I'm a studentI'm an educator

Computer Security Fundamentals, 4th edition

Published by Pearson IT Certification (July 14, 2021) © 2020

  • William Chuck Easttom
Products list
per month
-month term, pay monthly or pay
Buy nowOpens in a new tab
Instant access

eTextbook features

  • Instant access to eTextbook
  • Search, highlight, and notes
  • Create flashcards
Products list
$64.00

Price Reduced From: $80.00

Details

  • A print text
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Products list
$140.00

Access Details

  • Access courses online from any computer (PC or Mac) or tablet (Android or iOS)
  • Native app available for mobile use; use online, or download and work offline; data syncs automatically 
  • Purchase print or digital codes from your college bookstore, or printed access code cards here

Features

  • Interactive learning elements throughout, including exercises, quizzes, flashcards, and video tutorials

Computer Security Fundamentals, Fourth Edition: 

  • Clearly explains core concepts, terminology, challenges, technologies, and skills
  • Covers today’s latest attacks and countermeasures 
  • The perfect beginner’s guide for anyone interested in a computer security career

Chuck Easttom brings together complete coverage of all basic concepts, terminology, and issues, along with all the skills students need to get started.


Drawing on 20+ years of experience as a security instructor, consultant, and researcher, Easttom helps students take a proactive, realistic approach to assessing threats and implementing countermeasures. Writing clearly and simply, he addresses crucial issues that many introductory security books ignore, while addressing the realities of a world where billions of new devices are Internet-connected.

This guide covers web attacks, hacking, spyware, network defense, security appliances, VPNs, password use, and much more. Its many tips and examples reflect new industry trends and the state-of-the-art in both attacks and defense. Exercises, projects, and review questions in every chapter help students deepen their understanding and apply all they've learned.


Whether you’re a student, a professional, or a manager, this guide will help you protect your assets—and expand your career options.

