Applied Information Security: A Hands-on Approach
暫譯: 應用資訊安全:實作方法

David Basin, Patrick Schaller, Michael Schläpfer

  • 出版商: Springer
  • 出版日期: 2011-10-28
  • 售價: $2,170
  • 貴賓價: 9.5$2,062
  • 語言: 英文
  • 頁數: 202
  • 裝訂: Hardcover
  • ISBN: 3642244734
  • ISBN-13: 9783642244735
  • 相關分類: Penetration-test
  • 海外代購書籍(需單獨結帳)

商品描述

This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications. The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them.

After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments.

The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.

商品描述(中文翻譯)

這本書探討了保護資訊科技系統的基本原則,並通過讀者可以使用隨附軟體進行的實驗來說明這些原則。這些實驗突顯了現代作業系統、網路和網頁應用程式中出現的關鍵資訊安全問題。作者解釋了如何識別和利用這些問題,並展示了不同的對策及其實施方式。讀者因此能夠詳細了解漏洞是如何產生的,並獲得解決這些問題的實際經驗。

在介紹安全原則、虛擬環境和網路服務的基本知識後,作者解釋了身份驗證和存取控制、日誌和日誌分析、網頁應用程式安全、證書和公鑰加密以及風險管理等核心安全原則。書末附錄提供了相關課程的設計、報告範本以及完成作業所需的Linux基礎知識。

作者成功地使用本書內容及其描述的實驗室環境教授學生和專業人士資訊安全。這本書可用於本科或研究生的實驗室課程,補充更具理論導向的課程,也可供希望獲得應用資訊安全實踐經驗的IT專業人士自學。作者的支援軟體可在網上免費獲得,並且全書配有練習題以支持學習。