1st Edition

Introduction to Computer and Network Security Navigating Shades of Gray

By Richard R. Brooks Copyright 2014
    320 Pages 56 B/W Illustrations
    by Chapman & Hall

    Guides Students in Understanding the Interactions between Computing/Networking Technologies and Security Issues

    Taking an interactive, "learn-by-doing" approach to teaching, Introduction to Computer and Network Security: Navigating Shades of Gray gives you a clear course to teach the technical issues related to security. Unlike most computer security books, which concentrate on software design and implementation, cryptographic tools, or networking issues, this text also explores how the interactions between hardware, software, and users affect system security.

    The book presents basic principles and concepts, along with examples of current threats to illustrate how the principles can either enable or neutralize exploits. Students see the importance of these concepts in existing and future technologies. In a challenging yet enjoyable way, they learn about a variety of technical topics, including current security exploits, technical factors that enable attacks, and economic and social factors that determine the security of future systems.

    Extensively classroom-tested, the material is structured around a set of challenging projects. Through staging exploits and choosing countermeasures to neutralize the attacks in the projects, students learn:

    • How computer systems and networks operate
    • How to reverse-engineer processes
    • How to use systems in ways that were never foreseen (or supported) by the original developers

    Combining hands-on work with technical overviews, this text helps you integrate security analysis into your technical computing curriculum. It will educate your students on security issues, such as side-channel attacks, and deepen their understanding of how computers and networks work.

    Brief History of Computers, Communications, and Security
    Pre-Renaissance
    Renaissance to World War I
    World War I
    World War II
    Cold War
    Organized Crime and Botnets
    Cyberwar

    Security and Privacy Overview
    Security Attributes
    Social Engineering
    Authentication and Authorization
    Access Permissions
    Audit
    User Interface Issues
    On Trusting Trust
    Taxonomy of Attacks
    Case Study—Mobile Code
    Case Study—Connected Vehicles

    Cryptography Primer
    Substitution Ciphers and Frequency Analysis
    Vignère Cipher and Cryptanalysis
    Block Ciphers
    RSA Public Key Cryptography
    Hash Functions
    One-Time Pads
    Key Management
    Message Confidentiality
    Steganography
    Obfuscation and Homomorphic Encryption

    SSL/TLS—Case Study Project
    Cryptographic Protocol
    Verification
    DNS and Routing
    X.509 and SSL Certificates
    Security Flaws With Certificates
    Man-in-the-Middle Attacks
    Implementation Flaws
    Usability

    Securing Networks
    Firewalls
    Virtual Private Networks (VPNs)
    Wireless Security
    Intrusion Detection Systems (IDS)
    Denial of Service

    Virtual Private Network—Case Study Project
    Laboratory Preparation
    Assignment
    Virtual Machine (VM) Use
    Sniffer Use
    VPN Installation

    Insertion Attacks
    SQL Injection
    Buffer Overflow Attack
    Printer Format Vulnerability
    SSH Insertion Attacks
    IDS Insertion Attacks
    Viruses
    Worms
    Virus and Worm Propagation

    Buffer Overflow—Case Study Project
    Stack Smashing
    Heap Smashing
    Arc Injection
    Pointer Clobbering
    Countermeasures

    Polymorphic Virus—Advanced Case Study Project
    Virus Basics
    Antivirus
    Pseudovirus with Alternate Data Streams
    Simple Virus—Timid
    Infection Spreading
    Self-Modifying Code
    Simple Polymorphism
    Packing and Encryption
    Frankenstein Viruses

    Web Security
    Cross Site Scripting (XSS)
    Cross Site Request Forgery (XSRF, CSRF)
    Man-in-the-Browser
    Penetration Testing

    Privacy and Anonymity
    Anonymity Metrics
    Anonymity Tools
    Computer Forensics Tools
    Privacy Laws
    Privacy Discussion Assignments—Antonin Scalia

    Side-Channel Attacks
    Power Analysis
    Traffic Analysis
    Time Analysis
    Red-Black Separation
    Side-Channel Countermeasures

    Digital Rights Management and Copyright
    Copyright History
    Fair Use
    Creative Commons
    Digital Rights Management
    Digital Millennium Copyright Act
    The Darknet
    Patent Trolls
    Discussion Assignment—Business Case for DRM
    Discussion Assignment—Technical Case for DRM

    Security Economics
    Liability and EULAs
    Network Externalities
    Code Bloat
    Lemon Markets
    Software Engineering
    Macroeconomics and Game Theory Introduction

    Conclusions

    Bibliography

    Index

    Problems and a Glossary appear at the end of each chapter.

    Biography

    Richard R. Brooks is an associate professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University. His research has been sponsored by both government and industry, including the U.S. Office of Naval Research, Defense Advanced Research Projects Agency, National Institute of Standards and Technology, National Science Foundation, and BMW Manufacturing Co. He received a Ph.D. in computer science from Louisiana State University.

    "… a comprehensive and adequately ‘time-resistant’ introduction to the field of computer and network security. … interesting and useful. It could help the average technical reader acquire an adequate level of introductory knowledge on computer and network security."
    —Computers & Security, 46, 2014

    "This definitive, comprehensive computer security textbook reflects Brooks's long-term study of this topic and his experience gained through teaching it. … very well written, readily comprehensible, and thoroughly documented and annotated, and includes an extensive bibliography. … Highly recommended."
    —E.M. Aupperle, Emeritus, University of Michigan, CHOICE Magazine, June 2014