ebook img

Corporate computer and network security PDF

531 Pages·5.279 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Corporate computer and network security

C C ORPORATE OMPUTER AND N S ETWORK ECURITY This page intentionally left blank Second Edition C C ORPORATE OMPUTER AND N S ETWORK ECURITY Raymond R. Panko University of Hawaii Prentice Hall Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo Editorial Director:Sally Yagan Creative Art Director: Jayne Conte Editor in Chief:Eric Svendsen Cover Designer: Axell Designs Acquisitions Editor: Bob Horan Manager, Rights and Permissions: Charles Morris Editorial Project Manager: Kelly Loftus Cover Art: Getty Images, Inc. Technical Content Editor: Julia Panko Full-Service Project Management: Shiny Rajesh Director of Marketing: Patrice Lumumba Jones Composition:Integra Software Services Pvt. Ltd. Marketing Manager: Anne Fahlgren Printer/Binder:Courier Westford Project Manager: Renata Butera Cover Printer: Demand Production Center Operations Supervisor: Renata Butera Text Font: Palatino Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear on appropriate page within text. Microsoft®and Windows®are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. Screen shots and icons reprinted with permission from the Microsoft Corporation. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation. Copyright © 2010, 2004. Pearson Education, Inc., publishing as Prentice Hall, One Lake Street, Upper Saddle River, New Jersey 07458. All rights reserved. Manufactured in the United States of America. This publication is protected by Copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission(s) to use material from this work, please submit a written request to Pearson Education, Inc., Permissions Department, OneLake Street, Upper Saddle River, New Jersey 07458. Many of the designations by manufacturers and seller to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in initial caps or all caps. Library of Congress Cataloging-in-Publication Data Panko, R. R. Corporate computer and network security/Raymond R. Panko.—2nd ed. p. cm. Includes index. ISBN-13: 978-0-13-185475-8 (alk. paper) ISBN-10: 0-13-185475-5 1. Computer security. 2. Computer networks—Security measures. 3. Electronic data processing departments—Security measures. I. Title. QA76.9.A25P36 2010 005.8—dc22 2009019292 10 9 8 7 6 5 4 3 2 1 ISBN 13: 978-0-13-185475-8 ISBN 10: 0-13-185475-5 Dedication To Julia Panko, my long-time networking and security editor and one of the best technology minds I’ve ever encountered. This page intentionally left blank BRIEF CONTENTS Chapter 1 The Threat Environment: Attackers and their Attacks 1 Chapter 2 Planning 51 Chapter 3 The Elements of Cryptography 107 Chapter 4 Cryptographic System Standards 149 Chapter 5 Access Control 193 Chapter 6 Firewalls 251 Chapter 7 Host and Data Security 301 Chapter 8 Application Security 349 Chapter 9 Incident and Disaster Response 393 Module A: Networking Concepts 437 vii This page intentionally left blank CONTENTS Preface xxiii Chapter 1 The Threat Environment: Attackers and their Attacks 1 Introduction 1 Basic Security Terminology 1 The TJX Data Breach 4 Employee and Ex-Employee Threats 9 Why Employees Are Dangerous 9 Employee Sabotage 9 Employee Hacking 11 Employee Financial Theft and Theft of Intellectual Property(IP) 12 Employee Extortion 13 Employee Sexual or Racial Harassment 14 Employee Computer and Internet Abuse 14 Data Loss 15 Other “Internal” Attackers 15 Traditional External Attackers I: Malware Writers 16 Malware Writers 16 Viruses 17 Worms 18 Blended Threats 19 Payloads 19 Trojan Horses and Rootkits 20 Mobile Code 23 Social Engineering in Malware 23 Traditional External Attackers II: Hackers and Denial-of-Service Attacks 25 Traditional Motives 25 Anatomy of a Hack 27 Social Engineering 30 Denial-of-Service (DoS) Attacks 31 Skill Levels 33 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.