Introduction xxvi
Chapter 1: Introduction to Computer Security 2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How Seriously Should You Take Threats to Network Security? . . . . . . . . . 4
Identifying Types of Threats . . . . . . . . . . . . . . . . . . . . . . . . 7
Assessing the Likelihood of an Attack on Your Network . . . . . . . . . . . . 16
Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . 16
Concepts and Approaches . . . . . . . . . . . . . . . . . . . . . . . . 19
How Do Legal Issues Impact Network Security? . . . . . . . . . . . . . . . 22
Online Security Resources . . . . . . . . . . . . . . . . . . . . . . . . 23
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Networks and the Internet 32
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
How the Internet Works . . . . . . . . . . . . . . . . . . . . . . . . . 40
History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Basic Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . 49
Other Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 55
Advanced Network Communications Topics . . . . . . . . . . . . . . . . 56
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Chapter 3: Cyber Stalking, Fraud, and Abuse 66
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
How Internet Fraud Works . . . . . . . . . . . . . . . . . . . . . . . . 67
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Cyber Stalking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 4: Denial of Service Attacks 96
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Illustrating an Attack . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Common Tools Used for DoS Attacks . . . . . . . . . . . . . . . . . . . 99
DoS Weaknesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Specific DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 102
Real-World Examples of DoS Attacks . . . . . . . . . . . . . . . . . . . 109
How to Defend Against DoS Attacks . . . . . . . . . . . . . . . . . . . 111
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 5: Malware 120
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Trojan Horses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
The Buffer-Overflow Attack . . . . . . . . . . . . . . . . . . . . . . . 132
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Other Forms of Malware . . . . . . . . . . . . . . . . . . . . . . . . 137
Detecting and Eliminating Viruses and Spyware . . . . . . . . . . . . . . 140
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 6: Techniques Used by Hackers 152
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Basic Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
The Reconnaissance Phase . . . . . . . . . . . . . . . . . . . . . . . 153
Actual Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Malware Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 171
The Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Chapter 7: Industrial Espionage in Cyberspace 182
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
What Is Industrial Espionage? . . . . . . . . . . . . . . . . . . . . . . 183
Information as an Asset . . . . . . . . . . . . . . . . . . . . . . . . 184
Real-World Examples of Industrial Espionage . . . . . . . . . . . . . . . 187
How Does Espionage Occur? . . . . . . . . . . . . . . . . . . . . . . 189
Low-Tech Industrial Espionage . . . . . . . . . . . . . . . . 189
Spyware Used in Industrial Espionage . . . . . . . . . . . . . 193
Steganography Used in Industrial Espionage . . . . . . . . . . . 193
Phone Taps and Bugs . . . . . . . . . . . . . . . . . . . . 194
Protecting Against Industrial Espionage . . . . . . . . . . . . . . . . . . 194
The Industrial Espionage Act . . . . . . . . . . . . . . . . . . . . . . 197
Spear Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chapter 8: Encryption 206
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Cryptography Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 207
History of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Modern Cryptography Methods . . . . . . . . . . . . . . . . . . . . . 216
Public Key (Asymmetric) Encryption . . . . . . . . . . . . . . . . . . . 223
PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Legitimate Versus Fraudulent Encryption Methods . . . . . . . . . . . . . 229
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
MAC and HMAC . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Cryptography Used on the Internet . . . . . . . . . . . . . . . . . . . . 236
Quantum Computing Cryptography . . . . . . . . . . . . . . . . . . . 237
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Chapter 9: Computer Security Technology 244
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Virus Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
SSL/TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . 268
Wi-Fi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Chapter 10: Security Policies 278
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Defining User Policies . . . . . . . . . . . . . . . . . . . . . . . . . 280
Defining System Administration Policies . . . . . . . . . . . . . . . . . . 287
New Employees . . . . . . . . . . . . . . . . . . . . . . . 287
Departing Employees . . . . . . . . . . . . . . . . . . . . 287
Change Requests . . . . . . . . . . . . . . . . . . . . . . 288
Security Breaches . . . . . . . . . . . . . . . . . . . . . . 290
Virus Infection . . . . . . . . . . . . . . . . . . . . . . . 290
DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . 291
Intrusion by a Hacker . . . . . . . . . . . . . . . . . . . . 291
Defining Access Control . . . . . . . . . . . . . . . . . . . . . . . . 292
Development Policies . . . . . . . . . . . . . . . . . . . . . . . . . 293
Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . . . . 294
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Important Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Chapter 11: Network Scanning and Vulnerability Scanning 306
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Basics of Assessing a System . . . . . . . . . . . . . . . . . . . . . . 307
Securing Computer Systems . . . . . . . . . . . . . . . . . . . . . . 315
Scanning Your Network . . . . . . . . . . . . . . . . . . . . . . . . 321
Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . 330
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Chapter 12: Cyber Terrorism and Information Warfare 342
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Actual Cases of Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 343
Weapons of Cyber Warfare . . . . . . . . . . . . . . . . . . . . . . . 345
Economic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Military Operations Attacks . . . . . . . . . . . . . . . . . . . . . . . 350
General Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Supervisory Control and Data Acquisitions (SCADA) . . . . . . . . . . . . . 351
Information Warfare . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Actual Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Future Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Defense Against Cyber Terrorism . . . . . . . . . . . . . . . . . . . . . 362
Terrorist Recruiting and Communication . . . . . . . . . . . . . . . . . . 362
TOR and the Dark Web . . . . . . . . . . . . . . . . . . . . . . . . . 363
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Chapter 13: Cyber Detective 370
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
General Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Court Records and Criminal Checks . . . . . . . . . . . . . . . . . . . 375
Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Chapter 14: Introduction to Forensics 386
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Finding Evidence on the PC . . . . . . . . . . . . . . . . . . . . . . . 397
Finding Evidence in System Logs . . . . . . . . . . . . . . . . . . . . 398
Getting Back Deleted Files . . . . . . . . . . . . . . . . . . . . . . . 399
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . 402
The Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . 404
Mobile Forensics: Cell Phone Concepts . . . . . . . . . . . . . . . . . . 408
The Need for Forensic Certification . . . . . . . . . . . . . . . . . . . . 413
Expert Witnesses . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Additional Types of Forensics . . . . . . . . . . . . . . . . . . . . . . 415
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 15: Cybersecurity Engineering 422
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Defining Cybersecurity Engineering . . . . . . . . . . . . . . . . . . . . 423
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Glossary 442
Appendix A: Resources 448
Appendix B: Answers to the Multiple Choice Questions 450
9780135774779, TOC, 8/15/19

Need help? Get in touch