Computer Security Fundamentals, 5th edition
Published by Pearson IT Certification (December 23, 2022) © 2023
- William Chuck Easttom
eTextbook
- Anytime, anywhere learning with the Pearson+ app
- Easy-to-use search, navigation and notebook
- Simpler studying with flashcards
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Dr. Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills you need to get started. Drawing on 30 years of experience as a security instructor, consultant, and researcher, Easttom helps you take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.
This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help you deepen your understanding and apply all you've learned.
LEARN HOW TO
- Identify and prioritize potential threats to your network
- Use basic networking knowledge to improve security
- Get inside the minds of hackers, so you can deter their attacks
- Implement a proven layered approach to network security
- Resist modern social engineering attacks
- Defend against today's most common Denial of Service (DoS) attacks
- Halt viruses, spyware, worms, Trojans, and other malware
- Prevent problems arising from malfeasance or ignorance
- Choose the best encryption methods for your organization
- Compare security technologies, including the latest security appliances
- Implement security policies that will work in your environment
- Scan your network for vulnerabilities
- Evaluate potential security consultants
- Master basic computer forensics and know what to do if you're attacked
- Learn how cyberterrorism and information warfare are evolving
Introduction xxix
Chapter 1: Introduction to Computer Security 2
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
           How Seriously Should You Take Threats to Network Security?. . . . . . . . . . 4
           Identifying Types of Threats.. . . . . . . . . . . . . . . . . . . . . . . . 7
           Assessing the Likelihood of an Attack on Your Network.. . . . . . . . . . . . 17
           Basic Security Terminology. . . . . . . . . . . . . . . . . . . . . . . . 18
           Concepts and Approaches.. . . . . . . . . . . . . . . . . . . . . . . . 21
           How Do Legal Issues Impact Network Security?.. . . . . . . . . . . . . . . 24
           Online Security Resources.. . . . . . . . . . . . . . . . . . . . . . . . 25
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 2: Networks and the Internet 34
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
           Network Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
           How the Internet Works. . . . . . . . . . . . . . . . . . . . . . . . . 43
           History of the Internet.. . . . . . . . . . . . . . . . . . . . . . . . . . 50
           Basic Network Utilities.. . . . . . . . . . . . . . . . . . . . . . . . . 52
           Other Network Devices.. . . . . . . . . . . . . . . . . . . . . . . . . 59
           Advanced Network Communications Topics.. . . . . . . . . . . . . . . . 60
           Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 3: Cyber Stalking, Fraud, and Abuse 74
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
           How Internet Fraud Works.. . . . . . . . . . . . . . . . . . . . . . . . 75
           Identity Theft.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
           Cyber Stalking.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
           Protecting Yourself Against Cybercrime.. . . . . . . . . . . . . . . . . . 91
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 4: Denial of Service Attacks 106
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
           DoS Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
           Illustrating an Attack.. . . . . . . . . . . . . . . . . . . . . . . . . . 107
           Common Tools Used for DoS Attacks.. . . . . . . . . . . . . . . . . . . 109
           DoS Weaknesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 112
           Specific DoS Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . 112
           Real-World Examples of DoS Attacks.. . . . . . . . . . . . . . . . . . . 120
           How to Defend Against DoS Attacks.. . . . . . . . . . . . . . . . . . . 121
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 5: Malware 130
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
           Viruses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
           Trojan Horses.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
           The Buffer-Overflow Attack. . . . . . . . . . . . . . . . . . . . . . . 145
           Spyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
           Other Forms of Malware.. . . . . . . . . . . . . . . . . . . . . . . . 149
           Detecting and Eliminating Viruses and Spyware. . . . . . . . . . . . . . . 153
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 6: Techniques Used by Hackers 166
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
           Basic Terminology.. . . . . . . . . . . . . . . . . . . . . . . . . . . 167
           The Reconnaissance Phase.. . . . . . . . . . . . . . . . . . . . . . . 167
           Actual Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
           Malware Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . 184
           Penetration Testing.. . . . . . . . . . . . . . . . . . . . . . . . . . 187
           The Dark Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Chapter 7: Industrial Espionage in Cyberspace 200
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
           What Is Industrial Espionage?.. . . . . . . . . . . . . . . . . . . . . . 202
           Information as an Asset. . . . . . . . . . . . . . . . . . . . . . . . . 203
           Real-World Examples of Industrial Espionage.. . . . . . . . . . . . . . . 205
           How Does Espionage Occur?. . . . . . . . . . . . . . . . . . . . . . 207
           Protecting Against Industrial Espionage.. . . . . . . . . . . . . . . . . . 212
           Trade Secrets.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
           The Industrial Espionage Act.. . . . . . . . . . . . . . . . . . . . . . 218
           Spear Phishing.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Chapter 8: Encryption 226
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
           Cryptography Basics.. . . . . . . . . . . . . . . . . . . . . . . . . . 227
           History of Encryption.. . . . . . . . . . . . . . . . . . . . . . . . . . 228
           Modern Cryptography Methods.. . . . . . . . . . . . . . . . . . . . . 236
           Public Key (Asymmetric) Encryption.. . . . . . . . . . . . . . . . . . . 245
           PGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
           Legitimate Versus Fraudulent Encryption Methods.. . . . . . . . . . . . . 251
           Digital Signatures. . . . . . . . . . . . . . . . . . . . . . . . . . . 252
           Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
           MAC and HMAC.. . . . . . . . . . . . . . . . . . . . . . . . . . . 254
           Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
           Cryptanalysis.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
           Cryptography Used on the Internet.. . . . . . . . . . . . . . . . . . . . 259
           Quantum Computing Cryptography. . . . . . . . . . . . . . . . . . . . 259
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Chapter 9: Computer Security Technology 268
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
           Virus Scanners.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
           Firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
           Antispyware.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
           IDSs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
           Digital Certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . 292
           SSL/TLS.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
           Virtual Private Networks.. . . . . . . . . . . . . . . . . . . . . . . . 296
           Wi-Fi Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Chapter 10: Security Policies 304
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
           What Is a Policy?.. . . . . . . . . . . . . . . . . . . . . . . . . . . 305
           Important Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . 305
           Defining User Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 308
           Defining System Administration Policies.. . . . . . . . . . . . . . . . . . 316
           Security Breaches.. . . . . . . . . . . . . . . . . . . . . . . . . . . 319
           Defining Access Control.. . . . . . . . . . . . . . . . . . . . . . . . 321
           Development Policies.. . . . . . . . . . . . . . . . . . . . . . . . . 322
           Standards, Guidelines, and Procedures.. . . . . . . . . . . . . . . . . . 323
           Disaster Recovery.. . . . . . . . . . . . . . . . . . . . . . . . . . . 324
           Zero Trust.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
           Important Laws.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Chapter 11: Network Scanning and Vulnerability Scanning 336
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
           Basics of Assessing a System.. . . . . . . . . . . . . . . . . . . . . . 337
           Securing Computer Systems.. . . . . . . . . . . . . . . . . . . . . . 346
           Scanning Your Network. . . . . . . . . . . . . . . . . . . . . . . . . 352
           Testing and Scanning Standards.. . . . . . . . . . . . . . . . . . . . . 363
           Getting Professional Help.. . . . . . . . . . . . . . . . . . . . . . . . 366
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Chapter 12: Cyber Terrorism and Information Warfare 378
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
           Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 379
           Weapons of Cyber Warfare.. . . . . . . . . . . . . . . . . . . . . . . 382
           Economic Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . 384
           Military Operations Attacks. . . . . . . . . . . . . . . . . . . . . . . 386
           General Attacks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
           Supervisory Control and Data Acquisitions (SCADA).. . . . . . . . . . . . . 387
           Information Warfare.. . . . . . . . . . . . . . . . . . . . . . . . . . 388
           Actual Cases of Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 391
           Future Trends.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
           Defense Against Cyber Terrorism.. . . . . . . . . . . . . . . . . . . . . 399
           Terrorist Recruiting and Communication.. . . . . . . . . . . . . . . . . . 399
           TOR and the Dark Web.. . . . . . . . . . . . . . . . . . . . . . . . . 400
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Chapter 13: Cyber Detective 408
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
           General Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . 410
           Company Searches.. . . . . . . . . . . . . . . . . . . . . . . . . . 413
           Court Records and Criminal Checks.. . . . . . . . . . . . . . . . . . . 413
           Usenet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
           Google.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
           Maltego. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Chapter 14: Introduction to Forensics 426
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
           General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . 427
           Finding Evidence on a PC. . . . . . . . . . . . . . . . . . . . . . . . 440
           Finding Evidence in System Logs.. . . . . . . . . . . . . . . . . . . . 441
           Getting Back Deleted Files.. . . . . . . . . . . . . . . . . . . . . . . 442
           Operating System Utilities. . . . . . . . . . . . . . . . . . . . . . . . 445
           The Windows Registry. . . . . . . . . . . . . . . . . . . . . . . . . 447
           Mobile Forensics: Cell Phone Concepts.. . . . . . . . . . . . . . . . . . 452
           The Need for Forensic Certification.. . . . . . . . . . . . . . . . . . . . 457
           Expert Witnesses.. . . . . . . . . . . . . . . . . . . . . . . . . . . 458
           Additional Types of Forensics.. . . . . . . . . . . . . . . . . . . . . . 459
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Chapter 15: Cybersecurity Engineering 466
           Introduction.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
           Defining Cybersecurity Engineering.. . . . . . . . . . . . . . . . . . . . 467
           Standards.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
           SecML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
           Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
           Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Glossary 494
Appendix A: Resources 500
Appendix B: Answers to the Multiple Choice Questions 502
Â
9780137984787, TOC, 12/6/2022
Dr. Chuck Easttom is the author of 37 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a doctor of science degree in cybersecurity (dissertation topic: a study of lattice-based algorithms for post quantum cryptography), a Ph.D. in Computer Science (dissertation topic: "A Systematic Framework for Network Forensics Using Graph Theory"), and a Ph.D. in Nanotechnology (dissertation topic: "The Effects of Complexity on Carbon Nanotube Failures") and three master's degrees (one in applied computer science, one in education, and one in systems engineering). He also holds more than 70 industry certifications (CISSP, CEH, etc.). He is a frequent speaker at cybersecurity, computer science, and engineering conferences. He is a Distinguished Speaker and senior member of the ACM and a senior member of the IEEE. You can find out more about Dr. Easttom and his research at www.ChuckEasttom.com.
Need help? Get in touch