Computer Security: Principles and Practice, 3/e (IE-Paperback)
William Stallings, Lawrie Brown
1.Fundamental security design principles: Chapter 1 includes a new section discussing the security design principles listed as fundamental by the National Centers of Academic Excellence in Information Assurance/Cyber Defense, which is jointly sponsored by the U.S. National Security Agency and the U. S. Department of Homeland Security.
2.Attack surfaces and attack trees: Chapter 1 includes a new section describing these two concepts, which are useful in evaluating and classifying security threats.
3.User authentication model: Chapter 3 includes a new description of a general model for user authentication, which helps to unify the discussion of the various approaches to user authentication.
4.Attribute-based access control (ABAC): Chapter 4 has a new section devoted to ABAC, which is becoming increasingly widespread.
5.Identity, credential, and access management (ICAM): Chapter 4 includes a new section on ICAM, which is a comprehensive approach to managing and implementing digital identities (and associated attributes), credentials, and access control.
6.Trust frameworks: Chapter 4 includes a new section on the Open Identity Trust Framework, which is an open, standardized approach to trustworthy identity and attribute exchange that is becoming increasingly widespread.
7.SQL injection attacks: Chapter 5 includes a new section on the SQL injection attack, which is one of the most prevalent and dangerous network-based security threats.
8.Cloud security: The material on cloud security in Chapter 5 has been updated and expanded to reflect its importance and recent developments.
9.Malware: The material on Malware, and on categories of intruders, has been revised to reflect the latest developments, including details of Advanced Persistent Threats, which are most likely due to nation state actors. 10.Intrusion detection/intrusion prevention systems: The material on IDS/IPS has been updated to reflect new developments in the field, including the latest developments in Host-Based Intrusion Detection Systems that assist in implementing a defense-in-depth strategy. 1
1.Human Resources: Security lapses due to human factors and social engineering are of increasing concern, including several recent cases of massive data exfiltration by insiders. Addressing such lapses requires a complex mix of procedural and technical controls, which we review in several significantly revised sections. 1
2.Mobile device security: Mobile device security has become an essential aspect of enterprise network security, especially for devices in the category known as bring your own device (BYOD). A new section covers this important topic. 1
3.SHA-3: This recently adopted cryptographic hash standard is covered in a new appendix. 圖書特色與優點：Easily Integrate Projects in your CourseThis book provides an unparalleled degree of support for including a projects component in the course. The Instructor's Manual not only includes guidance on how to assign and structure the projects, but also includes a set of user's manuals for various project types plus specific assignments, all written especially for this book. Instructors can assign work in the following areas:
1. Hacking exercises: Two projects that enable students to gain an understanding of the issues in intrusion detection and prevention.
2. Laboratory exercises: A series of projects that involve programming and experimenting with concepts from the book.
3.Security education (SEED) projects: The SEED projects are a set of hands-on exercises, or labs, covering a wide range of security topics.
4.Research projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report.
5.Programming projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform.
6.Practical security assessments: A set of exercises to examine current infrastructure and practices of an existing organization.
7.Firewall projects: A portable network firewall visualization simulator is provided, together with exercises for teaching the fundamentals of firewalls.
8.Case studies: A set of real-world case studies, including learning objectives, case description, and a series of case discussion questions.
9.Reading/report assignments: A list of papers that can be assigned for reading and writing a report, plus suggested assignment wording. 10.Writing assignments: A list of writing assignments to facilitate learning the material. 1
1.Webcasts for teaching computer security: A catalog of webcast sites that can be used to enhance the course. An effective way of using this catalog is to select, or allow the student to select, one or a few videos to watch, and then to write a report/analysis of the video.
Ch0: Guide for Readers and Instructors
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES
Ch2: Cryptographic Tools
Ch3: User Authentication
Ch4: Access Control
Ch5: Database and Cloud Security
Ch6: Malicious Software
Ch7: Denial-of-Service Attacks
Ch8: Intrusion Detection
Ch9: Firewalls and Intrusion Prevention Systems
PART TWO SOFTWARE SECURITY AND TRUSTED SYSTEMS
Ch10: Buffer Overflow
Ch11: Software Security
Ch12: Operating System Security
Ch13: Trusted Computing and Multilevel Security
PART THREE MANAGEMENT ISSUES
Ch14: IT Security Management and Risk Assessment
Ch15: IT Security Controls, Plans and Procedures
Ch16: Physical and Infrastructure Security
Ch17: Human Resources Security
Ch18: Security Auditing
Ch19 : Legal and Ethical Aspects
PART FOUR CRYPTOGRAPHIC ALGORITHMS
Ch20: Symmetric Encryption and Message Confidentiality
Ch21: Public-Key Cryptography and Message Authentication
PART FIVE NETWORK SECURITY
Ch22: Internet Security Protocols and Standards
Ch23 : Internet Authentication Applications
Ch24: Wireless Network Security
Appendix A Projects and Other Student Exercises for Teaching Computer Security
LIST OF ACRONYMS
ONLINE CHAPTERS AND APPENDICES
Online chapters, appendices, and other documents are Premium Content, available via the access card printed in the front of the book.
Ch25: Linux Security
Ch26: Windows and Windows Vista Security
Appendix B Some Aspects of Number Theory
Appendix C Standards and Standard-Setting Organizations
Appendix D Random and Pseudorandom Number Generation
Appendix E Message Authentication Codes Based on Block Ciphers
Appendix F TCP/IP Protocol Architecture
Appendix G Radix-64 Conversion
Appendix H Security Policy-Related Documents
Appendix I The Domain Name System
Appendix J The Base-Rate Fallacy
Appendix K SHA-3
Appendix L Glossary