Today, security is a hot topic, and international (ISO) security standards largely have replaced the Orange Book. But for those of you who need to understand the fundamentals, "Computer Security Basics" is still the best book to consult. The new edition builds on the well- established principles developed in the original edition and thoroughly updates that core knowledge. For novice security administrators, system administrators, and developers, "Computer Security Basics" offers a clear overview of the security concepts you need to know: access controls, malicious software, security policy, cryptography, biometrics, and government regulations and standards. And it does so in a way that you can easily understand, even if you aren't very familiar with security. This is the must-have book for a must-know field.

Rick Lehtinen
Rick Lehtinen started his career in electronic communications, from installing two-way radios to building television stations and satellite uplink facilities. Frequent contribution of articles to the trade press led to a position as an editor at Broadcast Engineering magazine, as well as a sister publication, Video Systems, which was followed by nationwide travel promoting desktop video production as "Dr. Video". After relocating to Phoenix, Lehtinen researched and produced marketing information for the semiconductor industry. This lead to a survey of computers and networking, which field eventually became a passion. Lehtinen financed his studies by teaching and writing, and is on the adjunct faculty of several community colleges and vocational schools. As a course writer for the Cisco Network Academy, he has worked with materials from conception through post-production, including learner assessment and the creation of annoying multiple choice questions. Lehtinen holds certifications in computer security (CISSP), networking (CCNP, CCDP), and telecommunications design (BICSII RCDD) and is the author of Computer Security Basics, 2/E. His hobbies include spending time with his family, playing the tuba, and writing about complimentary/alternative medical technologies.
G.T. Gangemi Sr.
G.T. Gangemi, Sr., is Director of Wang Laboratories' Secure Systems Program. The Wang organization mirrors the structure of the U.S. government's Information Security (INFOSEC) program, encompassing computer security (COMPUSEC), communications security (COMSEC), TEMPEST, and physical access. Mr. Gangemi is responsible for all Wang security-related products designed for government and commercial use. He has previously held management positions at Wang in a variety of areas, including research and development, product management and marketing, account management, and business planning. He attended La Salle College and the Program for Senior Executives at Harvard University's Kennedy School of Government. He served in the U.S. Army and is a private pilot.

Preface

ix

Part I. Security for Today

Introduction

3

(19)

The New Insecurity

3

(6)

What Is Computer Security?

9

(3)

Threats to Security

12

(6)

Why Buy Security?

18

(3)

What's a User to Do?

21

(1)

Some Security History

22

(27)

Information and Its Controls

22

(3)

Computer Security: Then and Now

25

(2)

Early Computer Security Efforts

27

(5)

Building Toward Standardization

32

(5)

Computer Security Mandates and Legislation

37

(12)

Part II. Computer Security

Computer System Security and Access Controls

49

(30)

What Makes a System Secure?

49

(1)

System Access: Logging into Your System

50

(29)

Viruses and Other Wildlife

79

(17)

Financial Effects of Malicious Programs

79

(1)

Viruses and Public Health

80

(1)

Viruses, Worms, and Trojans (Oh, My!)

80

(10)

Who Writes Viruses?

90

(2)

Remedies

92

(1)

The Virus Hype

93

(1)

An Ounce of Prevention

94

(2)

Establishing and Maintaining a Security Policy

96

(16)

Administrative Security

97

(1)

Overall Planning and Administration

98

(5)

Day-to-Day Administration

103

(6)

Separation of Duties

109

(3)

Web Attacks and Internet Vulnerabilities

112

(25)

About the Internet

112

(4)

What Are the Network Protocols?

116

(8)

The Fragile Web

124

(13)

Part III. Communications Security

Encryption

137

(36)

Some History

138

(3)

What Is Encryption?

141

(12)

The Data Encryption Standard

153

(10)

Other Cryptographic Algorithms

163

(6)

Message Authentication

169

(1)

Government Cryptographic Programs

170

(1)

Cryptographic Export Restrictions

171

(2)

Communications and Network Security

173

(30)

What Makes Communication Secure?

174

(3)

Modems

177

(2)

Networks

179

(8)

Network Security

187

(16)

Part IV. Other Types of Security

Physical Security and Biometrics

203

(17)

Physical Security

204

(3)

Locks and Keys: Old and New

207

(5)

Biometrics

212

(6)

Gentle Reminder

218

(2)

Wireless Network Security

220

(63)

How We Get Here

220

(1)

Today's Wireless Infrastructure

221

(4)

How Wireless Works

225

(3)

Playing the Fields

228

(3)

What Is This dB Stuff?

231

(1)

Why Does All This Matter?

232

(1)

Encouraging Diversity

233

(1)

Physical Layer Wireless Attacks

233

(16)

Part V. Appendixes

A. OSI Model

249

(3)

B. Tempest

252

(6)

C. The Orange Book, FIPS, PUBS, and the Common Criteria

258

(25)

Index

283

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.