Guides Students in Understanding the Interactions between Computing/Networking Technologies and Security Issues
Taking an interactive, "learn-by-doing" approach to teaching, Introduction to Computer and Network Security: Navigating Shades of Gray gives you a clear course to teach the technical issues related to security. Unlike most computer security books, which concentrate on software design and implementation, cryptographic tools, or networking issues, this text also explores how the interactions between hardware, software, and users affect system security.
The book presents basic principles and concepts, along with examples of current threats to illustrate how the principles can either enable or neutralize exploits. Students see the importance of these concepts in existing and future technologies. In a challenging yet enjoyable way, they learn about a variety of technical topics, including current security exploits, technical factors that enable attacks, and economic and social factors that determine the security of future systems.
Extensively classroom-tested, the material is structured around a set of challenging projects. Through staging exploits and choosing countermeasures to neutralize the attacks in the projects, students learn:
How computer systems and networks operate
How to reverse-engineer processes
How to use systems in ways that were never foreseen (or supported) by the original developers
Combining hands-on work with technical overviews, this text helps you integrate security analysis into your technical computing curriculum. It will educate your students on security issues, such as side-channel attacks, and deepen their understanding of how computers and networks work.
Richard R. Brooks is an associate professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University. His research has been sponsored by both government and industry, including the U.S. Office of Naval Research, Defense Advanced Research Projects Agency, National Institute of Standards and Technology, National Science Foundation, and BMW Manufacturing Co. He received a Ph.D. in computer science from Louisiana State University.
Brief History of Computers, Communications, and Security Pre-Renaissance Renaissance to World War I World War I World War II Cold War Organized Crime and Botnets Cyberwar Security and Privacy Overview Security Attributes Social Engineering Authentication and Authorization Access Permissions Audit User Interface Issues On Trusting Trust Taxonomy of Attacks Case Study-Mobile Code Case Study-Connected Vehicles Cryptography Primer Substitution Ciphers and Frequency Analysis Vignere Cipher and Cryptanalysis Block Ciphers RSA Public Key Cryptography Hash Functions One-Time Pads Key Management Message Confidentiality Steganography Obfuscation and Homomorphic Encryption SSL/TLS-Case Study Project Cryptographic Protocol Verification DNS and Routing X.509 and SSL Certificates Security Flaws With Certificates Man-in-the-Middle Attacks Implementation Flaws Usability Securing Networks Firewalls Virtual Private Networks (VPNs) Wireless Security Intrusion Detection Systems (IDS) Denial of Service Virtual Private Network-Case Study Project Laboratory Preparation Assignment Virtual Machine (VM) Use Sniffer Use VPN Installation Insertion Attacks SQL Injection Buffer Overflow Attack Printer Format Vulnerability SSH Insertion Attacks IDS Insertion Attacks Viruses Worms Virus and Worm Propagation Buffer Overflow-Case Study Project Stack Smashing Heap Smashing Arc Injection Pointer Clobbering Countermeasures Polymorphic Virus-Advanced Case Study Project Virus Basics Antivirus Pseudovirus with Alternate Data Streams Simple Virus-Timid Infection Spreading Self-Modifying Code Simple Polymorphism Packing and Encryption Frankenstein Viruses Web Security Cross Site Scripting (XSS) Cross Site Request Forgery (XSRF, CSRF) Man-in-the-Browser Penetration Testing Privacy and Anonymity Anonymity Metrics Anonymity Tools Computer Forensics Tools Privacy Laws Privacy Discussion Assignments-Antonin Scalia Side-Channel Attacks Power Analysis Traffic Analysis Time Analysis Red-Black Separation Side-Channel Countermeasures Digital Rights Management and Copyright Copyright History Fair Use Creative Commons Digital Rights Management Digital Millennium Copyright Act The Darknet Patent Trolls Discussion Assignment-Business Case for DRM Discussion Assignment-Technical Case for DRM Security Economics Liability and EULAs Network Externalities Code Bloat Lemon Markets Software Engineering Macroeconomics and Game Theory Introduction Conclusions Bibliography Index Problems and a Glossary appear at the end of each chapter.