Learn principles of human-computer interaction (HCI) design for improved security
  • Understand the potential of emerging work in hardware-based security and trusted computing

商品描述(中文翻譯)

「我相信,《系統安全的藝術》是當今市場上最好的軟體安全書籍之一。它不僅廣度廣泛,而且深度深厚,涵蓋了從密碼學、網絡和操作系統到網頁、人機互動以及通過改進硬體來提高軟體系統安全性的主題。總之,這本書應該成為所有計劃自稱為安全從業人員的人的必讀之物,也是每個大學計算機科學課程中不可或缺的一部分。」——Edward Bonver,CISSP,賽門鐵克公司產品安全高級軟體測試工程師

「這是一本有趣、令人興奮的閱讀:一本充滿實際例子的獨特書籍,介紹了計算機安全的使用和誤用。我相信這本書將激發許多大學生對這個領域的進一步學習,同時也能滿足更有經驗的專業人士的需求。」——L. Felipe Perrone,巴克內爾大學計算機科學系

無論您是安全從業人員、開發人員、管理人員還是系統管理員,這本書將為您提供深入的理解,以應對當今的安全挑戰,並預測未來的挑戰。與大多數書籍不同,《系統安全的藝術》不僅僅是回顧現代安全從業人員的工具包:它解釋了每個工具的存在原因,並討論了如何使用它來解決實際問題。

在快速回顧計算機安全歷史之後,作者們繼續討論現代情境,展示了安全挑戰和應對的演變,並提供了一個有條理的框架,用於理解當今的系統和漏洞。接下來,他們系統地介紹了保護當代系統的基本構建模塊,將這些構建模塊應用於當今的應用程序,並考慮了硬體安全等重要的新興趨勢。

閱讀完這本書後,您將能夠:

- 理解經典的橙皮書(Orange Book)方法對安全的影響,以及其局限性
- 使用操作系統安全工具和結構,包括Windows、Linux、BSD和Solaris的示例
- 了解網絡、網頁和無線技術對安全的影響
- 辨識軟體安全缺陷,從緩衝區溢出到開發流程缺陷
- 理解加密基元及其在安全系統中的應用
- 在不同環境中使用最佳實踐技術來驗證人和計算機系統的身份
- 使用驗證、標準和測試來增強對系統安全的信心
- 探索桌面生產力工具帶來的安全、隱私和信任問題
- 理解數字版權管理、浮水印、信息隱藏和策略表達
- 學習人機互動設計的原則,以提高安全性
- 理解基於硬體的安全和可信計算的潛力